Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/ZhlMSwf3_ZJIBXJaWSn_aND6IvY.roa
File:                     ZhlMSwf3_ZJIBXJaWSn_aND6IvY.roa (raw, json)
Hash identifier:          I3W7A3cWQn7Ae7Qv1tAEghjtV2ZOTEutRM33xiC+rN4=
Subject key identifier:   66:19:4C:4B:07:F7:FD:92:48:05:72:5A:59:29:FF:68:D0:FA:22:F6
Certificate issuer:       /CN=ceb5929361e1d0de160b871f29bdd5a4040ca111
Certificate serial:       01942521E8B59EF818118291AA2ED00C9296
Authority key identifier: CE:B5:92:93:61:E1:D0:DE:16:0B:87:1F:29:BD:D5:A4:04:0C:A1:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/ZhlMSwf3_ZJIBXJaWSn_aND6IvY.roa
Signing time:             Thu 02 Jan 2025 03:49:26 +0000
ROA not before:           Thu 02 Jan 2025 03:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        134.106.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:e8:b5:9e:f8:18:11:82:91:aa:2e:d0:0c:92:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ceb5929361e1d0de160b871f29bdd5a4040ca111
        Validity
            Not Before: Jan  2 03:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66194c4b07f7fd924805725a5929ff68d0fa22f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:0b:d3:75:2c:22:b2:47:62:db:55:a4:a0:a3:
                    38:fc:f7:e5:d3:f3:a5:e5:6a:b8:2b:b5:82:40:ec:
                    e6:f2:16:3a:5e:08:a4:f1:d8:85:a7:a0:63:54:a4:
                    69:d8:6a:0f:aa:b1:e3:90:69:64:a5:2c:00:c8:3c:
                    d3:4e:36:0b:c3:af:ae:d4:eb:aa:b5:ed:0d:4c:c5:
                    2b:58:18:e9:4f:06:ce:32:b7:24:d7:94:3e:17:83:
                    fd:7a:9d:3e:c5:6f:f0:1e:d4:96:0f:78:f0:c6:02:
                    22:44:88:bc:7e:28:a9:4c:7d:97:99:92:da:88:14:
                    cb:02:dd:07:40:cb:ed:4e:cb:72:b9:81:99:ac:a3:
                    f7:67:68:32:78:76:87:43:88:88:cb:9f:fd:9d:37:
                    e7:68:7a:8e:b8:a8:20:6e:ed:df:c9:43:c4:b6:a9:
                    dc:c2:dc:fe:87:12:1c:d8:9f:65:b2:78:31:cd:0d:
                    0d:60:2f:a3:e0:fd:5a:02:58:f1:57:31:1b:75:7b:
                    87:d1:62:09:89:5f:52:a3:c3:79:c9:31:d9:09:3e:
                    bd:15:e4:7b:3d:9d:24:fe:a4:2d:75:82:6d:00:96:
                    20:31:48:62:42:fa:de:de:7a:1e:53:b3:3e:a1:de:
                    d8:ea:60:51:22:38:15:13:82:f8:8b:38:bb:76:8d:
                    ec:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:19:4C:4B:07:F7:FD:92:48:05:72:5A:59:29:FF:68:D0:FA:22:F6
            X509v3 Authority Key Identifier:
                keyid:CE:B5:92:93:61:E1:D0:DE:16:0B:87:1F:29:BD:D5:A4:04:0C:A1:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/ZhlMSwf3_ZJIBXJaWSn_aND6IvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d4dded-c510-477c-8fad-f616f0094b14/1/zrWSk2Hh0N4WC4cfKb3VpAQMoRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.106.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         bd:30:9b:ed:74:d0:8b:34:e9:01:14:5e:ce:e0:cb:19:d4:f1:
         ba:ff:d5:bb:8c:58:2b:df:88:e0:a3:2d:64:ec:bb:d6:4d:fc:
         93:58:1b:14:07:b9:25:3b:ae:e9:50:41:1c:a2:cf:ec:1c:ac:
         cd:e1:98:6d:35:d8:b9:22:88:c0:65:e7:23:ff:0f:1b:4d:38:
         a1:25:bc:dc:01:c0:b3:39:be:0c:3b:06:79:82:ce:ca:d0:dc:
         21:bc:60:4b:1d:61:70:8d:8a:8a:19:b1:c7:41:1e:b5:ce:e6:
         b8:19:c3:e6:8b:67:68:02:e8:60:24:a3:43:b2:ba:1c:f6:21:
         05:80:fa:85:15:52:65:79:c3:29:a3:e0:af:7d:64:9e:72:8d:
         0c:72:36:a0:65:f5:9d:3f:03:1c:09:7f:4c:e6:39:89:22:c2:
         01:20:7e:9d:73:63:17:8e:1a:25:72:35:4d:08:0a:91:98:7d:
         04:b3:43:70:6d:f7:11:28:f9:b6:52:8b:fb:23:98:91:f2:2a:
         f4:87:b7:3d:39:0f:54:5b:5f:dc:14:75:3c:c6:85:7a:37:cf:
         8c:ca:87:bf:64:96:61:49:e5:c6:bc:58:95:44:47:ec:89:9b:
         01:b4:68:09:01:01:90:53:fe:9a:2c:ba:45:a1:5a:74:22:61:
         af:ed:60:bd
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQlIei1nvgYEYKRqi7QDJKWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjU5MjkzNjFlMWQwZGUxNjBiODcxZjI5YmRkNWE0MDQw
Y2ExMTEwHhcNMjUwMTAyMDM0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjE5NGM0YjA3ZjdmZDkyNDgwNTcyNWE1OTI5ZmY2OGQwZmEyMmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6AvTdSwiskdi21WkoKM4/Pfl0/Ol
5Wq4K7WCQOzm8hY6Xgik8diFp6BjVKRp2GoPqrHjkGlkpSwAyDzTTjYLw6+u1Ouq
te0NTMUrWBjpTwbOMrck15Q+F4P9ep0+xW/wHtSWD3jwxgIiRIi8fiipTH2XmZLa
iBTLAt0HQMvtTstyuYGZrKP3Z2gyeHaHQ4iIy5/9nTfnaHqOuKggbu3fyUPEtqnc
wtz+hxIc2J9lsngxzQ0NYC+j4P1aAljxVzEbdXuH0WIJiV9So8N5yTHZCT69FeR7
PZ0k/qQtdYJtAJYgMUhiQvre3noeU7M+od7Y6mBRIjgVE4L4izi7do3s+QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGYZTEsH9/2SSAVyWlkp/2jQ+iL2MB8GA1UdIwQY
MBaAFM61kpNh4dDeFguHHym91aQEDKERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJXU2sySGgwTjRXQzRjZktiM1ZwQVFNb1JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kNGRkZWQtYzUxMC00NzdjLThmYWQt
ZjYxNmYwMDk0YjE0LzEvWmhsTVN3ZjNfWkpJQlhKYVdTbl9hTkQ2SXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kNGRkZWQtYzUxMC00NzdjLThmYWQtZjYxNmYwMDk0YjE0
LzEvenJXU2sySGgwTjRXQzRjZktiM1ZwQVFNb1JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhmowDQYJ
KoZIhvcNAQELBQADggEBAL0wm+100Is06QEUXs7gyxnU8br/1buMWCvfiOCjLWTs
u9ZN/JNYGxQHuSU7rulQQRyiz+wcrM3hmG012LkiiMBl5yP/DxtNOKElvNwBwLM5
vgw7BnmCzsrQ3CG8YEsdYXCNiooZscdBHrXO5rgZw+aLZ2gC6GAko0Oyuhz2IQWA
+oUVUmV5wymj4K99ZJ5yjQxyNqBl9Z0/AxwJf0zmOYkiwgEgfp1zYxeOGiVyNU0I
CpGYfQSzQ3Bt9xEo+bZSi/sjmJHyKvSHtz05D1RbX9wUdTzGhXo3z4zKh79klmFJ
5ca8WJVER+yJmwG0aAkBAZBT/posukWhWnQiYa/tYL0=
-----END CERTIFICATE-----