Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ziaY8d9SV_FFLhMmGqTjZVX5-CI.roa
File:                     ziaY8d9SV_FFLhMmGqTjZVX5-CI.roa (raw, json)
Hash identifier:          oFFv/cqohY9XyuiIgR9tMqc0VDGLi8XHXgEfeNdVjzc=
Subject key identifier:   CE:26:98:F1:DF:52:57:F1:45:2E:13:26:1A:A4:E3:65:55:F9:F8:22
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       019421B256341C491DBC7CA0FBC982F34AC4
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ziaY8d9SV_FFLhMmGqTjZVX5-CI.roa
Signing time:             Wed 01 Jan 2025 11:48:43 +0000
ROA not before:           Wed 01 Jan 2025 11:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8790
IP address blocks:        194.85.172.0/23 maxlen: 24
                          195.209.248.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:56:34:1c:49:1d:bc:7c:a0:fb:c9:82:f3:4a:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan  1 11:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce2698f1df5257f1452e13261aa4e36555f9f822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:d3:3c:eb:e9:69:f7:35:1d:0e:d3:4f:d2:ef:
                    af:bd:01:8b:95:5b:ac:d9:6c:d1:d5:be:73:d6:ce:
                    a4:57:8f:db:85:53:03:59:a3:31:4b:28:17:f8:a5:
                    f2:0f:09:d0:a2:57:d9:8f:54:e6:eb:97:4e:ab:77:
                    98:62:d8:59:6d:18:c6:87:d3:c2:cc:e2:55:25:8d:
                    74:af:96:da:04:5c:3c:73:a0:28:1d:80:54:47:2d:
                    45:42:26:a4:50:cc:a6:1b:5f:b0:15:fe:65:75:fc:
                    c8:e4:d2:f0:a8:c7:fc:8e:84:ee:45:66:85:22:fa:
                    7e:46:6b:63:de:0a:2e:27:4c:27:e3:70:69:84:9f:
                    d4:33:c0:e8:91:84:b0:a7:69:fb:1b:e1:7f:a7:86:
                    f1:cc:1b:36:3e:1c:97:ba:8e:45:f4:27:68:f2:74:
                    cf:c7:1b:4c:30:1d:c0:0f:ec:82:f3:4b:e5:66:df:
                    3e:02:53:85:16:05:2f:88:47:9e:08:09:55:f4:d0:
                    57:03:3a:f6:86:44:91:8c:b2:e8:de:3b:87:ff:e6:
                    62:d3:ae:44:97:77:1b:b4:25:fb:55:4c:53:cd:23:
                    bd:46:09:5d:12:1a:dd:bc:b7:26:30:0b:79:e8:54:
                    09:bd:78:33:0b:e6:d8:2f:f7:96:73:3c:a5:e1:2f:
                    3e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:26:98:F1:DF:52:57:F1:45:2E:13:26:1A:A4:E3:65:55:F9:F8:22
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ziaY8d9SV_FFLhMmGqTjZVX5-CI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.172.0/23
                  195.209.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:db:58:b0:bb:c1:ca:75:71:2f:e8:98:87:6d:02:2b:b9:91:
         8a:bb:e9:60:eb:dd:c4:c7:2d:21:9c:af:d2:b8:ee:99:50:4c:
         8f:01:3b:3b:81:f4:e2:9e:79:62:42:0f:8c:fd:85:a8:bc:65:
         11:90:2b:33:96:75:6c:db:1b:91:0c:f0:95:cb:dd:67:93:0c:
         2f:e3:b3:9a:ba:1c:4f:9f:ec:10:56:aa:42:08:24:6a:b3:7f:
         dc:83:cb:42:4a:0c:87:e9:b1:af:c8:5c:60:4e:b9:58:da:0d:
         b7:40:12:49:10:8f:a6:d9:e5:d2:fb:3f:65:e6:6e:27:e3:ad:
         eb:7a:0a:ea:c0:6b:bf:6e:ef:05:40:36:a9:ba:03:e1:2a:35:
         ad:8d:d0:31:bc:ea:a7:5f:7b:e6:bb:b2:fa:9a:7d:b3:85:47:
         99:af:9b:a7:9e:9a:59:e1:d3:6e:8a:ff:a8:52:94:c0:c8:9c:
         9f:0a:54:da:fd:bf:8b:50:b2:82:49:90:0f:67:45:6d:aa:57:
         de:de:bc:4c:07:51:8a:dc:11:41:4c:7d:ca:bd:37:6a:68:95:
         2b:51:e8:62:cf:05:a9:bc:c8:5f:bc:c6:09:09:b5:7b:67:00:
         47:d8:7f:6f:fc:a7:89:3a:aa:3d:8c:52:d9:a1:d7:41:56:55:
         3f:95:35:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhslY0HEkdvHyg+8mC80rEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjUwMTAxMTE0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTI2OThmMWRmNTI1N2YxNDUyZTEzMjYxYWE0ZTM2NTU1ZjlmODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8tM86+lp9zUdDtNP0u+vvQGLlVus
2WzR1b5z1s6kV4/bhVMDWaMxSygX+KXyDwnQolfZj1Tm65dOq3eYYthZbRjGh9PC
zOJVJY10r5baBFw8c6AoHYBURy1FQiakUMymG1+wFf5ldfzI5NLwqMf8joTuRWaF
Ivp+Rmtj3gouJ0wn43BphJ/UM8DokYSwp2n7G+F/p4bxzBs2PhyXuo5F9Cdo8nTP
xxtMMB3AD+yC80vlZt8+AlOFFgUviEeeCAlV9NBXAzr2hkSRjLLo3juH/+Zi065E
l3cbtCX7VUxTzSO9RgldEhrdvLcmMAt56FQJvXgzC+bYL/eWczyl4S8+fwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM4mmPHfUlfxRS4TJhqk42VV+fgiMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvemlhWThkOVNWX0ZGTGhNbUdxVGpaVlg1LUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwlWsAwQB
w9H4MA0GCSqGSIb3DQEBCwUAA4IBAQBr21iwu8HKdXEv6JiHbQIruZGKu+lg693E
xy0hnK/SuO6ZUEyPATs7gfTinnliQg+M/YWovGURkCszlnVs2xuRDPCVy91nkwwv
47OauhxPn+wQVqpCCCRqs3/cg8tCSgyH6bGvyFxgTrlY2g23QBJJEI+m2eXS+z9l
5m4n463regrqwGu/bu8FQDapugPhKjWtjdAxvOqnX3vmu7L6mn2zhUeZr5unnppZ
4dNuiv+oUpTAyJyfClTa/b+LULKCSZAPZ0Vtqlfe3rxMB1GK3BFBTH3KvTdqaJUr
UehizwWpvMhfvMYJCbV7ZwBH2H9v/KeJOqo9jFLZoddBVlU/lTUD
-----END CERTIFICATE-----