Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/60e957-1e17-410e-91a1-96b7e0a8ee09/1/7ZCM2DGQAxMoqKS4r08nTwBlTvg.roa
File:                     7ZCM2DGQAxMoqKS4r08nTwBlTvg.roa (raw, json)
Hash identifier:          Nsq7TZX/LJBEuY63VFLqAaBjZcBcw7djLWbv9kH4DH4=
Subject key identifier:   ED:90:8C:D8:31:90:03:13:28:A8:A4:B8:AF:4F:27:4F:00:65:4E:F8
Certificate issuer:       /CN=9ce61fb0926bce0cafadd0f2b19348895a448147
Certificate serial:       0194893B35DFC045ECB0758612AD7A9D23F9
Authority key identifier: 9C:E6:1F:B0:92:6B:CE:0C:AF:AD:D0:F2:B1:93:48:89:5A:44:81:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nOYfsJJrzgyvrdDysZNIiVpEgUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/60e957-1e17-410e-91a1-96b7e0a8ee09/1/7ZCM2DGQAxMoqKS4r08nTwBlTvg.roa
Signing time:             Tue 21 Jan 2025 14:19:06 +0000
ROA not before:           Tue 21 Jan 2025 14:19:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216280
IP address blocks:        185.97.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/60e957-1e17-410e-91a1-96b7e0a8ee09/1/nOYfsJJrzgyvrdDysZNIiVpEgUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/60e957-1e17-410e-91a1-96b7e0a8ee09/1/nOYfsJJrzgyvrdDysZNIiVpEgUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nOYfsJJrzgyvrdDysZNIiVpEgUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:89:3b:35:df:c0:45:ec:b0:75:86:12:ad:7a:9d:23:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ce61fb0926bce0cafadd0f2b19348895a448147
        Validity
            Not Before: Jan 21 14:19:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed908cd83190031328a8a4b8af4f274f00654ef8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:6c:9d:29:68:ed:05:60:2c:79:9a:bd:0e:b7:
                    24:25:04:b7:bb:7b:d0:e7:a7:b1:dd:ae:88:96:c9:
                    29:0f:c1:b7:76:65:9a:f9:33:f5:7e:c5:48:ca:d9:
                    4f:cc:1f:66:26:3d:d6:52:32:21:92:5b:a1:bb:75:
                    c5:44:e6:b8:47:4a:00:96:2e:af:7f:ef:1c:44:4d:
                    6f:fe:96:ae:5b:13:44:3b:3d:e0:f0:b4:6d:5d:80:
                    7f:c1:5d:7e:ce:5f:96:b5:1d:cd:37:9c:29:fc:7a:
                    32:5d:fb:59:20:04:ec:31:6b:9c:33:91:96:da:3e:
                    65:1f:11:bf:ef:56:c9:2e:77:e3:cd:6b:49:b4:4b:
                    26:56:33:0f:9a:bf:aa:54:89:b7:e0:cf:38:b9:c9:
                    f6:1f:fe:c1:1e:32:f2:06:0d:f6:4f:1f:d7:00:2b:
                    44:ce:bf:dc:1b:6a:38:96:90:44:bd:36:9b:c2:4e:
                    12:47:11:f0:a3:22:f7:c0:2b:c8:9e:47:c8:70:ed:
                    49:9d:06:9e:dc:4c:16:68:dd:d6:18:44:dc:d4:a7:
                    42:4a:a4:a0:fc:0e:d5:5a:5e:42:5d:42:5e:e9:6b:
                    13:dd:87:88:d6:19:25:f4:0b:0f:ef:bc:06:d4:96:
                    f3:1e:c7:74:f4:c6:fa:3b:c4:b8:0f:eb:f0:dd:82:
                    95:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:90:8C:D8:31:90:03:13:28:A8:A4:B8:AF:4F:27:4F:00:65:4E:F8
            X509v3 Authority Key Identifier:
