Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/z9Z9t7kfWwit4I9_Rt9Xt7bo-ms.roa
File:                     z9Z9t7kfWwit4I9_Rt9Xt7bo-ms.roa (raw, json)
Hash identifier:          xjQ2gHL1Jh7hwOv5Vlv0kGkojGyyO/DQzH561lm74tc=
Subject key identifier:   CF:D6:7D:B7:B9:1F:5B:08:AD:E0:8F:7F:46:DF:57:B7:B6:E8:FA:6B
Certificate issuer:       /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial:       01942827AFAD0EB5FE7B52718EA9638B96B4
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/z9Z9t7kfWwit4I9_Rt9Xt7bo-ms.roa
Signing time:             Thu 02 Jan 2025 17:54:37 +0000
ROA not before:           Thu 02 Jan 2025 17:54:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44620
IP address blocks:        213.182.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:af:ad:0e:b5:fe:7b:52:71:8e:a9:63:8b:96:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
        Validity
            Not Before: Jan  2 17:54:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfd67db7b91f5b08ade08f7f46df57b7b6e8fa6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:71:59:24:8b:7c:8e:2b:d2:36:56:81:30:62:
                    a8:22:fb:06:d2:50:2e:7c:36:1a:f7:78:02:9b:c4:
                    b2:9f:2b:3b:81:b3:dc:cb:82:a3:90:21:35:02:9c:
                    1d:0f:bf:f8:74:64:e0:a4:de:28:81:a5:8d:fa:d1:
                    a7:4f:37:02:ab:ff:e6:b2:2e:56:4d:72:8d:81:cf:
                    e0:7d:35:0e:84:1e:c8:03:3d:dc:e9:2c:22:78:ea:
                    61:de:df:30:ac:a4:87:7e:2e:3d:68:40:85:99:1c:
                    3b:d6:22:54:02:43:e5:61:56:b5:f9:93:3d:78:e5:
                    90:69:3a:3d:dc:e0:ab:51:e0:1b:a2:6e:23:92:4a:
                    cd:44:9e:a9:36:b4:8a:b4:99:73:18:25:ea:7c:3a:
                    9f:c9:09:c0:e2:5d:7d:37:66:47:fb:23:e4:85:dc:
                    0f:b7:80:f0:9a:e1:c0:3b:49:f0:65:c1:3c:09:1e:
                    11:80:8c:9e:84:59:07:9e:5f:6e:56:ea:0e:81:4c:
                    a1:7c:9e:73:81:a4:6f:ff:d7:a1:37:38:3b:e5:0a:
                    f4:e3:fa:05:a9:43:97:17:88:34:ab:35:c9:44:97:
                    06:07:05:67:85:15:9d:2b:27:35:a7:43:fb:5e:69:
                    51:48:43:f9:a3:0d:07:79:5b:40:5e:0d:d6:70:ef:
                    b7:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:D6:7D:B7:B9:1F:5B:08:AD:E0:8F:7F:46:DF:57:B7:B6:E8:FA:6B
            X509v3 Authority Key Identifier:
                keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/z9Z9t7kfWwit4I9_Rt9Xt7bo-ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:20:b0:56:44:31:e4:c6:91:c1:49:42:eb:00:d9:e9:4d:12:
         e0:e0:22:06:74:cd:ea:c1:87:dc:52:9c:5e:84:30:60:7f:41:
         69:c8:95:87:ef:59:e6:ed:ec:4c:92:f0:ed:c3:2f:5f:d5:b9:
         d1:d2:18:da:27:74:46:76:eb:58:34:c2:bb:73:a8:2c:23:bc:
         7e:8a:2e:56:5b:3b:86:e3:6e:33:2b:e3:69:0e:e3:a4:72:9d:
         3d:d3:21:c5:d6:2b:01:2c:38:91:18:51:18:91:1d:16:9b:9d:
         70:6f:65:5d:6f:6a:27:e7:71:61:aa:a6:2c:4b:99:38:41:df:
         80:1b:df:82:8d:54:af:f4:1b:0a:1c:f3:b0:1e:51:63:ff:03:
         a3:77:cb:d7:50:40:01:19:e4:5e:7e:44:7f:92:10:71:60:ad:
         eb:3d:a3:3f:1d:e9:9e:1b:20:a6:3e:80:26:6d:a4:5c:54:d6:
         55:2b:f4:5c:75:6a:b1:f9:98:46:18:c1:14:78:c8:7a:65:91:
         d7:1f:a0:0a:6c:f6:26:7c:b5:07:16:9f:1a:61:89:a4:61:74:
         c7:00:5f:8c:90:36:34:2d:9c:9c:12:d4:af:00:9e:15:e5:e3:
         95:48:db:a3:04:d5:20:a6:53:9d:4d:6b:88:7c:dc:ff:d0:e2:
         31:37:de:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ6+tDrX+e1Jxjqlji5a0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwMTAyMTc1NDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmQ2N2RiN2I5MWY1YjA4YWRlMDhmN2Y0NmRmNTdiN2I2ZThmYTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXFZJIt8jivSNlaBMGKoIvsG0lAu
fDYa93gCm8Synys7gbPcy4KjkCE1ApwdD7/4dGTgpN4ogaWN+tGnTzcCq//msi5W
TXKNgc/gfTUOhB7IAz3c6SwieOph3t8wrKSHfi49aECFmRw71iJUAkPlYVa1+ZM9
eOWQaTo93OCrUeAbom4jkkrNRJ6pNrSKtJlzGCXqfDqfyQnA4l19N2ZH+yPkhdwP
t4DwmuHAO0nwZcE8CR4RgIyehFkHnl9uVuoOgUyhfJ5zgaRv/9ehNzg75Qr04/oF
qUOXF4g0qzXJRJcGBwVnhRWdKyc1p0P7XmlRSEP5ow0HeVtAXg3WcO+3yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/Wfbe5H1sIreCPf0bfV7e26PprMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvejlaOXQ3a2ZXd2l0NEk5X1J0OVh0N2JvLW1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bbeMA0G
CSqGSIb3DQEBCwUAA4IBAQAZILBWRDHkxpHBSULrANnpTRLg4CIGdM3qwYfcUpxe
hDBgf0FpyJWH71nm7exMkvDtwy9f1bnR0hjaJ3RGdutYNMK7c6gsI7x+ii5WWzuG
424zK+NpDuOkcp090yHF1isBLDiRGFEYkR0Wm51wb2Vdb2on53FhqqYsS5k4Qd+A
G9+CjVSv9BsKHPOwHlFj/wOjd8vXUEABGeRefkR/khBxYK3rPaM/HemeGyCmPoAm
baRcVNZVK/RcdWqx+ZhGGMEUeMh6ZZHXH6AKbPYmfLUHFp8aYYmkYXTHAF+MkDY0
LZycEtSvAJ4V5eOVSNujBNUgplOdTWuIfNz/0OIxN94t
-----END CERTIFICATE-----