Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/bf5915-96aa-4dad-af2a-0110272dec17/1/Zu7qmPE7Yu9qaSBN9WsSyKAeY2Y.roa
File:                     Zu7qmPE7Yu9qaSBN9WsSyKAeY2Y.roa (raw, json)
Hash identifier:          6EpeKHcevQPaPF9U/VGXI0S4HRJnkl5xIMQ3xA5Np4w=
Subject key identifier:   66:EE:EA:98:F1:3B:62:EF:6A:69:20:4D:F5:6B:12:C8:A0:1E:63:66
Certificate issuer:       /CN=004a758a2b0a7e938a9f0dee642cec5e410276b5
Certificate serial:       019420D5D4CB6A2B79777D75ACD14B6FDAB7
Authority key identifier: 00:4A:75:8A:2B:0A:7E:93:8A:9F:0D:EE:64:2C:EC:5E:41:02:76:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AEp1iisKfpOKnw3uZCzsXkECdrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/bf5915-96aa-4dad-af2a-0110272dec17/1/Zu7qmPE7Yu9qaSBN9WsSyKAeY2Y.roa
Signing time:             Wed 01 Jan 2025 07:47:52 +0000
ROA not before:           Wed 01 Jan 2025 07:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31103
IP address blocks:        195.160.228.0/24 maxlen: 24
                          195.160.229.0/24 maxlen: 24
                          195.160.230.0/24 maxlen: 24
                          195.160.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/bf5915-96aa-4dad-af2a-0110272dec17/1/AEp1iisKfpOKnw3uZCzsXkECdrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/bf5915-96aa-4dad-af2a-0110272dec17/1/AEp1iisKfpOKnw3uZCzsXkECdrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AEp1iisKfpOKnw3uZCzsXkECdrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d4:cb:6a:2b:79:77:7d:75:ac:d1:4b:6f:da:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=004a758a2b0a7e938a9f0dee642cec5e410276b5
        Validity
            Not Before: Jan  1 07:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66eeea98f13b62ef6a69204df56b12c8a01e6366
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:13:de:ee:17:1c:a9:72:2d:fe:cd:92:e8:31:
                    b8:70:ff:fc:75:e1:72:34:1e:b5:65:16:3e:ce:ac:
                    22:9a:38:1a:b9:7c:49:38:56:6a:62:33:72:13:94:
                    20:98:06:f8:fa:9e:fa:32:c7:13:9e:28:bc:ae:43:
                    a7:0e:83:d1:b3:74:09:bd:d9:e5:2e:69:df:2a:d3:
                    32:e6:83:a0:e3:9a:d2:b7:21:5a:5e:78:7f:9b:ea:
                    3d:1e:4d:83:92:ab:94:d5:f9:b6:e4:dd:d8:1c:9f:
                    f5:90:88:7b:27:0e:a6:44:a6:4c:0f:a7:d4:7e:6a:
                    ed:5d:4d:53:89:95:d8:4a:47:41:64:29:0e:0a:f6:
                    10:30:36:97:33:bd:8d:03:6b:f5:db:70:3e:dc:d8:
                    94:0f:b0:53:d3:60:0d:97:4f:78:b7:66:1b:50:7d:
                    19:10:b8:76:6b:8a:a3:1d:20:a7:26:0a:58:d4:65:
                    ee:c3:66:14:27:3c:81:d4:5d:55:96:8f:65:51:24:
                    76:38:ee:0c:c6:cf:9b:ec:9e:1d:28:54:76:d9:d5:
                    f3:4d:61:da:1e:a0:30:33:0d:9e:89:57:63:31:07:
                    d8:6e:dd:28:fc:13:4a:1e:c1:b7:85:3d:d5:07:8a:
                    06:6f:b6:3a:33:cf:7d:70:52:18:69:23:54:98:fc:
                    b7:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:EE:EA:98:F1:3B:62:EF:6A:69:20:4D:F5:6B:12:C8:A0:1E:63:66
