Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/ZrVj2s197OVZslr8l0eL6BOnr3w.roa
File:                     ZrVj2s197OVZslr8l0eL6BOnr3w.roa (raw, json)
Hash identifier:          MfbdU/hx9JIBrv7/G68X/y0zTkmoV59GNKmYnsQV+5o=
Subject key identifier:   66:B5:63:DA:CD:7D:EC:E5:59:B2:5A:FC:97:47:8B:E8:13:A7:AF:7C
Certificate issuer:       /CN=d538d7726a5f1f33da15d87e5c8b0e48f50281bf
Certificate serial:       019420686BFB831FA8349F67D3DEB3FCB88B
Authority key identifier: D5:38:D7:72:6A:5F:1F:33:DA:15:D8:7E:5C:8B:0E:48:F5:02:81:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1TjXcmpfHzPaFdh-XIsOSPUCgb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/ZrVj2s197OVZslr8l0eL6BOnr3w.roa
Signing time:             Wed 01 Jan 2025 05:48:21 +0000
ROA not before:           Wed 01 Jan 2025 05:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        195.88.246.0/24 maxlen: 24
                          195.88.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/1TjXcmpfHzPaFdh-XIsOSPUCgb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/1TjXcmpfHzPaFdh-XIsOSPUCgb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1TjXcmpfHzPaFdh-XIsOSPUCgb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:6b:fb:83:1f:a8:34:9f:67:d3:de:b3:fc:b8:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d538d7726a5f1f33da15d87e5c8b0e48f50281bf
        Validity
            Not Before: Jan  1 05:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66b563dacd7dece559b25afc97478be813a7af7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5b:4f:45:1c:41:ec:8e:d2:79:7f:0a:cb:59:
                    3e:60:e0:76:3e:e6:4d:5d:1f:f9:e0:00:be:bf:8c:
                    c7:46:c5:0d:40:4d:23:47:aa:15:cd:7e:32:2a:6e:
                    17:9b:e4:da:bd:94:a3:e9:27:6e:8d:b2:bb:48:4f:
                    9c:41:cc:4a:60:ca:0d:42:70:a5:c8:88:d5:36:2a:
                    73:48:3e:1a:ef:49:98:7c:1d:36:e3:35:c8:c3:c7:
                    71:b3:e8:1d:41:a3:ff:87:1c:8f:41:09:c2:35:5a:
                    4f:31:29:0c:ab:08:45:25:3b:98:f2:cc:21:f9:9b:
                    70:8e:c4:65:2b:13:f5:c3:f1:62:d5:b4:d6:2d:71:
                    cb:b2:41:3a:27:49:da:39:b1:ff:a3:98:af:20:f3:
                    42:60:01:88:74:57:28:96:c0:1e:be:f9:47:c3:69:
                    69:2c:5a:d4:35:50:88:0d:f4:1a:ab:de:b7:7f:1b:
                    a2:f1:eb:31:cf:d8:f6:4d:35:1f:8f:de:37:b0:fe:
                    d8:ed:3d:01:be:bb:95:58:48:da:bd:1d:8c:fd:bf:
                    b8:bd:fa:1c:fb:16:79:72:48:b0:d1:45:dc:8c:0e:
                    24:17:08:ec:7f:1c:5d:f9:eb:fd:b5:8d:97:cf:b4:
                    8e:b7:58:02:49:0b:8e:aa:7c:2d:f4:ff:af:42:e4:
                    91:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:B5:63:DA:CD:7D:EC:E5:59:B2:5A:FC:97:47:8B:E8:13:A7:AF:7C
            X509v3 Authority Key Identifier:
