Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Z1TdqT4iZHhnHMyDrIaIANRfrQM.roa
File:                     Z1TdqT4iZHhnHMyDrIaIANRfrQM.roa (raw, json)
Hash identifier:          FZ/wWSQlz8EUSlZxaeF0gSjaK/ToFbnS6RQHn3ZhKZU=
Subject key identifier:   67:54:DD:A9:3E:22:64:78:67:1C:CC:83:AC:86:88:00:D4:5F:AD:03
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       019423D6C1241001D48C9FF3DA0367AA91DF
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Z1TdqT4iZHhnHMyDrIaIANRfrQM.roa
Signing time:             Wed 01 Jan 2025 21:47:44 +0000
ROA not before:           Wed 01 Jan 2025 21:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57403
IP address blocks:        188.241.240.0/24 maxlen: 24
                          188.241.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:c1:24:10:01:d4:8c:9f:f3:da:03:67:aa:91:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Jan  1 21:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6754dda93e226478671ccc83ac868800d45fad03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:43:21:a8:06:8a:2f:16:75:ff:b7:7c:65:aa:
                    07:99:64:4f:8b:8e:0f:62:70:9a:47:f9:0b:bf:91:
                    8c:77:3e:f9:9d:c1:46:b0:85:bd:3d:52:20:9e:67:
                    a6:fa:ad:c0:d6:c0:ad:f8:05:2e:74:e1:f5:50:78:
                    15:a6:2b:c1:16:5a:40:77:b7:27:ff:3f:e0:8e:ff:
                    12:67:d2:be:2e:d5:e6:88:15:c0:db:85:7b:eb:be:
                    87:34:49:b6:f6:3f:2b:95:73:66:2c:87:06:6e:c3:
                    6c:35:2b:97:9d:50:60:61:cf:8b:a7:da:5a:d2:86:
                    d6:c5:b5:7d:15:c5:b2:3b:f4:da:5b:fb:44:48:de:
                    21:2b:1e:f2:84:9d:97:03:d8:b9:f5:e9:ff:fa:9f:
                    2e:2d:8a:e9:06:cf:b4:f1:3c:0b:b3:91:ed:54:7e:
                    0c:fb:8f:05:5b:09:de:6e:b5:1d:b7:4d:7e:b1:1f:
                    36:8e:ad:7c:0b:fd:0c:73:35:13:d3:87:7a:f4:eb:
                    1b:9f:61:21:b8:eb:59:91:d3:29:a6:d9:7b:a9:17:
                    d5:fb:f6:1f:71:f5:3d:c0:35:6c:45:cb:f6:54:37:
                    6b:d1:0d:37:fc:05:d8:00:03:c5:ce:4a:ac:51:17:
                    97:39:94:ca:1d:75:74:94:b2:f8:ab:b3:2b:80:45:
                    03:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:54:DD:A9:3E:22:64:78:67:1C:CC:83:AC:86:88:00:D4:5F:AD:03
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Z1TdqT4iZHhnHMyDrIaIANRfrQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:db:ee:46:22:db:6c:8c:69:f9:4f:8a:cb:4a:b0:bb:37:9c:
         03:12:c2:a9:5b:15:bf:cc:79:4a:c3:f1:97:78:6b:78:66:68:
         8e:13:7f:25:2b:b5:76:9a:c5:22:9c:3c:28:7b:fb:40:b5:51:
         49:06:57:27:8c:d4:72:99:47:c9:a1:f2:e7:52:31:ad:27:79:
         7f:89:30:94:2b:b7:d5:3f:02:17:7c:f1:9a:3f:50:69:af:36:
         8a:66:3d:57:f9:97:be:ea:53:21:03:a0:05:3e:05:24:0f:b2:
         1f:97:8b:30:79:a6:82:8c:fc:71:69:73:e4:d2:0f:69:7b:a3:
         21:32:c8:71:79:32:8b:3d:66:10:53:f6:b5:7a:70:39:57:d0:
         7e:04:a3:a9:0f:3a:b3:3a:73:20:f1:44:68:90:9b:54:03:89:
         53:d3:08:e1:37:30:ee:32:53:2b:20:b9:9e:08:53:2e:ff:0c:
         cb:ca:7c:4c:d1:84:27:06:f2:0d:cb:e0:96:88:80:ed:7e:03:
         15:8a:c7:e9:75:57:1f:f3:ee:cf:ae:27:af:ca:b1:aa:50:28:
         9a:22:b9:2c:2c:04:e0:02:75:a4:44:f8:13:ee:0a:7a:c4:82:
         d6:83:3a:6b:dc:f9:c2:73:43:e7:01:14:90:f4:5a:5a:31:74:
         6e:fa:11:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1sEkEAHUjJ/z2gNnqpHfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMTAxMjE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzU0ZGRhOTNlMjI2NDc4NjcxY2NjODNhYzg2ODgwMGQ0NWZhZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUMhqAaKLxZ1/7d8ZaoHmWRPi44P
YnCaR/kLv5GMdz75ncFGsIW9PVIgnmem+q3A1sCt+AUudOH1UHgVpivBFlpAd7cn
/z/gjv8SZ9K+LtXmiBXA24V7676HNEm29j8rlXNmLIcGbsNsNSuXnVBgYc+Lp9pa
0obWxbV9FcWyO/TaW/tESN4hKx7yhJ2XA9i59en/+p8uLYrpBs+08TwLs5HtVH4M
+48FWwnebrUdt01+sR82jq18C/0MczUT04d69Osbn2EhuOtZkdMpptl7qRfV+/Yf
cfU9wDVsRcv2VDdr0Q03/AXYAAPFzkqsUReXOZTKHXV0lLL4q7MrgEUDUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdU3ak+ImR4ZxzMg6yGiADUX60DMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvWjFUZHFUNGlaSGhuSE15RHJJYUlBTlJmclFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvPHwMA0G
CSqGSIb3DQEBCwUAA4IBAQBH2+5GIttsjGn5T4rLSrC7N5wDEsKpWxW/zHlKw/GX
eGt4ZmiOE38lK7V2msUinDwoe/tAtVFJBlcnjNRymUfJofLnUjGtJ3l/iTCUK7fV
PwIXfPGaP1BprzaKZj1X+Ze+6lMhA6AFPgUkD7Ifl4sweaaCjPxxaXPk0g9pe6Mh
MshxeTKLPWYQU/a1enA5V9B+BKOpDzqzOnMg8URokJtUA4lT0wjhNzDuMlMrILme
CFMu/wzLynxM0YQnBvINy+CWiIDtfgMVisfpdVcf8+7PrievyrGqUCiaIrksLATg
AnWkRPgT7gp6xILWgzpr3PnCc0PnARSQ9FpaMXRu+hGd
-----END CERTIFICATE-----