Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/4fd931-9f22-49f3-be57-e9daf79eb75e/1/ZNva-8ABsvjJ6HrNFF7Xd55KW-w.roa
File:                     ZNva-8ABsvjJ6HrNFF7Xd55KW-w.roa (raw, json)
Hash identifier:          nx2aCY2Bfbi+2/xFJXRwWrGYEeyRAMv/De92goZyeZw=
Subject key identifier:   64:DB:DA:FB:C0:01:B2:F8:C9:E8:7A:CD:14:5E:D7:77:9E:4A:5B:EC
Certificate issuer:       /CN=6431e960cd061039b3b27fd25d4160771c498bab
Certificate serial:       01942521A92CD146771C7F898453E89D6C18
Authority key identifier: 64:31:E9:60:CD:06:10:39:B3:B2:7F:D2:5D:41:60:77:1C:49:8B:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZDHpYM0GEDmzsn_SXUFgdxxJi6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/4fd931-9f22-49f3-be57-e9daf79eb75e/1/ZNva-8ABsvjJ6HrNFF7Xd55KW-w.roa
Signing time:             Thu 02 Jan 2025 03:49:10 +0000
ROA not before:           Thu 02 Jan 2025 03:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205229
IP address blocks:        185.224.176.0/22 maxlen: 24
                          185.224.179.128/26 maxlen: 26
                          2a14:3900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/4fd931-9f22-49f3-be57-e9daf79eb75e/1/ZDHpYM0GEDmzsn_SXUFgdxxJi6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/4fd931-9f22-49f3-be57-e9daf79eb75e/1/ZDHpYM0GEDmzsn_SXUFgdxxJi6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZDHpYM0GEDmzsn_SXUFgdxxJi6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 12:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a9:2c:d1:46:77:1c:7f:89:84:53:e8:9d:6c:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6431e960cd061039b3b27fd25d4160771c498bab
        Validity
            Not Before: Jan  2 03:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64dbdafbc001b2f8c9e87acd145ed7779e4a5bec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:77:25:5f:27:e3:12:5b:72:b6:07:83:10:42:
                    42:13:a1:73:1c:e9:05:92:6b:04:e6:99:77:48:e5:
                    07:e7:e6:6a:a0:f4:79:61:75:42:7c:90:7f:87:53:
                    c6:96:a9:33:6a:06:11:cd:c1:dd:4f:2b:89:0e:4e:
                    97:53:93:46:24:4f:3a:19:62:2d:64:87:c8:65:15:
                    af:25:a8:99:fc:19:7c:58:01:91:24:8e:52:52:6d:
                    b7:2c:f0:e3:92:64:73:97:c5:40:90:40:42:80:df:
                    74:9e:d4:a0:44:7f:65:b7:dc:23:80:67:99:76:83:
                    ee:f8:ba:37:1d:44:8e:5a:e4:aa:67:5b:6c:63:79:
                    86:08:9c:dd:3f:9b:27:23:9d:6f:62:dc:af:cf:46:
                    d8:22:14:c9:5b:5f:3c:42:29:c9:bb:a6:e3:5d:42:
                    16:04:9f:85:54:9e:36:1d:51:16:fd:5e:d0:65:99:
                    71:a0:8d:03:f4:06:a5:92:64:53:ea:9d:77:2b:a8:
                    cc:44:28:bb:13:33:78:1f:8e:95:62:5b:57:5c:e3:
                    6f:1a:69:72:f1:95:00:98:42:fa:99:a3:e0:64:09:
                    be:8c:19:ed:55:42:e7:dd:14:77:44:2b:ae:07:a2:
                    d4:c5:8d:d6:f9:49:21:5b:6b:ef:57:96:a0:c5:fa:
                    2f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:DB:DA:FB:C0:01:B2:F8:C9:E8:7A:CD:14:5E:D7:77:9E:4A:5B:EC
            X509v3 Authority Key Identifier:
