Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/ZDqkiej3KvbVcchBqYbs_m_58AA.roa
File:                     ZDqkiej3KvbVcchBqYbs_m_58AA.roa (raw, json)
Hash identifier:          WNRpgM2RfMTJF9WJxnTJzmUWmkHVlsXryqz1NtCqsaw=
Subject key identifier:   64:3A:A4:89:E8:F7:2A:F6:D5:71:C8:41:A9:86:EC:FE:6F:F9:F0:00
Certificate issuer:       /CN=24350aa8a94af666099fd073ec621cd15d04b316
Certificate serial:       01942444BC6E6D30C5C71B6C073C18E8BB38
Authority key identifier: 24:35:0A:A8:A9:4A:F6:66:09:9F:D0:73:EC:62:1C:D1:5D:04:B3:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/ZDqkiej3KvbVcchBqYbs_m_58AA.roa
Signing time:             Wed 01 Jan 2025 23:47:51 +0000
ROA not before:           Wed 01 Jan 2025 23:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211884
IP address blocks:        195.250.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:bc:6e:6d:30:c5:c7:1b:6c:07:3c:18:e8:bb:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24350aa8a94af666099fd073ec621cd15d04b316
        Validity
            Not Before: Jan  1 23:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=643aa489e8f72af6d571c841a986ecfe6ff9f000
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d8:76:3f:2c:03:6f:02:b1:2b:ea:62:17:8a:
                    a0:dd:ba:d9:51:22:91:64:e0:8a:bf:41:85:80:9f:
                    5f:6f:70:14:f8:84:5c:f5:6d:ab:99:1b:ee:40:e8:
                    7c:5a:0d:63:0e:3b:60:eb:ae:5c:4e:71:1f:78:34:
                    87:cf:9c:4b:25:6e:97:f0:70:49:9f:c4:d4:0e:fe:
                    51:77:ca:d0:bd:ad:c6:ab:3d:fb:34:dc:30:2e:b5:
                    31:e7:5e:be:db:1c:d9:a8:ed:95:20:c8:56:bc:8a:
                    0f:3b:22:56:9a:71:71:cb:0a:ed:e2:88:98:05:f0:
                    3d:b1:99:e0:e6:2c:e3:47:63:b6:f8:f9:64:ef:2d:
                    f2:0e:c2:5a:d8:2b:01:f6:d9:7b:9b:43:40:b9:9f:
                    8c:5c:7c:d7:ec:b5:af:2d:23:94:3b:43:45:85:06:
                    c1:f2:bc:08:3b:b1:40:ee:92:af:c8:66:0c:8c:dd:
                    3e:fb:53:bc:53:ef:ba:2a:0f:11:b9:72:fc:26:c0:
                    05:34:30:6c:19:95:d2:4c:4a:44:3a:39:73:29:b3:
                    cf:f6:a4:15:7f:12:f9:13:34:4b:5a:70:70:ae:a7:
                    58:05:9c:33:fa:3c:f2:5b:1c:aa:4a:17:88:79:6c:
                    e3:d7:09:18:5c:4a:f3:4a:57:fc:3b:4c:a5:5f:f5:
                    75:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:3A:A4:89:E8:F7:2A:F6:D5:71:C8:41:A9:86:EC:FE:6F:F9:F0:00
            X509v3 Authority Key Identifier:
                keyid:24:35:0A:A8:A9:4A:F6:66:09:9F:D0:73:EC:62:1C:D1:5D:04:B3:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/ZDqkiej3KvbVcchBqYbs_m_58AA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.250.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:9d:18:3b:63:91:31:34:0b:66:c6:d4:a3:54:a9:e5:d2:1b:
