Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/ZRdLYDl7hpyDg6YsYK-Wdw4baMc.roa
File:                     ZRdLYDl7hpyDg6YsYK-Wdw4baMc.roa (raw, json)
Hash identifier:          5DTIP8T8IUMMx2MqkILNMeW793Ol6SuU7VuRgBULAp4=
Subject key identifier:   65:17:4B:60:39:7B:86:9C:83:83:A6:2C:60:AF:96:77:0E:1B:68:C7
Certificate issuer:       /CN=296016ad64c22600acf3049f8758f53ebb1e57c4
Certificate serial:       0194244584BDE74AD0E73A436DE3FA378A37
Authority key identifier: 29:60:16:AD:64:C2:26:00:AC:F3:04:9F:87:58:F5:3E:BB:1E:57:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWAWrWTCJgCs8wSfh1j1PrseV8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/ZRdLYDl7hpyDg6YsYK-Wdw4baMc.roa
Signing time:             Wed 01 Jan 2025 23:48:43 +0000
ROA not before:           Wed 01 Jan 2025 23:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208226
IP address blocks:        216.87.54.0/24 maxlen: 24
                          2001:678:204::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/KWAWrWTCJgCs8wSfh1j1PrseV8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/KWAWrWTCJgCs8wSfh1j1PrseV8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWAWrWTCJgCs8wSfh1j1PrseV8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:84:bd:e7:4a:d0:e7:3a:43:6d:e3:fa:37:8a:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296016ad64c22600acf3049f8758f53ebb1e57c4
        Validity
            Not Before: Jan  1 23:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65174b60397b869c8383a62c60af96770e1b68c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:7e:98:5f:ef:e5:cf:02:51:5e:a2:db:7c:19:
                    1f:e9:0a:86:15:70:0c:71:dd:8b:3f:97:6f:da:27:
                    f6:f6:89:f9:ad:04:3d:34:db:93:99:6c:f5:27:d2:
                    17:6f:7a:4f:79:27:63:4b:01:63:27:fe:8b:a4:83:
                    ab:56:71:2f:6f:a0:7d:7c:95:78:b4:56:97:ed:e2:
                    56:fa:da:73:97:2d:cb:e4:eb:c5:fa:50:48:07:1c:
                    b5:cf:2e:92:e7:ba:35:f2:4a:96:46:07:56:7a:5a:
                    59:5c:06:35:76:0c:06:26:21:02:a5:82:f0:bb:06:
                    75:01:2a:e4:ad:0b:c0:3d:7c:35:c8:6f:51:91:d7:
                    b2:d0:92:3a:a1:4d:31:ec:5a:a6:de:4d:6f:5f:d3:
                    09:0d:9b:6b:33:b5:dd:5a:e3:ac:96:81:e2:c9:f2:
                    a4:fb:14:64:19:52:d2:a8:d6:03:ef:b2:e8:42:ea:
                    fe:fe:48:60:c8:eb:25:e6:e5:e3:aa:d3:8f:69:a1:
                    8a:a1:c4:b1:80:f2:b9:84:25:ec:64:9e:a5:35:9a:
                    96:22:35:8c:0e:30:b6:ac:a6:16:ae:ec:03:bc:a3:
                    5e:c7:6f:e9:10:2e:8d:a4:cc:4b:19:8c:f6:c6:f2:
                    57:23:17:58:9f:79:ce:cd:d4:6f:0d:16:49:e6:3c:
                    7d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:17:4B:60:39:7B:86:9C:83:83:A6:2C:60:AF:96:77:0E:1B:68:C7
            X509v3 Authority Key Identifier:
