Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/fe0bf2-f838-408b-9843-6598910202a2/1/ZK2-Yf0vyUn-1yqVZSeh59hAASc.roa
File:                     ZK2-Yf0vyUn-1yqVZSeh59hAASc.roa (raw, json)
Hash identifier:          dJFWEY6bKtkQB9DqJ5/i3H6PU+2US3ATnt6WwIQ5YmQ=
Subject key identifier:   64:AD:BE:61:FD:2F:C9:49:FE:D7:2A:95:65:27:A1:E7:D8:40:01:27
Certificate issuer:       /CN=74e0d585f1ac85f54492cfc95e1dce0fc2f7970f
Certificate serial:       01942143881851B4F00A75A43EBA392A1651
Authority key identifier: 74:E0:D5:85:F1:AC:85:F5:44:92:CF:C9:5E:1D:CE:0F:C2:F7:97:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dODVhfGshfVEks_JXh3OD8L3lw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/fe0bf2-f838-408b-9843-6598910202a2/1/ZK2-Yf0vyUn-1yqVZSeh59hAASc.roa
Signing time:             Wed 01 Jan 2025 09:47:41 +0000
ROA not before:           Wed 01 Jan 2025 09:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209080
IP address blocks:        185.239.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/fe0bf2-f838-408b-9843-6598910202a2/1/dODVhfGshfVEks_JXh3OD8L3lw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/fe0bf2-f838-408b-9843-6598910202a2/1/dODVhfGshfVEks_JXh3OD8L3lw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dODVhfGshfVEks_JXh3OD8L3lw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:88:18:51:b4:f0:0a:75:a4:3e:ba:39:2a:16:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e0d585f1ac85f54492cfc95e1dce0fc2f7970f
        Validity
            Not Before: Jan  1 09:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64adbe61fd2fc949fed72a956527a1e7d8400127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e5:2b:e8:c5:a0:53:79:63:6b:24:46:97:74:
                    f3:c8:73:bd:17:0a:24:e8:15:be:30:3f:fd:3c:09:
                    95:f7:72:fb:10:23:29:3b:1e:6d:44:93:c5:44:bf:
                    7e:27:0c:92:20:dc:89:1e:cb:43:e6:7f:76:2a:c1:
                    7f:ee:06:0c:0a:77:fc:7e:ea:96:8b:b5:24:37:3f:
                    77:e5:5e:39:d1:64:09:6d:66:de:34:2e:9b:7c:a4:
                    94:18:2f:3d:06:24:07:d5:ad:91:e8:f3:3a:22:b1:
                    10:5e:fb:c2:ac:17:b8:7a:36:41:0d:27:1b:65:59:
                    9c:c7:7f:a3:a8:d4:82:b9:6b:bb:a7:24:11:5d:f4:
                    07:98:8a:cf:22:4b:57:e8:76:46:f7:ea:0a:5b:3d:
                    21:08:9a:7b:be:b1:8e:e8:5f:24:14:58:cd:7c:f5:
                    f2:82:7c:d0:4e:61:e1:3c:ea:4d:26:3a:a7:50:c7:
                    dc:3a:a4:58:92:20:af:e1:ba:08:da:48:b2:e8:bd:
                    7d:2a:27:51:d9:62:07:6b:fa:ab:dc:ef:ae:bd:a0:
                    95:a8:52:62:63:4d:de:d8:08:83:62:dd:e5:0f:31:
                    b6:48:b7:4a:ee:ae:cb:f8:5b:1f:82:0f:0c:8c:b2:
                    b5:28:1f:68:37:a4:0a:f8:25:47:ef:21:a3:8e:74:
                    ef:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:AD:BE:61:FD:2F:C9:49:FE:D7:2A:95:65:27:A1:E7:D8:40:01:27
            X509v3 Authority Key Identifier:
