Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zf59mhwN1S3gDhITine9rGoU1mI.roa
File:                     Zf59mhwN1S3gDhITine9rGoU1mI.roa (raw, json)
Hash identifier:          ItAmoJjJI8759vV0N2ep7BAGBNMWntj11jBxYRrpcMA=
Subject key identifier:   65:FE:7D:9A:1C:0D:D5:2D:E0:0E:12:13:8A:77:BD:AC:6A:14:D6:62
Certificate issuer:       /CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
Certificate serial:       019422FB17EA703114479CCF3AF1601A99B3
Authority key identifier: 65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zf59mhwN1S3gDhITine9rGoU1mI.roa
Signing time:             Wed 01 Jan 2025 17:47:48 +0000
ROA not before:           Wed 01 Jan 2025 17:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211309
IP address blocks:        195.64.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 22:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:17:ea:70:31:14:47:9c:cf:3a:f1:60:1a:99:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
        Validity
            Not Before: Jan  1 17:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65fe7d9a1c0dd52de00e12138a77bdac6a14d662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:19:26:7e:51:2f:ea:3b:16:73:46:c1:32:b5:
                    21:cb:23:d2:69:ec:30:1d:b2:93:80:4e:13:61:0f:
                    f3:c9:27:3a:0e:5b:7e:5b:87:41:d0:54:e0:5f:7c:
                    4a:bf:59:12:ea:db:d1:8f:ca:c0:fc:e7:e9:d9:b3:
                    eb:c9:dd:79:1b:c3:cf:fd:48:84:1a:d6:5d:aa:a2:
                    ea:7f:ac:84:22:73:05:f7:90:7b:8d:97:c1:6e:3c:
                    76:74:0b:1c:88:e3:63:9f:d6:61:8c:2a:77:58:10:
                    1e:6e:c9:e9:26:71:f2:0a:3b:25:22:b7:ab:f7:d8:
                    29:2a:8c:9d:31:ec:ab:20:fa:82:c3:17:31:26:b1:
                    fc:be:60:32:66:71:fb:c9:ef:1f:21:13:e3:26:9a:
                    d0:d1:2c:31:c1:a2:85:b4:3c:fc:fc:96:28:84:15:
                    68:4a:3b:4f:ee:d5:3a:b8:56:74:17:94:1e:11:36:
                    62:f8:14:94:72:2b:61:4f:8e:45:d7:32:36:2a:f3:
                    54:12:b1:d8:a3:43:9b:69:89:80:40:35:83:32:d6:
                    7c:a7:78:ed:65:1b:3b:5b:67:83:02:8c:47:1e:ab:
                    b7:11:f5:1f:9c:6d:ff:68:5c:75:d8:fd:9e:b8:cd:
                    38:17:3f:06:33:9e:85:74:00:65:bf:20:6a:1f:14:
                    26:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:FE:7D:9A:1C:0D:D5:2D:E0:0E:12:13:8A:77:BD:AC:6A:14:D6:62
            X509v3 Authority Key Identifier:
                keyid:65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zf59mhwN1S3gDhITine9rGoU1mI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:50:21:72:5e:2e:20:af:ac:92:ba:df:4c:a0:87:12:0b:04:
         a9:14:42:81:d8:c7:55:bb:71:36:54:51:ed:a4:f7:aa:98:07:
         9c:e1:d6:e4:a2:5a:5c:2e:1c:e9:66:06:e2:cc:69:b7:f2:2f:
         08:47:6c:3f:2f:2b:9c:29:c4:df:10:c5:e2:56:09:e8:ec:a3:
         14:51:2b:b3:b0:bb:48:3d:8d:58:8e:b2:4a:f2:27:b2:f2:3c:
         b9:2e:8c:f9:c0:93:ea:01:1d:5b:7b:66:c9:ef:26:5d:50:2e:
         bc:c2:ae:a1:56:14:c4:8a:92:bc:f1:ad:9b:eb:e5:4e:f9:6c:
         76:7c:9e:71:17:10:1b:0b:3f:b2:ce:53:81:5c:a7:a7:4c:95:
         21:4e:d6:51:5f:83:fd:91:72:20:3d:60:03:99:06:20:12:ad:
         f2:12:1b:ce:bf:9c:8c:bb:e3:3d:62:00:20:13:1c:7a:be:88:
         b5:b5:de:43:fe:80:9c:87:13:0b:ac:8c:18:6b:9f:81:9f:da:
         5b:6a:8a:2b:45:e8:9b:e4:04:38:88:bd:4b:2c:d1:c6:e2:8b:
         32:cf:a7:1e:fc:80:b2:7d:ff:d4:43:ad:ee:ef:00:08:9d:cd:
         89:0d:8e:31:97:d9:3a:1c:af:92:74:30:50:3c:bc:c7:ed:9f:
         20:5a:e4:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+xfqcDEUR5zPOvFgGpmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmRjZmY3N2JmMDYwZDVkYTEyZGU0NWUyMDcyZTFjZmY0
NTYwYTcwHhcNMjUwMTAxMTc0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWZlN2Q5YTFjMGRkNTJkZTAwZTEyMTM4YTc3YmRhYzZhMTRkNjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohkmflEv6jsWc0bBMrUhyyPSaeww
HbKTgE4TYQ/zySc6Dlt+W4dB0FTgX3xKv1kS6tvRj8rA/Ofp2bPryd15G8PP/UiE
GtZdqqLqf6yEInMF95B7jZfBbjx2dAsciONjn9ZhjCp3WBAebsnpJnHyCjslIrer
99gpKoydMeyrIPqCwxcxJrH8vmAyZnH7ye8fIRPjJprQ0SwxwaKFtDz8/JYohBVo
SjtP7tU6uFZ0F5QeETZi+BSUcithT45F1zI2KvNUErHYo0ObaYmAQDWDMtZ8p3jt
ZRs7W2eDAoxHHqu3EfUfnG3/aFx12P2euM04Fz8GM56FdABlvyBqHxQmOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGX+fZocDdUt4A4SE4p3vaxqFNZiMB8GA1UdIwQY
MBaAFGW9z/d78GDV2hLeReIHLhz/RWCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYt
ZDcwY2Q5N2Y0ODU3LzEvWmY1OW1od04xUzNnRGhJVGluZTlyR29VMW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYtZDcwY2Q5N2Y0ODU3
LzEvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0B2MA0G
CSqGSIb3DQEBCwUAA4IBAQBSUCFyXi4gr6ySut9MoIcSCwSpFEKB2MdVu3E2VFHt
pPeqmAec4dbkolpcLhzpZgbizGm38i8IR2w/LyucKcTfEMXiVgno7KMUUSuzsLtI
PY1YjrJK8iey8jy5Loz5wJPqAR1be2bJ7yZdUC68wq6hVhTEipK88a2b6+VO+Wx2
fJ5xFxAbCz+yzlOBXKenTJUhTtZRX4P9kXIgPWADmQYgEq3yEhvOv5yMu+M9YgAg
Exx6voi1td5D/oCchxMLrIwYa5+Bn9pbaoorReib5AQ4iL1LLNHG4osyz6ce/ICy
ff/UQ63u7wAInc2JDY4xl9k6HK+SdDBQPLzH7Z8gWuTr
-----END CERTIFICATE-----