Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/e81755-4592-4f20-af70-caf951e1531d/1/sZiDjovlZR7TPPXq724QB4yd_Ds.roa
File:                     sZiDjovlZR7TPPXq724QB4yd_Ds.roa (raw, json)
Hash identifier:          g0NC0qA2yq5MjWHr5RjOBshN8A2Yl9uqhpeNRfy6QdQ=
Subject key identifier:   B1:98:83:8E:8B:E5:65:1E:D3:3C:F5:EA:EF:6E:10:07:8C:9D:FC:3B
Certificate issuer:       /CN=730e19bf2f2fdb730232da2c4551a312ba3e2ee2
Certificate serial:       01942143F8347496D354D90F28D6DEF027FC
Authority key identifier: 73:0E:19:BF:2F:2F:DB:73:02:32:DA:2C:45:51:A3:12:BA:3E:2E:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cw4Zvy8v23MCMtosRVGjEro-LuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/e81755-4592-4f20-af70-caf951e1531d/1/sZiDjovlZR7TPPXq724QB4yd_Ds.roa
Signing time:             Wed 01 Jan 2025 09:48:10 +0000
ROA not before:           Wed 01 Jan 2025 09:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        93.190.220.0/22 maxlen: 22
                          93.190.220.0/24 maxlen: 24
                          93.190.221.0/24 maxlen: 24
                          93.190.222.0/24 maxlen: 24
                          93.190.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/e81755-4592-4f20-af70-caf951e1531d/1/cw4Zvy8v23MCMtosRVGjEro-LuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/e81755-4592-4f20-af70-caf951e1531d/1/cw4Zvy8v23MCMtosRVGjEro-LuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cw4Zvy8v23MCMtosRVGjEro-LuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f8:34:74:96:d3:54:d9:0f:28:d6:de:f0:27:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=730e19bf2f2fdb730232da2c4551a312ba3e2ee2
        Validity
            Not Before: Jan  1 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b198838e8be5651ed33cf5eaef6e10078c9dfc3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:49:c4:bb:46:b9:d9:6b:4c:43:eb:60:b0:c1:
                    b4:29:d7:7c:60:74:af:a1:7e:d7:46:28:9d:70:dc:
                    0c:35:5d:49:b3:66:cf:e1:b7:ae:0d:f6:ab:f7:5b:
                    ab:54:dc:3a:72:09:21:91:98:48:ad:38:3a:73:32:
                    8b:7d:2c:07:e0:cb:91:1e:21:21:ef:f5:b5:4a:3e:
                    a6:84:58:45:fd:da:35:0d:a2:59:da:4c:ed:ba:61:
                    ce:d1:57:8b:3a:cd:31:c1:8b:c8:62:f8:1c:f8:20:
                    e1:b3:b8:dc:61:a2:fb:8f:5c:22:bc:73:3c:78:c7:
                    89:6c:60:23:83:12:f8:41:f2:ad:29:1b:58:be:a8:
                    5e:35:57:55:69:79:93:d0:ab:0e:5c:88:23:68:f8:
                    aa:29:60:5b:83:ed:17:ea:df:ac:01:e5:74:d5:dc:
                    0b:9c:cc:7d:82:57:a1:6f:84:25:83:e5:b7:3f:08:
                    fb:0d:f8:3c:c0:f7:e4:55:a5:96:4a:8e:ec:e6:ab:
                    1f:47:e9:9a:6e:05:fe:d2:08:6b:4f:a8:cc:c1:a4:
                    4e:b0:3e:7b:e9:6d:b9:91:dd:b9:92:7a:65:d6:6f:
                    a3:21:49:60:6e:28:c8:b3:89:a3:89:94:cf:68:56:
                    bb:c4:28:64:69:c9:e7:b3:a7:af:82:2c:04:98:28:
                    4d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:98:83:8E:8B:E5:65:1E:D3:3C:F5:EA:EF:6E:10:07:8C:9D:FC:3B
