Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/4f7680-81ab-4c1f-a07b-7c62d5c315bf/1/zcJuMPKqinNoidJ9rHaaDdmdVvA.roa
File:                     zcJuMPKqinNoidJ9rHaaDdmdVvA.roa (raw, json)
Hash identifier:          9UsWhn4/INB/JJvJuTs6CMag+GLrqc1ZuXSO78kkqu4=
Subject key identifier:   CD:C2:6E:30:F2:AA:8A:73:68:89:D2:7D:AC:76:9A:0D:D9:9D:56:F0
Certificate issuer:       /CN=90f76537ff745893e3142fa0984f449b725b8fd3
Certificate serial:       019420D5A2702CAD1A318A39485D7BC7FD07
Authority key identifier: 90:F7:65:37:FF:74:58:93:E3:14:2F:A0:98:4F:44:9B:72:5B:8F:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPdlN_90WJPjFC-gmE9Em3Jbj9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/4f7680-81ab-4c1f-a07b-7c62d5c315bf/1/zcJuMPKqinNoidJ9rHaaDdmdVvA.roa
Signing time:             Wed 01 Jan 2025 07:47:39 +0000
ROA not before:           Wed 01 Jan 2025 07:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212989
IP address blocks:        194.156.22.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/4f7680-81ab-4c1f-a07b-7c62d5c315bf/1/kPdlN_90WJPjFC-gmE9Em3Jbj9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/4f7680-81ab-4c1f-a07b-7c62d5c315bf/1/kPdlN_90WJPjFC-gmE9Em3Jbj9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kPdlN_90WJPjFC-gmE9Em3Jbj9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:a2:70:2c:ad:1a:31:8a:39:48:5d:7b:c7:fd:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f76537ff745893e3142fa0984f449b725b8fd3
        Validity
            Not Before: Jan  1 07:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdc26e30f2aa8a736889d27dac769a0dd99d56f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:63:aa:06:de:5f:c7:5b:61:77:4a:b9:25:b8:
                    97:c7:cd:2a:8b:40:c4:e7:5f:93:73:cb:06:21:5f:
                    dc:69:55:78:81:a5:0e:f9:3a:99:82:2e:9a:f4:11:
                    8b:5d:8c:2c:3d:89:5f:7a:a4:5f:01:0d:56:9e:4b:
                    bb:ab:20:99:a6:ce:cf:2d:33:c6:ce:e4:8f:23:9d:
                    2b:7f:29:71:fd:f3:65:c4:26:ca:55:62:13:d3:ae:
                    8e:33:76:6c:fd:8f:c9:70:47:b2:cd:5f:15:23:3d:
                    74:26:11:4f:c8:f3:39:a8:68:6e:fe:2d:48:6b:cb:
                    05:30:ef:61:da:9b:ad:19:2e:66:b5:6f:ff:7e:38:
                    ea:50:a9:52:f2:6c:12:f2:77:24:93:e9:b2:e3:bf:
                    5a:17:41:67:7a:9a:38:9c:1f:b6:c9:b4:d2:dc:ce:
                    c7:63:c2:22:e1:74:68:65:ab:c2:e4:a1:9b:ea:43:
                    9d:02:f8:75:89:72:fc:53:be:28:07:85:a9:f0:92:
                    1d:9a:d7:bb:41:67:b6:c2:4f:ee:1e:a1:7f:72:29:
                    b3:2a:45:58:3f:0e:c6:23:7a:84:78:fc:1e:5c:be:
                    6c:a7:e3:89:fc:ff:c3:37:d5:0d:2c:5b:f5:40:e4:
                    9a:d3:7c:8c:15:90:b4:52:a0:15:1c:80:42:43:ca:
                    5d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:C2:6E:30:F2:AA:8A:73:68:89:D2:7D:AC:76:9A:0D:D9:9D:56:F0
            X509v3 Authority Key Identifier:
