Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/ZOEnSC8gj4LihdZGqtoCrz4HNfg.roa
File:                     ZOEnSC8gj4LihdZGqtoCrz4HNfg.roa (raw, json)
Hash identifier:          dnvqk+LQ6kW4ygUOgvwA8WBOvH17ttZFrSbfqXP5df0=
Subject key identifier:   64:E1:27:48:2F:20:8F:82:E2:85:D6:46:AA:DA:02:AF:3E:07:35:F8
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01944A64B4DF3B149E6DC3C1ACA833325C2B
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/ZOEnSC8gj4LihdZGqtoCrz4HNfg.roa
Signing time:             Thu 09 Jan 2025 09:28:21 +0000
ROA not before:           Thu 09 Jan 2025 09:28:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59851
IP address blocks:        82.118.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:64:b4:df:3b:14:9e:6d:c3:c1:ac:a8:33:32:5c:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  9 09:28:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64e127482f208f82e285d646aada02af3e0735f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:51:c9:7d:b0:ad:81:38:84:a0:d6:d6:0a:24:
                    d0:55:18:df:9a:62:45:62:12:f6:7e:88:cb:8d:83:
                    dd:b3:b1:dc:5c:96:0e:df:97:e2:43:dc:ef:88:f5:
                    a9:64:42:17:10:b9:c8:b5:dc:b5:1c:9e:ab:d1:03:
                    3b:98:50:c4:d1:06:5b:ba:17:82:c1:b7:8c:7b:fc:
                    d6:48:24:eb:c1:80:97:1c:fe:28:76:bc:b6:df:f6:
                    cf:31:c1:6a:33:a0:2c:c2:e0:3f:21:cb:ad:27:4b:
                    a5:41:49:82:50:33:d5:4c:cf:01:f0:b8:bc:b4:b9:
                    42:bd:9f:55:d7:fc:8c:ca:65:4b:29:27:40:18:a4:
                    59:9f:c2:ea:70:94:9b:53:59:ec:d4:c2:95:7e:d6:
                    26:cc:06:e4:bd:96:48:98:79:8e:76:a4:63:21:89:
                    c0:87:48:45:42:f2:db:f1:b4:8a:cf:dc:08:a9:9e:
                    ab:63:27:90:df:c5:a0:61:59:36:83:25:3c:28:6b:
                    36:66:00:26:7f:11:4f:0e:94:dd:ca:65:68:f9:ab:
                    e0:c4:b6:69:0c:a0:18:16:e3:20:4b:0d:ac:22:74:
                    eb:9e:0e:a5:58:c3:16:ad:c0:8d:99:19:31:23:83:
                    67:47:45:8c:af:17:55:bb:d2:60:d0:66:10:fd:3f:
                    89:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:E1:27:48:2F:20:8F:82:E2:85:D6:46:AA:DA:02:AF:3E:07:35:F8
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/ZOEnSC8gj4LihdZGqtoCrz4HNfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:cb:41:7a:51:9a:8b:d3:c8:24:2a:dc:93:db:45:d8:db:71:
         86:52:60:fd:92:1b:42:40:c4:fb:e8:81:18:ee:e6:da:0a:85:
         80:9c:51:f4:02:e2:df:aa:ea:3b:75:b2:e3:af:4a:c7:ed:c9:
         59:b0:a4:a8:26:47:77:d7:f8:76:f2:18:6f:72:03:8a:b3:f3:
         bd:21:9c:15:5c:72:58:3c:4f:a3:e5:25:71:cd:8b:19:86:d3:
         67:4e:de:ee:d8:30:50:2c:41:29:a3:ca:43:9a:48:2b:c0:1e:
         b2:36:41:47:70:1d:1f:ad:ec:19:97:90:7b:25:40:16:3d:95:
         a9:ad:bd:47:2d:16:19:09:49:f8:e4:4d:f0:b4:74:5e:3e:3a:
         62:05:0b:71:6c:ff:ab:24:47:6d:f8:34:95:a0:eb:7c:63:32:
         d4:10:aa:32:de:2a:4e:65:69:72:a6:fa:3c:f8:cb:0d:e4:e5:
         36:6c:aa:86:f1:e1:54:1c:57:d8:30:77:4c:b2:e2:33:f1:4b:
         1c:e2:54:12:5e:e8:63:f0:18:f6:fb:55:c7:31:fd:51:ce:a1:
         88:ec:e1:9c:ed:c9:15:bb:86:d3:39:9a:41:6d:a4:01:46:53:
         86:d2:b9:7b:0b:dc:d6:c2:b4:e9:3c:49:6c:53:45:4e:55:37:
         bd:3e:be:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRKZLTfOxSebcPBrKgzMlwrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTA5MDkyODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGUxMjc0ODJmMjA4ZjgyZTI4NWQ2NDZhYWRhMDJhZjNlMDczNWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1HJfbCtgTiEoNbWCiTQVRjfmmJF
YhL2fojLjYPds7HcXJYO35fiQ9zviPWpZEIXELnItdy1HJ6r0QM7mFDE0QZbuheC
wbeMe/zWSCTrwYCXHP4odry23/bPMcFqM6AswuA/IcutJ0ulQUmCUDPVTM8B8Li8
tLlCvZ9V1/yMymVLKSdAGKRZn8LqcJSbU1ns1MKVftYmzAbkvZZImHmOdqRjIYnA
h0hFQvLb8bSKz9wIqZ6rYyeQ38WgYVk2gyU8KGs2ZgAmfxFPDpTdymVo+avgxLZp
DKAYFuMgSw2sInTrng6lWMMWrcCNmRkxI4NnR0WMrxdVu9Jg0GYQ/T+JIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGThJ0gvII+C4oXWRqraAq8+BzX4MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvWk9FblNDOGdqNExpaGRaR3F0b0NyejRITmZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnbwMA0G
CSqGSIb3DQEBCwUAA4IBAQCty0F6UZqL08gkKtyT20XY23GGUmD9khtCQMT76IEY
7ubaCoWAnFH0AuLfquo7dbLjr0rH7clZsKSoJkd31/h28hhvcgOKs/O9IZwVXHJY
PE+j5SVxzYsZhtNnTt7u2DBQLEEpo8pDmkgrwB6yNkFHcB0frewZl5B7JUAWPZWp
rb1HLRYZCUn45E3wtHRePjpiBQtxbP+rJEdt+DSVoOt8YzLUEKoy3ipOZWlypvo8
+MsN5OU2bKqG8eFUHFfYMHdMsuIz8Usc4lQSXuhj8Bj2+1XHMf1RzqGI7OGc7ckV
u4bTOZpBbaQBRlOG0rl7C9zWwrTpPElsU0VOVTe9Pr7u
-----END CERTIFICATE-----