Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/1ZMKCjtoyUotW5zL6d-I3qOaSBE.roa
File:                     1ZMKCjtoyUotW5zL6d-I3qOaSBE.roa (raw, json)
Hash identifier:          5gJp0s5iC22SH9q8M0EDrUjpQSDzsUFawVisJiKFG6A=
Subject key identifier:   D5:93:0A:0A:3B:68:C9:4A:2D:5B:9C:CB:E9:DF:88:DE:A3:9A:48:11
Certificate issuer:       /CN=3936daf03756baf83ba4f38dbe5d68cb9baceff9
Certificate serial:       0194228D869EB60B97EB2A5C1E3A3A1F79B6
Authority key identifier: 39:36:DA:F0:37:56:BA:F8:3B:A4:F3:8D:BE:5D:68:CB:9B:AC:EF:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OTba8DdWuvg7pPONvl1oy5us7_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/1ZMKCjtoyUotW5zL6d-I3qOaSBE.roa
Signing time:             Wed 01 Jan 2025 15:48:07 +0000
ROA not before:           Wed 01 Jan 2025 15:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30860
IP address blocks:        188.95.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/OTba8DdWuvg7pPONvl1oy5us7_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/OTba8DdWuvg7pPONvl1oy5us7_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OTba8DdWuvg7pPONvl1oy5us7_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:86:9e:b6:0b:97:eb:2a:5c:1e:3a:3a:1f:79:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3936daf03756baf83ba4f38dbe5d68cb9baceff9
        Validity
            Not Before: Jan  1 15:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5930a0a3b68c94a2d5b9ccbe9df88dea39a4811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:44:70:85:a6:1a:56:19:48:50:30:36:35:81:
                    4a:bb:2a:4f:8a:14:38:fb:30:e9:8a:04:4a:62:e7:
                    bb:67:6e:32:0c:3e:38:42:51:74:10:4c:74:c7:28:
                    6f:7a:03:a5:b5:be:49:36:87:f5:7c:76:d0:c5:0a:
                    07:88:88:50:c6:92:51:22:d2:ff:db:e3:de:ca:90:
                    09:04:6c:fd:61:ae:50:6b:d5:cd:65:fa:2c:32:3a:
                    fd:a0:ab:e5:09:8f:eb:4e:f2:ed:d8:13:09:ee:1e:
                    10:d8:d1:8a:de:2a:ef:16:b3:c1:b6:07:eb:db:8d:
                    6d:85:1a:d4:aa:a3:c8:3b:14:0f:c5:ff:cc:ca:f5:
                    95:83:aa:a7:48:ae:d5:c0:d5:45:32:3b:b1:22:f9:
                    68:14:d0:36:35:e9:f5:38:f8:8d:07:bf:05:9c:f3:
                    64:08:70:0e:1f:ef:17:e1:fe:cd:4f:a5:06:0c:35:
                    da:28:de:79:dc:a7:5c:be:c5:c3:e0:aa:cb:71:72:
                    69:ad:a6:75:81:30:84:28:94:ea:3b:7d:81:82:e2:
                    e5:9f:28:1d:22:60:9e:ee:67:e2:17:23:97:23:b3:
                    b8:5c:26:3a:cb:a6:27:cf:74:2d:cb:80:c9:c0:6b:
                    ef:fd:2a:6f:b5:c2:3f:e3:3a:78:d6:54:7c:ef:5b:
                    c5:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:93:0A:0A:3B:68:C9:4A:2D:5B:9C:CB:E9:DF:88:DE:A3:9A:48:11
            X509v3 Authority Key Identifier:
