Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/CrZg-KF8Q9A22OHJJHctF4UJ8vA.roa
File:                     CrZg-KF8Q9A22OHJJHctF4UJ8vA.roa (raw, json)
Hash identifier:          TgN9LzFg5B6mAl/H8RLYxQOgYmdpxQcOV4fT/DnUDn0=
Subject key identifier:   0A:B6:60:F8:A1:7C:43:D0:36:D8:E1:C9:24:77:2D:17:85:09:F2:F0
Certificate issuer:       /CN=5ad943a41ce27e7b7bcfdff69a89c3e337ea63b5
Certificate serial:       0196C3F14887EFE32CF59A4072323E018849
Authority key identifier: 5A:D9:43:A4:1C:E2:7E:7B:7B:CF:DF:F6:9A:89:C3:E3:37:EA:63:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WtlDpBzifnt7z9_2monD4zfqY7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/CrZg-KF8Q9A22OHJJHctF4UJ8vA.roa
Signing time:             Mon 12 May 2025 10:01:31 +0000
ROA not before:           Mon 12 May 2025 10:01:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51306
IP address blocks:        194.127.244.0/22 maxlen: 24
                          2a07:cf80::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/WtlDpBzifnt7z9_2monD4zfqY7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/WtlDpBzifnt7z9_2monD4zfqY7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WtlDpBzifnt7z9_2monD4zfqY7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 16:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c3:f1:48:87:ef:e3:2c:f5:9a:40:72:32:3e:01:88:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ad943a41ce27e7b7bcfdff69a89c3e337ea63b5
        Validity
            Not Before: May 12 10:01:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ab660f8a17c43d036d8e1c924772d178509f2f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a4:19:5b:b7:1e:4b:6e:80:c6:56:f6:a0:98:
                    d3:3d:3c:78:99:8f:a8:9f:88:da:94:5b:24:c9:21:
                    e3:b8:6c:74:c2:39:34:eb:de:53:60:e6:f8:a7:3a:
                    58:e8:7f:6f:a3:a1:11:7d:39:3f:e7:47:60:40:1c:
                    c9:15:46:75:35:2f:a6:47:57:aa:ef:6d:cd:7c:03:
                    a9:3d:5d:2e:7e:17:c1:c8:c9:70:77:8d:9b:97:74:
                    6b:0b:4c:88:24:41:47:d0:fb:fe:35:f2:3f:57:94:
                    23:30:fe:1a:3c:2b:8d:9f:66:e5:68:fe:53:8b:40:
                    56:aa:d3:2a:41:44:11:db:8d:d8:bf:64:eb:84:7a:
                    09:a2:6a:b3:96:b9:25:c5:da:98:5a:d8:c6:d0:7b:
                    ff:3d:4d:28:d8:5a:db:e7:a0:53:72:7c:fb:4d:b4:
                    6c:9e:68:a7:61:1d:b5:c6:20:3d:b7:65:c9:e0:e2:
                    89:da:8a:21:f5:de:7c:d8:5c:e3:63:e6:dc:53:43:
                    95:b7:c7:2a:a4:a2:01:84:ea:c3:88:59:25:ad:06:
                    d4:6f:e2:27:47:7c:fd:4d:b9:51:6e:f1:51:da:56:
                    fb:16:72:af:0e:73:ca:a4:2b:cd:22:6f:09:06:6f:
                    38:b2:25:49:64:f1:f7:6c:11:ec:98:51:b0:e3:8b:
                    af:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B6:60:F8:A1:7C:43:D0:36:D8:E1:C9:24:77:2D:17:85:09:F2:F0
            X509v3 Authority Key Identifier:
                keyid:5A:D9:43:A4:1C:E2:7E:7B:7B:CF:DF:F6:9A:89:C3:E3:37:EA:63:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WtlDpBzifnt7z9_2monD4zfqY7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/CrZg-KF8Q9A22OHJJHctF4UJ8vA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/21b7ce-2ec6-479e-8a4d-84f90593913c/1/WtlDpBzifnt7z9_2monD4zfqY7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.244.0/22
                IPv6:
                  2a07:cf80::/32

    Signature Algorithm: sha256WithRSAEncryption
         2c:6b:fc:4d:c2:1b:38:58:ef:ac:0f:dc:9f:06:4a:ec:e6:9d:
         ab:83:da:e6:e9:54:6a:7a:3c:8c:45:1d:6b:30:2b:5c:48:fc:
         38:0e:df:71:af:89:dd:d8:22:da:01:81:c7:12:bc:af:46:6f:
         a2:db:e6:16:ad:e4:f7:71:b9:90:dd:e6:a4:97:8a:72:a0:e2:
         b6:d7:a0:3c:d6:bc:fa:b3:fc:bc:b8:e7:78:c6:14:d1:b4:e6:
         70:48:a7:3b:4a:31:1a:2a:42:49:78:24:3b:12:e3:fb:e3:ab:
         a3:3e:09:f2:42:85:76:7b:3b:9e:34:c7:a8:d1:7a:a6:ec:0a:
         17:38:bb:23:4d:2a:1e:d5:30:72:91:c3:64:70:5e:dd:ba:6f:
         7d:b1:18:94:e8:a0:96:52:a4:4a:03:bc:f4:63:52:cb:a9:3d:
         74:f9:d5:99:61:e8:e8:35:88:d9:2c:41:a3:ab:31:69:ab:f5:
         50:53:89:55:1b:a7:29:3b:de:4b:3f:51:af:43:b8:b1:5b:42:
         65:d1:be:01:cb:03:e5:83:d5:c5:85:b9:fa:4c:e6:7b:61:2d:
         fd:ee:88:1b:33:f9:e2:db:e1:39:b2:28:9d:e4:f5:d4:39:2c:
         cb:86:3e:f2:82:dc:5e:59:3a:22:a8:af:68:83:8e:bf:25:93:
         f5:5b:5c:55
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZbD8UiH7+Ms9ZpAcjI+AYhJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZDk0M2E0MWNlMjdlN2I3YmNmZGZmNjlhODljM2UzMzdl
YTYzYjUwHhcNMjUwNTEyMTAwMTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWI2NjBmOGExN2M0M2QwMzZkOGUxYzkyNDc3MmQxNzg1MDlmMmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaQZW7ceS26Axlb2oJjTPTx4mY+o
n4jalFskySHjuGx0wjk0695TYOb4pzpY6H9vo6ERfTk/50dgQBzJFUZ1NS+mR1eq
723NfAOpPV0ufhfByMlwd42bl3RrC0yIJEFH0Pv+NfI/V5QjMP4aPCuNn2blaP5T
i0BWqtMqQUQR243Yv2TrhHoJomqzlrklxdqYWtjG0Hv/PU0o2Frb56BTcnz7TbRs
nminYR21xiA9t2XJ4OKJ2ooh9d582FzjY+bcU0OVt8cqpKIBhOrDiFklrQbUb+In
R3z9TblRbvFR2lb7FnKvDnPKpCvNIm8JBm84siVJZPH3bBHsmFGw44uvYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAq2YPihfEPQNtjhySR3LReFCfLwMB8GA1UdIwQY
MBaAFFrZQ6Qc4n57e8/f9pqJw+M36mO1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3RsRHBCemlmbnQ3ejlfMm1vbkQ0emZxWTdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8yMWI3Y2UtMmVjNi00NzllLThhNGQt
ODRmOTA1OTM5MTNjLzEvQ3JaZy1LRjhROUEyMk9ISkpIY3RGNFVKOHZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8yMWI3Y2UtMmVjNi00NzllLThhNGQtODRmOTA1OTM5MTNj
LzEvV3RsRHBCemlmbnQ3ejlfMm1vbkQ0emZxWTdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwn/0MA0E
AgACMAcDBQAqB8+AMA0GCSqGSIb3DQEBCwUAA4IBAQAsa/xNwhs4WO+sD9yfBkrs
5p2rg9rm6VRqejyMRR1rMCtcSPw4Dt9xr4nd2CLaAYHHEryvRm+i2+YWreT3cbmQ
3eakl4pyoOK216A81rz6s/y8uOd4xhTRtOZwSKc7SjEaKkJJeCQ7EuP746ujPgny
QoV2ezueNMeo0Xqm7AoXOLsjTSoe1TBykcNkcF7dum99sRiU6KCWUqRKA7z0Y1LL
qT10+dWZYejoNYjZLEGjqzFpq/VQU4lVG6cpO95LP1GvQ7ixW0Jl0b4BywPlg9XF
hbn6TOZ7YS397ogbM/ni2+E5siid5PXUOSzLhj7ygtxeWToiqK9og46/JZP1W1xV
-----END CERTIFICATE-----