Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/ZLxVHxzZvKjjn2s6lQPPZdNzPyw.roa
File:                     ZLxVHxzZvKjjn2s6lQPPZdNzPyw.roa (raw, json)
Hash identifier:          9UddYVQskYka8RNl5TAXIUT0fsGnIVLCOhL+P2BIpeA=
Subject key identifier:   64:BC:55:1F:1C:D9:BC:A8:E3:9F:6B:3A:95:03:CF:65:D3:73:3F:2C
Certificate issuer:       /CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
Certificate serial:       0194258F4F0C9795FBC8FDFEDCC5B1C269C8
Authority key identifier: 72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/ZLxVHxzZvKjjn2s6lQPPZdNzPyw.roa
Signing time:             Thu 02 Jan 2025 05:48:56 +0000
ROA not before:           Thu 02 Jan 2025 05:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198380
IP address blocks:        185.242.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:4f:0c:97:95:fb:c8:fd:fe:dc:c5:b1:c2:69:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725c0c7111e2f57fcaf8113a42e556e882dd5c4b
        Validity
            Not Before: Jan  2 05:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64bc551f1cd9bca8e39f6b3a9503cf65d3733f2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c6:8f:97:f4:4e:95:bb:b1:97:8f:99:4a:3d:
                    e4:c3:9a:c6:40:1c:16:93:78:20:ae:d9:dd:db:bd:
                    30:46:c3:86:c3:19:61:cf:a3:ea:5d:a6:47:34:26:
                    4e:a5:69:d8:4e:ce:27:aa:21:83:00:9c:d5:cb:76:
                    4d:e0:be:96:18:ea:84:3c:95:d1:bb:44:8f:36:9a:
                    77:0b:65:d7:7b:2c:4b:1f:59:a9:e6:4f:64:15:42:
                    85:a6:a4:f2:b0:da:e8:e6:a8:f3:48:01:53:99:da:
                    ca:25:54:f1:83:af:cc:d5:1c:07:37:27:2a:88:9b:
                    5c:95:4a:dd:2f:e6:9e:d7:9e:2b:70:78:6e:e5:be:
                    99:bb:33:4c:0d:e4:bb:2a:10:23:6c:ef:06:82:3b:
                    41:7a:9a:b3:2c:62:0e:b9:85:9c:fd:13:ad:73:4e:
                    76:a9:bb:2d:f6:33:a5:44:04:99:af:d4:1e:77:56:
                    8f:c5:76:28:8a:fe:80:81:93:42:bb:4c:f9:c8:cf:
                    f4:3d:36:1f:a7:82:2b:00:cb:1d:b0:6c:3e:0b:cd:
                    a4:26:93:2e:a9:cd:c6:84:56:7a:23:d1:2f:c7:42:
                    e0:f2:b5:e8:aa:64:8d:72:34:34:1c:19:4a:fc:31:
                    1b:d7:dc:d5:98:d3:cf:8d:62:86:fa:17:00:3c:97:
                    d6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:BC:55:1F:1C:D9:BC:A8:E3:9F:6B:3A:95:03:CF:65:D3:73:3F:2C
            X509v3 Authority Key Identifier:
