Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/Zrtik5m7bnw4gbxdEJLGgHXAz9o.roa
File:                     Zrtik5m7bnw4gbxdEJLGgHXAz9o.roa (raw, json)
Hash identifier:          ztZ7RR7wyKUwf1RAErkEUuWfC4cJblHm2hjCh/OBgRU=
Subject key identifier:   66:BB:62:93:99:BB:6E:7C:38:81:BC:5D:10:92:C6:80:75:C0:CF:DA
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       01944236DC88256C7FA42E91212E4A11CC23
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/Zrtik5m7bnw4gbxdEJLGgHXAz9o.roa
Signing time:             Tue 07 Jan 2025 19:21:18 +0000
ROA not before:           Tue 07 Jan 2025 19:21:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6461
IP address blocks:        195.222.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:42:36:dc:88:25:6c:7f:a4:2e:91:21:2e:4a:11:cc:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Jan  7 19:21:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66bb629399bb6e7c3881bc5d1092c68075c0cfda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:cd:6f:89:cb:30:47:bd:d8:33:48:6d:c1:77:
                    eb:c4:74:d2:12:04:96:e3:98:c8:e8:a9:8c:68:5e:
                    62:f9:65:6c:38:f0:73:ed:6f:a5:95:e1:b8:0d:a6:
                    92:10:70:b8:7d:90:0a:cb:c2:c4:69:53:cf:bc:f7:
                    bf:df:36:8d:4b:ba:5b:40:b0:af:b3:54:19:2f:6a:
                    10:8f:91:10:81:3d:25:03:2d:f4:9e:69:7f:4c:df:
                    39:ac:7d:a0:99:e6:9f:fe:2b:2c:44:a8:7c:9c:3a:
                    22:20:ba:9b:d3:45:7f:b0:86:d2:81:8e:f0:d8:5f:
                    38:47:aa:a7:b6:4b:5c:f5:7d:3c:56:9a:9f:6d:9e:
                    3b:98:2e:16:fa:74:ed:2f:ef:d1:f8:2e:f0:a3:76:
                    2c:d9:75:eb:d0:90:43:1d:4b:8f:c5:88:7c:ee:e6:
                    49:36:c9:2b:00:30:9e:20:3a:18:68:bf:c1:7f:f7:
                    11:87:0b:10:fd:97:98:ef:42:3c:36:84:a8:c3:57:
                    a1:0d:cb:94:7f:66:67:c0:ae:8a:ed:52:f3:f0:a3:
                    e7:46:b2:2e:e1:cb:06:21:e6:2e:60:8d:da:8d:a4:
                    e4:6f:78:c8:22:9e:e9:56:25:19:6b:34:d5:1f:23:
                    b6:95:f0:75:61:55:a2:88:76:c3:21:7a:87:56:28:
                    42:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:BB:62:93:99:BB:6E:7C:38:81:BC:5D:10:92:C6:80:75:C0:CF:DA
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/Zrtik5m7bnw4gbxdEJLGgHXAz9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.222.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:80:cd:ff:b1:d2:33:1c:c5:ee:21:ad:0e:cd:24:6a:f7:32:
         6f:38:cc:6f:7c:ca:a9:13:74:1b:c8:b1:f6:64:11:d4:e9:84:
         9d:a7:f8:74:70:03:44:a5:ea:8f:9a:3e:40:36:a4:9f:4e:cc:
         0e:4e:99:ed:84:a3:b2:8a:7d:cc:ef:36:2e:74:73:fc:29:47:
         5a:bf:45:59:12:c4:3a:20:77:43:91:37:bc:e6:da:cd:8d:38:
         f3:5a:7f:b3:fb:5b:bd:ee:b0:2c:1f:04:91:75:39:72:17:a6:
         df:ae:c2:4d:d5:8d:da:d0:d0:f5:59:c7:32:c7:65:e7:c1:bd:
         a9:90:94:ee:e7:15:ec:90:35:78:c7:6e:01:48:ac:3c:94:d2:
         dc:f8:01:95:29:2f:fa:4e:87:b7:2b:36:c2:0a:2e:c0:78:27:
         9b:90:b9:1f:4a:63:a1:ee:2b:44:e2:fc:d8:a2:37:3e:8b:c3:
         b1:a0:14:21:7c:ba:bd:f3:5b:28:1e:a9:6c:dc:08:cf:30:c1:
         5c:5b:11:15:50:47:cb:c3:80:2b:fa:9d:17:39:08:81:f5:d6:
         3a:30:14:88:da:d1:50:35:63:5d:8b:25:00:61:fc:e5:35:c6:
         c9:b5:51:84:d7:b2:4b:6f:81:ec:35:47:a0:fe:e6:61:bd:ae:
         b2:c1:1f:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRCNtyIJWx/pC6RIS5KEcwjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjUwMTA3MTkyMTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmJiNjI5Mzk5YmI2ZTdjMzg4MWJjNWQxMDkyYzY4MDc1YzBjZmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAis1vicswR73YM0htwXfrxHTSEgSW
45jI6KmMaF5i+WVsOPBz7W+lleG4DaaSEHC4fZAKy8LEaVPPvPe/3zaNS7pbQLCv
s1QZL2oQj5EQgT0lAy30nml/TN85rH2gmeaf/issRKh8nDoiILqb00V/sIbSgY7w
2F84R6qntktc9X08VpqfbZ47mC4W+nTtL+/R+C7wo3Ys2XXr0JBDHUuPxYh87uZJ
NskrADCeIDoYaL/Bf/cRhwsQ/ZeY70I8NoSow1ehDcuUf2ZnwK6K7VLz8KPnRrIu
4csGIeYuYI3ajaTkb3jIIp7pViUZazTVHyO2lfB1YVWiiHbDIXqHVihCBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGa7YpOZu258OIG8XRCSxoB1wM/aMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvWnJ0aWs1bTdibnc0Z2J4ZEVKTEdnSFhBejlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw95/MA0G
CSqGSIb3DQEBCwUAA4IBAQA2gM3/sdIzHMXuIa0OzSRq9zJvOMxvfMqpE3QbyLH2
ZBHU6YSdp/h0cANEpeqPmj5ANqSfTswOTpnthKOyin3M7zYudHP8KUdav0VZEsQ6
IHdDkTe85trNjTjzWn+z+1u97rAsHwSRdTlyF6bfrsJN1Y3a0ND1Wccyx2Xnwb2p
kJTu5xXskDV4x24BSKw8lNLc+AGVKS/6Toe3KzbCCi7AeCebkLkfSmOh7itE4vzY
ojc+i8OxoBQhfLq981soHqls3AjPMMFcWxEVUEfLw4Ar+p0XOQiB9dY6MBSI2tFQ
NWNdiyUAYfzlNcbJtVGE17JLb4HsNUeg/uZhva6ywR9T
-----END CERTIFICATE-----