Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/501f2b-fd1f-45ea-b494-d73dc4b41ce1/1/zyyxpnYwsTYjNu4Wy5twrx2x4fk.roa
File:                     zyyxpnYwsTYjNu4Wy5twrx2x4fk.roa (raw, json)
Hash identifier:          NQRYx+K4EclccAZE0WPjuwlvX5dADgQnuUhPYSSnRgc=
Subject key identifier:   CF:2C:B1:A6:76:30:B1:36:23:36:EE:16:CB:9B:70:AF:1D:B1:E1:F9
Certificate issuer:       /CN=bc464ba9d26385f54df6254ac248926d370445b0
Certificate serial:       0194228D97B9FF78C75741AD4A9397A8C590
Authority key identifier: BC:46:4B:A9:D2:63:85:F5:4D:F6:25:4A:C2:48:92:6D:37:04:45:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vEZLqdJjhfVN9iVKwkiSbTcERbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/501f2b-fd1f-45ea-b494-d73dc4b41ce1/1/zyyxpnYwsTYjNu4Wy5twrx2x4fk.roa
Signing time:             Wed 01 Jan 2025 15:48:12 +0000
ROA not before:           Wed 01 Jan 2025 15:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47132
IP address blocks:        185.227.90.0/24 maxlen: 24
                          185.236.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/501f2b-fd1f-45ea-b494-d73dc4b41ce1/1/vEZLqdJjhfVN9iVKwkiSbTcERbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/501f2b-fd1f-45ea-b494-d73dc4b41ce1/1/vEZLqdJjhfVN9iVKwkiSbTcERbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vEZLqdJjhfVN9iVKwkiSbTcERbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 21:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:97:b9:ff:78:c7:57:41:ad:4a:93:97:a8:c5:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc464ba9d26385f54df6254ac248926d370445b0
        Validity
            Not Before: Jan  1 15:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf2cb1a67630b1362336ee16cb9b70af1db1e1f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:aa:36:93:a6:b5:3b:97:66:db:3d:ec:47:5c:
                    7a:20:4e:f0:1e:cf:8a:ff:46:de:ae:5e:90:6c:84:
                    ff:f6:1a:eb:c0:28:0b:68:85:f9:59:90:f3:fd:cb:
                    7b:58:34:3e:e3:b5:9a:89:5e:3b:74:31:45:e6:59:
                    f3:3d:84:a8:f3:31:88:f5:82:42:7c:13:53:92:b8:
                    d6:27:7d:26:64:10:ad:5a:98:60:a4:8f:4c:3e:25:
                    e3:aa:75:b0:e1:cc:c6:60:fa:42:b6:09:5d:f7:8e:
                    79:cf:06:bf:d4:fe:6a:61:94:b2:d0:bd:f4:07:d9:
                    33:fe:c0:0c:45:1d:69:fd:53:84:77:42:74:24:37:
                    52:7d:0e:ae:1c:c9:c8:72:ca:79:90:cd:e5:55:10:
                    97:ce:ec:50:c1:d9:25:8b:9a:9a:b8:95:06:66:cf:
                    9d:16:64:40:45:67:d8:6e:d2:b0:68:d0:a4:9d:e9:
                    7f:16:4c:bf:68:67:2b:91:a4:66:5b:92:58:b3:eb:
                    5f:9f:84:13:be:56:17:15:2d:1a:23:d5:97:7b:5f:
                    3d:fc:53:00:36:a1:0c:f7:0e:77:bb:c7:b1:6a:27:
                    9c:1a:f4:0b:07:91:98:c1:89:cd:4e:8c:61:fc:09:
                    e4:8f:1d:d1:c7:1a:38:8a:5d:9a:37:59:5f:0d:ac:
                    2a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:2C:B1:A6:76:30:B1:36:23:36:EE:16:CB:9B:70:AF:1D:B1:E1:F9
            X509v3 Authority Key Identifier:
                keyid:BC:46:4B:A9:D2:63:85:F5:4D:F6:25:4A:C2:48:92:6D:37:04:45:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vEZLqdJjhfVN9iVKwkiSbTcERbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/501f2b-fd1f-45ea-b494-d73dc4b41ce1/1/zyyxpnYwsTYjNu4Wy5twrx2x4fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/501f2b-fd1f-45ea-b494-d73dc4b41ce1/1/vEZLqdJjhfVN9iVKwkiSbTcERbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.90.0/24
                  185.236.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:84:a5:01:94:1f:7f:ce:98:c4:37:c1:5e:f9:88:f3:64:0c:
         69:5c:ff:0a:d3:72:d8:1b:84:11:e4:22:b6:4a:f4:8d:94:b9:
         dc:c8:36:6f:97:4b:13:92:2c:ea:2b:92:d4:c5:54:86:21:59:
         80:46:31:d5:af:43:fb:d8:3d:f5:4e:87:94:58:3b:44:5f:96:
         15:ae:0e:07:1a:de:a6:f0:bd:08:24:de:8d:c8:b9:0f:82:43:
         86:9f:64:8e:e4:07:4c:5e:7f:88:7d:45:4b:8c:92:df:07:f9:
         db:2a:a5:1e:6b:70:f0:5e:99:aa:0d:49:ff:0a:ca:18:e4:7b:
         ec:ee:c5:f3:a2:f3:53:79:f3:e1:c4:7f:57:e6:47:dc:13:4f:
         e9:d8:f2:49:87:a3:a2:5e:a3:05:11:0c:e2:8f:12:99:66:63:
         85:45:3e:45:17:7a:d1:df:87:8b:bf:7b:8d:1e:11:b3:94:31:
         a6:3c:b4:44:bd:6f:19:b3:33:43:2d:25:2c:6a:eb:93:c4:53:
         b1:5a:3e:e1:7f:ed:8c:8a:e8:b5:6b:13:bb:29:d6:04:19:21:
         56:5c:af:11:43:d5:0d:a3:96:97:d4:4b:e2:5f:65:56:d7:89:
         67:97:20:0d:f0:e7:92:c7:3a:cb:93:c9:c0:90:83:19:db:d0:
         c0:e3:a5:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijZe5/3jHV0GtSpOXqMWQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNDY0YmE5ZDI2Mzg1ZjU0ZGY2MjU0YWMyNDg5MjZkMzcw
NDQ1YjAwHhcNMjUwMTAxMTU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjJjYjFhNjc2MzBiMTM2MjMzNmVlMTZjYjliNzBhZjFkYjFlMWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKo2k6a1O5dm2z3sR1x6IE7wHs+K
/0berl6QbIT/9hrrwCgLaIX5WZDz/ct7WDQ+47WaiV47dDFF5lnzPYSo8zGI9YJC
fBNTkrjWJ30mZBCtWphgpI9MPiXjqnWw4czGYPpCtgld9455zwa/1P5qYZSy0L30
B9kz/sAMRR1p/VOEd0J0JDdSfQ6uHMnIcsp5kM3lVRCXzuxQwdkli5qauJUGZs+d
FmRARWfYbtKwaNCknel/Fky/aGcrkaRmW5JYs+tfn4QTvlYXFS0aI9WXe189/FMA
NqEM9w53u8exaiecGvQLB5GYwYnNToxh/Ankjx3Rxxo4il2aN1lfDawqJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM8ssaZ2MLE2IzbuFsubcK8dseH5MB8GA1UdIwQY
MBaAFLxGS6nSY4X1TfYlSsJIkm03BEWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkVaTHFkSmpoZlZOOWlWS3draVNiVGNFUmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS81MDFmMmItZmQxZi00NWVhLWI0OTQt
ZDczZGM0YjQxY2UxLzEvenl5eHBuWXdzVFlqTnU0V3k1dHdyeDJ4NGZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS81MDFmMmItZmQxZi00NWVhLWI0OTQtZDczZGM0YjQxY2Ux
LzEvdkVaTHFkSmpoZlZOOWlWS3draVNiVGNFUmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAueNaAwQA
ueynMA0GCSqGSIb3DQEBCwUAA4IBAQAMhKUBlB9/zpjEN8Fe+YjzZAxpXP8K03LY
G4QR5CK2SvSNlLncyDZvl0sTkizqK5LUxVSGIVmARjHVr0P72D31ToeUWDtEX5YV
rg4HGt6m8L0IJN6NyLkPgkOGn2SO5AdMXn+IfUVLjJLfB/nbKqUea3DwXpmqDUn/
CsoY5Hvs7sXzovNTefPhxH9X5kfcE0/p2PJJh6OiXqMFEQzijxKZZmOFRT5FF3rR
34eLv3uNHhGzlDGmPLREvW8ZszNDLSUsauuTxFOxWj7hf+2Miui1axO7KdYEGSFW
XK8RQ9UNo5aX1EviX2VW14lnlyAN8OeSxzrLk8nAkIMZ29DA46UH
-----END CERTIFICATE-----