Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/ZO2r_0J0lCNgdBd5fX19tQ6i6ek.roa
File:                     ZO2r_0J0lCNgdBd5fX19tQ6i6ek.roa (raw, json)
Hash identifier:          lwbd86Yb6ne9PDHe5xGzZ+f3a6j9Yesh6+q/zbhLhlw=
Subject key identifier:   64:ED:AB:FF:42:74:94:23:60:74:17:79:7D:7D:7D:B5:0E:A2:E9:E9
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C7D3217156214FC237FCE320D9EA2
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/ZO2r_0J0lCNgdBd5fX19tQ6i6ek.roa
Signing time:             Thu 02 Jan 2025 09:50:31 +0000
ROA not before:           Thu 02 Jan 2025 09:50:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48421
IP address blocks:        2.63.192.0/24 maxlen: 24
                          87.242.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:7d:32:17:15:62:14:fc:23:7f:ce:32:0d:9e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64edabff42749423607417797d7d7db50ea2e9e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c7:f0:84:e4:27:cb:ec:87:8f:76:72:d4:61:
                    16:17:96:8a:1b:ae:30:05:5f:98:24:58:d6:60:d1:
                    e5:36:ff:3b:54:d3:ef:fd:e9:55:9c:b3:bf:1f:a1:
                    b7:41:e2:3f:28:0b:77:45:89:7b:df:92:77:af:27:
                    57:62:e1:c0:18:79:75:82:0d:27:69:65:83:80:ca:
                    4e:39:ef:7b:3e:cd:ad:b6:09:ad:1d:b7:21:d1:1c:
                    8f:46:92:46:ac:19:94:3c:93:08:4f:71:be:20:c3:
                    78:c8:b4:1d:19:26:f7:10:5f:80:b3:64:f3:e6:74:
                    e1:b6:b6:74:c2:77:e3:37:27:bf:e9:2c:fe:21:09:
                    a7:ec:3a:87:82:17:6b:76:a2:59:50:15:82:65:30:
                    26:7d:8c:4f:a9:7a:e0:78:8c:a1:16:62:3e:72:ee:
                    b0:45:a8:dd:84:75:8b:2a:45:4d:10:f2:ea:28:b3:
                    ee:cb:04:0d:67:dd:9f:fc:1c:2d:56:dc:60:97:cf:
                    94:7b:e1:14:59:27:e7:72:a8:25:43:fc:0d:a9:b4:
                    c5:45:af:4d:73:d4:f8:6c:ac:e9:a4:18:0a:3e:09:
                    39:74:72:80:a1:15:c5:30:aa:5b:8f:47:dc:21:72:
                    d6:c4:8e:99:49:55:95:59:7e:c1:13:73:c1:aa:94:
                    d0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:ED:AB:FF:42:74:94:23:60:74:17:79:7D:7D:7D:B5:0E:A2:E9:E9
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/ZO2r_0J0lCNgdBd5fX19tQ6i6ek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.63.192.0/24
                  87.242.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:24:05:c0:53:6f:42:b4:06:66:c7:82:0c:1a:11:8d:d8:76:
         dc:4f:c5:d0:19:ca:ca:89:3f:b7:3e:fd:08:c7:65:8b:c6:a6:
         c9:b5:52:e0:25:59:ce:fe:1c:8a:c0:09:ca:c6:5b:08:22:03:
         98:7f:ef:87:0c:ba:3a:d0:8a:5c:9c:45:cc:ef:1c:16:59:d3:
         55:4c:02:81:99:11:a0:8e:66:4f:76:0a:b5:c0:a9:0d:79:82:
         09:38:dc:76:ac:38:b1:3b:72:53:4e:5b:9a:7a:a1:d4:3b:f4:
         d7:df:bb:97:bf:5d:50:fd:e8:72:3b:15:6f:7b:f6:23:0c:8e:
         6d:78:e3:ae:75:fb:30:39:23:66:9f:ee:7a:83:e1:f5:c0:1d:
         72:d8:b0:70:01:be:c3:72:5f:a0:2c:f0:e8:4f:f4:0b:4d:6f:
         a8:9c:1c:db:76:4a:0a:5b:ab:09:51:57:6f:82:2f:af:bc:dd:
         40:61:2e:26:64:09:88:30:f2:f0:78:4f:c7:f4:e7:04:ab:fd:
         8a:84:0c:0b:6a:b8:15:a3:38:e9:bb:d2:95:85:cf:5f:d1:23:
         89:ad:54:2a:69:1a:f8:d8:af:d3:1b:d4:3e:19:f9:fb:97:3e:
         1e:78:d9:f6:c4:b8:99:58:6b:52:6b:a8:0e:01:1f:c5:74:77:
         09:55:9d:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQmbH0yFxViFPwjf84yDZ6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGVkYWJmZjQyNzQ5NDIzNjA3NDE3Nzk3ZDdkN2RiNTBlYTJlOWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcfwhOQny+yHj3Zy1GEWF5aKG64w
BV+YJFjWYNHlNv87VNPv/elVnLO/H6G3QeI/KAt3RYl735J3rydXYuHAGHl1gg0n
aWWDgMpOOe97Ps2ttgmtHbch0RyPRpJGrBmUPJMIT3G+IMN4yLQdGSb3EF+As2Tz
5nThtrZ0wnfjNye/6Sz+IQmn7DqHghdrdqJZUBWCZTAmfYxPqXrgeIyhFmI+cu6w
RajdhHWLKkVNEPLqKLPuywQNZ92f/BwtVtxgl8+Ue+EUWSfncqglQ/wNqbTFRa9N
c9T4bKzppBgKPgk5dHKAoRXFMKpbj0fcIXLWxI6ZSVWVWX7BE3PBqpTQZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGTtq/9CdJQjYHQXeX19fbUOounpMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvWk8ycl8wSjBsQ05nZEJkNWZYMTl0UTZpNmVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAj/AAwQA
V/JCMA0GCSqGSIb3DQEBCwUAA4IBAQBQJAXAU29CtAZmx4IMGhGN2HbcT8XQGcrK
iT+3Pv0Ix2WLxqbJtVLgJVnO/hyKwAnKxlsIIgOYf++HDLo60IpcnEXM7xwWWdNV
TAKBmRGgjmZPdgq1wKkNeYIJONx2rDixO3JTTluaeqHUO/TX37uXv11Q/ehyOxVv
e/YjDI5teOOudfswOSNmn+56g+H1wB1y2LBwAb7Dcl+gLPDoT/QLTW+onBzbdkoK
W6sJUVdvgi+vvN1AYS4mZAmIMPLweE/H9OcEq/2KhAwLargVozjpu9KVhc9f0SOJ
rVQqaRr42K/TG9Q+Gfn7lz4eeNn2xLiZWGtSa6gOAR/FdHcJVZ3K
-----END CERTIFICATE-----