Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/6f2b37-0d17-45ab-8282-ab4263ed40de/1/ZGoOUwMopHkREW85RzSsR457AEU.roa
File:                     ZGoOUwMopHkREW85RzSsR457AEU.roa (raw, json)
Hash identifier:          ll6YKs1Lb4wcNMvOVUUEMK6peyuIPU/LPfVQcksc3+g=
Subject key identifier:   64:6A:0E:53:03:28:A4:79:11:11:6F:39:47:34:AC:47:8E:7B:00:45
Certificate issuer:       /CN=1c2b50daef3a0cbdb72b23ca3dbbefc1573583f9
Certificate serial:       019420D622AF96D63D27422D7D4977284D31
Authority key identifier: 1C:2B:50:DA:EF:3A:0C:BD:B7:2B:23:CA:3D:BB:EF:C1:57:35:83:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HCtQ2u86DL23KyPKPbvvwVc1g_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/6f2b37-0d17-45ab-8282-ab4263ed40de/1/ZGoOUwMopHkREW85RzSsR457AEU.roa
Signing time:             Wed 01 Jan 2025 07:48:12 +0000
ROA not before:           Wed 01 Jan 2025 07:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50708
IP address blocks:        193.105.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/6f2b37-0d17-45ab-8282-ab4263ed40de/1/HCtQ2u86DL23KyPKPbvvwVc1g_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/6f2b37-0d17-45ab-8282-ab4263ed40de/1/HCtQ2u86DL23KyPKPbvvwVc1g_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HCtQ2u86DL23KyPKPbvvwVc1g_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:22:af:96:d6:3d:27:42:2d:7d:49:77:28:4d:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c2b50daef3a0cbdb72b23ca3dbbefc1573583f9
        Validity
            Not Before: Jan  1 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=646a0e530328a47911116f394734ac478e7b0045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:02:77:ae:e3:e9:2b:77:e8:4b:03:75:b5:ce:
                    df:12:3e:b4:26:99:74:69:59:b5:41:3f:d5:fc:f2:
                    b4:2c:28:54:70:46:61:c6:81:99:b8:96:ec:98:7b:
                    07:ad:50:e3:37:e4:cc:e2:86:06:a3:d1:ad:de:b1:
                    58:fd:27:9b:cb:ac:5c:4a:c1:d3:71:e2:e5:b9:e8:
                    90:f4:0a:95:75:e0:50:b5:a0:65:5b:00:a0:43:a3:
                    9b:a1:a6:75:90:2f:6e:ca:c9:33:b5:91:ef:39:b3:
                    cf:9e:2a:85:63:96:4f:76:58:95:48:25:cc:79:c5:
                    8b:53:53:d4:df:b5:54:42:40:33:6d:25:a4:91:5d:
                    3e:63:ba:0c:3e:08:53:49:cb:dc:0a:57:62:86:4d:
                    01:af:76:80:2d:23:09:9d:e4:83:8c:20:bc:98:ff:
                    86:b1:45:cb:b5:53:38:bc:0c:fc:9e:4c:37:68:76:
                    e1:33:53:b0:fb:29:1a:ab:85:8d:66:74:00:15:06:
                    a9:b1:0e:b3:dd:b2:05:ce:27:16:e2:b5:17:eb:d3:
                    49:8b:2a:c2:0d:60:d3:0a:a9:01:ef:ad:57:63:a9:
                    b0:ff:e2:d5:64:cb:01:58:53:fc:f9:e1:26:1c:1d:
                    ea:e0:38:27:7c:2c:33:57:33:41:96:d2:22:07:0b:
                    24:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:6A:0E:53:03:28:A4:79:11:11:6F:39:47:34:AC:47:8E:7B:00:45
            X509v3 Authority Key Identifier:
                keyid:1C:2B:50:DA:EF:3A:0C:BD:B7:2B:23:CA:3D:BB:EF:C1:57:35:83:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HCtQ2u86DL23KyPKPbvvwVc1g_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/6f2b37-0d17-45ab-8282-ab4263ed40de/1/ZGoOUwMopHkREW85RzSsR457AEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/6f2b37-0d17-45ab-8282-ab4263ed40de/1/HCtQ2u86DL23KyPKPbvvwVc1g_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:e5:7e:05:d9:4e:d9:05:ae:4e:10:8a:67:c5:95:8c:b3:74:
         47:ed:83:01:eb:ec:5e:37:03:02:2b:69:7c:47:b6:53:43:f8:
         8d:cd:b0:5b:1c:c6:33:f2:d6:cd:8a:95:ab:26:31:55:58:7e:
         0a:2b:16:96:73:64:51:53:d6:14:cb:98:ea:78:aa:45:ca:67:
         ca:95:9b:93:78:ca:cc:8d:7f:0a:24:46:e0:e0:0c:58:63:4d:
         51:64:ed:80:f8:c3:93:5b:a8:7d:ed:2d:47:f1:66:01:76:11:
         da:38:47:13:81:ae:fe:83:fd:dd:be:12:23:f5:77:76:e9:4b:
         a2:6b:2f:a7:85:6f:f5:22:bc:22:3f:ea:d7:8e:46:5e:2b:a8:
         4b:bb:fe:67:6f:66:e0:96:a4:bf:d0:b2:e4:26:59:6e:4c:e3:
         e4:fb:ee:40:f7:c8:ad:cf:99:34:90:ca:d1:3c:5f:07:dc:22:
         24:dd:68:77:ea:c9:72:6b:62:83:71:32:f1:5f:c0:7c:10:ce:
         d0:5c:75:d5:5a:0c:3f:3d:6c:54:68:1c:df:26:41:da:69:1d:
         a2:df:79:ee:af:e2:ec:92:e3:30:8a:fd:43:36:e3:91:c0:e9:
         2c:26:0d:34:01:9d:4f:61:36:ea:96:1a:ab:8d:d7:06:94:4c:
         e6:8a:9a:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1iKvltY9J0ItfUl3KE0xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMmI1MGRhZWYzYTBjYmRiNzJiMjNjYTNkYmJlZmMxNTcz
NTgzZjkwHhcNMjUwMTAxMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDZhMGU1MzAzMjhhNDc5MTExMTZmMzk0NzM0YWM0NzhlN2IwMDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQJ3ruPpK3foSwN1tc7fEj60Jpl0
aVm1QT/V/PK0LChUcEZhxoGZuJbsmHsHrVDjN+TM4oYGo9Gt3rFY/Seby6xcSsHT
ceLlueiQ9AqVdeBQtaBlWwCgQ6OboaZ1kC9uyskztZHvObPPniqFY5ZPdliVSCXM
ecWLU1PU37VUQkAzbSWkkV0+Y7oMPghTScvcCldihk0Br3aALSMJneSDjCC8mP+G
sUXLtVM4vAz8nkw3aHbhM1Ow+ykaq4WNZnQAFQapsQ6z3bIFzicW4rUX69NJiyrC
DWDTCqkB761XY6mw/+LVZMsBWFP8+eEmHB3q4DgnfCwzVzNBltIiBwskVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRqDlMDKKR5ERFvOUc0rEeOewBFMB8GA1UdIwQY
MBaAFBwrUNrvOgy9tysjyj2778FXNYP5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEN0UTJ1ODZETDIzS3lQS1BidnZ3VmMxZ19rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS82ZjJiMzctMGQxNy00NWFiLTgyODIt
YWI0MjYzZWQ0MGRlLzEvWkdvT1V3TW9wSGtSRVc4NVJ6U3NSNDU3QUVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS82ZjJiMzctMGQxNy00NWFiLTgyODItYWI0MjYzZWQ0MGRl
LzEvSEN0UTJ1ODZETDIzS3lQS1BidnZ3VmMxZ19rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWm+MA0G
CSqGSIb3DQEBCwUAA4IBAQBa5X4F2U7ZBa5OEIpnxZWMs3RH7YMB6+xeNwMCK2l8
R7ZTQ/iNzbBbHMYz8tbNipWrJjFVWH4KKxaWc2RRU9YUy5jqeKpFymfKlZuTeMrM
jX8KJEbg4AxYY01RZO2A+MOTW6h97S1H8WYBdhHaOEcTga7+g/3dvhIj9Xd26Uui
ay+nhW/1IrwiP+rXjkZeK6hLu/5nb2bglqS/0LLkJlluTOPk++5A98itz5k0kMrR
PF8H3CIk3Wh36slya2KDcTLxX8B8EM7QXHXVWgw/PWxUaBzfJkHaaR2i33nur+Ls
kuMwiv1DNuORwOksJg00AZ1PYTbqlhqrjdcGlEzmipoy
-----END CERTIFICATE-----