                keyid:29:60:16:AD:64:C2:26:00:AC:F3:04:9F:87:58:F5:3E:BB:1E:57:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWAWrWTCJgCs8wSfh1j1PrseV8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/ZRdLYDl7hpyDg6YsYK-Wdw4baMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/KWAWrWTCJgCs8wSfh1j1PrseV8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.87.54.0/24
                IPv6:
                  2001:678:204::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:ff:47:12:9b:73:b8:a3:4f:27:1d:fa:06:1b:43:27:f4:f2:
         bd:8a:f0:30:61:76:99:57:a8:f9:80:dc:06:dd:e4:16:ea:06:
         42:f6:30:3d:7b:6c:c6:15:fc:3b:ac:1b:cc:43:72:40:ea:76:
         f4:3c:13:e2:4b:5f:71:45:11:b6:fc:7a:fc:80:a3:fd:ce:73:
         fd:2c:19:c0:56:34:95:e3:a6:27:a1:06:dd:7b:2f:70:4f:3e:
         cf:0b:5e:c0:c7:7b:6f:99:c5:f3:55:79:74:6d:79:f1:ce:28:
         ea:47:98:00:f4:56:15:1e:b6:65:54:36:c9:3f:a2:e6:be:55:
         c6:3d:46:1f:4c:59:40:28:2a:d1:a0:c2:a0:68:16:8f:8c:fa:
         d3:99:d6:a4:05:03:f4:97:1f:f3:34:2a:55:62:8e:30:54:fa:
         2b:e2:93:f7:07:76:4e:e0:3f:e8:df:14:d4:1c:e9:f6:1f:b3:
         32:eb:ac:d4:17:41:be:fe:04:00:5a:b4:87:a8:9d:09:0e:b3:
         ca:9a:0d:d6:a2:cf:64:cd:d1:3f:80:8f:1f:2a:ba:52:35:23:
         e7:d8:de:56:22:a4:a1:61:0f:b3:d6:f3:7f:25:3c:b0:9d:8e:
         bd:87:47:a1:d4:f4:7f:b1:2e:f5:bc:b1:6f:11:9d:c0:1b:9a:
         72:22:7a:10
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQkRYS950rQ5zpDbeP6N4o3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjAxNmFkNjRjMjI2MDBhY2YzMDQ5Zjg3NThmNTNlYmIx
ZTU3YzQwHhcNMjUwMTAxMjM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTE3NGI2MDM5N2I4NjljODM4M2E2MmM2MGFmOTY3NzBlMWI2OGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiH6YX+/lzwJRXqLbfBkf6QqGFXAM
cd2LP5dv2if29on5rQQ9NNuTmWz1J9IXb3pPeSdjSwFjJ/6LpIOrVnEvb6B9fJV4
tFaX7eJW+tpzly3L5OvF+lBIBxy1zy6S57o18kqWRgdWelpZXAY1dgwGJiECpYLw
uwZ1ASrkrQvAPXw1yG9Rkdey0JI6oU0x7Fqm3k1vX9MJDZtrM7XdWuOsloHiyfKk
+xRkGVLSqNYD77LoQur+/khgyOsl5uXjqtOPaaGKocSxgPK5hCXsZJ6lNZqWIjWM
DjC2rKYWruwDvKNex2/pEC6NpMxLGYz2xvJXIxdYn3nOzdRvDRZJ5jx9GQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGUXS2A5e4acg4OmLGCvlncOG2jHMB8GA1UdIwQY
MBaAFClgFq1kwiYArPMEn4dY9T67HlfEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dBV3JXVENKZ0NzOHdTZmgxajFQcnNlVjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMzM0ODEtNjYzNC00ZDA5LWJmMTIt
YWI3ZjE0ZGFhZTRmLzEvWlJkTFlEbDdocHlEZzZZc1lLLVdkdzRiYU1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMzM0ODEtNjYzNC00ZDA5LWJmMTItYWI3ZjE0ZGFhZTRm
LzEvS1dBV3JXVENKZ0NzOHdTZmgxajFQcnNlVjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA2Fc2MA8E
AgACMAkDBwAgAQZ4AgQwDQYJKoZIhvcNAQELBQADggEBADT/RxKbc7ijTycd+gYb
Qyf08r2K8DBhdplXqPmA3Abd5BbqBkL2MD17bMYV/DusG8xDckDqdvQ8E+JLX3FF
Ebb8evyAo/3Oc/0sGcBWNJXjpiehBt17L3BPPs8LXsDHe2+ZxfNVeXRtefHOKOpH
mAD0VhUetmVUNsk/oua+VcY9Rh9MWUAoKtGgwqBoFo+M+tOZ1qQFA/SXH/M0KlVi
jjBU+ivik/cHdk7gP+jfFNQc6fYfszLrrNQXQb7+BABatIeonQkOs8qaDdaiz2TN
0T+Ajx8qulI1I+fY3lYipKFhD7PW838lPLCdjr2HR6HU9H+xLvW8sW8RncAbmnIi
ehA=
-----END CERTIFICATE-----