Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/bfb4c8-5655-440f-85b8-c40ce32b6f76/1/Z2Ec6FKFCMROAvsvU_-EjGHw4ww.roa
File:                     Z2Ec6FKFCMROAvsvU_-EjGHw4ww.roa (raw, json)
Hash identifier:          422PPfALRjVpASZNjTqWvSXQqN/bAdN9tO/keC7QHEE=
Subject key identifier:   67:61:1C:E8:52:85:08:C4:4E:02:FB:2F:53:FF:84:8C:61:F0:E3:0C
Certificate issuer:       /CN=4635da3a20879e55fe96853e0d7aeeff53386e8b
Certificate serial:       019425FC567B5147725F6D51BE32FF2D7A44
Authority key identifier: 46:35:DA:3A:20:87:9E:55:FE:96:85:3E:0D:7A:EE:FF:53:38:6E:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RjXaOiCHnlX-loU-DXru_1M4bos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/bfb4c8-5655-440f-85b8-c40ce32b6f76/1/Z2Ec6FKFCMROAvsvU_-EjGHw4ww.roa
Signing time:             Thu 02 Jan 2025 07:48:01 +0000
ROA not before:           Thu 02 Jan 2025 07:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201130
IP address blocks:        194.150.184.0/23 maxlen: 24
                          2a13:4340::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/bfb4c8-5655-440f-85b8-c40ce32b6f76/1/RjXaOiCHnlX-loU-DXru_1M4bos.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/bfb4c8-5655-440f-85b8-c40ce32b6f76/1/RjXaOiCHnlX-loU-DXru_1M4bos.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RjXaOiCHnlX-loU-DXru_1M4bos.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:56:7b:51:47:72:5f:6d:51:be:32:ff:2d:7a:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4635da3a20879e55fe96853e0d7aeeff53386e8b
        Validity
            Not Before: Jan  2 07:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67611ce8528508c44e02fb2f53ff848c61f0e30c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e8:db:50:07:ab:26:f2:04:b9:79:a9:ab:76:
                    78:90:6d:61:90:af:4a:6e:63:a5:3e:0f:e1:16:bc:
                    ad:c6:fd:97:b0:1b:69:9b:31:f6:53:98:f6:36:6b:
                    41:39:4c:8c:66:22:df:9e:5e:ea:56:cb:fc:ad:27:
                    fb:ff:88:1a:b9:60:ed:c2:da:3d:fd:4b:d0:7f:18:
                    d5:41:4c:9a:8b:31:c3:3e:2b:a4:05:48:0e:52:ad:
                    d3:9e:e4:3b:bf:c5:3e:f4:50:f6:8a:ce:a7:4e:e6:
                    04:bc:d2:16:6f:47:82:a9:6c:dc:a4:19:f3:61:ba:
                    96:0f:74:81:88:0a:ed:e4:d9:44:68:60:da:70:60:
                    32:09:7e:e9:24:2b:71:6e:2c:8c:8c:84:8d:e9:f5:
                    f0:e3:4e:3b:bc:b1:2c:5d:5b:16:20:e6:c4:32:87:
                    65:c6:54:9d:c0:cb:07:f3:ad:89:61:2b:97:d3:95:
                    b5:fe:f9:e0:43:11:52:94:af:81:d6:fc:d5:e6:60:
                    f5:b8:16:eb:93:d1:0c:44:f0:cc:05:49:3b:fb:71:
                    44:d1:53:69:56:31:a1:b5:17:76:d1:11:5c:35:03:
                    3c:d2:6e:f2:66:8e:33:41:bd:d8:d2:3a:19:18:cb:
                    ba:8c:58:ab:e8:46:8b:c4:30:fe:e5:8f:bf:72:53:
                    af:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:61:1C:E8:52:85:08:C4:4E:02:FB:2F:53:FF:84:8C:61:F0:E3:0C
            X509v3 Authority Key Identifier:
