Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZXsma1iDPFggNdaZxTDnGMVQtUE.roa
File:                     ZXsma1iDPFggNdaZxTDnGMVQtUE.roa (raw, json)
Hash identifier:          vbX/w20dRBLSeyHflZ/lZ2WTH3K4HEFByB2Hih61TIs=
Subject key identifier:   65:7B:26:6B:58:83:3C:58:20:35:D6:99:C5:30:E7:18:C5:50:B5:41
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01942143F2E44A82E0D4D049955EB25FB65E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZXsma1iDPFggNdaZxTDnGMVQtUE.roa
Signing time:             Wed 01 Jan 2025 09:48:08 +0000
ROA not before:           Wed 01 Jan 2025 09:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62816
IP address blocks:        82.153.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f2:e4:4a:82:e0:d4:d0:49:95:5e:b2:5f:b6:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 09:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=657b266b58833c582035d699c530e718c550b541
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2c:e0:e9:fa:58:ad:35:bc:c7:44:e7:55:16:
                    fc:73:c9:b5:e1:5d:5d:1a:71:20:06:5e:2c:00:39:
                    a1:60:ff:9f:b8:8c:df:5b:f8:27:0c:23:70:63:d2:
                    73:52:9e:0d:5d:b9:d9:34:8d:79:e9:e2:ce:36:61:
                    f8:f8:fe:69:79:77:97:09:d2:1c:3f:80:85:77:82:
                    d3:9b:6c:7d:31:5c:c6:d9:85:fa:47:d0:ce:c7:ee:
                    64:f9:20:bd:e2:4b:ee:d6:69:32:27:d8:95:2e:ab:
                    17:f1:a5:c2:3a:e8:d0:12:58:69:ce:f7:52:09:13:
                    3d:24:4f:d5:85:bc:cd:ad:5b:76:78:cc:88:d6:ad:
                    7f:bb:c6:67:10:22:a7:61:dc:c4:eb:af:ca:af:81:
                    a9:a6:3a:e5:5b:ce:7f:7e:35:ff:c2:92:e7:7c:5c:
                    27:93:ad:96:a1:3b:aa:84:81:09:2b:62:8b:76:70:
                    fa:38:6a:fb:96:22:06:6b:c0:3d:cf:08:d8:2c:b6:
                    2a:fc:54:7a:d1:49:9a:8c:b1:fd:cf:4f:1d:a0:cc:
                    8c:ad:f4:1f:08:65:96:7d:49:b8:4d:c5:00:ab:aa:
                    c4:f4:52:04:d9:f3:6f:ba:12:0a:75:a4:64:ea:2f:
                    b3:c3:ed:09:88:12:fc:9b:0a:13:63:ec:9b:98:fd:
                    c7:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:7B:26:6B:58:83:3C:58:20:35:D6:99:C5:30:E7:18:C5:50:B5:41
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZXsma1iDPFggNdaZxTDnGMVQtUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.153.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:fe:40:70:0e:1f:47:88:05:a6:74:85:97:c8:7c:82:17:6f:
         12:68:ed:7b:01:93:7f:ef:2a:db:e5:bf:0a:b0:a2:ca:94:62:
         7b:cc:7b:ad:c1:bf:9d:60:62:5b:4e:30:70:35:85:16:69:e2:
         3f:aa:72:06:18:f7:27:58:f5:de:ce:56:6e:c2:2f:15:13:d1:
         0f:25:3c:f5:be:cf:b3:43:cb:56:7b:e5:7a:84:fd:a0:28:52:
         fa:33:24:7e:ef:8d:11:6d:46:04:e3:cf:6c:9f:b1:2d:48:26:
         c5:a2:3d:57:c9:b0:c8:d4:fc:93:fd:19:cd:dd:b1:ad:89:37:
         56:4b:c4:69:fa:54:cb:f6:a4:b4:53:a9:94:ed:d5:59:ea:23:
         b4:90:1d:28:28:d1:da:53:d4:ab:42:49:fc:c2:f8:09:61:91:
         48:bd:95:a5:7f:d3:11:18:c7:0b:7a:0c:98:66:84:ec:32:e9:
         5b:4a:9a:0d:26:3a:f4:7f:1b:5b:30:5e:59:30:3b:92:35:0a:
         e5:43:b6:84:29:24:cc:a9:38:f6:bf:84:3a:33:cb:6a:ba:6d:
         e4:1c:d7:5f:91:84:b9:fd:72:8a:51:ed:61:82:f8:45:48:27:
         84:aa:5d:56:2d:62:31:70:4b:07:21:ff:46:be:23:d5:80:8d:
         70:66:ac:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/LkSoLg1NBJlV6yX7ZeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTdiMjY2YjU4ODMzYzU4MjAzNWQ2OTljNTMwZTcxOGM1NTBiNTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCzg6fpYrTW8x0TnVRb8c8m14V1d
GnEgBl4sADmhYP+fuIzfW/gnDCNwY9JzUp4NXbnZNI156eLONmH4+P5peXeXCdIc
P4CFd4LTm2x9MVzG2YX6R9DOx+5k+SC94kvu1mkyJ9iVLqsX8aXCOujQElhpzvdS
CRM9JE/VhbzNrVt2eMyI1q1/u8ZnECKnYdzE66/Kr4GppjrlW85/fjX/wpLnfFwn
k62WoTuqhIEJK2KLdnD6OGr7liIGa8A9zwjYLLYq/FR60UmajLH9z08doMyMrfQf
CGWWfUm4TcUAq6rE9FIE2fNvuhIKdaRk6i+zw+0JiBL8mwoTY+ybmP3H4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGV7JmtYgzxYIDXWmcUw5xjFULVBMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWlhzbWExaURQRmdnTmRhWnhURG5HTVZRdFVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpnjMA0G
CSqGSIb3DQEBCwUAA4IBAQAL/kBwDh9HiAWmdIWXyHyCF28SaO17AZN/7yrb5b8K
sKLKlGJ7zHutwb+dYGJbTjBwNYUWaeI/qnIGGPcnWPXezlZuwi8VE9EPJTz1vs+z
Q8tWe+V6hP2gKFL6MyR+740RbUYE489sn7EtSCbFoj1XybDI1PyT/RnN3bGtiTdW
S8Rp+lTL9qS0U6mU7dVZ6iO0kB0oKNHaU9SrQkn8wvgJYZFIvZWlf9MRGMcLegyY
ZoTsMulbSpoNJjr0fxtbMF5ZMDuSNQrlQ7aEKSTMqTj2v4Q6M8tqum3kHNdfkYS5
/XKKUe1hgvhFSCeEql1WLWIxcEsHIf9GviPVgI1wZqzT
-----END CERTIFICATE-----