Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/zCFasBm0EYXOg5wMczyui1g8P7w.roa
File:                     zCFasBm0EYXOg5wMczyui1g8P7w.roa (raw, json)
Hash identifier:          vMOSU2/g4EkiB4e8USpsHbmF4Ns22ciWga/oRAR99+I=
Subject key identifier:   CC:21:5A:B0:19:B4:11:85:CE:83:9C:0C:73:3C:AE:8B:58:3C:3F:BC
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       019424456F2093304FD1A86C557CEE28AEBE
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/zCFasBm0EYXOg5wMczyui1g8P7w.roa
Signing time:             Wed 01 Jan 2025 23:48:37 +0000
ROA not before:           Wed 01 Jan 2025 23:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61138
IP address blocks:        168.199.240.0/22 maxlen: 24
                          168.199.252.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:6f:20:93:30:4f:d1:a8:6c:55:7c:ee:28:ae:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  1 23:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc215ab019b41185ce839c0c733cae8b583c3fbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:47:58:78:37:e2:b5:31:17:1f:fb:05:7c:57:
                    d7:90:43:0c:7d:08:9e:c8:34:61:ad:21:58:e6:23:
                    6a:01:e2:02:7a:4c:8e:f8:93:d8:46:13:fe:ba:c1:
                    3d:51:7b:df:1d:5a:58:a2:04:3c:1b:74:07:62:5d:
                    fe:c1:4b:ad:c8:eb:95:c5:de:cf:8c:17:1d:ed:00:
                    13:63:81:87:e6:3c:32:66:f3:70:85:8d:95:d4:d9:
                    f4:27:da:a3:85:bd:1c:b2:76:f6:b0:71:99:93:6d:
                    24:13:97:c8:63:83:14:41:24:00:c9:e8:e3:07:47:
                    6a:71:98:26:b3:29:70:6d:7e:a2:5d:c4:7b:72:f5:
                    9a:43:73:28:a7:7c:a2:6c:2a:c5:70:d9:b2:33:69:
                    52:a1:ae:1d:51:9d:11:6a:bc:04:48:e7:31:3b:21:
                    f4:e1:cd:c2:06:65:d3:b9:a7:79:5f:77:47:0b:e0:
                    93:99:ec:f2:f2:4b:f0:bc:f9:8f:3b:9d:a9:a8:86:
                    05:fd:fa:c3:18:ab:25:d0:8f:98:5b:c0:84:3d:43:
                    8a:54:32:80:ce:6c:1a:bb:ce:1f:9d:91:e3:fe:cf:
                    09:5e:48:99:d4:a2:f9:29:0d:e7:5c:11:13:3c:31:
                    ae:04:65:3a:8f:e4:57:02:e3:d8:70:f8:7c:cb:88:
                    61:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:21:5A:B0:19:B4:11:85:CE:83:9C:0C:73:3C:AE:8B:58:3C:3F:BC
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/zCFasBm0EYXOg5wMczyui1g8P7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.240.0/22
                  168.199.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:b0:4c:f0:b8:d9:f4:5c:50:b0:a9:d0:dc:2b:f7:21:be:3d:
         0a:35:82:d8:0f:ad:a4:72:5f:47:e7:4a:36:ed:dd:7d:a2:9c:
         c6:3b:c7:43:b8:5e:64:55:46:a2:4f:10:c3:22:f7:62:ef:89:
         34:73:f8:21:cc:3e:2c:7b:59:c1:43:82:df:1e:8b:aa:15:80:
         7f:ff:b2:d7:5b:e4:5a:98:c2:f2:12:a6:98:6c:51:a1:e8:d7:
         0c:d8:b7:50:56:3e:b8:99:28:d5:a1:dc:5c:04:aa:dd:02:fb:
         b6:e4:59:50:46:a7:79:3d:da:d0:d1:73:be:17:ac:cc:36:af:
         88:a1:5d:8f:d5:de:df:09:eb:3d:39:46:35:6b:b4:bf:61:de:
         0e:18:39:e8:b8:42:eb:d2:20:d1:54:18:07:f3:b1:7f:14:46:
         77:0c:77:90:56:74:ca:e4:d9:b1:a7:96:1e:51:2f:fc:bd:d6:
         60:5a:07:0a:4a:61:59:0c:00:ba:be:04:8d:3d:dc:d7:2b:dc:
         29:58:69:48:41:f5:e8:be:df:be:75:d0:e8:8a:1d:90:98:9c:
         cb:81:ba:13:f1:02:80:8a:18:4f:8e:7e:3c:b3:90:b2:68:96:
         c7:9e:51:7e:b6:19:e1:8a:41:c9:6a:1a:e4:01:86:e8:4b:4f:
         bb:b5:1f:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRW8gkzBP0ahsVXzuKK6+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjUwMTAxMjM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzIxNWFiMDE5YjQxMTg1Y2U4MzljMGM3MzNjYWU4YjU4M2MzZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokdYeDfitTEXH/sFfFfXkEMMfQie
yDRhrSFY5iNqAeICekyO+JPYRhP+usE9UXvfHVpYogQ8G3QHYl3+wUutyOuVxd7P
jBcd7QATY4GH5jwyZvNwhY2V1Nn0J9qjhb0csnb2sHGZk20kE5fIY4MUQSQAyejj
B0dqcZgmsylwbX6iXcR7cvWaQ3Mop3yibCrFcNmyM2lSoa4dUZ0RarwESOcxOyH0
4c3CBmXTuad5X3dHC+CTmezy8kvwvPmPO52pqIYF/frDGKsl0I+YW8CEPUOKVDKA
zmwau84fnZHj/s8JXkiZ1KL5KQ3nXBETPDGuBGU6j+RXAuPYcPh8y4hhnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMwhWrAZtBGFzoOcDHM8rotYPD+8MB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvekNGYXNCbTBFWVhPZzV3TWN6eXVpMWc4UDd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCqMfwAwQC
qMf8MA0GCSqGSIb3DQEBCwUAA4IBAQAKsEzwuNn0XFCwqdDcK/chvj0KNYLYD62k
cl9H50o27d19opzGO8dDuF5kVUaiTxDDIvdi74k0c/ghzD4se1nBQ4LfHouqFYB/
/7LXW+RamMLyEqaYbFGh6NcM2LdQVj64mSjVodxcBKrdAvu25FlQRqd5PdrQ0XO+
F6zMNq+IoV2P1d7fCes9OUY1a7S/Yd4OGDnouELr0iDRVBgH87F/FEZ3DHeQVnTK
5Nmxp5YeUS/8vdZgWgcKSmFZDAC6vgSNPdzXK9wpWGlIQfXovt++ddDoih2QmJzL
gboT8QKAihhPjn48s5CyaJbHnlF+thnhikHJahrkAYboS0+7tR/H
-----END CERTIFICATE-----