Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/rzNtqibxO6_UiLoaKbvclbVtzdY.roa
File:                     rzNtqibxO6_UiLoaKbvclbVtzdY.roa (raw, json)
Hash identifier:          usyHMWRWGdUTBwM1WiN7oQ/DTqUHjwTmL5djbLqDl1E=
Subject key identifier:   AF:33:6D:AA:26:F1:3B:AF:D4:88:BA:1A:29:BB:DC:95:B5:6D:CD:D6
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       01966BF2676C1C3F00C16F985E306BD7A572
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/rzNtqibxO6_UiLoaKbvclbVtzdY.roa
Signing time:             Fri 25 Apr 2025 07:56:10 +0000
ROA not before:           Fri 25 Apr 2025 07:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212165
IP address blocks:        109.120.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 13:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6b:f2:67:6c:1c:3f:00:c1:6f:98:5e:30:6b:d7:a5:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Apr 25 07:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af336daa26f13bafd488ba1a29bbdc95b56dcdd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:41:3d:4f:5d:b9:5e:5c:cd:f5:19:7c:2d:57:
                    26:a5:e7:fe:dc:60:f1:c0:c3:e2:65:dc:3d:e0:2e:
                    19:f6:7d:7e:54:26:ab:28:e6:84:38:a9:87:bb:12:
                    ff:cf:01:7e:99:5b:3e:29:92:f8:db:2d:04:93:10:
                    7c:f4:2f:e2:65:db:14:80:9f:01:13:50:cc:31:f0:
                    f0:05:f5:1d:ec:54:f3:7c:d4:39:b2:f7:87:08:30:
                    ab:79:01:09:75:83:9c:13:eb:37:7c:04:52:72:37:
                    85:9d:52:62:20:20:3e:8d:92:46:3a:14:83:98:a7:
                    b3:8c:f6:82:70:a1:6c:8a:ee:80:6c:98:23:92:46:
                    e2:dc:b3:8e:57:41:48:28:c0:be:09:fa:cf:c7:6d:
                    34:20:d1:64:66:65:41:e1:25:ad:a0:b1:39:46:dd:
                    af:e4:0f:4e:5e:de:0d:ed:2d:3e:99:6a:f8:68:d0:
                    b1:47:02:a3:c5:03:3e:1e:eb:a0:ea:82:0a:0b:c2:
                    0f:98:f0:fe:ca:fc:05:d3:3a:56:69:07:7e:9a:02:
                    63:1b:84:fb:ad:00:34:6c:77:6c:31:db:45:4f:85:
                    87:87:ee:3d:16:04:eb:54:33:a5:f7:ef:34:b1:48:
                    53:ab:b6:8c:6f:4e:34:87:dd:e7:9d:51:7e:3d:31:
                    28:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:33:6D:AA:26:F1:3B:AF:D4:88:BA:1A:29:BB:DC:95:B5:6D:CD:D6
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/rzNtqibxO6_UiLoaKbvclbVtzdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.120.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:d2:c1:56:0d:03:ac:ce:5a:cb:69:c4:f9:75:55:ec:b5:5e:
         c2:29:bc:88:57:fc:dc:0d:57:ae:31:23:b0:6c:88:50:98:6e:
         07:3b:4e:e6:42:c7:27:62:3c:b5:98:c4:e1:36:20:d1:d2:1f:
         93:54:94:b4:d5:f2:91:26:72:e2:19:19:7d:4c:62:8f:f8:15:
         c1:48:73:b5:d4:37:38:cd:f7:bc:97:9b:65:54:2e:21:12:96:
         6a:b9:1a:42:83:f0:ac:92:c8:31:71:7b:b5:3e:49:bf:9f:f7:
         9e:13:ed:32:8b:13:14:dc:a6:fe:82:0d:9f:2c:3b:5e:5e:d7:
         5c:91:dc:bd:3e:b5:5f:41:17:92:1f:91:2c:06:3c:4b:e0:09:
         60:60:49:f6:cd:fb:81:e7:a5:3f:b6:6a:ee:67:6e:ec:39:17:
         3a:8a:23:4c:17:d5:21:2e:c5:7e:9a:89:4f:15:ad:37:88:68:
         b3:33:48:6b:37:04:b8:b0:95:ce:dd:04:b0:50:98:a6:fa:a4:
         97:d7:62:69:f9:d3:6b:6d:ac:79:96:a3:de:13:fd:1c:4c:64:
         9b:9d:ac:fd:69:b7:f4:f1:d4:99:c9:8d:f6:87:33:1b:2d:53:
         db:1e:c3:3f:b2:6a:63:2b:31:12:98:07:a6:04:90:20:5e:7f:
         76:3f:6c:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZr8mdsHD8AwW+YXjBr16VyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjUwNDI1MDc1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjMzNmRhYTI2ZjEzYmFmZDQ4OGJhMWEyOWJiZGM5NWI1NmRjZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UE9T125XlzN9Rl8LVcmpef+3GDx
wMPiZdw94C4Z9n1+VCarKOaEOKmHuxL/zwF+mVs+KZL42y0EkxB89C/iZdsUgJ8B
E1DMMfDwBfUd7FTzfNQ5sveHCDCreQEJdYOcE+s3fARScjeFnVJiICA+jZJGOhSD
mKezjPaCcKFsiu6AbJgjkkbi3LOOV0FIKMC+CfrPx200INFkZmVB4SWtoLE5Rt2v
5A9OXt4N7S0+mWr4aNCxRwKjxQM+Huug6oIKC8IPmPD+yvwF0zpWaQd+mgJjG4T7
rQA0bHdsMdtFT4WHh+49FgTrVDOl9+80sUhTq7aMb040h93nnVF+PTEonQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8zbaom8Tuv1Ii6Gim73JW1bc3WMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvcnpOdHFpYnhPNl9VaUxvYUtidmNsYlZ0emRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXifMA0G
CSqGSIb3DQEBCwUAA4IBAQBh0sFWDQOszlrLacT5dVXstV7CKbyIV/zcDVeuMSOw
bIhQmG4HO07mQscnYjy1mMThNiDR0h+TVJS01fKRJnLiGRl9TGKP+BXBSHO11Dc4
zfe8l5tlVC4hEpZquRpCg/CsksgxcXu1Pkm/n/eeE+0yixMU3Kb+gg2fLDteXtdc
kdy9PrVfQReSH5EsBjxL4AlgYEn2zfuB56U/tmruZ27sORc6iiNMF9UhLsV+molP
Fa03iGizM0hrNwS4sJXO3QSwUJim+qSX12Jp+dNrbax5lqPeE/0cTGSbnaz9abf0
8dSZyY32hzMbLVPbHsM/smpjKzESmAemBJAgXn92P2x3
-----END CERTIFICATE-----