Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/ZovzMlbHa6h-Fl7gDQG_Zq7WfR4.roa
File:                     ZovzMlbHa6h-Fl7gDQG_Zq7WfR4.roa (raw, json)
Hash identifier:          H/iI+5AR6wdmCN1X+mmy0vutxGeF8cVAtih493U1ycg=
Subject key identifier:   66:8B:F3:32:56:C7:6B:A8:7E:16:5E:E0:0D:01:BF:66:AE:D6:7D:1E
Certificate issuer:       /CN=856f0c90073afb8ecde7e83409ceabdb93b41a4e
Certificate serial:       01942444BEFCA7A17F44E03312757E5A761A
Authority key identifier: 85:6F:0C:90:07:3A:FB:8E:CD:E7:E8:34:09:CE:AB:DB:93:B4:1A:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hW8MkAc6-47N5-g0Cc6r25O0Gk4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/ZovzMlbHa6h-Fl7gDQG_Zq7WfR4.roa
Signing time:             Wed 01 Jan 2025 23:47:52 +0000
ROA not before:           Wed 01 Jan 2025 23:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24940
IP address blocks:        185.110.95.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/hW8MkAc6-47N5-g0Cc6r25O0Gk4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/hW8MkAc6-47N5-g0Cc6r25O0Gk4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hW8MkAc6-47N5-g0Cc6r25O0Gk4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:be:fc:a7:a1:7f:44:e0:33:12:75:7e:5a:76:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=856f0c90073afb8ecde7e83409ceabdb93b41a4e
        Validity
            Not Before: Jan  1 23:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=668bf33256c76ba87e165ee00d01bf66aed67d1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ec:83:3b:8a:f8:8d:f5:a0:38:0e:37:8b:60:
                    2b:a5:f8:34:72:54:cd:d2:6a:fe:88:e3:9c:75:c4:
                    aa:13:9a:2f:81:3b:d6:e0:00:1f:76:a1:ee:20:20:
                    61:c5:5a:00:72:82:db:04:50:fa:98:09:98:ee:d7:
                    8d:0b:20:4d:03:8c:18:40:d3:55:d9:63:cd:96:24:
                    a5:23:96:ca:be:32:97:52:8d:ae:ef:62:3c:0e:bd:
                    f6:46:bb:ed:46:07:63:34:c4:3d:06:d3:57:71:af:
                    5b:22:8d:c4:b7:dd:e9:2b:1a:ac:aa:c3:52:44:74:
                    69:2c:2c:90:a0:c0:6b:fb:32:77:1e:39:96:56:c1:
                    e9:2d:25:be:fe:7d:61:71:b5:9c:28:90:d8:3a:7f:
                    8b:c5:8c:fd:f9:bb:8c:9d:f8:2d:0d:92:67:61:bf:
                    33:d5:ce:f5:c9:7d:4b:cb:b2:2f:3b:14:1a:23:d6:
                    2b:5b:08:9d:bc:32:da:1a:f6:fc:2f:16:18:cd:58:
                    91:a3:6b:9a:7e:35:e5:22:18:56:07:f5:e1:a8:62:
                    a2:a5:02:03:df:32:80:e5:9b:f3:32:bf:8c:2e:69:
                    09:aa:98:e4:91:54:2e:e5:7e:5d:af:06:f8:af:58:
                    d0:27:c1:07:66:15:eb:27:91:15:b7:ca:dc:f7:5f:
                    a3:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:8B:F3:32:56:C7:6B:A8:7E:16:5E:E0:0D:01:BF:66:AE:D6:7D:1E
            X509v3 Authority Key Identifier:
