Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/ZcIsus6k0U4n68vd2BlSmmX0JTQ.roa
File:                     ZcIsus6k0U4n68vd2BlSmmX0JTQ.roa (raw, json)
Hash identifier:          GGkzJjiRy+xG+nAGWUrXuzxUvFxqlSxJYvMRGhTfLjg=
Subject key identifier:   65:C2:2C:BA:CE:A4:D1:4E:27:EB:CB:DD:D8:19:52:9A:65:F4:25:34
Certificate issuer:       /CN=e0691dbafa3a8de070b07022de9adf74341fb4f2
Certificate serial:       01943576166B556F0B761E9A65790A7ADB0D
Authority key identifier: E0:69:1D:BA:FA:3A:8D:E0:70:B0:70:22:DE:9A:DF:74:34:1F:B4:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Gkduvo6jeBwsHAi3prfdDQftPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/ZcIsus6k0U4n68vd2BlSmmX0JTQ.roa
Signing time:             Sun 05 Jan 2025 07:55:18 +0000
ROA not before:           Sun 05 Jan 2025 07:55:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210474
IP address blocks:        212.23.216.0/24 maxlen: 24
                          2a10:a780::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/4Gkduvo6jeBwsHAi3prfdDQftPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/4Gkduvo6jeBwsHAi3prfdDQftPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Gkduvo6jeBwsHAi3prfdDQftPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 22:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:35:76:16:6b:55:6f:0b:76:1e:9a:65:79:0a:7a:db:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0691dbafa3a8de070b07022de9adf74341fb4f2
        Validity
            Not Before: Jan  5 07:55:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65c22cbacea4d14e27ebcbddd819529a65f42534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a8:b3:6c:98:61:2b:c9:d8:23:29:6e:2f:be:
                    86:e8:6d:ec:63:0a:26:79:b2:37:99:62:5e:13:ff:
                    38:15:9b:d7:72:5c:d1:4c:73:5c:b1:75:fc:57:9c:
                    93:17:36:79:e0:13:60:c8:42:cd:cf:a9:66:b9:a3:
                    03:8a:b8:96:c5:5f:0c:97:e8:92:8c:ed:57:3d:6d:
                    0d:ce:0e:5a:eb:4d:cc:fa:c6:ec:dd:e6:d0:aa:81:
                    02:1c:d9:f6:14:97:de:1c:9e:f6:d9:45:b4:fa:1e:
                    28:6f:32:89:74:b6:8b:64:c1:17:39:e4:43:f1:92:
                    8f:e5:76:b8:fa:46:9e:8e:3f:28:5a:7a:d6:5f:7e:
                    b5:f7:f1:64:0e:e8:74:f7:e9:43:a9:56:28:0d:a8:
                    ff:01:3c:18:7b:57:92:ca:90:b1:ba:f8:73:6c:2d:
                    30:28:f5:0c:8c:0a:e4:ce:90:78:d0:da:01:97:7a:
                    c0:97:2a:31:6b:55:81:41:62:da:ef:da:91:84:2e:
                    b6:6c:3f:ac:c2:fb:1b:62:ac:9b:dd:11:5f:97:9d:
                    16:72:d3:64:31:cd:64:1d:6a:f8:8c:ed:04:76:25:
                    c9:55:cf:6d:56:7f:b9:a2:3f:f6:bb:4f:73:7f:02:
                    8b:8b:63:60:ee:d0:6a:14:03:12:87:30:a4:ae:5c:
                    e0:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:C2:2C:BA:CE:A4:D1:4E:27:EB:CB:DD:D8:19:52:9A:65:F4:25:34
            X509v3 Authority Key Identifier:
