Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/079ddb-820a-4d51-bf8d-8d11ead3af8c/1/ZbzYnCdTKy9eNC3OK0DEdLUOyKk.roa
File:                     ZbzYnCdTKy9eNC3OK0DEdLUOyKk.roa (raw, json)
Hash identifier:          oL/nHAdw2PWuZlbLqbaKwj0TlvoNl+Sz5bzNx/L6zWY=
Subject key identifier:   65:BC:D8:9C:27:53:2B:2F:5E:34:2D:CE:2B:40:C4:74:B5:0E:C8:A9
Certificate issuer:       /CN=88ad3d60d92057ff0fa011f450c3646e352da5d8
Certificate serial:       019425FDAE64A2D882B3457836A1F37323BD
Authority key identifier: 88:AD:3D:60:D9:20:57:FF:0F:A0:11:F4:50:C3:64:6E:35:2D:A5:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK09YNkgV_8PoBH0UMNkbjUtpdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/079ddb-820a-4d51-bf8d-8d11ead3af8c/1/ZbzYnCdTKy9eNC3OK0DEdLUOyKk.roa
Signing time:             Thu 02 Jan 2025 07:49:29 +0000
ROA not before:           Thu 02 Jan 2025 07:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35468
IP address blocks:        193.222.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/079ddb-820a-4d51-bf8d-8d11ead3af8c/1/iK09YNkgV_8PoBH0UMNkbjUtpdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/079ddb-820a-4d51-bf8d-8d11ead3af8c/1/iK09YNkgV_8PoBH0UMNkbjUtpdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK09YNkgV_8PoBH0UMNkbjUtpdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ae:64:a2:d8:82:b3:45:78:36:a1:f3:73:23:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88ad3d60d92057ff0fa011f450c3646e352da5d8
        Validity
            Not Before: Jan  2 07:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65bcd89c27532b2f5e342dce2b40c474b50ec8a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:70:47:95:c9:2b:96:91:52:d1:d0:9b:8d:8c:
                    7b:29:a5:ca:c4:35:1a:e5:bf:0b:26:da:22:e8:e2:
                    c8:02:89:9a:f9:61:ed:4a:04:bc:99:eb:84:a1:9e:
                    50:74:05:28:40:13:07:d4:ba:75:4b:8a:75:00:53:
                    28:97:d2:2f:54:7f:41:f4:69:50:1a:5c:1f:d5:a0:
                    1f:3e:bd:35:e0:64:76:0f:b3:94:3b:39:b3:e5:50:
                    c1:01:ec:ab:27:83:0c:78:82:32:76:1c:09:78:53:
                    ed:02:55:c3:28:64:8b:19:f4:30:fe:59:79:51:13:
                    a6:d4:88:3a:3b:e7:7c:25:bf:6d:c2:2a:fa:0f:44:
                    1b:74:bf:11:74:63:0f:da:dc:ff:84:3d:b7:f9:c2:
                    b4:1a:65:a8:97:f0:67:c2:73:d4:d9:44:44:02:24:
                    8d:35:93:ab:1c:2b:41:56:2b:52:79:9a:9d:d8:2d:
                    d7:f3:80:52:16:cc:8e:5a:e1:6f:86:75:be:61:5e:
                    36:8e:07:57:9c:52:ad:be:10:59:db:60:65:ea:61:
                    35:e4:6e:de:68:a3:14:e9:7b:cd:15:7c:b7:69:35:
                    56:c5:6b:49:f0:21:bd:0c:db:a3:13:5b:2f:64:e6:
                    22:c2:a6:c4:0b:e4:af:3b:73:7a:86:ad:f7:d0:ed:
                    b8:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:BC:D8:9C:27:53:2B:2F:5E:34:2D:CE:2B:40:C4:74:B5:0E:C8:A9
            X509v3 Authority Key Identifier:
