Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/d1791d-1c94-42e6-9e3c-67acd2c88051/1/ZFMFiXOWwPj8k4IMO6NkGD3u9_Y.roa
File:                     ZFMFiXOWwPj8k4IMO6NkGD3u9_Y.roa (raw, json)
Hash identifier:          d308Fz0xAcOGQMBvbHe9umSC8kJ11mxoDxfXwvbWkEI=
Subject key identifier:   64:53:05:89:73:96:C0:F8:FC:93:82:0C:3B:A3:64:18:3D:EE:F7:F6
Certificate issuer:       /CN=3617c0659666985e185d84121e8c20a3644ea98d
Certificate serial:       019420D60F5FFA3FD428C2B1AFFC374A3F27
Authority key identifier: 36:17:C0:65:96:66:98:5E:18:5D:84:12:1E:8C:20:A3:64:4E:A9:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NhfAZZZmmF4YXYQSHowgo2ROqY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/d1791d-1c94-42e6-9e3c-67acd2c88051/1/ZFMFiXOWwPj8k4IMO6NkGD3u9_Y.roa
Signing time:             Wed 01 Jan 2025 07:48:07 +0000
ROA not before:           Wed 01 Jan 2025 07:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        193.57.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/d1791d-1c94-42e6-9e3c-67acd2c88051/1/NhfAZZZmmF4YXYQSHowgo2ROqY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/d1791d-1c94-42e6-9e3c-67acd2c88051/1/NhfAZZZmmF4YXYQSHowgo2ROqY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NhfAZZZmmF4YXYQSHowgo2ROqY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 07:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:0f:5f:fa:3f:d4:28:c2:b1:af:fc:37:4a:3f:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3617c0659666985e185d84121e8c20a3644ea98d
        Validity
            Not Before: Jan  1 07:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=645305897396c0f8fc93820c3ba364183deef7f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1e:fb:c2:5c:28:84:28:79:e0:8f:59:b0:ee:
                    fc:27:be:d6:0e:85:1c:a5:82:a4:8f:66:1a:2b:d3:
                    e7:08:1a:7c:7c:4e:a4:57:f1:85:71:e0:43:21:b5:
                    b8:08:5d:3d:36:d2:4f:07:49:02:b4:55:f9:81:05:
                    c8:93:94:19:42:20:d1:44:60:66:b0:a1:a3:08:37:
                    72:7f:b7:ce:be:15:2d:b7:1f:33:95:11:a8:81:4a:
                    7d:a2:21:77:e8:b1:bb:89:1d:82:49:3f:f9:a6:79:
                    8a:c9:99:3f:a1:25:1e:48:44:0c:c6:31:ba:38:00:
                    85:fe:b6:24:d5:82:cd:78:8b:89:d0:55:a8:48:ce:
                    c9:f9:36:70:52:e9:2c:74:db:e9:c1:28:46:f4:2a:
                    76:02:bd:c6:ef:3a:d3:06:3e:87:45:2b:4f:94:26:
                    bc:bd:8a:1f:f9:72:c7:49:10:d3:e5:92:b3:0a:06:
                    07:45:1c:06:c2:40:52:07:ac:81:6c:d2:86:21:da:
                    8a:b4:7c:e3:1c:8c:79:7b:d0:b1:e4:ae:c7:d6:8b:
                    62:e2:1b:37:88:b2:6d:1d:d7:97:fc:08:a1:5b:fe:
                    f5:fb:ac:30:a9:e2:cd:30:93:eb:f4:24:2e:fe:04:
                    4a:93:8d:4b:2c:4f:e6:df:1e:fc:a6:b6:31:9a:05:
                    8c:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:53:05:89:73:96:C0:F8:FC:93:82:0C:3B:A3:64:18:3D:EE:F7:F6
            X509v3 Authority Key Identifier:
