Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/z3PW_VUfdNmu3A4TEk1zt1q9ZYk.roa
File:                     z3PW_VUfdNmu3A4TEk1zt1q9ZYk.roa (raw, json)
Hash identifier:          xwu6GO42Wr12F5GQ2WOwoHLpOkrE/2W0/dsKBy2/TSs=
Subject key identifier:   CF:73:D6:FD:55:1F:74:D9:AE:DC:0E:13:12:4D:73:B7:5A:BD:65:89
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       0195A352D694C0451CB85287FC88278C1730
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/z3PW_VUfdNmu3A4TEk1zt1q9ZYk.roa
Signing time:             Mon 17 Mar 2025 08:57:49 +0000
ROA not before:           Mon 17 Mar 2025 08:57:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197343
IP address blocks:        5.56.128.0/22 maxlen: 22
                          37.32.40.0/22 maxlen: 24
                          37.32.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 12:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a3:52:d6:94:c0:45:1c:b8:52:87:fc:88:27:8c:17:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Mar 17 08:57:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf73d6fd551f74d9aedc0e13124d73b75abd6589
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:38:ed:5d:ed:61:e6:33:c1:53:60:ff:d3:66:
                    e7:ea:a0:0f:59:e2:b1:c6:b3:b9:d1:f2:a0:8d:4a:
                    f6:52:3f:9b:ed:77:b5:c1:e3:dc:ad:c3:55:1e:bd:
                    df:8d:83:10:74:b0:0a:de:37:4d:8a:99:99:4d:97:
                    46:94:16:f6:37:bb:75:29:88:62:a6:fa:d0:ee:ff:
                    1e:ce:12:77:a6:18:d5:0f:26:4f:3c:a1:d1:53:1d:
                    f2:0f:5b:28:ce:7e:90:cc:53:6e:e2:bc:c1:03:57:
                    60:96:58:f8:70:57:0d:2a:b7:72:1d:07:f5:6d:41:
                    95:cc:f4:d0:7e:56:75:2e:e2:b3:23:cb:1e:be:bb:
                    09:68:d3:01:43:86:05:4a:f0:da:40:ec:94:6e:96:
                    3f:b6:61:9a:88:ea:d7:47:6f:62:04:e9:ac:20:20:
                    56:39:9a:03:f2:d4:4a:4b:14:45:1e:2b:ff:df:74:
                    da:fc:ca:90:61:15:c4:bc:10:74:f0:61:52:84:dc:
                    06:9c:b7:52:b9:01:f1:e5:c3:ce:ec:0d:e3:52:fc:
                    34:95:49:c2:4d:ff:18:72:01:dc:1c:cc:47:c5:97:
                    bd:64:72:c6:50:d5:5d:00:ff:cb:88:af:de:e3:f5:
                    2a:eb:51:b1:ff:c7:9d:53:ac:87:b0:ff:79:9f:cd:
                    d7:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:73:D6:FD:55:1F:74:D9:AE:DC:0E:13:12:4D:73:B7:5A:BD:65:89
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/z3PW_VUfdNmu3A4TEk1zt1q9ZYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.128.0/22
                  37.32.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d3:36:c5:41:85:a1:9a:ed:97:dc:39:95:47:d5:c4:b6:4f:e6:
         5e:58:6c:ae:bf:e0:a9:15:4e:1b:22:5c:e6:b5:30:e3:0f:d7:
         33:f4:c6:16:98:71:0b:9e:b3:1e:77:ea:2b:25:aa:b8:9f:07:
         73:5e:43:64:da:2a:7d:f4:17:b3:3f:48:7f:b8:03:2f:55:81:
         de:08:3e:94:8c:af:18:89:5a:44:0f:e3:25:4f:f5:21:72:91:
         70:2e:48:8e:dd:be:9b:46:5f:96:a0:35:5a:43:8e:bb:bc:9f:
         fb:67:ca:86:69:83:fe:bd:41:10:b9:f4:d2:1a:09:65:33:c8:
         00:d0:01:95:04:ac:12:ad:51:7d:52:94:ce:81:f0:05:54:04:
         52:48:67:d3:c4:4a:a6:a0:1e:40:b5:86:82:3e:98:a5:86:ca:
         09:d5:66:28:eb:4f:bd:4c:07:a8:89:7e:3d:ff:c6:d7:c1:32:
         ea:9a:1a:6a:e2:86:55:a1:f8:18:e8:c6:fe:1b:68:b9:90:33:
         ca:16:c6:9f:dc:55:8d:13:f4:a2:1f:a3:f5:3e:e6:6b:85:18:
         32:89:99:de:a6:af:2c:6d:eb:b7:33:12:75:73:e4:13:8b:e7:
         ae:c8:d0:1b:a8:d3:34:de:d9:ec:30:af:20:09:cf:89:27:5b:
         67:d3:0d:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWjUtaUwEUcuFKH/IgnjBcwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwMzE3MDg1NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjczZDZmZDU1MWY3NGQ5YWVkYzBlMTMxMjRkNzNiNzVhYmQ2NTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjjtXe1h5jPBU2D/02bn6qAPWeKx
xrO50fKgjUr2Uj+b7Xe1wePcrcNVHr3fjYMQdLAK3jdNipmZTZdGlBb2N7t1KYhi
pvrQ7v8ezhJ3phjVDyZPPKHRUx3yD1sozn6QzFNu4rzBA1dgllj4cFcNKrdyHQf1
bUGVzPTQflZ1LuKzI8sevrsJaNMBQ4YFSvDaQOyUbpY/tmGaiOrXR29iBOmsICBW
OZoD8tRKSxRFHiv/33Ta/MqQYRXEvBB08GFShNwGnLdSuQHx5cPO7A3jUvw0lUnC
Tf8YcgHcHMxHxZe9ZHLGUNVdAP/LiK/e4/Uq61Gx/8edU6yHsP95n83XYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM9z1v1VH3TZrtwOExJNc7davWWJMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvejNQV19WVWZkTm11M0E0VEVrMXp0MXE5WllrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBTiAAwQC
JSAoMA0GCSqGSIb3DQEBCwUAA4IBAQDTNsVBhaGa7ZfcOZVH1cS2T+ZeWGyuv+Cp
FU4bIlzmtTDjD9cz9MYWmHELnrMed+orJaq4nwdzXkNk2ip99BezP0h/uAMvVYHe
CD6UjK8YiVpED+MlT/UhcpFwLkiO3b6bRl+WoDVaQ467vJ/7Z8qGaYP+vUEQufTS
GgllM8gA0AGVBKwSrVF9UpTOgfAFVARSSGfTxEqmoB5AtYaCPpilhsoJ1WYo60+9
TAeoiX49/8bXwTLqmhpq4oZVofgY6Mb+G2i5kDPKFsaf3FWNE/SiH6P1PuZrhRgy
iZnepq8sbeu3MxJ1c+QTi+euyNAbqNM03tnsMK8gCc+JJ1tn0w0p
-----END CERTIFICATE-----