         ef:ae:cf:44:fe:29:07:66:bd:07:f3:da:80:3c:24:7e:6c:a2:
         b1:8b:81:9e:2b:d1:cd:1f:0d:4a:a3:bf:53:cc:7c:8f:a2:01:
         9d:31:f3:ed:80:18:a3:8a:55:17:3c:56:4e:fb:54:25:1b:ab:
         1e:88:4c:45:5f:b5:51:04:28:db:61:e5:99:4f:6b:c6:68:d6:
         db:cd:73:cf:f9:a3:ff:81:0f:c8:79:54:6d:9a:ba:e3:64:be:
         69:13:e5:42:be:71:60:37:ef:2f:b1:cb:83:50:ec:52:d2:bd:
         9d:6d:dd:97:cb:a2:2d:e4:03:dc:91:d3:43:d9:45:dc:ba:d0:
         f2:36:11:0d:98:a7:7c:c1:fb:50:0f:ab:a3:ea:6c:c8:b1:d2:
         8c:9d:ed:1e:ea:8e:0c:b8:3a:e8:c8:ca:76:ba:cf:8c:3e:0f:
         92:03:01:68:46:e3:89:61:3d:b2:e4:40:b9:c4:6d:38:9a:de:
         6b:10:25:ac:42:5f:c2:c2:a7:65:08:da:61:21:21:5f:14:42:
         76:90:91:39:7b:a3:4d:e8:fc:28:4e:9e:4a:2a:83:5b:eb:d1:
         c8:c8:72:b3:20:7d:97:21:65:cd:86:7e:b6:ef:2d:d3:82:b2:
         17:38:46:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRLxubTDFxxtsBzwY6Ls4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MzUwYWE4YTk0YWY2NjYwOTlmZDA3M2VjNjIxY2QxNWQw
NGIzMTYwHhcNMjUwMTAxMjM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDNhYTQ4OWU4ZjcyYWY2ZDU3MWM4NDFhOTg2ZWNmZTZmZjlmMDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNh2PywDbwKxK+piF4qg3brZUSKR
ZOCKv0GFgJ9fb3AU+IRc9W2rmRvuQOh8Wg1jDjtg665cTnEfeDSHz5xLJW6X8HBJ
n8TUDv5Rd8rQva3Gqz37NNwwLrUx516+2xzZqO2VIMhWvIoPOyJWmnFxywrt4oiY
BfA9sZng5izjR2O2+Plk7y3yDsJa2CsB9tl7m0NAuZ+MXHzX7LWvLSOUO0NFhQbB
8rwIO7FA7pKvyGYMjN0++1O8U++6Kg8RuXL8JsAFNDBsGZXSTEpEOjlzKbPP9qQV
fxL5EzRLWnBwrqdYBZwz+jzyWxyqSheIeWzj1wkYXErzSlf8O0ylX/V1QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQ6pIno9yr21XHIQamG7P5v+fAAMB8GA1UdIwQY
MBaAFCQ1CqipSvZmCZ/Qc+xiHNFdBLMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkRVS3FLbEs5bVlKbjlCejdHSWMwVjBFc3hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9hYjYyZTctNzM2Ny00YmRlLTkzNGEt
YjQyNTIyZDA1ODk1LzEvWkRxa2llajNLdmJWY2NoQnFZYnNfbV81OEFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9hYjYyZTctNzM2Ny00YmRlLTkzNGEtYjQyNTIyZDA1ODk1
LzEvSkRVS3FLbEs5bVlKbjlCejdHSWMwVjBFc3hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/rUMA0G
CSqGSIb3DQEBCwUAA4IBAQCvnRg7Y5ExNAtmxtSjVKnl0hvvrs9E/ikHZr0H89qA
PCR+bKKxi4GeK9HNHw1Ko79TzHyPogGdMfPtgBijilUXPFZO+1QlG6seiExFX7VR
BCjbYeWZT2vGaNbbzXPP+aP/gQ/IeVRtmrrjZL5pE+VCvnFgN+8vscuDUOxS0r2d
bd2Xy6It5APckdND2UXcutDyNhENmKd8wftQD6uj6mzIsdKMne0e6o4MuDroyMp2
us+MPg+SAwFoRuOJYT2y5EC5xG04mt5rECWsQl/CwqdlCNphISFfFEJ2kJE5e6NN
6PwoTp5KKoNb69HIyHKzIH2XIWXNhn627y3TgrIXOEZ7
-----END CERTIFICATE-----