Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/e7cc6b-52a0-4b7a-8fc2-71c46c199636/1/ZSJIeCxiIA7ldoioEWRm452Qcms.roa
File:                     ZSJIeCxiIA7ldoioEWRm452Qcms.roa (raw, json)
Hash identifier:          bB1RTn6z/IStncKub4K9SUnV2tKMUrmrbcTqDBD+vIs=
Subject key identifier:   65:22:48:78:2C:62:20:0E:E5:76:88:A8:11:64:66:E3:9D:90:72:6B
Certificate issuer:       /CN=bfb548d85725104527f3be47976b674739ae2f13
Certificate serial:       018CCA2A16975E6283712C280E2F9A53FA59
Authority key identifier: BF:B5:48:D8:57:25:10:45:27:F3:BE:47:97:6B:67:47:39:AE:2F:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7VI2FclEEUn875Hl2tnRzmuLxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/e7cc6b-52a0-4b7a-8fc2-71c46c199636/1/ZSJIeCxiIA7ldoioEWRm452Qcms.roa
Signing time:             Tue 02 Jan 2024 12:33:25 +0000
ROA not before:           Tue 02 Jan 2024 12:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204403
IP address blocks:        185.250.16.0/22 maxlen: 24
                          2a0b:c700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/e7cc6b-52a0-4b7a-8fc2-71c46c199636/1/v7VI2FclEEUn875Hl2tnRzmuLxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/e7cc6b-52a0-4b7a-8fc2-71c46c199636/1/v7VI2FclEEUn875Hl2tnRzmuLxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7VI2FclEEUn875Hl2tnRzmuLxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:16:97:5e:62:83:71:2c:28:0e:2f:9a:53:fa:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb548d85725104527f3be47976b674739ae2f13
        Validity
            Not Before: Jan  2 12:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=652248782c62200ee57688a8116466e39d90726b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:57:0f:83:6e:1f:23:6e:d4:ae:6b:ad:a1:af:
                    f5:1b:9c:36:4d:fe:c0:e3:e6:e4:ad:fc:0f:57:42:
                    12:60:54:e9:f3:b3:a3:2f:35:58:e6:11:99:d7:63:
                    6f:72:c2:fe:7f:d9:55:d7:23:8e:f4:5c:b6:52:5b:
                    4b:e1:df:5e:56:f0:36:c5:78:fc:a1:ac:f3:65:31:
                    30:5c:8b:1e:45:ce:67:43:d4:0b:9a:bf:66:af:6f:
                    ab:c9:b6:23:e2:90:ec:ce:98:75:1b:aa:a2:7d:2e:
                    19:49:ea:e6:ab:e4:0e:d9:28:e0:fa:92:e1:d8:ce:
                    c5:4f:e8:5d:0d:1e:a8:b8:b6:51:21:2e:af:02:d7:
                    ee:a2:28:cc:31:5c:9f:26:af:19:ac:50:f9:ce:98:
                    6f:e0:a5:27:56:44:11:ec:ca:5f:32:c1:ae:35:5c:
                    47:2f:c7:77:04:2d:ef:27:68:bb:a7:6b:d3:cc:b8:
                    70:65:36:7b:98:62:96:f9:4b:94:bb:cf:16:47:4b:
                    b3:df:c3:7d:10:d0:ed:c3:9a:9a:48:a1:e9:78:5a:
                    9c:c8:40:03:ba:23:d0:17:68:da:d1:dd:28:19:ff:
                    fd:38:2d:6a:5a:8c:b6:bb:bd:05:e4:bc:34:2d:e5:
                    27:33:3a:ba:df:d5:96:50:ad:a6:c9:82:5b:f5:43:
                    c7:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:22:48:78:2C:62:20:0E:E5:76:88:A8:11:64:66:E3:9D:90:72:6B
            X509v3 Authority Key Identifier:
                keyid:BF:B5:48:D8:57:25:10:45:27:F3:BE:47:97:6B:67:47:39:AE:2F:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7VI2FclEEUn875Hl2tnRzmuLxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e7cc6b-52a0-4b7a-8fc2-71c46c199636/1/ZSJIeCxiIA7ldoioEWRm452Qcms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e7cc6b-52a0-4b7a-8fc2-71c46c199636/1/v7VI2FclEEUn875Hl2tnRzmuLxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.16.0/22
                IPv6:
                  2a0b:c700::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:45:1c:82:1b:ca:63:87:50:15:7b:2a:2f:09:c7:88:a9:4b:
         62:df:22:a8:bc:07:cf:e5:f0:18:a0:ab:51:15:94:16:2e:62:
         5c:c3:9b:00:56:71:70:eb:be:dc:a0:fa:ba:9a:b6:1a:98:e5:
         07:cf:e0:98:58:52:dc:68:fe:78:c9:e1:f0:2b:45:15:85:20:
         ea:7e:f2:e2:f9:99:fb:38:cf:56:aa:a8:6c:ab:ce:7b:a6:a8:
         54:d9:c9:9c:0b:a7:4c:81:8b:3b:e9:60:72:b3:6e:6f:8c:15:
         7d:4b:1f:6b:5e:34:b3:33:78:3c:15:91:5c:1c:0e:60:fe:85:
         64:0b:af:8e:e5:41:aa:74:cc:e4:b9:3d:67:be:52:9b:e5:dd:
         5d:82:f5:c0:c0:6a:81:f8:5c:61:b6:ee:5d:52:2e:bd:b3:6a:
         17:35:10:71:3d:17:82:b5:d9:23:65:91:7f:50:fe:2d:f9:ff:
         5e:b2:ae:f7:70:fd:bc:f9:f5:0f:f4:17:51:63:36:bb:ad:51:
         cf:ae:ff:89:f6:d6:c6:6f:24:3c:a0:b2:59:35:5d:34:b9:d5:
         42:1e:90:aa:29:04:d7:68:ff:6a:35:98:02:04:19:7a:57:93:
         41:a1:28:36:b7:d2:e0:cd:a4:d7:21:7a:ad:ac:68:4a:ee:89:
         89:86:cf:de
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKhaXXmKDcSwoDi+aU/pZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjU0OGQ4NTcyNTEwNDUyN2YzYmU0Nzk3NmI2NzQ3Mzlh
ZTJmMTMwHhcNMjQwMTAyMTIzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTIyNDg3ODJjNjIyMDBlZTU3Njg4YTgxMTY0NjZlMzlkOTA3MjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglcPg24fI27Urmutoa/1G5w2Tf7A
4+bkrfwPV0ISYFTp87OjLzVY5hGZ12NvcsL+f9lV1yOO9Fy2UltL4d9eVvA2xXj8
oazzZTEwXIseRc5nQ9QLmr9mr2+rybYj4pDszph1G6qifS4ZSermq+QO2Sjg+pLh
2M7FT+hdDR6ouLZRIS6vAtfuoijMMVyfJq8ZrFD5zphv4KUnVkQR7MpfMsGuNVxH
L8d3BC3vJ2i7p2vTzLhwZTZ7mGKW+UuUu88WR0uz38N9ENDtw5qaSKHpeFqcyEAD
uiPQF2ja0d0oGf/9OC1qWoy2u70F5Lw0LeUnMzq639WWUK2myYJb9UPHuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGUiSHgsYiAO5XaIqBFkZuOdkHJrMB8GA1UdIwQY
MBaAFL+1SNhXJRBFJ/O+R5drZ0c5ri8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdWSTJGY2xFRVVuODc1SGwydG5Sem11THhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9lN2NjNmItNTJhMC00YjdhLThmYzIt
NzFjNDZjMTk5NjM2LzEvWlNKSWVDeGlJQTdsZG9pb0VXUm00NTJRY21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9lN2NjNmItNTJhMC00YjdhLThmYzItNzFjNDZjMTk5NjM2
LzEvdjdWSTJGY2xFRVVuODc1SGwydG5Sem11THhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufoQMA0E
AgACMAcDBQMqC8cAMA0GCSqGSIb3DQEBCwUAA4IBAQAPRRyCG8pjh1AVeyovCceI
qUti3yKovAfP5fAYoKtRFZQWLmJcw5sAVnFw677coPq6mrYamOUHz+CYWFLcaP54
yeHwK0UVhSDqfvLi+Zn7OM9Wqqhsq857pqhU2cmcC6dMgYs76WBys25vjBV9Sx9r
XjSzM3g8FZFcHA5g/oVkC6+O5UGqdMzkuT1nvlKb5d1dgvXAwGqB+Fxhtu5dUi69
s2oXNRBxPReCtdkjZZF/UP4t+f9esq73cP28+fUP9BdRYza7rVHPrv+J9tbGbyQ8
oLJZNV00udVCHpCqKQTXaP9qNZgCBBl6V5NBoSg2t9LgzaTXIXqtrGhK7omJhs/e
-----END CERTIFICATE-----