Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/7cf0b1-2298-4484-bd80-6cc9f6cbaac4/1/Z29YwFdCw8mb-MR3SYDyBs3lmMg.roa
File:                     Z29YwFdCw8mb-MR3SYDyBs3lmMg.roa (raw, json)
Hash identifier:          J+lE3dbsGRla43+sCei9+kYRVYFXdgjow6d3cOzy75c=
Subject key identifier:   67:6F:58:C0:57:42:C3:C9:9B:F8:C4:77:49:80:F2:06:CD:E5:98:C8
Certificate issuer:       /CN=f219383a3e3f116a9bcc4769c8517cdce40765c7
Certificate serial:       0194A1A84311444398A4B4420DBFD611F15B
Authority key identifier: F2:19:38:3A:3E:3F:11:6A:9B:CC:47:69:C8:51:7C:DC:E4:07:65:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8hk4Oj4_EWqbzEdpyFF83OQHZcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/7cf0b1-2298-4484-bd80-6cc9f6cbaac4/1/Z29YwFdCw8mb-MR3SYDyBs3lmMg.roa
Signing time:             Sun 26 Jan 2025 08:09:06 +0000
ROA not before:           Sun 26 Jan 2025 08:09:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202920
IP address blocks:        84.38.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/7cf0b1-2298-4484-bd80-6cc9f6cbaac4/1/8hk4Oj4_EWqbzEdpyFF83OQHZcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/7cf0b1-2298-4484-bd80-6cc9f6cbaac4/1/8hk4Oj4_EWqbzEdpyFF83OQHZcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8hk4Oj4_EWqbzEdpyFF83OQHZcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a1:a8:43:11:44:43:98:a4:b4:42:0d:bf:d6:11:f1:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f219383a3e3f116a9bcc4769c8517cdce40765c7
        Validity
            Not Before: Jan 26 08:09:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=676f58c05742c3c99bf8c4774980f206cde598c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:00:25:d5:3b:00:66:31:42:59:78:c6:22:04:
                    14:cc:12:a4:c1:7c:b8:28:92:09:a5:97:d3:cc:87:
                    b5:90:b8:c5:b3:5d:ba:4a:59:87:d1:da:9d:52:0a:
                    ca:7f:0d:bc:40:25:34:c6:de:a7:0f:66:43:c3:0d:
                    7b:7d:ec:de:ab:07:6c:c3:68:10:33:b1:b5:6e:db:
                    ae:d6:4d:9d:78:ca:59:fc:22:2d:62:bc:b3:6e:0d:
                    c4:fe:bf:a8:b0:c9:2d:48:be:81:1e:c4:8f:9a:8f:
                    30:e1:25:42:a0:1a:3c:79:8f:7d:58:50:18:48:2c:
                    89:1c:e2:25:56:5c:3e:03:7b:13:46:34:dc:ff:00:
                    90:a7:d1:f6:5c:e2:7b:86:8d:c4:09:17:21:f0:d9:
                    1f:5e:37:d5:ab:1c:80:ff:f3:83:e3:8d:84:ba:67:
                    bb:dd:91:0c:70:4c:e0:c4:fe:41:d3:0e:3b:b9:1b:
                    f8:38:8b:99:c0:ed:52:f2:60:3f:9b:03:0a:b1:87:
                    3a:61:7e:2b:91:2e:d7:00:ed:95:90:52:38:0c:82:
                    c4:94:6d:27:fb:6f:4b:a3:e2:be:17:ea:0c:34:5c:
                    ca:53:91:21:4a:d1:6a:ee:22:16:ef:1f:bb:68:64:
                    ed:67:65:35:17:c7:d1:31:5c:8b:4c:19:9b:e3:c7:
                    29:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:6F:58:C0:57:42:C3:C9:9B:F8:C4:77:49:80:F2:06:CD:E5:98:C8
            X509v3 Authority Key Identifier:
