Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/Z2PHW8LvacSdhO2HpcioR4D6P_g.roa
File:                     Z2PHW8LvacSdhO2HpcioR4D6P_g.roa (raw, json)
Hash identifier:          kHWtIvwFttg31Y3IHOia+gnD127BKytZFvvHo2JKuAw=
Subject key identifier:   67:63:C7:5B:C2:EF:69:C4:9D:84:ED:87:A5:C8:A8:47:80:FA:3F:F8
Certificate issuer:       /CN=0232a4bfb7796405a556b759f1d193e4c4d37129
Certificate serial:       019427B53E0EB4D504D09410D1E1BA7A7118
Authority key identifier: 02:32:A4:BF:B7:79:64:05:A5:56:B7:59:F1:D1:93:E4:C4:D3:71:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/Z2PHW8LvacSdhO2HpcioR4D6P_g.roa
Signing time:             Thu 02 Jan 2025 15:49:36 +0000
ROA not before:           Thu 02 Jan 2025 15:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     394161
IP address blocks:        62.67.197.0/24 maxlen: 24
                          213.244.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 09:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:3e:0e:b4:d5:04:d0:94:10:d1:e1:ba:7a:71:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0232a4bfb7796405a556b759f1d193e4c4d37129
        Validity
            Not Before: Jan  2 15:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6763c75bc2ef69c49d84ed87a5c8a84780fa3ff8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f5:cb:ef:56:06:51:a2:c6:70:ba:59:c1:1d:
                    6b:71:3a:a1:de:af:3a:72:e7:11:84:e3:5d:b4:9e:
                    3c:e1:bb:98:67:f8:08:b6:45:9e:8c:44:85:b9:f3:
                    44:5f:b4:07:24:57:11:fc:1c:88:36:7a:a3:29:d9:
                    fc:fa:72:75:ee:1b:e2:fe:f3:f5:df:a7:3a:2b:60:
                    da:77:0d:9d:64:91:86:1c:1d:39:31:b1:8e:82:53:
                    da:f2:7a:b0:50:79:77:29:08:48:3c:88:ea:90:9c:
                    7f:bd:66:04:f6:e9:8d:da:27:87:87:df:72:ee:c5:
                    e8:1a:58:a2:8c:7e:47:07:5a:9f:64:dd:24:74:08:
                    22:31:f8:ab:e3:c8:50:fe:d3:a1:7a:d8:39:d5:7f:
                    32:27:80:27:47:ca:d4:68:ee:60:1b:5f:b0:7c:68:
                    eb:e2:30:2a:f0:ee:4b:5b:6d:aa:7c:49:98:6d:2d:
                    54:0b:f9:cf:64:c6:7b:be:7b:96:04:07:e6:0a:47:
                    55:6c:af:00:3d:2c:a3:e6:eb:bb:52:72:ad:86:0d:
                    c8:9f:28:4e:56:25:1f:21:ce:c7:28:09:60:96:4e:
                    b5:40:1b:e5:d9:90:87:ff:5c:e6:f4:3a:9d:41:f6:
                    50:c9:c4:e2:d4:66:08:1a:ef:d7:6b:b0:6e:1a:7f:
                    39:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:63:C7:5B:C2:EF:69:C4:9D:84:ED:87:A5:C8:A8:47:80:FA:3F:F8
            X509v3 Authority Key Identifier:
                keyid:02:32:A4:BF:B7:79:64:05:A5:56:B7:59:F1:D1:93:E4:C4:D3:71:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/Z2PHW8LvacSdhO2HpcioR4D6P_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a7ce7a-8443-46eb-8cba-3bb4d6200518/1/AjKkv7d5ZAWlVrdZ8dGT5MTTcSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.67.197.0/24