                keyid:E0:69:1D:BA:FA:3A:8D:E0:70:B0:70:22:DE:9A:DF:74:34:1F:B4:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Gkduvo6jeBwsHAi3prfdDQftPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/ZcIsus6k0U4n68vd2BlSmmX0JTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/f75c7d-e5b3-442f-a084-fd49eb3f19b1/1/4Gkduvo6jeBwsHAi3prfdDQftPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.23.216.0/24
                IPv6:
                  2a10:a780::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:71:95:b4:37:d8:3b:41:57:84:60:39:5c:91:3c:c4:b6:99:
         6b:37:2d:b9:0e:67:d9:17:d6:88:01:0f:98:43:71:c0:06:2d:
         86:08:c3:df:d5:e2:5d:89:6a:c4:35:2d:a0:f9:ea:d0:00:b8:
         b5:ef:6f:eb:cf:6c:b5:34:03:82:46:96:95:be:e6:e2:69:58:
         37:01:fa:e2:a6:61:5d:24:6d:c2:1e:50:84:b6:87:74:a6:63:
         e3:18:38:fd:65:d0:49:09:1f:1c:8c:ee:fd:31:f5:29:f9:fa:
         10:26:e8:4c:8f:c7:b1:42:75:62:32:47:c1:2e:3a:0f:b5:ea:
         33:78:21:8e:c9:b9:d5:a5:35:ca:2e:cb:38:aa:f7:a1:f8:72:
         6c:8d:a1:71:0e:d2:18:f7:1e:2a:3a:4a:9b:af:f1:47:b8:a4:
         67:72:7e:b8:d3:0f:16:1d:2e:82:49:e3:61:f1:0e:d5:14:37:
         a9:5e:c7:b5:20:10:96:d5:2a:67:00:02:80:41:a8:73:6d:89:
         76:1e:c0:f8:f9:eb:bb:b8:d6:90:e4:db:87:3c:68:5e:40:a4:
         96:6a:51:76:f1:ac:c5:4c:7b:46:b5:55:71:31:73:04:a2:c5:
         49:90:68:50:80:28:27:ea:ed:9d:d2:53:3c:bc:99:78:1e:b3:
         6e:a8:af:be
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQ1dhZrVW8Ldh6aZXkKetsNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNjkxZGJhZmEzYThkZTA3MGIwNzAyMmRlOWFkZjc0MzQx
ZmI0ZjIwHhcNMjUwMTA1MDc1NTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWMyMmNiYWNlYTRkMTRlMjdlYmNiZGRkODE5NTI5YTY1ZjQyNTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKizbJhhK8nYIyluL76G6G3sYwom
ebI3mWJeE/84FZvXclzRTHNcsXX8V5yTFzZ54BNgyELNz6lmuaMDiriWxV8Ml+iS
jO1XPW0Nzg5a603M+sbs3ebQqoECHNn2FJfeHJ722UW0+h4obzKJdLaLZMEXOeRD
8ZKP5Xa4+kaejj8oWnrWX3619/FkDuh09+lDqVYoDaj/ATwYe1eSypCxuvhzbC0w
KPUMjArkzpB40NoBl3rAlyoxa1WBQWLa79qRhC62bD+swvsbYqyb3RFfl50WctNk
Mc1kHWr4jO0EdiXJVc9tVn+5oj/2u09zfwKLi2Ng7tBqFAMShzCkrlzguQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGXCLLrOpNFOJ+vL3dgZUppl9CU0MB8GA1UdIwQY
MBaAFOBpHbr6Oo3gcLBwIt6a33Q0H7TyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEdrZHV2bzZqZUJ3c0hBaTNwcmZkRFFmdFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9mNzVjN2QtZTViMy00NDJmLWEwODQt
ZmQ0OWViM2YxOWIxLzEvWmNJc3VzNmswVTRuNjh2ZDJCbFNtbVgwSlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9mNzVjN2QtZTViMy00NDJmLWEwODQtZmQ0OWViM2YxOWIx
LzEvNEdrZHV2bzZqZUJ3c0hBaTNwcmZkRFFmdFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1BfYMA0E
AgACMAcDBQMqEKeAMA0GCSqGSIb3DQEBCwUAA4IBAQBXcZW0N9g7QVeEYDlckTzE
tplrNy25DmfZF9aIAQ+YQ3HABi2GCMPf1eJdiWrENS2g+erQALi172/rz2y1NAOC
RpaVvubiaVg3AfripmFdJG3CHlCEtod0pmPjGDj9ZdBJCR8cjO79MfUp+foQJuhM
j8exQnViMkfBLjoPteozeCGOybnVpTXKLss4qveh+HJsjaFxDtIY9x4qOkqbr/FH
uKRncn640w8WHS6CSeNh8Q7VFDepXse1IBCW1SpnAAKAQahzbYl2HsD4+eu7uNaQ
5NuHPGheQKSWalF28azFTHtGtVVxMXMEosVJkGhQgCgn6u2d0lM8vJl4HrNuqK++
-----END CERTIFICATE-----