                keyid:D5:38:D7:72:6A:5F:1F:33:DA:15:D8:7E:5C:8B:0E:48:F5:02:81:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1TjXcmpfHzPaFdh-XIsOSPUCgb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/ZrVj2s197OVZslr8l0eL6BOnr3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/1TjXcmpfHzPaFdh-XIsOSPUCgb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:19:08:cb:f2:fb:3b:e5:d0:74:cf:e5:15:3f:da:3c:45:d5:
         98:ac:8a:b9:e1:b1:6e:ac:82:48:ed:67:53:9d:c4:04:5b:ee:
         f0:29:56:bd:f2:30:da:7c:a5:eb:b9:8e:0f:86:f6:60:25:54:
         c4:1e:7c:c4:31:a7:6b:30:a2:99:85:e6:f6:9e:c2:ee:52:19:
         c9:13:d0:4b:00:8c:8a:a6:cd:c3:0b:5c:67:98:d7:7e:d9:a2:
         58:43:29:69:31:88:a2:c3:39:90:14:64:fa:99:e3:9a:50:19:
         e3:9c:84:80:50:a5:01:cd:9f:30:5b:03:55:fd:dd:2d:3c:6c:
         71:d6:23:bf:79:c7:80:fc:c1:ba:d6:0d:e8:bb:2a:40:09:68:
         27:0e:0b:f4:b7:78:a8:20:e2:c4:50:ff:f9:64:57:5e:35:3e:
         be:05:a4:41:74:88:89:9f:c8:74:34:b6:73:7a:5b:f3:dd:ff:
         f1:29:f5:9c:42:2f:3d:85:da:f3:6e:6c:c2:b6:ea:68:d2:91:
         f7:1a:a2:5f:c1:2c:bf:38:c1:33:d0:9f:3e:f0:3f:10:8d:91:
         bf:65:7c:0e:59:3e:c9:8b:2b:a8:9a:88:7c:43:cb:d1:f1:94:
         0a:5a:bf:8e:ea:f5:28:d6:61:99:e3:a4:b4:36:ad:f1:6d:69:
         69:a0:c7:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaGv7gx+oNJ9n096z/LiLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MzhkNzcyNmE1ZjFmMzNkYTE1ZDg3ZTVjOGIwZTQ4ZjUw
MjgxYmYwHhcNMjUwMTAxMDU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmI1NjNkYWNkN2RlY2U1NTliMjVhZmM5NzQ3OGJlODEzYTdhZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAultPRRxB7I7SeX8Ky1k+YOB2PuZN
XR/54AC+v4zHRsUNQE0jR6oVzX4yKm4Xm+TavZSj6SdujbK7SE+cQcxKYMoNQnCl
yIjVNipzSD4a70mYfB024zXIw8dxs+gdQaP/hxyPQQnCNVpPMSkMqwhFJTuY8swh
+ZtwjsRlKxP1w/Fi1bTWLXHLskE6J0naObH/o5ivIPNCYAGIdFcolsAevvlHw2lp
LFrUNVCIDfQaq963fxui8esxz9j2TTUfj943sP7Y7T0BvruVWEjavR2M/b+4vfoc
+xZ5ckiw0UXcjA4kFwjsfxxd+ev9tY2Xz7SOt1gCSQuOqnwt9P+vQuSR5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGa1Y9rNfezlWbJa/JdHi+gTp698MB8GA1UdIwQY
MBaAFNU413JqXx8z2hXYflyLDkj1AoG/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVRqWGNtcGZIelBhRmRoLVhJc09TUFVDZ2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80M2M0NTEtZTRlOS00ODU5LWI5ODUt
MmQ5ZGY0ZWY1ZjUwLzEvWnJWajJzMTk3T1Zac2xyOGwwZUw2Qk9ucjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80M2M0NTEtZTRlOS00ODU5LWI5ODUtMmQ5ZGY0ZWY1ZjUw
LzEvMVRqWGNtcGZIelBhRmRoLVhJc09TUFVDZ2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1j2MA0G
CSqGSIb3DQEBCwUAA4IBAQCjGQjL8vs75dB0z+UVP9o8RdWYrIq54bFurIJI7WdT
ncQEW+7wKVa98jDafKXruY4PhvZgJVTEHnzEMadrMKKZheb2nsLuUhnJE9BLAIyK
ps3DC1xnmNd+2aJYQylpMYiiwzmQFGT6meOaUBnjnISAUKUBzZ8wWwNV/d0tPGxx
1iO/eceA/MG61g3ouypACWgnDgv0t3ioIOLEUP/5ZFdeNT6+BaRBdIiJn8h0NLZz
elvz3f/xKfWcQi89hdrzbmzCtupo0pH3GqJfwSy/OMEz0J8+8D8QjZG/ZXwOWT7J
iyuomoh8Q8vR8ZQKWr+O6vUo1mGZ46S0Nq3xbWlpoMeX
-----END CERTIFICATE-----