                keyid:74:E0:D5:85:F1:AC:85:F5:44:92:CF:C9:5E:1D:CE:0F:C2:F7:97:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dODVhfGshfVEks_JXh3OD8L3lw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/fe0bf2-f838-408b-9843-6598910202a2/1/ZK2-Yf0vyUn-1yqVZSeh59hAASc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/fe0bf2-f838-408b-9843-6598910202a2/1/dODVhfGshfVEks_JXh3OD8L3lw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:c4:40:1f:ce:e0:1a:b6:b6:41:fc:f7:c9:f2:b8:8f:e2:7c:
         b2:92:aa:a6:c0:a9:d7:42:1b:30:84:81:86:fa:92:1a:77:0c:
         40:4f:33:db:b6:98:d8:00:3f:b5:db:9e:78:b5:b6:a8:9d:76:
         c4:df:db:fa:38:d1:78:db:6d:d3:e9:c1:ca:05:bd:0d:2e:d7:
         4d:7f:fc:a5:db:20:b2:91:f3:0d:bd:ff:09:33:64:6e:5b:fe:
         4b:b7:fd:b4:5a:70:eb:9c:c7:41:d8:79:e6:d3:9d:4b:87:6c:
         52:3d:ee:79:75:08:ab:41:7a:bd:cb:4d:c4:4c:75:71:42:06:
         79:0b:5d:24:d3:81:be:1b:4c:19:a5:8a:ad:df:bb:d9:19:7d:
         1b:1d:4f:b9:a3:1c:af:2b:a6:3a:1d:e8:e4:a5:c3:bf:b8:80:
         2c:d5:3e:e0:43:32:db:b7:ff:91:fe:e7:38:66:50:47:51:04:
         84:f7:fb:0a:c3:fd:51:5d:da:8a:1a:8b:3d:58:c0:92:f8:03:
         79:90:a5:22:09:53:3e:03:55:53:86:75:89:de:2b:af:ee:32:
         ce:7b:80:c7:33:d6:08:6f:7b:94:02:a1:41:b0:d7:42:30:de:
         e9:b2:20:b3:3c:a0:00:eb:ed:41:13:4a:a8:ae:e1:e4:df:81:
         87:98:c7:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ4gYUbTwCnWkPro5KhZRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTBkNTg1ZjFhYzg1ZjU0NDkyY2ZjOTVlMWRjZTBmYzJm
Nzk3MGYwHhcNMjUwMTAxMDk0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGFkYmU2MWZkMmZjOTQ5ZmVkNzJhOTU2NTI3YTFlN2Q4NDAwMTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOUr6MWgU3ljayRGl3TzyHO9Fwok
6BW+MD/9PAmV93L7ECMpOx5tRJPFRL9+JwySINyJHstD5n92KsF/7gYMCnf8fuqW
i7UkNz935V450WQJbWbeNC6bfKSUGC89BiQH1a2R6PM6IrEQXvvCrBe4ejZBDScb
ZVmcx3+jqNSCuWu7pyQRXfQHmIrPIktX6HZG9+oKWz0hCJp7vrGO6F8kFFjNfPXy
gnzQTmHhPOpNJjqnUMfcOqRYkiCv4boI2kiy6L19KidR2WIHa/qr3O+uvaCVqFJi
Y03e2AiDYt3lDzG2SLdK7q7L+Fsfgg8MjLK1KB9oN6QK+CVH7yGjjnTvZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGStvmH9L8lJ/tcqlWUnoefYQAEnMB8GA1UdIwQY
MBaAFHTg1YXxrIX1RJLPyV4dzg/C95cPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9EVmhmR3NoZlZFa3NfSlhoM09EOEwzbHc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9mZTBiZjItZjgzOC00MDhiLTk4NDMt
NjU5ODkxMDIwMmEyLzEvWksyLVlmMHZ5VW4tMXlxVlpTZWg1OWhBQVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9mZTBiZjItZjgzOC00MDhiLTk4NDMtNjU5ODkxMDIwMmEy
LzEvZE9EVmhmR3NoZlZFa3NfSlhoM09EOEwzbHc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue9wMA0G
CSqGSIb3DQEBCwUAA4IBAQCbxEAfzuAatrZB/PfJ8riP4nyykqqmwKnXQhswhIGG
+pIadwxATzPbtpjYAD+12554tbaonXbE39v6ONF4223T6cHKBb0NLtdNf/yl2yCy
kfMNvf8JM2RuW/5Lt/20WnDrnMdB2Hnm051Lh2xSPe55dQirQXq9y03ETHVxQgZ5
C10k04G+G0wZpYqt37vZGX0bHU+5oxyvK6Y6HejkpcO/uIAs1T7gQzLbt/+R/uc4
ZlBHUQSE9/sKw/1RXdqKGos9WMCS+AN5kKUiCVM+A1VThnWJ3iuv7jLOe4DHM9YI
b3uUAqFBsNdCMN7psiCzPKAA6+1BE0qoruHk34GHmMeH
-----END CERTIFICATE-----