                keyid:46:35:DA:3A:20:87:9E:55:FE:96:85:3E:0D:7A:EE:FF:53:38:6E:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RjXaOiCHnlX-loU-DXru_1M4bos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/bfb4c8-5655-440f-85b8-c40ce32b6f76/1/Z2Ec6FKFCMROAvsvU_-EjGHw4ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/bfb4c8-5655-440f-85b8-c40ce32b6f76/1/RjXaOiCHnlX-loU-DXru_1M4bos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.184.0/23
                IPv6:
                  2a13:4340::/29

    Signature Algorithm: sha256WithRSAEncryption
         91:d8:b2:e4:dc:e2:07:b2:04:f8:4e:ba:d6:9b:81:55:9b:20:
         fa:83:bb:8c:0e:84:a3:f3:6e:2a:bf:8f:38:25:b4:88:e1:85:
         15:82:e3:51:cd:6d:4e:3d:12:81:0c:85:f1:05:4f:17:68:59:
         1a:c8:77:99:87:7a:2e:0f:8d:98:21:56:b9:bf:fa:45:e0:33:
         21:b2:cd:e2:5b:82:04:a2:30:9f:7c:bd:f7:d8:77:16:4d:d6:
         2f:6a:f8:46:ac:d4:1f:51:43:66:6c:8f:ee:3b:81:b2:5b:97:
         48:fc:5f:e2:d6:1d:f2:53:5b:bb:a9:ae:8d:a5:6f:45:fe:53:
         d4:54:2e:e8:5a:7f:08:1e:f5:84:cf:4d:6a:23:ed:1a:3d:e2:
         3f:c4:90:02:e3:63:33:b1:6c:90:63:80:13:db:8d:15:b5:4f:
         94:7d:bf:54:ac:54:6f:5f:81:0e:2e:62:ca:07:ce:bf:2c:2e:
         33:b3:05:e2:37:48:e5:1b:8c:a0:0c:a8:f2:a5:b3:05:f9:c5:
         8a:50:14:0a:f1:1d:c5:66:07:f0:a7:dd:e0:b3:bf:be:d3:14:
         27:72:e9:86:f5:a7:00:a9:9e:29:04:78:a1:fe:5c:2e:f1:cc:
         23:28:8f:bc:1b:8a:88:49:e8:c8:d4:87:80:5b:b0:6d:cc:6e:
         fd:0d:58:a4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/FZ7UUdyX21RvjL/LXpEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MzVkYTNhMjA4NzllNTVmZTk2ODUzZTBkN2FlZWZmNTMz
ODZlOGIwHhcNMjUwMTAyMDc0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzYxMWNlODUyODUwOGM0NGUwMmZiMmY1M2ZmODQ4YzYxZjBlMzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+jbUAerJvIEuXmpq3Z4kG1hkK9K
bmOlPg/hFrytxv2XsBtpmzH2U5j2NmtBOUyMZiLfnl7qVsv8rSf7/4gauWDtwto9
/UvQfxjVQUyaizHDPiukBUgOUq3TnuQ7v8U+9FD2is6nTuYEvNIWb0eCqWzcpBnz
YbqWD3SBiArt5NlEaGDacGAyCX7pJCtxbiyMjISN6fXw4047vLEsXVsWIObEModl
xlSdwMsH862JYSuX05W1/vngQxFSlK+B1vzV5mD1uBbrk9EMRPDMBUk7+3FE0VNp
VjGhtRd20RFcNQM80m7yZo4zQb3Y0joZGMu6jFir6EaLxDD+5Y+/clOvrwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGdhHOhShQjETgL7L1P/hIxh8OMMMB8GA1UdIwQY
MBaAFEY12jogh55V/paFPg167v9TOG6LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmpYYU9pQ0hubFgtbG9VLURYcnVfMU00Ym9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iZmI0YzgtNTY1NS00NDBmLTg1Yjgt
YzQwY2UzMmI2Zjc2LzEvWjJFYzZGS0ZDTVJPQXZzdlVfLUVqR0h3NHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iZmI0YzgtNTY1NS00NDBmLTg1YjgtYzQwY2UzMmI2Zjc2
LzEvUmpYYU9pQ0hubFgtbG9VLURYcnVfMU00Ym9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwpa4MA0E
AgACMAcDBQMqE0NAMA0GCSqGSIb3DQEBCwUAA4IBAQCR2LLk3OIHsgT4TrrWm4FV
myD6g7uMDoSj824qv484JbSI4YUVguNRzW1OPRKBDIXxBU8XaFkayHeZh3ouD42Y
IVa5v/pF4DMhss3iW4IEojCffL332HcWTdYvavhGrNQfUUNmbI/uO4GyW5dI/F/i
1h3yU1u7qa6NpW9F/lPUVC7oWn8IHvWEz01qI+0aPeI/xJAC42MzsWyQY4AT240V
tU+Ufb9UrFRvX4EOLmLKB86/LC4zswXiN0jlG4ygDKjypbMF+cWKUBQK8R3FZgfw
p93gs7++0xQncumG9acAqZ4pBHih/lwu8cwjKI+8G4qISejI1IeAW7BtzG79DVik
-----END CERTIFICATE-----