                keyid:9C:E6:1F:B0:92:6B:CE:0C:AF:AD:D0:F2:B1:93:48:89:5A:44:81:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nOYfsJJrzgyvrdDysZNIiVpEgUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/60e957-1e17-410e-91a1-96b7e0a8ee09/1/7ZCM2DGQAxMoqKS4r08nTwBlTvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/60e957-1e17-410e-91a1-96b7e0a8ee09/1/nOYfsJJrzgyvrdDysZNIiVpEgUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:a9:2c:88:72:4f:81:5a:26:60:2a:9f:5a:20:58:2b:4d:16:
         93:36:f8:bc:26:f6:d1:fa:10:5e:2c:6f:8c:3c:6c:af:13:43:
         ec:92:17:71:cf:59:73:8f:bb:15:cb:7d:0d:e5:3d:17:ee:61:
         6d:2e:07:c9:66:ae:91:88:90:2a:4a:bb:e6:a6:cf:24:4e:4f:
         4e:47:b2:5b:8b:b5:40:37:0f:ed:09:0a:6a:39:cf:67:c0:82:
         c8:db:83:e8:b1:6b:c8:00:3d:10:76:a9:79:3a:28:a5:09:c3:
         94:2d:2c:6f:b0:a0:54:12:5b:8e:0d:43:2a:67:c3:91:80:df:
         03:fe:37:77:6e:e2:0c:16:e5:76:fc:68:d3:b6:6b:33:39:4a:
         34:4a:55:57:d1:b5:e0:11:1e:59:df:06:6d:c7:16:80:c9:60:
         57:91:b6:f3:2a:df:3b:c5:1e:89:ec:39:c3:00:4b:5d:cf:3c:
         d3:6d:64:3d:14:ea:74:6c:af:7b:95:fc:cd:78:61:34:93:7f:
         6c:6d:74:c9:73:25:c2:09:7a:ac:07:d0:5b:a6:86:54:0b:38:
         c9:f2:13:64:b8:81:32:93:be:30:d7:3d:06:47:2e:a5:29:41:
         c7:1d:6e:10:d5:ee:68:bd:e4:69:4e:69:49:68:f9:e5:d1:9b:
         d5:75:6b:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSJOzXfwEXssHWGEq16nSP5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZTYxZmIwOTI2YmNlMGNhZmFkZDBmMmIxOTM0ODg5NWE0
NDgxNDcwHhcNMjUwMTIxMTQxOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDkwOGNkODMxOTAwMzEzMjhhOGE0YjhhZjRmMjc0ZjAwNjU0ZWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2ydKWjtBWAseZq9DrckJQS3u3vQ
56ex3a6IlskpD8G3dmWa+TP1fsVIytlPzB9mJj3WUjIhkluhu3XFROa4R0oAli6v
f+8cRE1v/pauWxNEOz3g8LRtXYB/wV1+zl+WtR3NN5wp/HoyXftZIATsMWucM5GW
2j5lHxG/71bJLnfjzWtJtEsmVjMPmr+qVIm34M84ucn2H/7BHjLyBg32Tx/XACtE
zr/cG2o4lpBEvTabwk4SRxHwoyL3wCvInkfIcO1JnQae3EwWaN3WGETc1KdCSqSg
/A7VWl5CXUJe6WsT3YeI1hkl9AsP77wG1JbzHsd09Mb6O8S4D+vw3YKVEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2QjNgxkAMTKKikuK9PJ08AZU74MB8GA1UdIwQY
MBaAFJzmH7CSa84Mr63Q8rGTSIlaRIFHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk9ZZnNKSnJ6Z3l2cmREeXNaTklpVnBFZ1VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My82MGU5NTctMWUxNy00MTBlLTkxYTEt
OTZiN2UwYThlZTA5LzEvN1pDTTJER1FBeE1vcUtTNHIwOG5Ud0JsVHZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My82MGU5NTctMWUxNy00MTBlLTkxYTEtOTZiN2UwYThlZTA5
LzEvbk9ZZnNKSnJ6Z3l2cmREeXNaTklpVnBFZ1VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWHUMA0G
CSqGSIb3DQEBCwUAA4IBAQA+qSyIck+BWiZgKp9aIFgrTRaTNvi8JvbR+hBeLG+M
PGyvE0Pskhdxz1lzj7sVy30N5T0X7mFtLgfJZq6RiJAqSrvmps8kTk9OR7Jbi7VA
Nw/tCQpqOc9nwILI24PosWvIAD0Qdql5OiilCcOULSxvsKBUEluODUMqZ8ORgN8D
/jd3buIMFuV2/GjTtmszOUo0SlVX0bXgER5Z3wZtxxaAyWBXkbbzKt87xR6J7DnD
AEtdzzzTbWQ9FOp0bK97lfzNeGE0k39sbXTJcyXCCXqsB9BbpoZUCzjJ8hNkuIEy
k74w1z0GRy6lKUHHHW4Q1e5oveRpTmlJaPnl0ZvVdWun
-----END CERTIFICATE-----