Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZWL215h-t8R0mNdHN1yFNlnsFHc.roa
File:                     ZWL215h-t8R0mNdHN1yFNlnsFHc.roa (raw, json)
Hash identifier:          9GUpuU/0aRxBtA7tqXQP2pIiXgmPy3bzW/3ZFWLCpRc=
Subject key identifier:   65:62:F6:D7:98:7E:B7:C4:74:98:D7:47:37:5C:85:36:59:EC:14:77
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0195000290152950D3068E63DD5439EE7CC0
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZWL215h-t8R0mNdHN1yFNlnsFHc.roa
Signing time:             Thu 13 Feb 2025 15:52:02 +0000
ROA not before:           Thu 13 Feb 2025 15:52:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198584
IP address blocks:        185.222.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 11:12:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:00:02:90:15:29:50:d3:06:8e:63:dd:54:39:ee:7c:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Feb 13 15:52:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6562f6d7987eb7c47498d747375c853659ec1477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c1:72:3e:69:0a:a3:a1:50:a3:eb:dc:c6:df:
                    7f:f7:c9:42:09:ac:0c:ec:6d:3a:5b:49:84:d9:62:
                    a3:25:ca:c3:8b:31:2c:bf:51:9c:60:a6:8d:f9:2c:
                    cb:6e:66:e0:dc:7b:f4:38:db:71:3e:81:5b:b4:04:
                    eb:bd:f2:03:2b:ca:37:90:b4:8c:41:2b:44:6a:67:
                    ad:64:94:da:5a:1d:c2:e9:60:74:66:0c:aa:54:cf:
                    e4:86:a1:37:a0:63:06:ad:59:67:a1:7d:00:b2:5b:
                    2c:1c:dd:e2:5e:1b:a5:7e:ff:b7:04:68:2d:b8:cb:
                    79:75:6f:3c:50:e0:58:34:46:6e:a6:87:20:76:15:
                    b9:9b:94:3e:23:06:2c:44:7c:71:c7:04:c1:06:4e:
                    5a:f9:13:db:ee:76:aa:22:0a:0a:1d:bf:32:f2:b2:
                    47:b2:19:64:3f:2a:68:a3:a2:6e:77:bc:79:02:05:
                    80:35:54:82:f1:46:96:a1:33:92:46:cd:0d:b7:9a:
                    86:19:92:2e:09:c7:cf:09:b6:52:a3:6e:f8:fc:08:
                    bd:eb:bc:90:95:7e:00:82:9f:ba:e8:07:95:f8:e0:
                    d2:77:ac:00:5c:0f:b5:0d:01:d2:2d:0d:41:b7:18:
                    c3:93:b4:44:2f:7f:36:38:34:93:9d:6c:80:b8:fb:
                    61:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:62:F6:D7:98:7E:B7:C4:74:98:D7:47:37:5C:85:36:59:EC:14:77
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZWL215h-t8R0mNdHN1yFNlnsFHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:be:96:58:47:e6:50:70:81:ff:6f:e8:fc:23:60:45:3d:27:
         68:29:62:55:ba:51:b4:90:39:ee:aa:38:0d:2c:46:99:de:34:
         eb:c8:fe:53:b4:8d:43:ac:a6:d0:e0:59:61:56:df:4c:fe:3c:
         95:49:db:73:08:a6:38:ea:e0:f6:4a:13:9b:0c:da:c4:79:8a:
         3d:d4:51:93:37:95:61:4e:51:5a:e8:e7:d2:ef:f0:95:56:49:
         03:e2:72:20:cf:38:05:00:8e:3b:d0:2c:3e:b7:a9:49:da:92:
         57:38:25:4e:ec:b8:ce:5e:1e:3e:d2:7f:4b:d7:7e:4c:e2:d0:
         f1:82:a6:9e:71:1a:ed:2a:bf:4a:1d:10:4e:c6:40:0d:46:f4:
         57:88:d1:54:9d:c6:8a:be:f5:88:d4:f8:da:57:39:d7:cf:a2:
         ac:ad:82:22:14:a8:f1:2d:57:af:36:98:16:07:e4:3b:96:90:
         95:63:29:d9:10:14:cb:20:68:c6:59:ad:62:a9:7c:3f:8e:e6:
         b7:55:5e:c3:f7:59:ac:a4:03:01:02:f1:34:93:4a:dd:fd:ce:
         04:50:e9:d6:ed:2e:37:db:8d:5f:04:f0:ce:5b:dc:c6:9d:d9:
         c9:3a:95:86:0e:5f:c1:79:54:d1:b3:5a:e6:f1:e7:b5:ed:92:
         6a:1d:5e:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUAApAVKVDTBo5j3VQ57nzAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMjEzMTU1MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTYyZjZkNzk4N2ViN2M0NzQ5OGQ3NDczNzVjODUzNjU5ZWMxNDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsFyPmkKo6FQo+vcxt9/98lCCawM
7G06W0mE2WKjJcrDizEsv1GcYKaN+SzLbmbg3Hv0ONtxPoFbtATrvfIDK8o3kLSM
QStEametZJTaWh3C6WB0ZgyqVM/khqE3oGMGrVlnoX0AslssHN3iXhulfv+3BGgt
uMt5dW88UOBYNEZupocgdhW5m5Q+IwYsRHxxxwTBBk5a+RPb7naqIgoKHb8y8rJH
shlkPypoo6Jud7x5AgWANVSC8UaWoTOSRs0Nt5qGGZIuCcfPCbZSo274/Ai967yQ
lX4Agp+66AeV+ODSd6wAXA+1DQHSLQ1BtxjDk7REL382ODSTnWyAuPthCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVi9teYfrfEdJjXRzdchTZZ7BR3MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWldMMjE1aC10OFIwbU5kSE4xeUZObG5zRkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud4cMA0G
CSqGSIb3DQEBCwUAA4IBAQCSvpZYR+ZQcIH/b+j8I2BFPSdoKWJVulG0kDnuqjgN
LEaZ3jTryP5TtI1DrKbQ4FlhVt9M/jyVSdtzCKY46uD2ShObDNrEeYo91FGTN5Vh
TlFa6OfS7/CVVkkD4nIgzzgFAI470Cw+t6lJ2pJXOCVO7LjOXh4+0n9L135M4tDx
gqaecRrtKr9KHRBOxkANRvRXiNFUncaKvvWI1PjaVznXz6KsrYIiFKjxLVevNpgW
B+Q7lpCVYynZEBTLIGjGWa1iqXw/jua3VV7D91mspAMBAvE0k0rd/c4EUOnW7S43
241fBPDOW9zGndnJOpWGDl/BeVTRs1rm8ee17ZJqHV5Y
-----END CERTIFICATE-----