Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/27fab8-0d25-4dbe-9f8a-426a8cdc8e49/1/0Z-2mc7N_pHYIGxfIlO4U3iMW84.roa
File:                     0Z-2mc7N_pHYIGxfIlO4U3iMW84.roa (raw, json)
Hash identifier:          99tzN5586TEAscs+FoMd66gq2ah//z8X0pHGL4hBGp8=
Subject key identifier:   D1:9F:B6:99:CE:CD:FE:91:D8:20:6C:5F:22:53:B8:53:78:8C:5B:CE
Certificate issuer:       /CN=fa0804a0eb795b8682c27da29e9fa228f1728306
Certificate serial:       0194221F75767BE23B7FABBF72BC8A9572EB
Authority key identifier: FA:08:04:A0:EB:79:5B:86:82:C2:7D:A2:9E:9F:A2:28:F1:72:83:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-ggEoOt5W4aCwn2inp-iKPFygwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/27fab8-0d25-4dbe-9f8a-426a8cdc8e49/1/0Z-2mc7N_pHYIGxfIlO4U3iMW84.roa
Signing time:             Wed 01 Jan 2025 13:47:54 +0000
ROA not before:           Wed 01 Jan 2025 13:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8447
IP address blocks:        185.202.151.0/24 maxlen: 24
                          2a14:2c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/27fab8-0d25-4dbe-9f8a-426a8cdc8e49/1/1-ggEoOt5W4aCwn2inp-iKPFygwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/27fab8-0d25-4dbe-9f8a-426a8cdc8e49/1/1-ggEoOt5W4aCwn2inp-iKPFygwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-ggEoOt5W4aCwn2inp-iKPFygwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:75:76:7b:e2:3b:7f:ab:bf:72:bc:8a:95:72:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa0804a0eb795b8682c27da29e9fa228f1728306
        Validity
            Not Before: Jan  1 13:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d19fb699cecdfe91d8206c5f2253b853788c5bce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b7:98:74:e8:82:50:88:b4:23:1a:d0:b2:e4:
                    aa:96:36:3d:2c:ed:41:cc:05:ad:23:a7:ec:18:af:
                    2b:58:a4:23:05:ab:cd:a4:05:36:b8:53:c0:16:19:
                    a8:15:76:11:de:2e:f9:6b:1b:67:fd:5f:fe:da:89:
                    56:b1:bb:f7:4c:d3:55:20:88:fd:d4:90:89:be:8b:
                    da:8f:8c:0a:e3:61:47:d6:5f:e5:2b:00:69:e2:09:
                    37:ff:ed:ee:38:29:e0:b2:e0:dc:ea:2d:8b:d5:8b:
                    16:91:20:50:89:73:96:57:d3:ee:9d:b7:6b:6a:47:
                    3c:78:66:2a:e8:62:ab:43:83:4d:a2:4f:52:da:21:
                    5d:d2:0e:cd:89:da:83:0e:23:10:9b:d9:aa:c1:16:
                    d4:f9:d0:20:2b:76:1e:33:1a:67:df:84:1b:dd:19:
                    38:dd:18:50:15:a7:ea:b1:02:1f:f5:bb:8d:5c:f8:
                    8c:52:3b:a3:66:97:e7:fc:9e:84:c6:a5:2c:c6:d3:
                    ae:db:3c:58:3d:93:5f:e9:d4:36:f7:ba:38:cf:c1:
                    b5:90:a0:a0:84:16:fc:2a:01:4c:40:fc:3b:4d:0a:
                    eb:ad:64:29:93:12:d0:dd:46:83:9f:40:e1:8f:49:
                    a7:42:56:7b:c0:5f:79:2a:1a:da:d6:bc:34:46:0c:
                    85:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:9F:B6:99:CE:CD:FE:91:D8:20:6C:5F:22:53:B8:53:78:8C:5B:CE
            X509v3 Authority Key Identifier:
