Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/9b19b5-43bb-4744-93cb-6ed10ebb933f/1/02ZPMrkxrv9TSRNG7JSudAlDYd8.roa
File:                     02ZPMrkxrv9TSRNG7JSudAlDYd8.roa (raw, json)
Hash identifier:          1pjHbb+bmeJiA9CJ5xGCBjxXea42uVA7wH4sLUyonyA=
Subject key identifier:   D3:66:4F:32:B9:31:AE:FF:53:49:13:46:EC:94:AE:74:09:43:61:DF
Certificate issuer:       /CN=6c5377bb9da41caa1176f432262dcaa99c476f9a
Certificate serial:       0194252171F226CD1C9CD325EA6C08E61328
Authority key identifier: 6C:53:77:BB:9D:A4:1C:AA:11:76:F4:32:26:2D:CA:A9:9C:47:6F:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bFN3u52kHKoRdvQyJi3KqZxHb5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/9b19b5-43bb-4744-93cb-6ed10ebb933f/1/02ZPMrkxrv9TSRNG7JSudAlDYd8.roa
Signing time:             Thu 02 Jan 2025 03:48:56 +0000
ROA not before:           Thu 02 Jan 2025 03:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12843
IP address blocks:        185.202.196.0/22 maxlen: 22
                          2a0a:dc40::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/9b19b5-43bb-4744-93cb-6ed10ebb933f/1/bFN3u52kHKoRdvQyJi3KqZxHb5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/9b19b5-43bb-4744-93cb-6ed10ebb933f/1/bFN3u52kHKoRdvQyJi3KqZxHb5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bFN3u52kHKoRdvQyJi3KqZxHb5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:71:f2:26:cd:1c:9c:d3:25:ea:6c:08:e6:13:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c5377bb9da41caa1176f432262dcaa99c476f9a
        Validity
            Not Before: Jan  2 03:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3664f32b931aeff53491346ec94ae74094361df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:93:d0:67:f7:48:2f:54:d4:a9:0f:9b:e3:53:
                    19:ad:f6:1d:3e:56:ec:55:4a:d8:4f:80:b1:77:f1:
                    6f:99:b3:90:a9:19:7e:42:10:df:77:db:b4:1e:bc:
                    65:44:e9:da:60:45:75:3b:3b:9a:26:d1:d0:47:f8:
                    5a:01:04:0e:01:7a:93:7e:81:03:c2:d6:53:43:bb:
                    db:2f:a9:4a:52:3b:d9:5c:d5:99:a3:8e:ce:b3:94:
                    65:89:f6:a9:26:ce:77:a5:9a:10:c7:5c:13:06:44:
                    d3:05:1a:40:c9:9b:da:18:f2:2a:7b:e2:69:e6:7f:
                    74:12:34:57:a3:ef:34:c8:d0:87:74:05:25:9c:6a:
                    4a:68:3f:04:0d:7a:43:41:bc:10:d9:2f:2b:b7:1e:
                    28:fe:6b:fa:6e:74:67:31:fc:f7:b5:ab:74:ab:da:
                    8c:19:0e:06:6a:61:ae:36:a8:98:81:51:fa:c1:ba:
                    f2:31:ea:74:7d:dd:fb:36:e1:da:d6:25:98:a6:4b:
                    c0:90:11:45:01:4f:a3:cf:4e:ba:b0:ec:65:ec:d7:
                    9e:c0:b3:38:bd:4d:04:a0:e9:e9:bc:3b:7d:bd:d8:
                    03:19:bd:43:63:76:89:16:75:c6:19:3c:42:68:c0:
                    4d:11:25:4e:e7:8c:45:54:1e:0b:33:d9:d2:01:79:
                    08:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:66:4F:32:B9:31:AE:FF:53:49:13:46:EC:94:AE:74:09:43:61:DF
            X509v3 Authority Key Identifier:
                keyid:6C:53:77:BB:9D:A4:1C:AA:11:76:F4:32:26:2D:CA:A9:9C:47:6F:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bFN3u52kHKoRdvQyJi3KqZxHb5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/9b19b5-43bb-4744-93cb-6ed10ebb933f/1/02ZPMrkxrv9TSRNG7JSudAlDYd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/9b19b5-43bb-4744-93cb-6ed10ebb933f/1/bFN3u52kHKoRdvQyJi3KqZxHb5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.196.0/22
                IPv6:
                  2a0a:dc40::/30

    Signature Algorithm: sha256WithRSAEncryption
         01:8b:53:f1:18:ed:53:9c:0c:d4:cf:7f:39:e3:e2:39:9c:ec:
         1e:77:39:a2:e5:62:a2:ce:81:f7:9b:2f:06:0b:45:a9:d8:41:
         2e:c0:5b:d8:72:67:79:7a:75:1c:37:d9:e9:3c:00:19:59:b8:
         7c:4f:c6:22:d0:82:23:57:5c:62:56:6c:b4:e8:e8:d9:2c:78:
         ac:70:65:6b:1e:f6:c9:5a:9f:60:75:77:2f:d9:75:2f:8e:ed:
         68:35:10:14:71:b9:fc:d5:e2:94:95:66:3b:08:36:05:2f:5e:
         b4:3c:85:3c:8b:8a:d7:91:e5:16:9f:05:bb:f6:fc:da:50:25:
         07:b6:be:c4:fa:8c:0f:cf:61:85:a1:29:26:f5:34:dd:11:27:
         b2:e7:f0:3b:e4:50:2e:35:64:7b:c7:8e:75:d4:5a:89:4e:38:
         e9:e8:fb:88:6b:34:a0:1c:e3:a3:7a:75:e1:50:44:3b:b5:89:
         75:63:99:66:38:10:e7:ee:8d:52:a4:40:b0:d3:d5:3c:2a:66:
         94:ae:28:4a:b2:0b:53:71:2d:39:a7:1a:7d:bf:63:87:0e:20:
         79:2e:76:d5:a7:48:4a:e7:87:2f:c9:56:cd:89:f5:09:77:79:
         38:b2:b7:93:65:4d:04:6d:2a:6c:6f:41:88:f4:90:fb:18:ad:
         1a:04:31:6f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIXHyJs0cnNMl6mwI5hMoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjNTM3N2JiOWRhNDFjYWExMTc2ZjQzMjI2MmRjYWE5OWM0
NzZmOWEwHhcNMjUwMTAyMDM0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzY2NGYzMmI5MzFhZWZmNTM0OTEzNDZlYzk0YWU3NDA5NDM2MWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJPQZ/dIL1TUqQ+b41MZrfYdPlbs
VUrYT4Cxd/FvmbOQqRl+QhDfd9u0HrxlROnaYEV1OzuaJtHQR/haAQQOAXqTfoED
wtZTQ7vbL6lKUjvZXNWZo47Os5RlifapJs53pZoQx1wTBkTTBRpAyZvaGPIqe+Jp
5n90EjRXo+80yNCHdAUlnGpKaD8EDXpDQbwQ2S8rtx4o/mv6bnRnMfz3tat0q9qM
GQ4GamGuNqiYgVH6wbryMep0fd37NuHa1iWYpkvAkBFFAU+jz066sOxl7NeewLM4
vU0EoOnpvDt9vdgDGb1DY3aJFnXGGTxCaMBNESVO54xFVB4LM9nSAXkI3wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNNmTzK5Ma7/U0kTRuyUrnQJQ2HfMB8GA1UdIwQY
MBaAFGxTd7udpByqEXb0MiYtyqmcR2+aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkZOM3U1MmtIS29SZHZReUppM0txWnhIYjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS85YjE5YjUtNDNiYi00NzQ0LTkzY2It
NmVkMTBlYmI5MzNmLzEvMDJaUE1ya3hydjlUU1JORzdKU3VkQWxEWWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS85YjE5YjUtNDNiYi00NzQ0LTkzY2ItNmVkMTBlYmI5MzNm
LzEvYkZOM3U1MmtIS29SZHZReUppM0txWnhIYjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucrEMA0E
AgACMAcDBQIqCtxAMA0GCSqGSIb3DQEBCwUAA4IBAQABi1PxGO1TnAzUz3854+I5
nOwedzmi5WKizoH3my8GC0Wp2EEuwFvYcmd5enUcN9npPAAZWbh8T8Yi0IIjV1xi
Vmy06OjZLHiscGVrHvbJWp9gdXcv2XUvju1oNRAUcbn81eKUlWY7CDYFL160PIU8
i4rXkeUWnwW79vzaUCUHtr7E+owPz2GFoSkm9TTdESey5/A75FAuNWR7x4511FqJ
Tjjp6PuIazSgHOOjenXhUEQ7tYl1Y5lmOBDn7o1SpECw09U8KmaUrihKsgtTcS05
pxp9v2OHDiB5LnbVp0hK54cvyVbNifUJd3k4sreTZU0EbSpsb0GI9JD7GK0aBDFv
-----END CERTIFICATE-----