Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/zIq0JNf1YnF25YmUgqLc0hQPwbs.roa
File:                     zIq0JNf1YnF25YmUgqLc0hQPwbs.roa (raw, json)
Hash identifier:          CWuKLsD1XpssjNFYien7Z+mfcw5J85aFztWMv5EjS/U=
Subject key identifier:   CC:8A:B4:24:D7:F5:62:71:76:E5:89:94:82:A2:DC:D2:14:0F:C1:BB
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       0190CAF392FA98961E22DFC9639B69FD3836
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/zIq0JNf1YnF25YmUgqLc0hQPwbs.roa
Signing time:             Fri 19 Jul 2024 12:24:38 +0000
ROA not before:           Fri 19 Jul 2024 12:24:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32475
IP address blocks:        185.225.236.0/22 maxlen: 24
                          2a04:f280::/40 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ca:f3:92:fa:98:96:1e:22:df:c9:63:9b:69:fd:38:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jul 19 12:24:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc8ab424d7f5627176e5899482a2dcd2140fc1bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:73:8f:32:43:e4:30:a6:47:f7:34:7a:f7:c3:
                    3a:6f:bf:e4:1e:e5:dd:95:bb:5a:ba:08:0e:6f:c5:
                    04:18:78:eb:86:35:13:ee:c5:78:51:ab:1e:70:ad:
                    d1:ed:0b:f3:21:38:1b:f0:1a:be:cb:f4:8c:05:b2:
                    1c:b4:2e:52:9f:a4:31:88:2b:2e:f5:88:bb:c1:a9:
                    69:a1:68:5f:34:02:69:38:c1:d9:74:47:1c:49:71:
                    a2:8b:4f:85:75:9a:42:b3:0e:cb:dc:3f:dc:40:64:
                    cf:56:cb:1d:4a:f8:65:29:17:fb:19:f0:16:c5:b9:
                    30:03:82:18:79:c5:a7:15:97:db:d9:7d:b4:88:48:
                    35:83:23:56:c4:fb:8d:31:94:92:a4:96:44:da:83:
                    92:8f:a3:ad:74:00:4d:db:ec:89:6a:89:9a:88:70:
                    6a:34:77:31:f5:53:79:c7:f3:dc:2b:a2:3e:a2:d6:
                    3a:b4:1a:c5:0b:3a:8b:e0:e8:4c:4a:cf:d9:55:10:
                    a8:e5:3c:37:66:6c:8d:ac:02:ea:17:af:ff:0e:7e:
                    94:66:e0:ae:d9:f8:63:13:d0:fb:e1:75:81:d3:d1:
                    4b:c3:2d:0d:da:57:19:79:b9:4b:e5:15:db:68:af:
                    3a:8d:e8:67:95:45:d6:d7:e7:7a:f4:dc:b8:ad:9e:
                    da:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:8A:B4:24:D7:F5:62:71:76:E5:89:94:82:A2:DC:D2:14:0F:C1:BB
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/zIq0JNf1YnF25YmUgqLc0hQPwbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.236.0/22
                IPv6:
                  2a04:f280::/40

    Signature Algorithm: sha256WithRSAEncryption
         90:a8:4d:bb:ea:fb:23:fd:0f:c3:e8:a5:47:26:f7:df:e1:52:
         50:d4:23:31:ea:0f:e8:14:52:ab:a8:66:da:11:6d:41:71:db:
         a8:d6:ef:b2:e8:a1:49:7e:c0:52:fe:3b:77:01:f4:fe:fa:d2:
         14:71:ff:07:fc:c5:b2:78:ba:f2:2a:b0:8a:4f:da:58:93:16:
         1e:57:83:07:c5:d1:18:29:88:91:eb:1f:03:b7:0f:6d:79:2d:
         fc:89:66:bf:58:7b:30:69:fc:da:1c:8a:27:ee:96:b9:2e:04:
         0e:36:41:f7:88:57:36:c6:a0:e9:8e:6b:bd:48:1d:64:e8:45:
         c4:af:7e:b5:bd:69:58:e2:7d:21:74:05:e9:51:73:c3:5e:93:
         24:5f:af:c9:d3:ac:10:b8:3e:4d:b3:f0:f1:fc:b3:c9:80:f3:
         ae:3d:e5:43:27:5c:28:18:58:2f:60:ff:07:a2:23:92:74:c1:
         9a:01:81:17:22:f4:4e:bd:4b:a3:ef:99:4c:05:ec:8f:78:ae:
         d8:b0:db:13:29:b2:ea:cf:e5:3c:75:8d:9f:59:b9:6f:fd:0e:
         8d:6d:d8:cf:88:76:d0:f4:b7:d6:07:18:1f:52:79:f2:d4:e1:
         f4:cf:c9:80:6e:9e:9f:1d:8a:8d:fc:96:a7:61:73:6c:ec:3a:
         8c:7e:b7:e3
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZDK85L6mJYeIt/JY5tp/Tg2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjQwNzE5MTIyNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzhhYjQyNGQ3ZjU2MjcxNzZlNTg5OTQ4MmEyZGNkMjE0MGZjMWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnOPMkPkMKZH9zR698M6b7/kHuXd
lbtauggOb8UEGHjrhjUT7sV4UasecK3R7QvzITgb8Bq+y/SMBbIctC5Sn6QxiCsu
9Yi7walpoWhfNAJpOMHZdEccSXGii0+FdZpCsw7L3D/cQGTPVssdSvhlKRf7GfAW
xbkwA4IYecWnFZfb2X20iEg1gyNWxPuNMZSSpJZE2oOSj6OtdABN2+yJaomaiHBq
NHcx9VN5x/PcK6I+otY6tBrFCzqL4OhMSs/ZVRCo5Tw3ZmyNrALqF6//Dn6UZuCu
2fhjE9D74XWB09FLwy0N2lcZeblL5RXbaK86jehnlUXW1+d69Ny4rZ7aFwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFMyKtCTX9WJxduWJlIKi3NIUD8G7MB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEveklxMEpOZjFZbkYyNVltVWdxTGMwaFFQd2JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCueHsMA4E
AgACMAgDBgAqBPKAADANBgkqhkiG9w0BAQsFAAOCAQEAkKhNu+r7I/0Pw+ilRyb3
3+FSUNQjMeoP6BRSq6hm2hFtQXHbqNbvsuihSX7AUv47dwH0/vrSFHH/B/zFsni6
8iqwik/aWJMWHleDB8XRGCmIkesfA7cPbXkt/Ilmv1h7MGn82hyKJ+6WuS4EDjZB
94hXNsag6Y5rvUgdZOhFxK9+tb1pWOJ9IXQF6VFzw16TJF+vydOsELg+TbPw8fyz
yYDzrj3lQydcKBhYL2D/B6IjknTBmgGBFyL0Tr1Lo++ZTAXsj3iu2LDbEymy6s/l
PHWNn1m5b/0OjW3Yz4h20PS31gcYH1J58tTh9M/JgG6enx2KjfyWp2FzbOw6jH63
4w==
-----END CERTIFICATE-----