                keyid:F2:19:38:3A:3E:3F:11:6A:9B:CC:47:69:C8:51:7C:DC:E4:07:65:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8hk4Oj4_EWqbzEdpyFF83OQHZcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/7cf0b1-2298-4484-bd80-6cc9f6cbaac4/1/Z29YwFdCw8mb-MR3SYDyBs3lmMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/7cf0b1-2298-4484-bd80-6cc9f6cbaac4/1/8hk4Oj4_EWqbzEdpyFF83OQHZcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:11:98:d6:2c:2b:4b:d4:62:88:de:1d:f2:fd:17:5c:66:f7:
         e0:e8:25:11:b4:35:f3:5a:e5:a7:91:7a:85:03:70:48:c2:09:
         79:ba:88:d6:a2:dc:ca:22:b0:02:b8:87:00:38:77:2c:b9:01:
         0a:ed:cc:b2:60:f3:29:44:e5:49:88:65:a9:2f:1f:3b:55:12:
         b5:88:50:52:13:07:4b:a5:5b:69:1a:2d:28:31:4c:a3:8c:0c:
         a0:0c:b0:78:a7:60:99:57:2b:54:0e:da:25:68:b5:f0:2e:40:
         47:e5:c0:16:b8:17:43:01:cc:22:c7:5a:61:94:ec:4b:86:6f:
         4b:a4:27:f1:cd:3b:51:d9:50:24:13:4e:d6:9c:cd:1b:07:75:
         af:bf:5b:6c:a5:7d:04:c4:68:60:6e:e3:bb:dd:f8:a0:bd:3a:
         69:bb:8f:34:9e:18:b8:4e:6e:d2:01:ff:f7:c6:e4:49:bd:03:
         7f:95:3e:31:83:62:8b:a1:83:bc:d7:da:13:fd:20:d2:74:bb:
         15:a8:74:2a:e9:03:0f:a8:99:73:10:97:1f:44:fe:8c:52:98:
         3b:1d:5f:2e:07:9c:b2:4c:5a:41:e5:d4:53:e6:16:10:d9:95:
         91:bf:e3:80:d0:5c:ec:c0:ab:3e:31:83:c6:4a:62:9c:aa:43:
         5f:ca:74:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZShqEMRREOYpLRCDb/WEfFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMTkzODNhM2UzZjExNmE5YmNjNDc2OWM4NTE3Y2RjZTQw
NzY1YzcwHhcNMjUwMTI2MDgwOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzZmNThjMDU3NDJjM2M5OWJmOGM0Nzc0OTgwZjIwNmNkZTU5OGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgAl1TsAZjFCWXjGIgQUzBKkwXy4
KJIJpZfTzIe1kLjFs126SlmH0dqdUgrKfw28QCU0xt6nD2ZDww17fezeqwdsw2gQ
M7G1btuu1k2deMpZ/CItYryzbg3E/r+osMktSL6BHsSPmo8w4SVCoBo8eY99WFAY
SCyJHOIlVlw+A3sTRjTc/wCQp9H2XOJ7ho3ECRch8NkfXjfVqxyA//OD442Eume7
3ZEMcEzgxP5B0w47uRv4OIuZwO1S8mA/mwMKsYc6YX4rkS7XAO2VkFI4DILElG0n
+29Lo+K+F+oMNFzKU5EhStFq7iIW7x+7aGTtZ2U1F8fRMVyLTBmb48cpJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdvWMBXQsPJm/jEd0mA8gbN5ZjIMB8GA1UdIwQY
MBaAFPIZODo+PxFqm8xHachRfNzkB2XHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGhrNE9qNF9FV3FiekVkcHlGRjgzT1FIWmNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS83Y2YwYjEtMjI5OC00NDg0LWJkODAt
NmNjOWY2Y2JhYWM0LzEvWjI5WXdGZEN3OG1iLU1SM1NZRHlCczNsbU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS83Y2YwYjEtMjI5OC00NDg0LWJkODAtNmNjOWY2Y2JhYWM0
LzEvOGhrNE9qNF9FV3FiekVkcHlGRjgzT1FIWmNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCaDMA0G
CSqGSIb3DQEBCwUAA4IBAQClEZjWLCtL1GKI3h3y/RdcZvfg6CURtDXzWuWnkXqF
A3BIwgl5uojWotzKIrACuIcAOHcsuQEK7cyyYPMpROVJiGWpLx87VRK1iFBSEwdL
pVtpGi0oMUyjjAygDLB4p2CZVytUDtolaLXwLkBH5cAWuBdDAcwix1phlOxLhm9L
pCfxzTtR2VAkE07WnM0bB3Wvv1tspX0ExGhgbuO73figvTppu480nhi4Tm7SAf/3
xuRJvQN/lT4xg2KLoYO819oT/SDSdLsVqHQq6QMPqJlzEJcfRP6MUpg7HV8uB5yy
TFpB5dRT5hYQ2ZWRv+OA0FzswKs+MYPGSmKcqkNfynRs
-----END CERTIFICATE-----