Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/zsR2hosRcU8M1KGjXd1_k-ktlfc.roa
File:                     zsR2hosRcU8M1KGjXd1_k-ktlfc.roa (raw, json)
Hash identifier:          rTq5tN+JofEk5Za1xiOrbVhdFMOSTGjrPTYOHgXaK+I=
Subject key identifier:   CE:C4:76:86:8B:11:71:4F:0C:D4:A1:A3:5D:DD:7F:93:E9:2D:95:F7
Certificate issuer:       /CN=34cb956ec3a14f6f5e4b76d54342fa98d59c77a6
Certificate serial:       0194252153BB74021C0118586DEA8D6F52AC
Authority key identifier: 34:CB:95:6E:C3:A1:4F:6F:5E:4B:76:D5:43:42:FA:98:D5:9C:77:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/zsR2hosRcU8M1KGjXd1_k-ktlfc.roa
Signing time:             Thu 02 Jan 2025 03:48:48 +0000
ROA not before:           Thu 02 Jan 2025 03:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29686
IP address blocks:        91.195.150.0/23 maxlen: 24
                          2001:678:2e0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:53:bb:74:02:1c:01:18:58:6d:ea:8d:6f:52:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34cb956ec3a14f6f5e4b76d54342fa98d59c77a6
        Validity
            Not Before: Jan  2 03:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cec476868b11714f0cd4a1a35ddd7f93e92d95f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:17:a8:d9:04:63:77:4a:d4:03:ed:48:f3:a8:
                    fb:d1:aa:0e:d8:95:b3:b1:23:47:55:f7:05:d8:6d:
                    80:c7:c1:68:62:32:3d:74:77:6d:cd:09:c5:05:43:
                    1a:6d:c3:5c:4e:9d:ed:3e:7e:d1:8a:65:c6:36:3c:
                    d7:26:9f:f3:f0:55:2d:5b:d4:2e:85:b2:96:76:b3:
                    d2:8f:c6:65:c2:ea:d5:b5:10:9d:25:8b:8f:d3:bc:
                    95:58:d6:53:66:c5:2a:11:80:03:b8:74:82:79:3c:
                    b0:e0:24:c5:dc:da:f2:87:d7:79:5d:df:a7:e9:de:
                    81:15:3d:0c:03:28:2a:0f:33:40:9a:ae:56:6d:ba:
                    d8:32:36:17:cf:8f:8c:7d:bf:57:4a:01:4e:94:17:
                    3b:58:04:42:cd:0c:5d:59:45:09:f4:9b:59:83:c7:
                    6b:d0:06:e0:e6:6d:d1:d1:dd:f9:f8:ee:10:a5:d6:
                    16:86:06:fe:6d:56:9a:56:32:91:4a:c1:f4:cf:60:
                    bf:8b:ab:34:3b:ae:b5:71:fb:f6:bb:ec:fa:b8:1d:
                    2e:07:b0:a0:a4:dd:e3:17:cc:52:73:09:c4:16:5a:
                    30:94:db:7f:e6:cf:a0:45:d9:86:e3:b1:61:ca:2f:
                    09:25:1b:e2:a1:63:eb:7b:d4:3f:92:6d:d5:7c:30:
                    4b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:C4:76:86:8B:11:71:4F:0C:D4:A1:A3:5D:DD:7F:93:E9:2D:95:F7
            X509v3 Authority Key Identifier:
                keyid:34:CB:95:6E:C3:A1:4F:6F:5E:4B:76:D5:43:42:FA:98:D5:9C:77:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/zsR2hosRcU8M1KGjXd1_k-ktlfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/14f9f5-25d7-45e8-bc24-9a688080a579/1/NMuVbsOhT29eS3bVQ0L6mNWcd6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.150.0/23