                keyid:39:36:DA:F0:37:56:BA:F8:3B:A4:F3:8D:BE:5D:68:CB:9B:AC:EF:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OTba8DdWuvg7pPONvl1oy5us7_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/1ZMKCjtoyUotW5zL6d-I3qOaSBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/OTba8DdWuvg7pPONvl1oy5us7_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.95.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:1a:cd:18:a3:2b:f2:c7:0f:ed:df:38:4f:20:b1:91:46:bd:
         84:10:6f:3d:bf:b8:13:cd:a5:94:cb:45:37:d2:cf:17:9b:e9:
         16:59:21:55:b2:90:cb:9e:e6:ea:87:32:67:96:51:80:52:03:
         e4:fe:bb:f6:52:15:c8:a3:a8:ea:34:36:59:28:8a:e0:01:e2:
         ae:d5:5e:4f:32:f1:a1:5b:36:dc:32:32:ab:7d:77:af:a9:31:
         6d:e9:b0:2b:33:61:07:25:98:6a:da:49:63:4d:49:1e:75:bb:
         83:81:25:ba:66:1a:96:ad:96:c6:0d:5e:77:ca:86:fd:02:33:
         0b:67:fb:58:ca:e0:73:06:8b:6d:21:2b:c0:09:dd:21:15:04:
         8b:d1:64:af:ba:e3:9c:1e:53:6c:7d:19:7b:a0:11:ba:df:74:
         88:b7:da:7d:60:2a:a0:32:25:f2:4f:53:53:01:a5:dd:04:c5:
         d0:a6:17:60:19:bd:c7:46:eb:c4:a3:5b:ab:4d:b5:20:08:5e:
         b6:3d:23:c8:4d:91:4e:66:a0:6b:91:58:f5:e9:68:c4:e4:20:
         4d:45:cd:8e:b6:cf:20:a6:ff:d0:ae:d5:0c:2e:b7:ad:bb:20:
         c1:3b:23:43:b5:c5:4a:79:a9:93:a9:b8:db:c1:f1:7b:19:53:
         cd:33:f6:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijYaetguX6ypcHjo6H3m2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MzZkYWYwMzc1NmJhZjgzYmE0ZjM4ZGJlNWQ2OGNiOWJh
Y2VmZjkwHhcNMjUwMTAxMTU0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTkzMGEwYTNiNjhjOTRhMmQ1YjljY2JlOWRmODhkZWEzOWE0ODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnURwhaYaVhlIUDA2NYFKuypPihQ4
+zDpigRKYue7Z24yDD44QlF0EEx0xyhvegOltb5JNof1fHbQxQoHiIhQxpJRItL/
2+PeypAJBGz9Ya5Qa9XNZfosMjr9oKvlCY/rTvLt2BMJ7h4Q2NGK3irvFrPBtgfr
241thRrUqqPIOxQPxf/MyvWVg6qnSK7VwNVFMjuxIvloFNA2Nen1OPiNB78FnPNk
CHAOH+8X4f7NT6UGDDXaKN553KdcvsXD4KrLcXJpraZ1gTCEKJTqO32BguLlnygd
ImCe7mfiFyOXI7O4XCY6y6Ynz3Qty4DJwGvv/SpvtcI/4zp41lR871vFsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWTCgo7aMlKLVucy+nfiN6jmkgRMB8GA1UdIwQY
MBaAFDk22vA3Vrr4O6Tzjb5daMubrO/5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1RiYThEZFd1dmc3cFBPTnZsMW95NXVzN19rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8wNGVhMzMtODNhYS00ZTU2LTk4Y2Mt
Zjk1ZjY2ZDYwNTVjLzEvMVpNS0NqdG95VW90VzV6TDZkLUkzcU9hU0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8wNGVhMzMtODNhYS00ZTU2LTk4Y2MtZjk1ZjY2ZDYwNTVj
LzEvT1RiYThEZFd1dmc3cFBPTnZsMW95NXVzN19rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF9ZMA0G
CSqGSIb3DQEBCwUAA4IBAQBIGs0Yoyvyxw/t3zhPILGRRr2EEG89v7gTzaWUy0U3
0s8Xm+kWWSFVspDLnubqhzJnllGAUgPk/rv2UhXIo6jqNDZZKIrgAeKu1V5PMvGh
WzbcMjKrfXevqTFt6bArM2EHJZhq2kljTUkedbuDgSW6ZhqWrZbGDV53yob9AjML
Z/tYyuBzBottISvACd0hFQSL0WSvuuOcHlNsfRl7oBG633SIt9p9YCqgMiXyT1NT
AaXdBMXQphdgGb3HRuvEo1urTbUgCF62PSPITZFOZqBrkVj16WjE5CBNRc2Ots8g
pv/QrtUMLretuyDBOyNDtcVKeamTqbjbwfF7GVPNM/b4
-----END CERTIFICATE-----