Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/ZUGOIAUF7QcfJjyar2KLvgczs3w.roa
File:                     ZUGOIAUF7QcfJjyar2KLvgczs3w.roa (raw, json)
Hash identifier:          hYWt23TW4POZBD00pdsn3rVpmOTF/64UdGALhmAlXk0=
Subject key identifier:   65:41:8E:20:05:05:ED:07:1F:26:3C:9A:AF:62:8B:BE:07:33:B3:7C
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       01968057A84345BA50ADDDFEDE9B93F2C2FE
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/ZUGOIAUF7QcfJjyar2KLvgczs3w.roa
Signing time:             Tue 29 Apr 2025 06:59:10 +0000
ROA not before:           Tue 29 Apr 2025 06:59:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        185.160.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 22:19:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:80:57:a8:43:45:ba:50:ad:dd:fe:de:9b:93:f2:c2:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Apr 29 06:59:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65418e200505ed071f263c9aaf628bbe0733b37c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c3:59:47:3d:06:6f:0d:9b:3e:90:a7:73:3a:
                    21:3d:20:84:de:31:62:b8:d9:d9:4b:c3:d1:f3:dd:
                    ee:75:4b:4e:2d:7d:70:39:05:6d:38:64:90:01:64:
                    15:a7:60:da:06:85:06:6a:6c:60:65:91:f9:a3:7a:
                    1b:df:91:85:f4:af:44:be:5a:2e:8c:f1:00:38:27:
                    83:53:a1:b1:cb:be:de:74:44:c8:53:b3:3d:3e:58:
                    ae:9b:fd:a8:ce:44:a8:c2:08:3e:a9:80:87:bb:a6:
                    da:bc:09:5e:f9:15:dc:c1:b2:1f:4f:d8:b9:74:2e:
                    9d:02:1f:31:d4:4b:66:d9:46:f9:e8:27:64:05:7e:
                    a4:d1:b3:0a:06:7c:8f:3e:c4:0d:da:2f:d1:a0:72:
                    3a:e1:71:9d:e5:25:7f:85:03:b6:d6:64:e2:f9:02:
                    b5:9b:45:94:40:aa:0d:b2:5d:2b:45:be:3a:6e:1f:
                    6d:19:5d:fe:d3:c0:e5:78:02:21:6a:03:fe:f5:28:
                    fe:0a:e7:98:5b:cb:c5:76:af:15:ae:e2:30:24:b1:
                    9b:d2:1f:37:cd:f1:1a:4b:5c:38:9c:fa:6e:0f:72:
                    34:2b:ea:43:cf:3d:27:a8:ac:af:df:fc:97:f5:50:
                    c2:ab:ff:b3:fe:87:bc:7b:f4:e2:0c:90:d5:cc:81:
                    8c:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:41:8E:20:05:05:ED:07:1F:26:3C:9A:AF:62:8B:BE:07:33:B3:7C
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/ZUGOIAUF7QcfJjyar2KLvgczs3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:11:50:e2:5d:2d:df:8f:84:f6:f7:ab:a6:ef:38:50:34:ed:
         2c:4d:e6:31:d9:80:0e:2e:ba:83:a1:85:75:55:20:f9:89:25:
         ae:76:df:f1:13:0f:dd:8f:ad:8f:7a:48:80:8a:13:e5:5f:84:
         75:8f:d7:c9:e7:3a:c7:3c:10:04:9c:c3:b3:27:fa:94:c9:f4:
         95:bb:0f:5d:f9:04:61:dd:9b:65:21:c1:57:84:52:2c:7c:7b:
         5f:b0:36:85:d8:b1:75:5c:c9:69:75:2f:27:a9:b3:e4:df:7e:
         43:4f:23:14:e1:8c:56:35:69:24:11:39:63:5a:38:31:7f:77:
         63:c3:a8:e8:67:30:1d:5c:ed:82:65:1f:85:a5:67:ca:d2:f2:
         1c:24:52:65:f3:20:d1:ad:d4:31:d3:d1:1e:dd:b2:b1:b3:a8:
         8e:db:35:1a:1f:57:b3:04:3c:c6:e6:e8:6e:e8:bb:c1:31:84:
         cf:fc:82:d8:81:d5:ba:91:a2:3f:60:3d:6f:6f:9f:a4:4c:ac:
         77:23:46:06:29:41:10:d5:7d:f9:b2:4e:85:ef:17:cb:78:b7:
         77:6f:d0:21:b3:e2:41:35:6c:40:33:36:97:3a:a3:71:3c:3e:
         84:90:ff:a1:8e:e2:f7:79:4b:03:26:8a:1d:83:b9:a3:20:39:
         b2:ee:00:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaAV6hDRbpQrd3+3puT8sL+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjUwNDI5MDY1OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTQxOGUyMDA1MDVlZDA3MWYyNjNjOWFhZjYyOGJiZTA3MzNiMzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusNZRz0Gbw2bPpCnczohPSCE3jFi
uNnZS8PR893udUtOLX1wOQVtOGSQAWQVp2DaBoUGamxgZZH5o3ob35GF9K9Evlou
jPEAOCeDU6Gxy77edETIU7M9Plium/2ozkSowgg+qYCHu6bavAle+RXcwbIfT9i5
dC6dAh8x1Etm2Ub56CdkBX6k0bMKBnyPPsQN2i/RoHI64XGd5SV/hQO21mTi+QK1
m0WUQKoNsl0rRb46bh9tGV3+08DleAIhagP+9Sj+CueYW8vFdq8VruIwJLGb0h83
zfEaS1w4nPpuD3I0K+pDzz0nqKyv3/yX9VDCq/+z/oe8e/TiDJDVzIGMsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVBjiAFBe0HHyY8mq9ii74HM7N8MB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvWlVHT0lBVUY3UWNmSmp5YXIyS0x2Z2N6czN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaDBMA0G
CSqGSIb3DQEBCwUAA4IBAQBlEVDiXS3fj4T296um7zhQNO0sTeYx2YAOLrqDoYV1
VSD5iSWudt/xEw/dj62PekiAihPlX4R1j9fJ5zrHPBAEnMOzJ/qUyfSVuw9d+QRh
3ZtlIcFXhFIsfHtfsDaF2LF1XMlpdS8nqbPk335DTyMU4YxWNWkkETljWjgxf3dj
w6joZzAdXO2CZR+FpWfK0vIcJFJl8yDRrdQx09Ee3bKxs6iO2zUaH1ezBDzG5uhu
6LvBMYTP/ILYgdW6kaI/YD1vb5+kTKx3I0YGKUEQ1X35sk6F7xfLeLd3b9Ahs+JB
NWxAMzaXOqNxPD6EkP+hjuL3eUsDJoodg7mjIDmy7gBt
-----END CERTIFICATE-----