Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/sizZNRJeMyfvZoIYAB6UC-zVc7U.roa
File:                     sizZNRJeMyfvZoIYAB6UC-zVc7U.roa (raw, json)
Hash identifier:          Hn9xitBE6shoqbTIVL8aOgZmfrDePFpERxPmyPyqVEs=
Subject key identifier:   B2:2C:D9:35:12:5E:33:27:EF:66:82:18:00:1E:94:0B:EC:D5:73:B5
Certificate issuer:       /CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
Certificate serial:       019420D5EDC542059B9F911F94DC7105C3AE
Authority key identifier: 81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/sizZNRJeMyfvZoIYAB6UC-zVc7U.roa
Signing time:             Wed 01 Jan 2025 07:47:58 +0000
ROA not before:           Wed 01 Jan 2025 07:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207021
IP address blocks:        193.227.117.0/24 maxlen: 24
                          194.0.182.0/24 maxlen: 24
                          194.50.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ed:c5:42:05:9b:9f:91:1f:94:dc:71:05:c3:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
        Validity
            Not Before: Jan  1 07:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b22cd935125e3327ef668218001e940becd573b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b0:bd:1f:df:ce:75:b0:59:f1:e1:3c:e2:9b:
                    b0:ae:f6:84:98:8b:36:a9:3a:f4:cf:10:22:a1:0b:
                    93:3a:71:03:3a:37:ee:52:15:6d:3e:93:bc:99:5a:
                    91:b0:45:e3:69:2c:71:a8:2b:39:06:a7:b8:da:98:
                    24:b7:20:96:2b:cc:83:f4:6f:17:ff:00:70:ca:3b:
                    03:fb:01:49:cd:b8:20:87:13:d8:75:89:7e:02:b9:
                    d5:ce:b7:4e:17:e0:85:1b:fa:52:8a:cd:f9:b3:1e:
                    90:68:47:68:fa:cb:45:9b:b7:5a:43:1b:3d:0d:46:
                    5c:cd:fa:09:54:c1:58:55:c2:ae:cc:b9:bd:b2:04:
                    7f:60:cd:35:8d:97:eb:19:14:a5:c7:40:d4:39:08:
                    20:48:27:a6:18:f5:a6:2c:4c:3c:0f:7c:34:d9:54:
                    21:32:05:df:11:c1:ca:20:6d:60:04:07:23:4e:44:
                    87:c9:a9:6f:49:11:c9:20:07:9a:0c:37:1c:bc:78:
                    c0:23:8a:05:b4:8d:0b:54:0d:2e:dd:aa:c8:83:60:
                    0a:c9:2d:b2:d1:15:f1:a0:86:aa:25:ea:fc:53:ec:
                    1d:1e:84:12:ee:67:3f:bf:b4:9f:bf:dd:25:56:30:
                    ef:08:d7:4e:bc:a5:f3:55:20:d9:cb:75:28:6c:2d:
                    ac:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:2C:D9:35:12:5E:33:27:EF:66:82:18:00:1E:94:0B:EC:D5:73:B5
            X509v3 Authority Key Identifier:
                keyid:81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/sizZNRJeMyfvZoIYAB6UC-zVc7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.117.0/24
                  194.0.182.0/24
                  194.50.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:e6:f6:8e:de:e4:8e:16:6d:e6:ab:e9:22:23:32:13:83:69:
         d4:4b:b6:70:7c:f2:7e:16:13:e9:8f:c3:cc:50:34:1e:58:ca:
         ab:ed:3d:ec:a4:60:80:dd:47:df:f3:2e:c6:3a:37:0b:54:dd:
         60:61:3b:d7:d8:80:fe:90:50:9f:31:c0:be:1c:96:36:32:ca:
         11:1a:33:84:0e:35:3f:67:ae:b3:3e:4f:bf:98:3a:6f:6e:ec:
         12:df:4a:29:48:b0:b1:61:63:bc:02:20:09:4b:4f:8c:37:00:
         ea:e5:e4:bd:c7:a3:af:1d:1b:d7:90:fa:50:45:db:9f:59:62:
         87:60:98:6d:98:f7:50:77:ec:cc:45:97:d9:7c:c0:4d:57:2e:
         73:ed:9b:1e:6a:88:e9:20:0e:43:73:89:13:53:eb:7b:60:26:
         4e:5d:ef:7c:a7:79:aa:ad:f7:ee:d8:35:27:55:b3:55:8f:b9:
         0e:94:a8:7a:d0:5b:3e:a0:d5:61:bb:45:df:80:8d:b7:01:1d:
         24:6e:04:81:59:cf:8d:1e:ce:75:da:89:86:67:7a:0a:9d:a3:
         1d:70:2d:d5:de:25:a4:98:ce:25:9b:62:6e:c9:6d:fe:be:86:
         84:94:7c:cc:0f:7f:d5:d5:6e:94:5e:91:88:6d:16:dc:03:c4:
         59:98:dd:be
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQg1e3FQgWbn5EflNxxBcOuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTdjZThiYWNiZWNlZWIxNmY2MDBiNjA3ZDFiZmQwODAz
M2IzMDIwHhcNMjUwMTAxMDc0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjJjZDkzNTEyNWUzMzI3ZWY2NjgyMTgwMDFlOTQwYmVjZDU3M2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17C9H9/OdbBZ8eE84puwrvaEmIs2
qTr0zxAioQuTOnEDOjfuUhVtPpO8mVqRsEXjaSxxqCs5Bqe42pgktyCWK8yD9G8X
/wBwyjsD+wFJzbgghxPYdYl+ArnVzrdOF+CFG/pSis35sx6QaEdo+stFm7daQxs9
DUZczfoJVMFYVcKuzLm9sgR/YM01jZfrGRSlx0DUOQggSCemGPWmLEw8D3w02VQh
MgXfEcHKIG1gBAcjTkSHyalvSRHJIAeaDDccvHjAI4oFtI0LVA0u3arIg2AKyS2y
0RXxoIaqJer8U+wdHoQS7mc/v7Sfv90lVjDvCNdOvKXzVSDZy3UobC2sTwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLIs2TUSXjMn72aCGAAelAvs1XO1MB8GA1UdIwQY
MBaAFIGnzousvs7rFvYAtgfRv9CAM7MCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzct
YjI3ZDg3MzBhMjcwLzEvc2l6Wk5SSmVNeWZ2Wm9JWUFCNlVDLXpWYzdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzctYjI3ZDg3MzBhMjcw
LzEvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAweN1AwQA
wgC2AwQAwjK7MA0GCSqGSIb3DQEBCwUAA4IBAQB+5vaO3uSOFm3mq+kiIzITg2nU
S7ZwfPJ+FhPpj8PMUDQeWMqr7T3spGCA3Uff8y7GOjcLVN1gYTvX2ID+kFCfMcC+
HJY2MsoRGjOEDjU/Z66zPk+/mDpvbuwS30opSLCxYWO8AiAJS0+MNwDq5eS9x6Ov
HRvXkPpQRdufWWKHYJhtmPdQd+zMRZfZfMBNVy5z7ZseaojpIA5Dc4kTU+t7YCZO
Xe98p3mqrffu2DUnVbNVj7kOlKh60Fs+oNVhu0XfgI23AR0kbgSBWc+NHs512omG
Z3oKnaMdcC3V3iWkmM4lm2JuyW3+voaElHzMD3/V1W6UXpGIbRbcA8RZmN2+
-----END CERTIFICATE-----