                keyid:FA:08:04:A0:EB:79:5B:86:82:C2:7D:A2:9E:9F:A2:28:F1:72:83:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-ggEoOt5W4aCwn2inp-iKPFygwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/27fab8-0d25-4dbe-9f8a-426a8cdc8e49/1/0Z-2mc7N_pHYIGxfIlO4U3iMW84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/27fab8-0d25-4dbe-9f8a-426a8cdc8e49/1/1-ggEoOt5W4aCwn2inp-iKPFygwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.151.0/24
                IPv6:
                  2a14:2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:f1:dc:fe:c3:10:6b:e4:04:3f:07:b8:3b:88:62:8e:46:3d:
         85:93:89:b6:c9:92:0c:7d:c4:cc:66:c6:31:72:39:c2:d6:d1:
         8a:2f:14:fa:56:e8:68:60:20:cf:99:6f:af:e7:f3:3e:69:f2:
         7f:48:38:ba:3d:52:e3:bd:97:26:a5:7e:57:1a:eb:c3:9e:e5:
         71:ae:0d:1a:74:28:5b:1a:9d:ea:88:7c:f3:6d:b2:cd:46:25:
         dc:57:70:63:ad:66:a0:aa:87:30:76:f2:0d:e4:72:20:8d:44:
         00:e4:7b:55:ec:9b:12:01:df:f8:86:14:e3:f4:fd:29:68:c2:
         ed:fa:f9:e8:76:1c:10:bc:b8:fb:b9:20:bd:54:6f:99:02:bc:
         3e:ac:0e:fa:16:67:64:19:45:2b:b1:f7:25:e3:ef:c9:1f:63:
         9d:60:66:23:bb:78:5b:39:63:66:5a:1c:fc:54:61:61:c8:8f:
         3d:f7:07:61:76:12:be:a8:96:65:e8:47:d1:73:d6:8f:88:70:
         66:27:54:e3:e9:8c:81:17:89:9d:59:c7:08:19:f5:cb:a0:25:
         f5:58:1e:2b:41:36:88:21:be:ab:36:38:9b:e3:07:d6:ad:6c:
         bb:b8:b7:d8:ee:d9:85:14:5c:9d:a9:7e:ac:22:98:3d:0e:19:
         f7:92:04:a8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQiH3V2e+I7f6u/cryKlXLrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMDgwNGEwZWI3OTViODY4MmMyN2RhMjllOWZhMjI4ZjE3
MjgzMDYwHhcNMjUwMTAxMTM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTlmYjY5OWNlY2RmZTkxZDgyMDZjNWYyMjUzYjg1Mzc4OGM1YmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArreYdOiCUIi0IxrQsuSqljY9LO1B
zAWtI6fsGK8rWKQjBavNpAU2uFPAFhmoFXYR3i75axtn/V/+2olWsbv3TNNVIIj9
1JCJvovaj4wK42FH1l/lKwBp4gk3/+3uOCngsuDc6i2L1YsWkSBQiXOWV9Punbdr
akc8eGYq6GKrQ4NNok9S2iFd0g7NidqDDiMQm9mqwRbU+dAgK3YeMxpn34Qb3Rk4
3RhQFafqsQIf9buNXPiMUjujZpfn/J6ExqUsxtOu2zxYPZNf6dQ297o4z8G1kKCg
hBb8KgFMQPw7TQrrrWQpkxLQ3UaDn0Dhj0mnQlZ7wF95Khra1rw0RgyFnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNGftpnOzf6R2CBsXyJTuFN4jFvOMB8GA1UdIwQY
MBaAFPoIBKDreVuGgsJ9op6foijxcoMGMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1nZ0VvT3Q1VzRhQ3duMmlucC1pS1BGeWd3WS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGMvMjdmYWI4LTBkMjUtNGRiZS05Zjhh
LTQyNmE4Y2RjOGU0OS8xLzBaLTJtYzdOX3BIWUlHeGZJbE80VTNpTVc4NC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGMvMjdmYWI4LTBkMjUtNGRiZS05ZjhhLTQyNmE4Y2RjOGU0
OS8xLzEtZ2dFb090NVc0YUN3bjJpbnAtaUtQRnlnd1kuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAC5ypcw
DQQCAAIwBwMFAyoUAsAwDQYJKoZIhvcNAQELBQADggEBAEnx3P7DEGvkBD8HuDuI
Yo5GPYWTibbJkgx9xMxmxjFyOcLW0YovFPpW6GhgIM+Zb6/n8z5p8n9IOLo9UuO9
lyalflca68Oe5XGuDRp0KFsaneqIfPNtss1GJdxXcGOtZqCqhzB28g3kciCNRADk
e1XsmxIB3/iGFOP0/Slowu36+eh2HBC8uPu5IL1Ub5kCvD6sDvoWZ2QZRSux9yXj
78kfY51gZiO7eFs5Y2ZaHPxUYWHIjz33B2F2Er6olmXoR9Fz1o+IcGYnVOPpjIEX
iZ1ZxwgZ9cugJfVYHitBNoghvqs2OJvjB9atbLu4t9ju2YUUXJ2pfqwimD0OGfeS
BKg=
-----END CERTIFICATE-----