Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/zhL3mw3tfGz22FNWwzYf3uLwlM0.roa
File:                     zhL3mw3tfGz22FNWwzYf3uLwlM0.roa (raw, json)
Hash identifier:          zAOff2Kw1dbM05MiGj7aU4wK2pL5mdV5s1R3xN1PATI=
Subject key identifier:   CE:12:F7:9B:0D:ED:7C:6C:F6:D8:53:56:C3:36:1F:DE:E2:F0:94:CD
Certificate issuer:       /CN=261b941dbe59651fafbba9724a12775e07edb635
Certificate serial:       019421B250A135E2C9EBB4FDFD28D2E71858
Authority key identifier: 26:1B:94:1D:BE:59:65:1F:AF:BB:A9:72:4A:12:77:5E:07:ED:B6:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/zhL3mw3tfGz22FNWwzYf3uLwlM0.roa
Signing time:             Wed 01 Jan 2025 11:48:41 +0000
ROA not before:           Wed 01 Jan 2025 11:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3215
IP address blocks:        185.172.152.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:50:a1:35:e2:c9:eb:b4:fd:fd:28:d2:e7:18:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=261b941dbe59651fafbba9724a12775e07edb635
        Validity
            Not Before: Jan  1 11:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce12f79b0ded7c6cf6d85356c3361fdee2f094cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ed:b4:db:52:11:f5:e4:8c:5b:fe:a2:73:35:
                    e3:d3:b3:8e:c2:81:e3:7b:51:94:27:88:68:73:96:
                    0a:f4:95:c4:82:d5:f8:1d:db:8d:a1:df:0c:a7:dc:
                    f4:06:5d:8e:3e:30:08:a2:91:39:bc:53:e2:16:cf:
                    d8:f1:58:be:41:c3:b1:0c:9d:47:8d:2c:c2:26:12:
                    94:9c:7d:61:1b:15:5a:62:19:d2:ea:ac:4f:53:3d:
                    1b:6d:8f:a3:5b:cf:40:20:13:e6:a3:ee:4d:19:4a:
                    c6:3d:e4:3e:bd:ff:b3:f8:ad:1c:77:d1:60:23:36:
                    f5:c1:bd:2f:b4:80:b3:60:3c:7e:e1:82:66:e6:78:
                    ab:34:f7:68:49:5c:ab:bb:3a:e2:36:4f:19:39:11:
                    71:ba:bc:ca:63:6b:88:54:1e:c9:a6:10:8c:8b:b8:
                    ef:ca:38:42:9a:20:68:dc:7f:60:f3:fe:0a:d0:d7:
                    0c:f1:7f:3b:87:f5:41:29:f0:ff:b9:22:34:b2:5e:
                    05:a5:aa:a9:f4:98:4e:d5:08:a6:c7:49:fb:8b:ce:
                    a3:ef:5b:ff:c9:fe:90:1a:25:0f:f0:e4:45:b7:02:
                    13:22:a8:3d:a5:d5:e5:24:9a:81:85:c2:6f:29:68:
                    7d:75:c4:98:87:eb:79:26:c3:77:a1:25:77:0e:a2:
                    b0:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:12:F7:9B:0D:ED:7C:6C:F6:D8:53:56:C3:36:1F:DE:E2:F0:94:CD
            X509v3 Authority Key Identifier:
                keyid:26:1B:94:1D:BE:59:65:1F:AF:BB:A9:72:4A:12:77:5E:07:ED:B6:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/zhL3mw3tfGz22FNWwzYf3uLwlM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:4f:76:f1:83:6f:a0:1a:bd:7a:de:50:a5:36:bf:fb:28:c2:
         63:a4:07:5f:63:dc:2a:9d:05:8a:37:2f:fe:3a:a1:88:15:d1:
         46:94:56:58:b8:bf:60:c7:69:3e:03:3a:c7:47:df:08:ea:a4:
         9d:53:ee:9e:cc:35:f7:19:ac:1e:28:47:c7:a8:7f:5b:4c:64:
         b8:25:bf:82:67:e6:10:8b:a0:ec:cf:ae:c6:44:14:29:65:1f:
         9c:cb:4f:05:3b:28:b9:03:0b:c7:1d:d1:90:c9:8d:7d:8d:23:
         f4:76:cd:26:85:ed:d4:0d:29:20:fc:a2:70:3c:0a:4b:ed:13:
         4f:09:b5:3a:23:93:a9:d0:eb:d7:64:3e:85:b6:51:f9:b7:c8:
         ba:bf:5b:4d:3d:ae:db:e6:cc:11:bb:a8:23:ea:d5:ce:0d:18:
         46:ba:6c:36:46:f6:60:61:9f:84:b7:02:e6:3d:b7:6f:4a:e6:
         13:df:52:d2:9c:f9:64:ce:47:8e:f1:73:3a:ee:e0:b5:09:d4:
         b2:9b:ea:23:ee:9e:95:d5:7a:ce:2a:e4:09:7d:a5:81:68:17:
         18:50:84:a8:f4:0d:d9:4c:fc:06:06:f3:80:c0:c6:70:6e:28:
         1f:36:44:7c:ba:52:16:7e:97:89:69:73:19:45:9a:a1:bd:b9:
         4b:a9:99:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslChNeLJ67T9/SjS5xhYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MWI5NDFkYmU1OTY1MWZhZmJiYTk3MjRhMTI3NzVlMDdl
ZGI2MzUwHhcNMjUwMTAxMTE0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTEyZjc5YjBkZWQ3YzZjZjZkODUzNTZjMzM2MWZkZWUyZjA5NGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve2021IR9eSMW/6iczXj07OOwoHj
e1GUJ4hoc5YK9JXEgtX4HduNod8Mp9z0Bl2OPjAIopE5vFPiFs/Y8Vi+QcOxDJ1H
jSzCJhKUnH1hGxVaYhnS6qxPUz0bbY+jW89AIBPmo+5NGUrGPeQ+vf+z+K0cd9Fg
Izb1wb0vtICzYDx+4YJm5nirNPdoSVyruzriNk8ZORFxurzKY2uIVB7JphCMi7jv
yjhCmiBo3H9g8/4K0NcM8X87h/VBKfD/uSI0sl4Fpaqp9JhO1Qimx0n7i86j71v/
yf6QGiUP8ORFtwITIqg9pdXlJJqBhcJvKWh9dcSYh+t5JsN3oSV3DqKwxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4S95sN7Xxs9thTVsM2H97i8JTNMB8GA1UdIwQY
MBaAFCYblB2+WWUfr7upckoSd14H7bY1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmh1VUhiNVpaUi12dTZseVNoSjNYZ2Z0dGpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8yZjgzMGYtYWY0ZC00ZDMzLWEzMDAt
Yjk4ZGY1NDRiYzIwLzEvemhMM213M3RmR3oyMkZOV3d6WWYzdUx3bE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8yZjgzMGYtYWY0ZC00ZDMzLWEzMDAtYjk4ZGY1NDRiYzIw
LzEvSmh1VUhiNVpaUi12dTZseVNoSjNYZ2Z0dGpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuayYMA0G
CSqGSIb3DQEBCwUAA4IBAQBUT3bxg2+gGr163lClNr/7KMJjpAdfY9wqnQWKNy/+
OqGIFdFGlFZYuL9gx2k+AzrHR98I6qSdU+6ezDX3GaweKEfHqH9bTGS4Jb+CZ+YQ
i6Dsz67GRBQpZR+cy08FOyi5AwvHHdGQyY19jSP0ds0mhe3UDSkg/KJwPApL7RNP
CbU6I5Op0OvXZD6FtlH5t8i6v1tNPa7b5swRu6gj6tXODRhGumw2RvZgYZ+EtwLm
PbdvSuYT31LSnPlkzkeO8XM67uC1CdSym+oj7p6V1XrOKuQJfaWBaBcYUISo9A3Z
TPwGBvOAwMZwbigfNkR8ulIWfpeJaXMZRZqhvblLqZlV
-----END CERTIFICATE-----