                  213.244.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:23:d0:66:76:cf:9d:2f:4a:08:3d:96:4c:6b:a2:af:ed:bf:
         d2:40:c6:c3:2b:8d:0d:17:f7:90:1c:90:5d:e3:8a:cb:73:0f:
         e0:fd:48:f0:df:4c:35:0e:3d:4e:6d:cc:5f:85:e9:30:9e:b9:
         7a:a4:86:a7:91:48:72:1a:00:10:4f:22:cd:a5:21:bc:57:95:
         45:f1:81:21:86:d4:97:42:fc:1d:b1:17:8a:54:f2:8c:da:6a:
         d8:7f:de:0c:c6:82:e7:2b:f0:0c:c5:12:12:d2:0a:22:26:47:
         d9:b8:12:8f:43:75:b4:a5:55:14:cf:f5:d4:9b:0a:ff:10:a9:
         53:50:77:c2:fc:5e:ed:5d:16:02:87:19:0f:ea:66:37:e1:eb:
         ab:9e:18:b5:65:4a:5c:14:9a:d0:f7:d8:5f:76:9e:06:9b:9a:
         e1:ab:f8:e9:c8:38:42:41:02:d9:f0:64:ad:f2:5a:87:ad:3c:
         08:db:ca:34:74:c0:c2:b5:1a:43:5b:60:95:76:a8:49:08:8c:
         16:e6:dc:3b:8e:60:46:fe:34:b7:0b:11:7b:ec:44:f9:aa:e2:
         83:ed:ec:96:7a:37:18:7a:5f:c4:29:38:15:f3:91:27:a2:e1:
         7d:f9:51:6a:66:b1:98:7b:a4:dc:03:a1:96:77:14:ec:67:ff:
         b1:4c:ee:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntT4OtNUE0JQQ0eG6enEYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMzJhNGJmYjc3OTY0MDVhNTU2Yjc1OWYxZDE5M2U0YzRk
MzcxMjkwHhcNMjUwMTAyMTU0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzYzYzc1YmMyZWY2OWM0OWQ4NGVkODdhNWM4YTg0NzgwZmEzZmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfXL71YGUaLGcLpZwR1rcTqh3q86
cucRhONdtJ484buYZ/gItkWejESFufNEX7QHJFcR/ByINnqjKdn8+nJ17hvi/vP1
36c6K2Dadw2dZJGGHB05MbGOglPa8nqwUHl3KQhIPIjqkJx/vWYE9umN2ieHh99y
7sXoGliijH5HB1qfZN0kdAgiMfir48hQ/tOhetg51X8yJ4AnR8rUaO5gG1+wfGjr
4jAq8O5LW22qfEmYbS1UC/nPZMZ7vnuWBAfmCkdVbK8APSyj5uu7UnKthg3InyhO
ViUfIc7HKAlglk61QBvl2ZCH/1zm9DqdQfZQycTi1GYIGu/Xa7BuGn85nQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGdjx1vC72nEnYTth6XIqEeA+j/4MB8GA1UdIwQY
MBaAFAIypL+3eWQFpVa3WfHRk+TE03EpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWpLa3Y3ZDVaQVdsVnJkWjhkR1Q1TVRUY1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9hN2NlN2EtODQ0My00NmViLThjYmEt
M2JiNGQ2MjAwNTE4LzEvWjJQSFc4THZhY1NkaE8ySHBjaW9SNEQ2UF9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9hN2NlN2EtODQ0My00NmViLThjYmEtM2JiNGQ2MjAwNTE4
LzEvQWpLa3Y3ZDVaQVdsVnJkWjhkR1Q1TVRUY1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPkPFAwQA
1fSRMA0GCSqGSIb3DQEBCwUAA4IBAQCzI9Bmds+dL0oIPZZMa6Kv7b/SQMbDK40N
F/eQHJBd44rLcw/g/Ujw30w1Dj1Obcxfhekwnrl6pIankUhyGgAQTyLNpSG8V5VF
8YEhhtSXQvwdsReKVPKM2mrYf94MxoLnK/AMxRIS0goiJkfZuBKPQ3W0pVUUz/XU
mwr/EKlTUHfC/F7tXRYChxkP6mY34eurnhi1ZUpcFJrQ99hfdp4Gm5rhq/jpyDhC
QQLZ8GSt8lqHrTwI28o0dMDCtRpDW2CVdqhJCIwW5tw7jmBG/jS3CxF77ET5quKD
7eyWejcYel/EKTgV85EnouF9+VFqZrGYe6TcA6GWdxTsZ/+xTO5v
-----END CERTIFICATE-----