                keyid:64:31:E9:60:CD:06:10:39:B3:B2:7F:D2:5D:41:60:77:1C:49:8B:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZDHpYM0GEDmzsn_SXUFgdxxJi6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/4fd931-9f22-49f3-be57-e9daf79eb75e/1/ZNva-8ABsvjJ6HrNFF7Xd55KW-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/4fd931-9f22-49f3-be57-e9daf79eb75e/1/ZDHpYM0GEDmzsn_SXUFgdxxJi6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.176.0/22
                IPv6:
                  2a14:3900::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:25:0f:67:46:a0:e0:07:15:6f:1e:a9:c2:07:e9:e1:c5:f2:
         5b:0a:c0:5c:81:f5:cb:67:10:5e:76:6e:8a:eb:ee:1a:c3:a3:
         ee:f9:02:31:51:2d:35:9e:dd:25:08:50:f2:f3:9e:2b:05:3b:
         99:c0:f8:1c:6b:e0:cf:8d:62:4f:e4:a6:72:43:c9:c3:b2:c7:
         bb:2a:b3:98:f8:54:bf:23:d7:77:c0:39:fb:11:6a:11:2b:4f:
         22:f0:b1:da:f1:3b:54:a3:38:cb:03:c5:a1:62:17:9d:16:b7:
         89:c3:7f:3c:62:75:43:07:ce:fe:90:11:ff:f0:63:e9:4c:4d:
         5b:8f:8c:31:71:c2:5f:84:dc:11:47:bb:80:05:34:4a:6e:ab:
         3e:14:03:ac:cd:17:a9:4d:42:c4:2c:4a:1d:5d:58:d3:6d:c6:
         8c:96:b2:01:3c:34:ef:bc:58:51:02:a9:a7:e0:a6:29:66:88:
         df:d1:59:ee:14:bc:34:19:4c:81:aa:b3:92:99:62:c1:24:f4:
         f0:24:5b:41:40:7b:67:85:bb:a6:31:c6:95:65:81:0c:30:02:
         c0:d3:ac:aa:7f:a2:f9:a5:0f:68:1d:40:fc:12:8d:06:e7:9f:
         02:77:60:ab:72:10:1c:4c:93:73:20:fe:f6:79:ba:7a:72:12:
         d6:e1:3b:45
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIaks0UZ3HH+JhFPonWwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MzFlOTYwY2QwNjEwMzliM2IyN2ZkMjVkNDE2MDc3MWM0
OThiYWIwHhcNMjUwMTAyMDM0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGRiZGFmYmMwMDFiMmY4YzllODdhY2QxNDVlZDc3NzllNGE1YmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3clXyfjEltytgeDEEJCE6FzHOkF
kmsE5pl3SOUH5+ZqoPR5YXVCfJB/h1PGlqkzagYRzcHdTyuJDk6XU5NGJE86GWIt
ZIfIZRWvJaiZ/Bl8WAGRJI5SUm23LPDjkmRzl8VAkEBCgN90ntSgRH9lt9wjgGeZ
doPu+Lo3HUSOWuSqZ1tsY3mGCJzdP5snI51vYtyvz0bYIhTJW188QinJu6bjXUIW
BJ+FVJ42HVEW/V7QZZlxoI0D9AalkmRT6p13K6jMRCi7EzN4H46VYltXXONvGmly
8ZUAmEL6maPgZAm+jBntVULn3RR3RCuuB6LUxY3W+UkhW2vvV5agxfovxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGTb2vvAAbL4yeh6zRRe13eeSlvsMB8GA1UdIwQY
MBaAFGQx6WDNBhA5s7J/0l1BYHccSYurMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkRIcFlNMEdFRG16c25fU1hVRmdkeHhKaTZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi80ZmQ5MzEtOWYyMi00OWYzLWJlNTct
ZTlkYWY3OWViNzVlLzEvWk52YS04QUJzdmpKNkhyTkZGN1hkNTVLVy13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi80ZmQ5MzEtOWYyMi00OWYzLWJlNTctZTlkYWY3OWViNzVl
LzEvWkRIcFlNMEdFRG16c25fU1hVRmdkeHhKaTZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueCwMA0E
AgACMAcDBQMqFDkAMA0GCSqGSIb3DQEBCwUAA4IBAQBMJQ9nRqDgBxVvHqnCB+nh
xfJbCsBcgfXLZxBedm6K6+4aw6Pu+QIxUS01nt0lCFDy854rBTuZwPgca+DPjWJP
5KZyQ8nDsse7KrOY+FS/I9d3wDn7EWoRK08i8LHa8TtUozjLA8WhYhedFreJw388
YnVDB87+kBH/8GPpTE1bj4wxccJfhNwRR7uABTRKbqs+FAOszRepTULELEodXVjT
bcaMlrIBPDTvvFhRAqmn4KYpZojf0VnuFLw0GUyBqrOSmWLBJPTwJFtBQHtnhbum
McaVZYEMMALA06yqf6L5pQ9oHUD8Eo0G558Cd2CrchAcTJNzIP72ebp6chLW4TtF
-----END CERTIFICATE-----