            X509v3 Authority Key Identifier:
                keyid:00:4A:75:8A:2B:0A:7E:93:8A:9F:0D:EE:64:2C:EC:5E:41:02:76:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AEp1iisKfpOKnw3uZCzsXkECdrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/bf5915-96aa-4dad-af2a-0110272dec17/1/Zu7qmPE7Yu9qaSBN9WsSyKAeY2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/bf5915-96aa-4dad-af2a-0110272dec17/1/AEp1iisKfpOKnw3uZCzsXkECdrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.160.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:61:a9:a6:e6:a9:7b:58:26:10:d3:c2:e6:14:1c:82:6d:d6:
         a1:0a:85:a7:bd:ea:eb:f7:3c:77:a7:52:b5:5f:90:51:64:51:
         c0:d9:14:c4:64:21:8e:d0:bd:36:78:60:ca:8b:61:32:29:e9:
         1a:a7:3a:4d:43:5b:fb:ca:79:5e:45:d6:06:77:79:55:bd:c3:
         73:99:ef:75:29:5c:98:bd:08:45:e3:4b:db:0e:9d:ce:d9:cf:
         48:59:d7:49:68:45:67:9c:5a:d4:5a:ff:c6:b2:94:d7:05:fa:
         48:b4:83:b9:9c:88:e2:64:8c:bf:c5:5c:2f:ff:ee:cb:b3:a5:
         20:0e:a5:b9:22:58:12:0b:4a:d2:01:7f:23:46:e0:cf:b7:1a:
         74:0d:a7:99:2c:65:26:0b:e4:ad:65:e7:af:5e:76:63:cc:d7:
         59:84:a4:46:b8:bf:e2:56:84:99:d2:8a:5e:6c:d8:51:90:ef:
         a1:dd:dd:b5:b0:2c:cb:7f:94:01:01:60:2c:bc:c1:21:fa:9a:
         02:a2:b7:f9:79:d2:5b:b1:c2:b0:1c:2e:83:e1:06:41:ca:1b:
         1b:8c:bb:dc:4b:cb:f4:5c:e9:52:2c:aa:16:86:c1:b1:bf:15:
         e8:2f:21:2b:d2:4b:f1:33:12:83:81:a6:73:e1:52:4f:b7:dc:
         4a:be:04:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1dTLait5d311rNFLb9q3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNGE3NThhMmIwYTdlOTM4YTlmMGRlZTY0MmNlYzVlNDEw
Mjc2YjUwHhcNMjUwMTAxMDc0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmVlZWE5OGYxM2I2MmVmNmE2OTIwNGRmNTZiMTJjOGEwMWU2MzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxPe7hccqXIt/s2S6DG4cP/8deFy
NB61ZRY+zqwimjgauXxJOFZqYjNyE5QgmAb4+p76MscTnii8rkOnDoPRs3QJvdnl
LmnfKtMy5oOg45rStyFaXnh/m+o9Hk2DkquU1fm25N3YHJ/1kIh7Jw6mRKZMD6fU
fmrtXU1TiZXYSkdBZCkOCvYQMDaXM72NA2v123A+3NiUD7BT02ANl094t2YbUH0Z
ELh2a4qjHSCnJgpY1GXuw2YUJzyB1F1Vlo9lUSR2OO4Mxs+b7J4dKFR22dXzTWHa
HqAwMw2eiVdjMQfYbt0o/BNKHsG3hT3VB4oGb7Y6M899cFIYaSNUmPy3dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbu6pjxO2LvamkgTfVrEsigHmNmMB8GA1UdIwQY
MBaAFABKdYorCn6Tip8N7mQs7F5BAna1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUVwMWlpc0tmcE9LbnczdVpDenNYa0VDZHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9iZjU5MTUtOTZhYS00ZGFkLWFmMmEt
MDExMDI3MmRlYzE3LzEvWnU3cW1QRTdZdTlxYVNCTjlXc1N5S0FlWTJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9iZjU5MTUtOTZhYS00ZGFkLWFmMmEtMDExMDI3MmRlYzE3
LzEvQUVwMWlpc0tmcE9LbnczdVpDenNYa0VDZHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw6DkMA0G
CSqGSIb3DQEBCwUAA4IBAQAvYamm5ql7WCYQ08LmFByCbdahCoWnverr9zx3p1K1
X5BRZFHA2RTEZCGO0L02eGDKi2EyKekapzpNQ1v7ynleRdYGd3lVvcNzme91KVyY
vQhF40vbDp3O2c9IWddJaEVnnFrUWv/GspTXBfpItIO5nIjiZIy/xVwv/+7Ls6Ug
DqW5IlgSC0rSAX8jRuDPtxp0DaeZLGUmC+StZeevXnZjzNdZhKRGuL/iVoSZ0ope
bNhRkO+h3d21sCzLf5QBAWAsvMEh+poCorf5edJbscKwHC6D4QZByhsbjLvcS8v0
XOlSLKoWhsGxvxXoLyEr0kvxMxKDgaZz4VJPt9xKvgTd
-----END CERTIFICATE-----