                keyid:36:17:C0:65:96:66:98:5E:18:5D:84:12:1E:8C:20:A3:64:4E:A9:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NhfAZZZmmF4YXYQSHowgo2ROqY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d1791d-1c94-42e6-9e3c-67acd2c88051/1/ZFMFiXOWwPj8k4IMO6NkGD3u9_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d1791d-1c94-42e6-9e3c-67acd2c88051/1/NhfAZZZmmF4YXYQSHowgo2ROqY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:f4:53:01:a3:c9:b3:c7:91:24:9f:08:8e:8a:38:b9:8d:b8:
         a0:0c:f7:9e:30:f7:1d:71:32:ea:c8:7c:11:ef:f3:b1:2d:70:
         2d:5b:32:c4:43:ae:7b:95:e6:fa:f5:65:f1:16:51:e2:c7:1b:
         f9:90:ab:65:22:b3:81:cc:36:b1:54:19:be:7e:58:4f:e1:cc:
         9a:82:65:a7:9c:66:11:fa:21:d2:28:b9:80:96:c3:c4:99:c4:
         a6:dd:b5:ef:2d:15:e2:9c:66:bc:cb:3d:5c:63:09:c7:50:42:
         62:80:4c:98:4d:01:b7:98:90:f9:76:00:ae:3f:28:98:20:9d:
         f5:0c:49:1a:e2:be:ac:a8:af:a8:13:90:e3:f0:52:5a:ca:95:
         f4:5b:72:24:cc:2f:ad:6b:a3:a0:aa:10:ea:b4:3e:ce:6c:eb:
         db:d8:0d:16:8f:38:dc:3d:cc:46:9c:c6:7a:f0:5b:ff:ec:d3:
         df:89:d5:16:45:e3:39:64:b3:bd:35:ba:ed:6a:8a:ef:55:e6:
         2d:52:cb:12:45:fa:2c:a4:c7:62:bd:c8:b1:f2:1e:0b:e3:7a:
         54:48:c1:62:53:2f:4c:13:81:fd:28:b9:28:ed:59:2c:6a:f5:
         aa:f4:2d:ac:9a:ad:50:98:81:e7:f1:f8:ab:59:6c:0c:e3:1a:
         6a:22:64:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1g9f+j/UKMKxr/w3Sj8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MTdjMDY1OTY2Njk4NWUxODVkODQxMjFlOGMyMGEzNjQ0
ZWE5OGQwHhcNMjUwMTAxMDc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDUzMDU4OTczOTZjMGY4ZmM5MzgyMGMzYmEzNjQxODNkZWVmN2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvx77wlwohCh54I9ZsO78J77WDoUc
pYKkj2YaK9PnCBp8fE6kV/GFceBDIbW4CF09NtJPB0kCtFX5gQXIk5QZQiDRRGBm
sKGjCDdyf7fOvhUttx8zlRGogUp9oiF36LG7iR2CST/5pnmKyZk/oSUeSEQMxjG6
OACF/rYk1YLNeIuJ0FWoSM7J+TZwUuksdNvpwShG9Cp2Ar3G7zrTBj6HRStPlCa8
vYof+XLHSRDT5ZKzCgYHRRwGwkBSB6yBbNKGIdqKtHzjHIx5e9Cx5K7H1oti4hs3
iLJtHdeX/AihW/71+6wwqeLNMJPr9CQu/gRKk41LLE/m3x78prYxmgWMIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRTBYlzlsD4/JOCDDujZBg97vf2MB8GA1UdIwQY
MBaAFDYXwGWWZpheGF2EEh6MIKNkTqmNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhmQVpaWm1tRjRZWFlRU0hvd2dvMlJPcVkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9kMTc5MWQtMWM5NC00MmU2LTllM2Mt
NjdhY2QyYzg4MDUxLzEvWkZNRmlYT1d3UGo4azRJTU82TmtHRDN1OV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9kMTc5MWQtMWM5NC00MmU2LTllM2MtNjdhY2QyYzg4MDUx
LzEvTmhmQVpaWm1tRjRZWFlRU0hvd2dvMlJPcVkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTk4MA0G
CSqGSIb3DQEBCwUAA4IBAQBN9FMBo8mzx5EknwiOiji5jbigDPeeMPcdcTLqyHwR
7/OxLXAtWzLEQ657leb69WXxFlHixxv5kKtlIrOBzDaxVBm+flhP4cyagmWnnGYR
+iHSKLmAlsPEmcSm3bXvLRXinGa8yz1cYwnHUEJigEyYTQG3mJD5dgCuPyiYIJ31
DEka4r6sqK+oE5Dj8FJaypX0W3IkzC+ta6OgqhDqtD7ObOvb2A0WjzjcPcxGnMZ6
8Fv/7NPfidUWReM5ZLO9NbrtaorvVeYtUssSRfospMdivcix8h4L43pUSMFiUy9M
E4H9KLko7VksavWq9C2smq1QmIHn8firWWwM4xpqImSh
-----END CERTIFICATE-----