                keyid:72:5C:0C:71:11:E2:F5:7F:CA:F8:11:3A:42:E5:56:E8:82:DD:5C:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/clwMcRHi9X_K-BE6QuVW6ILdXEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/ZLxVHxzZvKjjn2s6lQPPZdNzPyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0c9b54-130a-499a-bf9f-7610aabaa274/1/clwMcRHi9X_K-BE6QuVW6ILdXEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:89:5a:8e:6c:07:0c:45:8a:e5:f8:2d:51:c4:27:f5:a7:99:
         24:1e:3d:d3:63:3b:66:99:27:5a:5c:02:0f:2a:bf:95:0f:db:
         96:66:95:31:1f:f8:11:e6:22:71:54:eb:7b:50:f7:7c:86:d5:
         b3:9b:42:4d:05:e3:4f:94:ff:b1:73:5d:16:de:9d:91:94:a8:
         28:e3:f8:78:37:4c:2d:35:69:6a:07:c3:0f:18:6e:0f:e6:5c:
         3c:a6:be:2c:5f:05:da:dd:52:b9:69:da:b2:b9:97:1b:5b:ee:
         14:0f:e5:59:6d:3a:60:21:f1:49:12:17:42:2b:e9:7d:55:c4:
         c3:74:21:dd:51:6c:f5:22:10:dc:b6:f1:ed:cf:ab:04:f6:dc:
         21:f4:61:45:55:28:e1:15:b2:81:27:6d:21:11:8e:ea:bd:bc:
         bd:a4:8d:a2:98:4e:6b:b8:6e:73:22:e9:86:1e:94:7c:4e:37:
         cd:32:9f:21:74:4d:e1:a6:88:eb:aa:ce:ed:df:b0:72:67:1f:
         fb:38:67:f9:7a:e7:31:78:33:1a:7f:b1:33:32:5d:62:7f:f1:
         bb:a6:4b:1d:d7:6e:5f:ff:63:8f:da:18:88:8a:07:2e:ec:c4:
         fa:da:f2:36:c0:ce:75:27:9e:a8:e4:cd:dd:2c:0e:ac:04:b6:
         22:a3:b1:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj08Ml5X7yP3+3MWxwmnIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWMwYzcxMTFlMmY1N2ZjYWY4MTEzYTQyZTU1NmU4ODJk
ZDVjNGIwHhcNMjUwMTAyMDU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGJjNTUxZjFjZDliY2E4ZTM5ZjZiM2E5NTAzY2Y2NWQzNzMzZjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMaPl/ROlbuxl4+ZSj3kw5rGQBwW
k3ggrtnd270wRsOGwxlhz6PqXaZHNCZOpWnYTs4nqiGDAJzVy3ZN4L6WGOqEPJXR
u0SPNpp3C2XXeyxLH1mp5k9kFUKFpqTysNro5qjzSAFTmdrKJVTxg6/M1RwHNycq
iJtclUrdL+ae154rcHhu5b6ZuzNMDeS7KhAjbO8GgjtBepqzLGIOuYWc/ROtc052
qbst9jOlRASZr9Qed1aPxXYoiv6AgZNCu0z5yM/0PTYfp4IrAMsdsGw+C82kJpMu
qc3GhFZ6I9Evx0Lg8rXoqmSNcjQ0HBlK/DEb19zVmNPPjWKG+hcAPJfWMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGS8VR8c2byo459rOpUDz2XTcz8sMB8GA1UdIwQY
MBaAFHJcDHER4vV/yvgROkLlVuiC3VxLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYt
NzYxMGFhYmFhMjc0LzEvWkx4Vkh4elp2S2pqbjJzNmxRUFBaZE56UHl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYzliNTQtMTMwYS00OTlhLWJmOWYtNzYxMGFhYmFhMjc0
LzEvY2x3TWNSSGk5WF9LLUJFNlF1Vlc2SUxkWEVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufIPMA0G
CSqGSIb3DQEBCwUAA4IBAQB2iVqObAcMRYrl+C1RxCf1p5kkHj3TYztmmSdaXAIP
Kr+VD9uWZpUxH/gR5iJxVOt7UPd8htWzm0JNBeNPlP+xc10W3p2RlKgo4/h4N0wt
NWlqB8MPGG4P5lw8pr4sXwXa3VK5adqyuZcbW+4UD+VZbTpgIfFJEhdCK+l9VcTD
dCHdUWz1IhDctvHtz6sE9twh9GFFVSjhFbKBJ20hEY7qvby9pI2imE5ruG5zIumG
HpR8TjfNMp8hdE3hpojrqs7t37ByZx/7OGf5eucxeDMaf7EzMl1if/G7pksd125f
/2OP2hiIigcu7MT62vI2wM51J56o5M3dLA6sBLYio7E/
-----END CERTIFICATE-----