                IPv6:
                  2001:678:2e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:77:65:96:6b:fc:80:6f:2c:cd:92:35:eb:e7:a0:26:f1:89:
         7f:5e:6d:df:a3:42:61:f0:a6:5f:b1:b3:0a:d4:ee:e9:72:ac:
         93:58:d0:1c:84:cd:8a:a7:52:b4:c3:1d:c5:91:5a:2c:6d:6c:
         1e:5d:eb:5b:8e:3b:94:95:ad:81:27:43:7a:b8:ea:6c:13:a5:
         f2:64:9d:29:55:c2:16:fc:69:01:99:cb:7b:47:9a:5e:86:1c:
         24:9f:5a:2d:9d:ac:ce:68:f1:0d:c3:c4:0f:a0:80:88:e4:50:
         ed:6d:21:bc:7a:8f:f0:6e:cc:5d:99:44:3e:a9:51:c6:08:ed:
         8b:14:33:a8:c2:9c:88:b8:e6:0b:40:6f:58:c8:58:e7:3b:8c:
         ea:56:9c:90:22:fb:0e:93:0f:44:57:17:49:b6:41:ff:d7:03:
         c3:e5:df:6b:08:a3:a9:07:4f:65:02:2b:b2:5b:18:03:1e:50:
         75:3d:47:e4:56:8b:c6:c1:a3:7b:db:70:3a:f4:35:d0:21:a2:
         09:b6:eb:cd:b1:b2:55:5d:6e:7c:38:ed:95:ce:f0:c4:0a:b7:
         f3:f8:a0:d6:52:87:7e:4a:7a:e5:67:58:48:1f:02:3c:4b:0c:
         d3:f7:e2:74:38:dc:cb:49:d4:89:b2:4e:53:86:06:6e:48:c4:
         05:47:4d:af
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlIVO7dAIcARhYbeqNb1KsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0Y2I5NTZlYzNhMTRmNmY1ZTRiNzZkNTQzNDJmYTk4ZDU5
Yzc3YTYwHhcNMjUwMTAyMDM0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWM0NzY4NjhiMTE3MTRmMGNkNGExYTM1ZGRkN2Y5M2U5MmQ5NWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzheo2QRjd0rUA+1I86j70aoO2JWz
sSNHVfcF2G2Ax8FoYjI9dHdtzQnFBUMabcNcTp3tPn7RimXGNjzXJp/z8FUtW9Qu
hbKWdrPSj8ZlwurVtRCdJYuP07yVWNZTZsUqEYADuHSCeTyw4CTF3Nryh9d5Xd+n
6d6BFT0MAygqDzNAmq5WbbrYMjYXz4+Mfb9XSgFOlBc7WARCzQxdWUUJ9JtZg8dr
0Abg5m3R0d35+O4QpdYWhgb+bVaaVjKRSsH0z2C/i6s0O661cfv2u+z6uB0uB7Cg
pN3jF8xScwnEFlowlNt/5s+gRdmG47Fhyi8JJRvioWPre9Q/km3VfDBLKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM7EdoaLEXFPDNSho13df5PpLZX3MB8GA1UdIwQY
MBaAFDTLlW7DoU9vXkt21UNC+pjVnHemMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTk11VmJzT2hUMjllUzNiVlEwTDZtTldjZDZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNGY5ZjUtMjVkNy00NWU4LWJjMjQt
OWE2ODgwODBhNTc5LzEvenNSMmhvc1JjVThNMUtHalhkMV9rLWt0bGZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNGY5ZjUtMjVkNy00NWU4LWJjMjQtOWE2ODgwODBhNTc5
LzEvTk11VmJzT2hUMjllUzNiVlEwTDZtTldjZDZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW8OWMA8E
AgACMAkDBwAgAQZ4AuAwDQYJKoZIhvcNAQELBQADggEBABd3ZZZr/IBvLM2SNevn
oCbxiX9ebd+jQmHwpl+xswrU7ulyrJNY0ByEzYqnUrTDHcWRWixtbB5d61uOO5SV
rYEnQ3q46mwTpfJknSlVwhb8aQGZy3tHml6GHCSfWi2drM5o8Q3DxA+ggIjkUO1t
Ibx6j/BuzF2ZRD6pUcYI7YsUM6jCnIi45gtAb1jIWOc7jOpWnJAi+w6TD0RXF0m2
Qf/XA8Pl32sIo6kHT2UCK7JbGAMeUHU9R+RWi8bBo3vbcDr0NdAhogm2682xslVd
bnw47ZXO8MQKt/P4oNZSh35KeuVnWEgfAjxLDNP34nQ43MtJ1ImyTlOGBm5IxAVH
Ta8=
-----END CERTIFICATE-----