Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/z7Kwn4LDCEPgPTaFc4eTapKvf_s.roa
File:                     z7Kwn4LDCEPgPTaFc4eTapKvf_s.roa (raw, json)
Hash identifier:          R68ngf3hyKpTSVCx0War1aNzwekx8c09pnwQjDY4JS0=
Subject key identifier:   CF:B2:B0:9F:82:C3:08:43:E0:3D:36:85:73:87:93:6A:92:AF:7F:FB
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019420D652DBA61889D128E355E893A5CDCA
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/z7Kwn4LDCEPgPTaFc4eTapKvf_s.roa
Signing time:             Wed 01 Jan 2025 07:48:24 +0000
ROA not before:           Wed 01 Jan 2025 07:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        50.20.224.0/21 maxlen: 24
                          212.69.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:52:db:a6:18:89:d1:28:e3:55:e8:93:a5:cd:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jan  1 07:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfb2b09f82c30843e03d36857387936a92af7ffb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f8:e3:54:14:76:bb:28:11:a1:b7:58:36:8a:
                    73:e3:a0:a6:74:2f:4a:77:bc:d5:04:7d:74:4b:e4:
                    90:90:00:6d:10:5c:ab:86:9a:4d:9a:51:81:d7:1e:
                    79:9f:d9:9c:71:c7:b3:11:e4:8a:76:0f:46:d3:06:
                    d6:b6:47:f8:6a:73:91:e4:f4:3e:f1:b8:6c:f4:eb:
                    ba:00:61:17:4a:ae:1d:52:b3:21:7b:55:8f:5e:10:
                    fd:f8:89:96:75:6a:94:10:5b:3f:9e:2f:2f:01:ae:
                    3d:bc:92:33:17:0f:23:73:89:e7:12:3b:41:b1:4e:
                    8c:11:b5:de:e9:70:97:ca:06:64:f3:9d:1a:0d:90:
                    27:36:d7:e8:29:ea:28:92:11:7e:20:60:51:64:ba:
                    05:e3:c4:c2:28:30:2a:5c:3b:5c:5b:bd:76:7f:80:
                    83:b5:39:77:26:0f:54:5e:fe:87:1a:a1:65:c0:c0:
                    6d:c6:a5:2d:db:5c:b7:17:f4:a6:4a:ce:ff:35:93:
                    7b:06:81:07:b9:24:2d:5e:eb:3c:fb:7d:dc:3d:77:
                    19:ef:cd:75:05:e8:22:2a:57:83:a8:b3:86:d0:ed:
                    c5:55:25:24:df:f0:51:0e:be:6e:b6:c7:a7:1d:ca:
                    7b:5e:9d:f6:11:99:1a:92:87:5f:7b:0d:ba:3d:ac:
                    c4:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:B2:B0:9F:82:C3:08:43:E0:3D:36:85:73:87:93:6A:92:AF:7F:FB
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/z7Kwn4LDCEPgPTaFc4eTapKvf_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  50.20.224.0/21
                  212.69.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:8f:0f:00:cf:48:7d:eb:5f:b3:af:45:82:91:2f:7d:a5:c9:
         bb:c3:b0:51:93:6f:69:46:30:7b:3d:9b:c9:39:cd:56:f5:c2:
         8b:24:50:63:a1:e4:22:cf:a0:81:8d:ac:69:b0:a3:c0:7d:de:
         0a:c4:24:36:d9:22:c3:05:0c:dd:ee:af:51:43:5c:47:dd:08:
         3f:60:93:17:ec:68:67:2f:d5:84:52:38:da:38:0f:e6:4c:66:
         e1:99:16:ab:73:35:df:79:b8:e3:68:ce:0e:44:b8:81:86:f9:
         81:5f:93:10:d6:49:99:3e:7d:4d:b8:7c:80:7e:a7:6a:89:33:
         6b:eb:6c:4f:4a:a4:28:b0:1b:44:5b:ed:a5:2e:50:ac:b3:16:
         eb:7a:09:b0:30:c8:a3:b5:c0:e2:f4:0e:e0:b9:ef:71:b9:13:
         f6:ed:9d:e8:4d:53:67:7f:8d:81:fb:60:dd:14:33:42:e4:70:
         6c:03:fd:47:b5:a1:28:a3:40:ec:c1:39:90:ac:03:fc:f2:0e:
         58:0d:37:28:c4:aa:16:de:82:88:f4:2c:c9:21:42:34:81:e6:
         73:84:b5:7f:4d:76:2a:eb:5c:ce:10:05:ad:53:2b:44:e6:6c:
         5a:4c:33:ba:51:46:8b:e3:5b:00:83:61:8a:89:f5:d7:44:22:
         91:96:3b:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1lLbphiJ0SjjVeiTpc3KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMTAxMDc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmIyYjA5ZjgyYzMwODQzZTAzZDM2ODU3Mzg3OTM2YTkyYWY3ZmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvjjVBR2uygRobdYNopz46CmdC9K
d7zVBH10S+SQkABtEFyrhppNmlGB1x55n9mcccezEeSKdg9G0wbWtkf4anOR5PQ+
8bhs9Ou6AGEXSq4dUrMhe1WPXhD9+ImWdWqUEFs/ni8vAa49vJIzFw8jc4nnEjtB
sU6MEbXe6XCXygZk850aDZAnNtfoKeookhF+IGBRZLoF48TCKDAqXDtcW712f4CD
tTl3Jg9UXv6HGqFlwMBtxqUt21y3F/SmSs7/NZN7BoEHuSQtXus8+33cPXcZ7811
BegiKleDqLOG0O3FVSUk3/BRDr5utsenHcp7Xp32EZkakodfew26PazEKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM+ysJ+CwwhD4D02hXOHk2qSr3/7MB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvejdLd240TERDRVBnUFRhRmM0ZVRhcEt2Zl9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDMhTgAwQC
1EVYMA0GCSqGSIb3DQEBCwUAA4IBAQBIjw8Az0h961+zr0WCkS99pcm7w7BRk29p
RjB7PZvJOc1W9cKLJFBjoeQiz6CBjaxpsKPAfd4KxCQ22SLDBQzd7q9RQ1xH3Qg/
YJMX7GhnL9WEUjjaOA/mTGbhmRarczXfebjjaM4ORLiBhvmBX5MQ1kmZPn1NuHyA
fqdqiTNr62xPSqQosBtEW+2lLlCssxbregmwMMijtcDi9A7gue9xuRP27Z3oTVNn
f42B+2DdFDNC5HBsA/1HtaEoo0DswTmQrAP88g5YDTcoxKoW3oKI9CzJIUI0geZz
hLV/TXYq61zOEAWtUytE5mxaTDO6UUaL41sAg2GKifXXRCKRljsn
-----END CERTIFICATE-----