                keyid:88:AD:3D:60:D9:20:57:FF:0F:A0:11:F4:50:C3:64:6E:35:2D:A5:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK09YNkgV_8PoBH0UMNkbjUtpdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/079ddb-820a-4d51-bf8d-8d11ead3af8c/1/ZbzYnCdTKy9eNC3OK0DEdLUOyKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/079ddb-820a-4d51-bf8d-8d11ead3af8c/1/iK09YNkgV_8PoBH0UMNkbjUtpdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:99:59:97:83:a1:10:ab:f3:ec:06:40:63:54:99:f2:c6:3a:
         27:ad:5c:14:d8:e7:b1:a4:54:65:a3:bf:a7:81:25:e7:64:4e:
         91:9f:b4:ca:4d:c5:50:be:20:77:6f:3a:f9:c3:e1:73:63:d3:
         5b:15:84:fc:3e:4e:69:74:e2:9d:b4:15:c0:ef:05:56:57:b7:
         1f:ab:c0:53:5b:ea:e3:ec:5e:f1:53:2d:d7:0b:e6:7f:91:08:
         1a:3e:33:d3:12:d3:7c:5f:90:b4:2c:7f:8b:5b:e5:a6:8f:94:
         ef:1c:e7:b7:fb:42:85:c6:47:57:5c:47:b6:11:ab:94:a1:be:
         dc:08:bb:cd:ca:66:bc:5a:e4:19:e8:2f:c0:88:bf:06:cd:0e:
         ca:3b:a1:93:8d:df:44:19:87:71:10:63:0d:b7:0a:3f:b3:fe:
         aa:bc:e1:b4:8d:8f:35:7c:e3:4e:21:58:81:5a:a2:a0:97:97:
         34:0f:18:71:0f:0e:b6:f6:cf:6c:d8:a0:6a:90:c1:c5:a7:bd:
         f1:aa:86:86:19:bd:fc:27:3f:71:0f:56:a9:ff:1a:bb:5f:e8:
         a6:47:f6:94:4c:b5:d2:fe:84:99:5a:fb:0e:2d:15:66:a9:b8:
         c7:99:2a:f5:bb:c0:45:5a:33:f3:c6:10:61:67:58:f7:a1:08:
         47:aa:00:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/a5kotiCs0V4NqHzcyO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWQzZDYwZDkyMDU3ZmYwZmEwMTFmNDUwYzM2NDZlMzUy
ZGE1ZDgwHhcNMjUwMTAyMDc0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWJjZDg5YzI3NTMyYjJmNWUzNDJkY2UyYjQwYzQ3NGI1MGVjOGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3BHlckrlpFS0dCbjYx7KaXKxDUa
5b8LJtoi6OLIAoma+WHtSgS8meuEoZ5QdAUoQBMH1Lp1S4p1AFMol9IvVH9B9GlQ
Glwf1aAfPr014GR2D7OUOzmz5VDBAeyrJ4MMeIIydhwJeFPtAlXDKGSLGfQw/ll5
UROm1Ig6O+d8Jb9twir6D0QbdL8RdGMP2tz/hD23+cK0GmWol/BnwnPU2UREAiSN
NZOrHCtBVitSeZqd2C3X84BSFsyOWuFvhnW+YV42jgdXnFKtvhBZ22Bl6mE15G7e
aKMU6XvNFXy3aTVWxWtJ8CG9DNujE1svZOYiwqbEC+SvO3N6hq330O24+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGW82JwnUysvXjQtzitAxHS1DsipMB8GA1UdIwQY
MBaAFIitPWDZIFf/D6AR9FDDZG41LaXYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUswOVlOa2dWXzhQb0JIMFVNTmtialV0cGRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8wNzlkZGItODIwYS00ZDUxLWJmOGQt
OGQxMWVhZDNhZjhjLzEvWmJ6WW5DZFRLeTllTkMzT0swREVkTFVPeUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8wNzlkZGItODIwYS00ZDUxLWJmOGQtOGQxMWVhZDNhZjhj
LzEvaUswOVlOa2dWXzhQb0JIMFVNTmtialV0cGRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd4/MA0G
CSqGSIb3DQEBCwUAA4IBAQB4mVmXg6EQq/PsBkBjVJnyxjonrVwU2OexpFRlo7+n
gSXnZE6Rn7TKTcVQviB3bzr5w+FzY9NbFYT8Pk5pdOKdtBXA7wVWV7cfq8BTW+rj
7F7xUy3XC+Z/kQgaPjPTEtN8X5C0LH+LW+Wmj5TvHOe3+0KFxkdXXEe2EauUob7c
CLvNyma8WuQZ6C/AiL8GzQ7KO6GTjd9EGYdxEGMNtwo/s/6qvOG0jY81fONOIViB
WqKgl5c0DxhxDw629s9s2KBqkMHFp73xqoaGGb38Jz9xD1ap/xq7X+imR/aUTLXS
/oSZWvsOLRVmqbjHmSr1u8BFWjPzxhBhZ1j3oQhHqgAB
-----END CERTIFICATE-----