            X509v3 Authority Key Identifier:
                keyid:73:0E:19:BF:2F:2F:DB:73:02:32:DA:2C:45:51:A3:12:BA:3E:2E:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cw4Zvy8v23MCMtosRVGjEro-LuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/e81755-4592-4f20-af70-caf951e1531d/1/sZiDjovlZR7TPPXq724QB4yd_Ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/e81755-4592-4f20-af70-caf951e1531d/1/cw4Zvy8v23MCMtosRVGjEro-LuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:69:74:ad:12:39:de:93:80:15:53:53:87:4c:5b:e4:63:a5:
         c2:bd:0a:79:fb:b2:36:0b:a6:70:d1:f6:b6:02:87:ba:9c:6e:
         8b:22:d4:10:18:c9:6a:91:d6:8d:45:ed:39:dd:ce:77:94:a0:
         0e:0e:fd:aa:e0:6e:1a:1d:98:96:34:66:36:ae:8f:d7:94:22:
         48:5a:ea:33:27:c1:36:ea:26:67:16:62:19:8b:fe:83:4f:9f:
         38:e8:09:20:54:7d:eb:88:e9:10:16:74:0d:c6:95:25:89:6a:
         f7:a5:f0:97:1f:9e:1a:f9:97:76:bb:b8:94:b0:c2:30:eb:81:
         bb:97:49:96:87:17:ee:af:26:5d:a5:83:36:59:ca:0d:7b:4d:
         e6:ce:5a:11:b1:23:37:80:ef:b6:5c:8d:c9:05:e0:fd:32:2f:
         13:43:c2:e5:c1:2a:22:47:4f:d9:39:f2:d4:ea:2b:5c:5c:61:
         4b:5b:43:c3:96:1c:43:e5:78:76:36:44:49:8f:1e:fb:eb:39:
         9e:a1:62:3d:57:e3:a3:fe:f3:45:d3:17:56:51:ad:81:e3:38:
         9a:98:3e:fc:a7:ef:c5:17:b6:ac:15:25:44:ee:f1:aa:4e:06:
         86:8f:5a:48:9f:f2:aa:f1:fc:4e:d4:e0:57:0b:83:bd:26:0f:
         09:b0:26:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/g0dJbTVNkPKNbe8Cf8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMGUxOWJmMmYyZmRiNzMwMjMyZGEyYzQ1NTFhMzEyYmEz
ZTJlZTIwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTk4ODM4ZThiZTU2NTFlZDMzY2Y1ZWFlZjZlMTAwNzhjOWRmYzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuknEu0a52WtMQ+tgsMG0Kdd8YHSv
oX7XRiidcNwMNV1Js2bP4beuDfar91urVNw6cgkhkZhIrTg6czKLfSwH4MuRHiEh
7/W1Sj6mhFhF/do1DaJZ2kztumHO0VeLOs0xwYvIYvgc+CDhs7jcYaL7j1wivHM8
eMeJbGAjgxL4QfKtKRtYvqheNVdVaXmT0KsOXIgjaPiqKWBbg+0X6t+sAeV01dwL
nMx9glehb4Qlg+W3Pwj7Dfg8wPfkVaWWSo7s5qsfR+mabgX+0ghrT6jMwaROsD57
6W25kd25knpl1m+jIUlgbijIs4mjiZTPaFa7xChkacnns6evgiwEmChNYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGYg46L5WUe0zz16u9uEAeMnfw7MB8GA1UdIwQY
MBaAFHMOGb8vL9tzAjLaLEVRoxK6Pi7iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3c0WnZ5OHYyM01DTXRvc1JWR2pFcm8tTHVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lODE3NTUtNDU5Mi00ZjIwLWFmNzAt
Y2FmOTUxZTE1MzFkLzEvc1ppRGpvdmxaUjdUUFBYcTcyNFFCNHlkX0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lODE3NTUtNDU5Mi00ZjIwLWFmNzAtY2FmOTUxZTE1MzFk
LzEvY3c0WnZ5OHYyM01DTXRvc1JWR2pFcm8tTHVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXb7cMA0G
CSqGSIb3DQEBCwUAA4IBAQAgaXStEjnek4AVU1OHTFvkY6XCvQp5+7I2C6Zw0fa2
Aoe6nG6LItQQGMlqkdaNRe053c53lKAODv2q4G4aHZiWNGY2ro/XlCJIWuozJ8E2
6iZnFmIZi/6DT5846AkgVH3riOkQFnQNxpUliWr3pfCXH54a+Zd2u7iUsMIw64G7
l0mWhxfuryZdpYM2WcoNe03mzloRsSM3gO+2XI3JBeD9Mi8TQ8LlwSoiR0/ZOfLU
6itcXGFLW0PDlhxD5Xh2NkRJjx776zmeoWI9V+Oj/vNF0xdWUa2B4ziamD78p+/F
F7asFSVE7vGqTgaGj1pIn/Kq8fxO1OBXC4O9Jg8JsCYz
-----END CERTIFICATE-----