Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/z9geQajqLX4fEuy3PNQy0IwzzgY.roa
File:                     z9geQajqLX4fEuy3PNQy0IwzzgY.roa (raw, json)
Hash identifier:          JIvL3zAmwpher+kvj+pICp4mH45/hSa/ISO69pribAI=
Subject key identifier:   CF:D8:1E:41:A8:EA:2D:7E:1F:12:EC:B7:3C:D4:32:D0:8C:33:CE:06
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       01969F6443F9B06126C6102C851FCFF4D51E
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/z9geQajqLX4fEuy3PNQy0IwzzgY.roa
Signing time:             Mon 05 May 2025 07:41:10 +0000
ROA not before:           Mon 05 May 2025 07:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197328
IP address blocks:        185.4.227.0/24 maxlen: 24
                          185.150.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 17 May 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9f:64:43:f9:b0:61:26:c6:10:2c:85:1f:cf:f4:d5:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: May  5 07:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfd81e41a8ea2d7e1f12ecb73cd432d08c33ce06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:61:a0:cb:9b:c6:b5:26:15:ac:ad:ce:8d:d2:
                    bf:e0:31:d9:07:62:d7:d9:cf:9b:aa:77:d5:c6:77:
                    7b:81:9b:65:f0:d1:7d:66:30:6f:26:1b:0b:b8:77:
                    43:ac:b5:f1:92:f6:f9:93:59:da:4f:c5:79:4e:f6:
                    21:2c:f0:34:02:34:33:0c:24:eb:cb:22:41:1a:39:
                    52:5a:b6:b4:9c:68:02:a2:cd:5b:8b:b0:32:87:94:
                    35:c1:f8:a2:cb:e8:c9:d3:f6:d6:cd:17:4a:6e:d7:
                    33:ed:49:8b:99:d7:e9:ad:5e:79:5d:67:f8:f0:43:
                    44:ad:37:90:99:4a:6d:be:ac:36:d6:f3:c0:e0:6a:
                    0c:2f:59:59:3d:1a:72:99:da:2a:18:a8:46:2b:64:
                    f8:61:33:16:d7:38:e1:55:57:2d:8d:1a:5e:df:f1:
                    6c:57:90:24:14:d3:06:44:a8:88:c1:e2:d2:3f:80:
                    f1:ec:b0:01:26:f2:ad:d9:8d:86:ce:eb:01:99:7b:
                    71:df:f5:da:c2:bd:e5:85:98:1c:22:28:dc:74:32:
                    8e:29:7a:86:fd:f3:4a:b4:32:5a:f9:8f:e3:0f:e4:
                    cb:a0:43:5f:de:0e:6a:84:84:eb:a7:58:05:1a:7c:
                    11:e5:bb:e0:c6:3f:22:a0:ed:8b:7d:e6:67:96:d8:
                    4a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:D8:1E:41:A8:EA:2D:7E:1F:12:EC:B7:3C:D4:32:D0:8C:33:CE:06
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/z9geQajqLX4fEuy3PNQy0IwzzgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.227.0/24
                  185.150.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:66:19:0d:43:bf:4a:92:9b:cd:f9:0f:76:22:63:48:d5:ec:
         43:02:11:e8:63:c3:71:9c:74:09:7f:02:d6:e0:5b:a8:40:96:
         0d:80:9b:bb:d9:fd:d2:2e:fb:a7:33:4d:e4:f7:62:ad:2b:fe:
         7e:c6:9c:8c:5b:7e:b3:a3:5c:f3:a9:39:a6:a0:ff:c7:bf:e8:
         4c:ac:33:15:d1:3b:48:6c:17:f2:9d:23:a9:73:cc:3a:14:56:
         2d:96:ef:bf:5d:7b:a4:fb:86:1a:04:35:fc:a4:6c:f9:8f:be:
         b7:df:f7:5e:40:bc:7a:c0:d8:f5:cd:2f:4a:6b:85:c1:e9:0f:
         b7:9b:b8:df:fe:ca:c3:de:9c:b0:a3:db:75:e2:50:3d:54:3d:
         89:20:3d:73:ac:9f:69:35:34:53:07:85:44:7c:c1:0e:e6:ca:
         c0:80:08:e1:be:77:7d:44:bf:f7:32:c5:7c:00:3c:6f:67:82:
         d2:87:18:59:d0:3d:b8:3f:3f:14:8a:3c:b3:f0:85:fe:c6:3b:
         26:9d:ec:8d:aa:d2:11:cb:0e:32:6c:a8:10:9f:5c:40:48:92:
         c3:c7:a7:31:e5:09:82:18:95:d2:e7:99:54:7c:70:a0:a3:dd:
         fe:d3:31:41:b7:35:23:72:de:f5:87:8c:5e:b2:0b:21:b6:82:
         4a:31:b0:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZafZEP5sGEmxhAshR/P9NUeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjUwNTA1MDc0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmQ4MWU0MWE4ZWEyZDdlMWYxMmVjYjczY2Q0MzJkMDhjMzNjZTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGGgy5vGtSYVrK3OjdK/4DHZB2LX
2c+bqnfVxnd7gZtl8NF9ZjBvJhsLuHdDrLXxkvb5k1naT8V5TvYhLPA0AjQzDCTr
yyJBGjlSWra0nGgCos1bi7Ayh5Q1wfiiy+jJ0/bWzRdKbtcz7UmLmdfprV55XWf4
8ENErTeQmUptvqw21vPA4GoML1lZPRpymdoqGKhGK2T4YTMW1zjhVVctjRpe3/Fs
V5AkFNMGRKiIweLSP4Dx7LABJvKt2Y2GzusBmXtx3/Xawr3lhZgcIijcdDKOKXqG
/fNKtDJa+Y/jD+TLoENf3g5qhITrp1gFGnwR5bvgxj8ioO2LfeZnlthK1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM/YHkGo6i1+HxLstzzUMtCMM84GMB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvejlnZVFhanFMWDRmRXV5M1BOUXkwSXd6emdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuQTjAwQA
uZYCMA0GCSqGSIb3DQEBCwUAA4IBAQB0ZhkNQ79KkpvN+Q92ImNI1exDAhHoY8Nx
nHQJfwLW4FuoQJYNgJu72f3SLvunM03k92KtK/5+xpyMW36zo1zzqTmmoP/Hv+hM
rDMV0TtIbBfynSOpc8w6FFYtlu+/XXuk+4YaBDX8pGz5j7633/deQLx6wNj1zS9K
a4XB6Q+3m7jf/srD3pywo9t14lA9VD2JID1zrJ9pNTRTB4VEfMEO5srAgAjhvnd9
RL/3MsV8ADxvZ4LShxhZ0D24Pz8Uijyz8IX+xjsmneyNqtIRyw4ybKgQn1xASJLD
x6cx5QmCGJXS55lUfHCgo93+0zFBtzUjct71h4xesgshtoJKMbBj
-----END CERTIFICATE-----