Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/b9a1a0-6ada-4dde-965b-46ff7ce2c140/1/ZBqGiL5Lwt5_4rzPo7SO0cTda9c.roa
File:                     ZBqGiL5Lwt5_4rzPo7SO0cTda9c.roa (raw, json)
Hash identifier:          KELG75sz8Tw2WawKyeiPVA4v+ezxNcK7f4e9XzFuUUw=
Subject key identifier:   64:1A:86:88:BE:4B:C2:DE:7F:E2:BC:CF:A3:B4:8E:D1:C4:DD:6B:D7
Certificate issuer:       /CN=7077707f66978826a875eb8d2eb333bed8569667
Certificate serial:       01942369617F96B53A501BA0491819610A53
Authority key identifier: 70:77:70:7F:66:97:88:26:A8:75:EB:8D:2E:B3:33:BE:D8:56:96:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cHdwf2aXiCaodeuNLrMzvthWlmc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/b9a1a0-6ada-4dde-965b-46ff7ce2c140/1/ZBqGiL5Lwt5_4rzPo7SO0cTda9c.roa
Signing time:             Wed 01 Jan 2025 19:48:16 +0000
ROA not before:           Wed 01 Jan 2025 19:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21433
IP address blocks:        195.191.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/b9a1a0-6ada-4dde-965b-46ff7ce2c140/1/cHdwf2aXiCaodeuNLrMzvthWlmc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/b9a1a0-6ada-4dde-965b-46ff7ce2c140/1/cHdwf2aXiCaodeuNLrMzvthWlmc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cHdwf2aXiCaodeuNLrMzvthWlmc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:61:7f:96:b5:3a:50:1b:a0:49:18:19:61:0a:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7077707f66978826a875eb8d2eb333bed8569667
        Validity
            Not Before: Jan  1 19:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=641a8688be4bc2de7fe2bccfa3b48ed1c4dd6bd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:47:66:64:4b:ed:65:44:a5:af:74:fd:85:1b:
                    2b:b9:69:48:93:ac:d6:b6:d4:76:15:9a:34:46:64:
                    25:35:a9:0a:a0:73:7b:cb:71:24:2a:29:d3:f5:3c:
                    8b:51:71:1d:1a:97:8e:91:23:be:18:30:94:db:28:
                    7b:e3:b0:30:16:d6:d2:bf:74:b7:4b:02:6c:af:a2:
                    a7:3a:96:0e:72:c6:be:7c:b6:a9:8f:80:7c:60:42:
                    59:af:2f:de:85:c0:ef:56:f4:92:92:65:5e:2b:c8:
                    df:2d:2f:63:89:b8:eb:2f:bb:7d:97:14:a8:9e:ca:
                    fa:87:30:32:13:81:ba:16:94:50:dc:ec:88:be:c4:
                    76:23:53:ab:13:06:86:b1:a4:d3:25:f5:d9:fa:74:
                    04:3c:f8:61:b7:5a:8d:c3:33:b0:f2:3d:c4:46:bc:
                    ba:c8:a4:4a:11:d2:ee:e9:01:0b:67:06:2f:61:33:
                    31:0b:e7:14:0d:bc:8c:56:5a:fc:6c:76:5c:c0:8d:
                    3b:9b:d8:75:51:68:6d:d5:fe:ee:3d:28:9d:db:d0:
                    c6:f0:fd:e6:37:ac:05:0b:5d:75:c0:10:7d:04:02:
                    e5:ba:77:cc:5b:21:14:c3:c7:5a:ba:99:d2:8b:53:
                    90:8f:25:32:e2:d6:9f:5c:da:b1:9e:0f:c3:b5:8a:
                    85:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:1A:86:88:BE:4B:C2:DE:7F:E2:BC:CF:A3:B4:8E:D1:C4:DD:6B:D7
            X509v3 Authority Key Identifier:
