Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/09d72e-8267-4393-8363-89f1815d4c19/1/ZntZKX2L_8Ma0koJ3HPW10lURHI.roa
File:                     ZntZKX2L_8Ma0koJ3HPW10lURHI.roa (raw, json)
Hash identifier:          OJbq7vowsXJwKs2XlYdhIC+ZaJvxn8OPWmKWbar3xew=
Subject key identifier:   66:7B:59:29:7D:8B:FF:C3:1A:D2:4A:09:DC:73:D6:D7:49:54:44:72
Certificate issuer:       /CN=d5af20c026de104d96f17acbaf4e787ef9d30206
Certificate serial:       0194282311C8532E61D55A467C02C42B43D1
Authority key identifier: D5:AF:20:C0:26:DE:10:4D:96:F1:7A:CB:AF:4E:78:7E:F9:D3:02:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1a8gwCbeEE2W8XrLr054fvnTAgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/09d72e-8267-4393-8363-89f1815d4c19/1/ZntZKX2L_8Ma0koJ3HPW10lURHI.roa
Signing time:             Thu 02 Jan 2025 17:49:34 +0000
ROA not before:           Thu 02 Jan 2025 17:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        185.154.160.0/24 maxlen: 24
                          185.154.161.0/24 maxlen: 24
                          185.154.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/09d72e-8267-4393-8363-89f1815d4c19/1/1a8gwCbeEE2W8XrLr054fvnTAgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/09d72e-8267-4393-8363-89f1815d4c19/1/1a8gwCbeEE2W8XrLr054fvnTAgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1a8gwCbeEE2W8XrLr054fvnTAgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:11:c8:53:2e:61:d5:5a:46:7c:02:c4:2b:43:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5af20c026de104d96f17acbaf4e787ef9d30206
        Validity
            Not Before: Jan  2 17:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=667b59297d8bffc31ad24a09dc73d6d749544472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ea:ac:74:bc:8f:60:86:1e:c1:b9:7b:f4:d8:
                    36:74:9e:18:eb:17:9b:74:00:12:cf:b3:4c:c7:47:
                    92:c0:36:60:34:99:c0:3b:50:8d:91:7d:77:8a:68:
                    e5:10:18:a6:60:a2:75:21:e5:d7:80:88:79:32:11:
                    1e:8e:45:f2:bf:f9:57:9a:20:3e:4d:5b:4f:65:77:
                    9a:77:1f:c2:4a:4e:d3:24:cf:9a:1c:7a:85:1d:d3:
                    5a:ab:c6:57:fc:e6:d2:9b:ac:fc:b7:29:fe:d6:d3:
                    6f:83:1f:4c:54:a2:6f:9c:23:83:02:23:84:76:1e:
                    1e:61:81:4f:40:2f:e9:84:f4:36:b7:83:94:5b:f0:
                    99:8c:f1:6d:45:ef:fa:8b:b0:79:4b:eb:5f:85:1c:
                    5a:a2:3e:78:d3:16:61:f5:8b:fd:0a:07:b5:fb:f3:
                    ee:51:4c:91:d4:fd:99:e6:ca:7b:75:4b:eb:e3:29:
                    97:44:f6:51:70:fe:52:54:96:91:55:81:3c:c6:2f:
                    06:d8:27:4b:db:e9:24:d5:e1:5f:07:11:ba:1f:82:
                    8f:db:96:0c:d7:f8:6d:5a:4f:b1:c1:2f:11:5b:ce:
                    ea:8f:0f:b9:2d:c1:a1:6f:25:c2:9e:ee:ad:b1:a2:
                    e3:90:65:63:a6:b0:0d:87:9a:9f:b5:3b:d9:59:39:
                    42:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:7B:59:29:7D:8B:FF:C3:1A:D2:4A:09:DC:73:D6:D7:49:54:44:72
            X509v3 Authority Key Identifier:
