Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/zsj7ZU7c27fACndp52_vAKfImfU.roa
File:                     zsj7ZU7c27fACndp52_vAKfImfU.roa (raw, json)
Hash identifier:          VK3pf67Xdj80z42M9vc+h8UO7pmF3OLN63Yl3j4PoPw=
Subject key identifier:   CE:C8:FB:65:4E:DC:DB:B7:C0:0A:77:69:E7:6F:EF:00:A7:C8:99:F5
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       0194221F5E5411F67DEBF26B52B8AD4D998D
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/zsj7ZU7c27fACndp52_vAKfImfU.roa
Signing time:             Wed 01 Jan 2025 13:47:48 +0000
ROA not before:           Wed 01 Jan 2025 13:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        92.53.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Apr 2025 13:43:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:5e:54:11:f6:7d:eb:f2:6b:52:b8:ad:4d:99:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Jan  1 13:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cec8fb654edcdbb7c00a7769e76fef00a7c899f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:7e:de:15:d8:41:00:f5:43:4a:8f:18:11:bf:
                    4b:d8:30:9b:e3:e9:a9:ad:b1:1a:23:95:3b:f1:79:
                    7d:61:7e:ec:64:55:1b:4b:c9:8f:6e:36:40:66:0f:
                    d1:74:58:b1:33:bb:8d:18:e5:53:e9:bc:17:d7:aa:
                    61:74:4d:ac:d1:ab:b5:cc:4b:f5:c4:67:7d:82:c1:
                    f0:5a:3e:8e:87:27:10:be:05:84:97:08:59:69:23:
                    c3:b3:95:9b:25:82:e5:34:75:67:c7:ca:43:9f:be:
                    5a:a7:66:4d:36:f8:0b:12:6d:84:6e:d5:4c:54:04:
                    fc:e1:2a:e5:a2:f2:a8:9a:fb:5f:e7:77:fd:88:56:
                    9b:a4:a4:4e:1d:20:f0:fc:9f:f0:2f:6c:d1:6c:83:
                    bf:bf:c9:19:fa:4c:12:7a:2a:72:4d:36:01:d3:2d:
                    33:41:5c:55:e1:03:e7:3f:6c:02:5a:10:17:46:d1:
                    5e:bf:a2:9c:65:eb:60:6a:9f:90:24:4f:69:69:cc:
                    18:b7:0d:9a:a4:45:dc:8c:bb:d1:06:c4:1f:7c:d4:
                    23:3a:a5:e7:0f:78:de:a8:f9:c9:82:91:db:31:22:
                    eb:38:d3:34:94:06:a8:df:fa:71:f7:63:df:88:57:
                    d7:3f:23:36:a6:67:32:65:43:12:d5:3c:9a:cf:7e:
                    a7:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:C8:FB:65:4E:DC:DB:B7:C0:0A:77:69:E7:6F:EF:00:A7:C8:99:F5
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/zsj7ZU7c27fACndp52_vAKfImfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:94:df:1e:26:30:b3:db:db:c5:38:52:06:ad:9b:2b:a1:f6:
         24:51:af:9a:98:c6:e8:0c:59:f8:c8:5b:ba:25:2c:17:04:c3:
         84:4e:2b:ce:99:50:6e:8c:3c:7d:12:33:0e:1f:01:1c:ab:1f:
         c7:1c:9e:f5:b3:37:d7:aa:58:18:fb:71:25:dc:d0:f7:08:26:
         32:4c:5a:1d:55:4b:b4:1c:b5:89:ed:d8:16:fa:78:25:4c:63:
         0f:97:79:bc:f4:c2:d3:57:82:0f:c2:11:0c:be:21:ef:ab:4a:
         4b:1b:62:95:18:6b:cd:19:10:f3:26:81:40:a2:f0:74:11:c8:
         93:c8:f9:7e:87:36:24:ce:ad:a0:0c:bb:a4:b0:91:c7:32:12:
         60:c5:2c:cf:d9:cd:52:26:94:ad:75:ca:11:58:28:e9:94:09:
         26:ba:1e:8c:bc:eb:c4:dd:da:f0:f1:14:d0:57:f7:93:8a:50:
         1e:3c:23:80:db:c4:5d:6b:b1:df:33:ca:aa:00:e8:ae:7f:db:
         8f:2f:b2:eb:0e:e5:ad:2b:27:7b:6e:03:6c:a6:45:25:88:a5:
         87:0a:49:1a:87:22:be:f8:9d:85:ff:36:7a:37:29:ce:35:59:
         9a:92:ab:c0:c7:79:12:b7:a2:a2:ed:ff:fe:e9:65:ff:c1:59:
         37:41:fb:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH15UEfZ96/JrUritTZmNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjUwMTAxMTM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWM4ZmI2NTRlZGNkYmI3YzAwYTc3NjllNzZmZWYwMGE3Yzg5OWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA637eFdhBAPVDSo8YEb9L2DCb4+mp
rbEaI5U78Xl9YX7sZFUbS8mPbjZAZg/RdFixM7uNGOVT6bwX16phdE2s0au1zEv1
xGd9gsHwWj6OhycQvgWElwhZaSPDs5WbJYLlNHVnx8pDn75ap2ZNNvgLEm2EbtVM
VAT84SrlovKomvtf53f9iFabpKROHSDw/J/wL2zRbIO/v8kZ+kwSeipyTTYB0y0z
QVxV4QPnP2wCWhAXRtFev6KcZetgap+QJE9pacwYtw2apEXcjLvRBsQffNQjOqXn
D3jeqPnJgpHbMSLrONM0lAao3/px92PfiFfXPyM2pmcyZUMS1Tyaz36nBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM7I+2VO3Nu3wAp3aedv7wCnyJn1MB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvenNqN1pVN2MyN2ZBQ25kcDUyX3ZBS2ZJbWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXDW0MA0G
CSqGSIb3DQEBCwUAA4IBAQBwlN8eJjCz29vFOFIGrZsrofYkUa+amMboDFn4yFu6
JSwXBMOETivOmVBujDx9EjMOHwEcqx/HHJ71szfXqlgY+3El3ND3CCYyTFodVUu0
HLWJ7dgW+nglTGMPl3m89MLTV4IPwhEMviHvq0pLG2KVGGvNGRDzJoFAovB0EciT
yPl+hzYkzq2gDLuksJHHMhJgxSzP2c1SJpStdcoRWCjplAkmuh6MvOvE3drw8RTQ
V/eTilAePCOA28Rda7HfM8qqAOiuf9uPL7LrDuWtKyd7bgNspkUliKWHCkkahyK+
+J2F/zZ6NynONVmakqvAx3kSt6Ki7f/+6WX/wVk3QfuI
-----END CERTIFICATE-----