                keyid:70:77:70:7F:66:97:88:26:A8:75:EB:8D:2E:B3:33:BE:D8:56:96:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cHdwf2aXiCaodeuNLrMzvthWlmc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b9a1a0-6ada-4dde-965b-46ff7ce2c140/1/ZBqGiL5Lwt5_4rzPo7SO0cTda9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b9a1a0-6ada-4dde-965b-46ff7ce2c140/1/cHdwf2aXiCaodeuNLrMzvthWlmc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:d4:5e:d9:bc:94:fa:82:73:81:ba:5e:35:85:3e:80:85:d6:
         e6:db:f8:e7:de:e9:44:80:2e:36:85:ad:26:ce:15:40:cf:ab:
         ce:1f:26:93:ce:bc:25:f3:18:6f:00:6f:18:d5:10:a0:c1:00:
         37:60:7f:83:3e:d4:23:7c:52:a1:a1:1e:5a:16:9a:d7:ed:a7:
         ed:7f:43:cb:cf:2f:27:22:d2:fa:42:dd:3c:51:ab:87:c2:a7:
         99:b3:3b:45:29:95:64:9b:4b:1f:32:24:b4:73:1f:cb:01:1b:
         13:62:84:24:5a:30:e6:3b:cb:be:a8:11:da:50:6f:67:30:10:
         16:b4:77:8d:ca:9b:95:f0:2b:f9:18:32:19:9a:75:4d:e3:9b:
         49:67:5c:f4:eb:73:b0:c9:28:77:7e:67:7e:7b:e7:21:aa:b7:
         a8:91:67:6e:01:ef:b2:ce:d8:89:db:47:b6:45:b6:ff:5a:3e:
         4b:8d:84:87:86:7d:1c:6e:55:a8:b8:3e:98:cf:22:ca:ea:79:
         22:64:53:69:04:a8:19:21:7c:fd:f5:4f:3e:b0:3c:d3:d8:f8:
         e3:15:e3:f8:3c:f2:19:0e:c6:99:c4:09:ee:5c:ad:97:57:db:
         39:ac:70:b1:72:23:46:e1:59:53:69:53:0a:e9:44:75:6b:c4:
         49:11:4a:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaWF/lrU6UBugSRgZYQpTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNzc3MDdmNjY5Nzg4MjZhODc1ZWI4ZDJlYjMzM2JlZDg1
Njk2NjcwHhcNMjUwMTAxMTk0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDFhODY4OGJlNGJjMmRlN2ZlMmJjY2ZhM2I0OGVkMWM0ZGQ2YmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0dmZEvtZUSlr3T9hRsruWlIk6zW
ttR2FZo0RmQlNakKoHN7y3EkKinT9TyLUXEdGpeOkSO+GDCU2yh747AwFtbSv3S3
SwJsr6KnOpYOcsa+fLapj4B8YEJZry/ehcDvVvSSkmVeK8jfLS9jibjrL7t9lxSo
nsr6hzAyE4G6FpRQ3OyIvsR2I1OrEwaGsaTTJfXZ+nQEPPhht1qNwzOw8j3ERry6
yKRKEdLu6QELZwYvYTMxC+cUDbyMVlr8bHZcwI07m9h1UWht1f7uPSid29DG8P3m
N6wFC111wBB9BALlunfMWyEUw8daupnSi1OQjyUy4tafXNqxng/DtYqFCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQahoi+S8Lef+K8z6O0jtHE3WvXMB8GA1UdIwQY
MBaAFHB3cH9ml4gmqHXrjS6zM77YVpZnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0hkd2YyYVhpQ2FvZGV1TkxyTXp2dGhXbG1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iOWExYTAtNmFkYS00ZGRlLTk2NWIt
NDZmZjdjZTJjMTQwLzEvWkJxR2lMNUx3dDVfNHJ6UG83U08wY1RkYTljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iOWExYTAtNmFkYS00ZGRlLTk2NWItNDZmZjdjZTJjMTQw
LzEvY0hkd2YyYVhpQ2FvZGV1TkxyTXp2dGhXbG1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7+8MA0G
CSqGSIb3DQEBCwUAA4IBAQAP1F7ZvJT6gnOBul41hT6Ahdbm2/jn3ulEgC42ha0m
zhVAz6vOHyaTzrwl8xhvAG8Y1RCgwQA3YH+DPtQjfFKhoR5aFprX7aftf0PLzy8n
ItL6Qt08UauHwqeZsztFKZVkm0sfMiS0cx/LARsTYoQkWjDmO8u+qBHaUG9nMBAW
tHeNypuV8Cv5GDIZmnVN45tJZ1z063OwySh3fmd+e+chqreokWduAe+yztiJ20e2
Rbb/Wj5LjYSHhn0cblWouD6YzyLK6nkiZFNpBKgZIXz99U8+sDzT2PjjFeP4PPIZ
DsaZxAnuXK2XV9s5rHCxciNG4VlTaVMK6UR1a8RJEUpe
-----END CERTIFICATE-----