                keyid:D5:AF:20:C0:26:DE:10:4D:96:F1:7A:CB:AF:4E:78:7E:F9:D3:02:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a8gwCbeEE2W8XrLr054fvnTAgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/09d72e-8267-4393-8363-89f1815d4c19/1/ZntZKX2L_8Ma0koJ3HPW10lURHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/09d72e-8267-4393-8363-89f1815d4c19/1/1a8gwCbeEE2W8XrLr054fvnTAgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.160.0-185.154.162.255

    Signature Algorithm: sha256WithRSAEncryption
         13:0f:8f:9f:4a:1a:fa:74:b8:ec:47:61:fd:ca:84:b2:20:65:
         e8:ba:64:49:3e:e9:74:ba:fb:02:fe:1c:76:ae:0b:f4:51:68:
         b9:c9:0f:bd:47:92:45:49:34:c8:09:ba:4a:6f:c8:f7:7d:c0:
         5e:1c:76:09:e1:a8:30:aa:5d:88:c5:0a:9b:4b:56:18:53:47:
         67:09:65:e1:70:1a:36:dc:33:56:60:54:66:16:da:0c:4f:ab:
         3d:c4:68:16:3b:86:9c:e2:fc:50:75:88:77:ad:40:6f:ab:f6:
         d0:b1:60:84:37:04:80:22:16:66:21:e2:75:62:f5:98:d7:23:
         80:d3:96:53:cc:81:63:da:88:cf:f4:75:58:1c:0a:1b:8b:92:
         2f:9f:a6:33:08:e6:09:0d:18:d5:d7:6a:6f:74:30:13:dc:a5:
         12:09:9a:3b:c4:fd:54:b7:df:9f:03:af:b5:aa:f7:cb:72:dd:
         1a:3b:ed:8c:1a:fb:2d:5d:de:a7:58:e6:61:3d:ee:39:d2:64:
         52:a4:40:88:01:ba:84:93:c5:fa:79:a4:b1:63:ca:43:2f:85:
         90:72:4e:2f:f4:5f:4c:58:15:76:f7:63:97:29:15:b1:eb:df:
         7a:ee:08:39:06:c6:a7:23:74:d1:18:b2:21:be:10:05:91:28:
         55:e8:cd:a4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQoIxHIUy5h1VpGfALEK0PRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YWYyMGMwMjZkZTEwNGQ5NmYxN2FjYmFmNGU3ODdlZjlk
MzAyMDYwHhcNMjUwMTAyMTc0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjdiNTkyOTdkOGJmZmMzMWFkMjRhMDlkYzczZDZkNzQ5NTQ0NDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOqsdLyPYIYewbl79Ng2dJ4Y6xeb
dAASz7NMx0eSwDZgNJnAO1CNkX13imjlEBimYKJ1IeXXgIh5MhEejkXyv/lXmiA+
TVtPZXeadx/CSk7TJM+aHHqFHdNaq8ZX/ObSm6z8tyn+1tNvgx9MVKJvnCODAiOE
dh4eYYFPQC/phPQ2t4OUW/CZjPFtRe/6i7B5S+tfhRxaoj540xZh9Yv9Cge1+/Pu
UUyR1P2Z5sp7dUvr4ymXRPZRcP5SVJaRVYE8xi8G2CdL2+kk1eFfBxG6H4KP25YM
1/htWk+xwS8RW87qjw+5LcGhbyXCnu6tsaLjkGVjprANh5qftTvZWTlCjQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGZ7WSl9i//DGtJKCdxz1tdJVERyMB8GA1UdIwQY
MBaAFNWvIMAm3hBNlvF6y69OeH750wIGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWE4Z3dDYmVFRTJXOFhyTHIwNTRmdm5UQWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8wOWQ3MmUtODI2Ny00MzkzLTgzNjMt
ODlmMTgxNWQ0YzE5LzEvWm50WktYMkxfOE1hMGtvSjNIUFcxMGxVUkhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8wOWQ3MmUtODI2Ny00MzkzLTgzNjMtODlmMTgxNWQ0YzE5
LzEvMWE4Z3dDYmVFRTJXOFhyTHIwNTRmdm5UQWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAW5mqAD
BAC5mqIwDQYJKoZIhvcNAQELBQADggEBABMPj59KGvp0uOxHYf3KhLIgZei6ZEk+
6XS6+wL+HHauC/RRaLnJD71HkkVJNMgJukpvyPd9wF4cdgnhqDCqXYjFCptLVhhT
R2cJZeFwGjbcM1ZgVGYW2gxPqz3EaBY7hpzi/FB1iHetQG+r9tCxYIQ3BIAiFmYh
4nVi9ZjXI4DTllPMgWPaiM/0dVgcChuLki+fpjMI5gkNGNXXam90MBPcpRIJmjvE
/VS3358Dr7Wq98ty3Ro77Ywa+y1d3qdY5mE97jnSZFKkQIgBuoSTxfp5pLFjykMv
hZByTi/0X0xYFXb3Y5cpFbHr33ruCDkGxqcjdNEYsiG+EAWRKFXozaQ=
-----END CERTIFICATE-----