                keyid:85:6F:0C:90:07:3A:FB:8E:CD:E7:E8:34:09:CE:AB:DB:93:B4:1A:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hW8MkAc6-47N5-g0Cc6r25O0Gk4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/ZovzMlbHa6h-Fl7gDQG_Zq7WfR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/hW8MkAc6-47N5-g0Cc6r25O0Gk4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:79:1c:2c:a5:7d:f2:5e:67:ac:e7:33:0b:b3:14:ae:85:61:
         16:00:08:76:ff:bb:93:f4:64:0f:b7:ec:f5:25:ef:6e:31:e6:
         07:28:b4:0f:ff:ca:c7:71:9c:e8:f9:6c:8d:c3:e1:1d:c7:e9:
         e5:5a:88:63:d5:3b:2e:7e:77:8d:9c:ae:3f:dd:c5:6b:07:98:
         36:03:58:ba:17:a6:72:f2:8e:77:72:bc:96:8c:18:9a:29:ff:
         cd:05:a5:07:34:fb:e7:54:e7:7d:7d:90:37:f2:5f:81:be:68:
         d1:c8:05:e5:15:b5:4f:a4:59:0e:cc:2f:c8:fb:ff:64:5a:3b:
         6c:50:56:17:7e:f1:c5:05:1e:78:b0:6d:9e:8c:03:e3:85:51:
         0d:9a:7c:ed:0e:53:8a:87:62:3d:3f:a0:48:74:31:92:56:c4:
         84:08:3f:d2:68:3a:67:c2:1d:c2:b9:16:f9:2f:78:02:71:91:
         af:ae:a8:57:7f:97:5e:f6:9b:a2:33:4c:c8:5b:d1:d9:19:c8:
         30:ad:b8:1d:59:84:72:cd:fe:94:c8:44:6f:f0:fa:e2:5e:38:
         0e:e2:b5:09:da:76:3f:e5:ee:b5:10:00:18:16:c8:88:91:3e:
         4c:53:98:c6:24:ed:c5:8d:7c:fd:07:95:7d:06:ba:b6:2c:76:
         24:91:97:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRL78p6F/ROAzEnV+WnYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NmYwYzkwMDczYWZiOGVjZGU3ZTgzNDA5Y2VhYmRiOTNi
NDFhNGUwHhcNMjUwMTAxMjM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjhiZjMzMjU2Yzc2YmE4N2UxNjVlZTAwZDAxYmY2NmFlZDY3ZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquyDO4r4jfWgOA43i2Arpfg0clTN
0mr+iOOcdcSqE5ovgTvW4AAfdqHuICBhxVoAcoLbBFD6mAmY7teNCyBNA4wYQNNV
2WPNliSlI5bKvjKXUo2u72I8Dr32RrvtRgdjNMQ9BtNXca9bIo3Et93pKxqsqsNS
RHRpLCyQoMBr+zJ3HjmWVsHpLSW+/n1hcbWcKJDYOn+LxYz9+buMnfgtDZJnYb8z
1c71yX1Ly7IvOxQaI9YrWwidvDLaGvb8LxYYzViRo2uafjXlIhhWB/XhqGKipQID
3zKA5ZvzMr+MLmkJqpjkkVQu5X5drwb4r1jQJ8EHZhXrJ5EVt8rc91+j+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGaL8zJWx2uofhZe4A0Bv2au1n0eMB8GA1UdIwQY
MBaAFIVvDJAHOvuOzefoNAnOq9uTtBpOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFc4TWtBYzYtNDdONS1nMENjNnIyNU8wR2s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8yMDQyNjgtNjA3OC00YjUzLTk0ZDIt
NDRmZGU5NmI4YWVjLzEvWm92ek1sYkhhNmgtRmw3Z0RRR19acTdXZlI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8yMDQyNjgtNjA3OC00YjUzLTk0ZDItNDRmZGU5NmI4YWVj
LzEvaFc4TWtBYzYtNDdONS1nMENjNnIyNU8wR2s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW5fMA0G
CSqGSIb3DQEBCwUAA4IBAQCZeRwspX3yXmes5zMLsxSuhWEWAAh2/7uT9GQPt+z1
Je9uMeYHKLQP/8rHcZzo+WyNw+Edx+nlWohj1TsufneNnK4/3cVrB5g2A1i6F6Zy
8o53cryWjBiaKf/NBaUHNPvnVOd9fZA38l+BvmjRyAXlFbVPpFkOzC/I+/9kWjts
UFYXfvHFBR54sG2ejAPjhVENmnztDlOKh2I9P6BIdDGSVsSECD/SaDpnwh3CuRb5
L3gCcZGvrqhXf5de9puiM0zIW9HZGcgwrbgdWYRyzf6UyERv8PriXjgO4rUJ2nY/
5e61EAAYFsiIkT5MU5jGJO3FjXz9B5V9Brq2LHYkkZd0
-----END CERTIFICATE-----