                keyid:90:F7:65:37:FF:74:58:93:E3:14:2F:A0:98:4F:44:9B:72:5B:8F:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPdlN_90WJPjFC-gmE9Em3Jbj9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/4f7680-81ab-4c1f-a07b-7c62d5c315bf/1/zcJuMPKqinNoidJ9rHaaDdmdVvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/4f7680-81ab-4c1f-a07b-7c62d5c315bf/1/kPdlN_90WJPjFC-gmE9Em3Jbj9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:31:3d:59:4d:27:3c:3c:ca:fb:72:8a:f2:49:ca:2e:3b:c7:
         30:08:18:6a:cf:fc:3a:67:d8:94:94:76:fd:4a:b6:bf:b8:36:
         f4:55:62:ef:91:94:47:40:99:90:28:c3:4b:db:02:26:e8:dd:
         ed:43:ad:29:69:61:f3:ac:63:2c:7b:32:a5:5b:8c:44:c4:6f:
         c5:37:b7:b0:80:52:45:3b:f8:5a:43:01:30:74:1d:1e:5c:62:
         d6:bb:89:54:80:8b:86:1a:1d:24:dd:75:5b:6a:3e:9f:0f:fd:
         f4:ab:22:05:2b:05:66:9d:a0:68:64:57:96:5d:80:40:d9:4c:
         96:18:48:9b:a3:21:af:57:47:1c:76:5e:01:9e:af:30:0c:ee:
         ff:09:cd:e2:31:27:12:14:08:dd:4b:e9:71:23:a7:15:c8:67:
         31:c2:9c:f1:b2:24:dd:d1:32:04:96:3c:98:cc:8b:cf:a1:f2:
         6e:19:a9:9a:0e:27:d9:7f:dc:13:20:11:e2:e2:cd:62:31:eb:
         94:ca:25:c6:5d:e4:6a:9e:50:b4:10:a9:b4:03:e2:2d:b8:5f:
         86:a6:4a:31:d3:48:66:96:d7:84:b1:b3:78:ad:36:f4:95:15:
         42:68:98:4a:97:74:37:38:d4:a9:f5:67:38:93:e2:79:24:1f:
         8d:3b:80:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1aJwLK0aMYo5SF17x/0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjc2NTM3ZmY3NDU4OTNlMzE0MmZhMDk4NGY0NDliNzI1
YjhmZDMwHhcNMjUwMTAxMDc0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGMyNmUzMGYyYWE4YTczNjg4OWQyN2RhYzc2OWEwZGQ5OWQ1NmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mOqBt5fx1thd0q5JbiXx80qi0DE
51+Tc8sGIV/caVV4gaUO+TqZgi6a9BGLXYwsPYlfeqRfAQ1Wnku7qyCZps7PLTPG
zuSPI50rfylx/fNlxCbKVWIT066OM3Zs/Y/JcEeyzV8VIz10JhFPyPM5qGhu/i1I
a8sFMO9h2putGS5mtW//fjjqUKlS8mwS8nckk+my479aF0Fnepo4nB+2ybTS3M7H
Y8Ii4XRoZavC5KGb6kOdAvh1iXL8U74oB4Wp8JIdmte7QWe2wk/uHqF/cimzKkVY
Pw7GI3qEePweXL5sp+OJ/P/DN9UNLFv1QOSa03yMFZC0UqAVHIBCQ8pdpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3CbjDyqopzaInSfax2mg3ZnVbwMB8GA1UdIwQY
MBaAFJD3ZTf/dFiT4xQvoJhPRJtyW4/TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BkbE5fOTBXSlBqRkMtZ21FOUVtM0piajlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi80Zjc2ODAtODFhYi00YzFmLWEwN2It
N2M2MmQ1YzMxNWJmLzEvemNKdU1QS3Fpbk5vaWRKOXJIYWFEZG1kVnZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi80Zjc2ODAtODFhYi00YzFmLWEwN2ItN2M2MmQ1YzMxNWJm
LzEva1BkbE5fOTBXSlBqRkMtZ21FOUVtM0piajlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpwWMA0G
CSqGSIb3DQEBCwUAA4IBAQCEMT1ZTSc8PMr7coryScouO8cwCBhqz/w6Z9iUlHb9
Sra/uDb0VWLvkZRHQJmQKMNL2wIm6N3tQ60paWHzrGMsezKlW4xExG/FN7ewgFJF
O/haQwEwdB0eXGLWu4lUgIuGGh0k3XVbaj6fD/30qyIFKwVmnaBoZFeWXYBA2UyW
GEiboyGvV0ccdl4Bnq8wDO7/Cc3iMScSFAjdS+lxI6cVyGcxwpzxsiTd0TIEljyY
zIvPofJuGamaDifZf9wTIBHi4s1iMeuUyiXGXeRqnlC0EKm0A+ItuF+Gpkox00hm
lteEsbN4rTb0lRVCaJhKl3Q3ONSp9Wc4k+J5JB+NO4BE
-----END CERTIFICATE-----