Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/Z_ui10teqBpVvNo5dUa4DuR76CQ.roa
File:                     Z_ui10teqBpVvNo5dUa4DuR76CQ.roa (raw, json)
Hash identifier:          SYTASM6M634fXgyVbz3RoahkooDJ+2ks9JmISF1d0rg=
Subject key identifier:   67:FB:A2:D7:4B:5E:A8:1A:55:BC:DA:39:75:46:B8:0E:E4:7B:E8:24
Certificate issuer:       /CN=53bbbbaa3ee24c7ad9b2c60432e14eda3849b5e2
Certificate serial:       019659CC1B339E2159CFB6FC3A3CB109A9B4
Authority key identifier: 53:BB:BB:AA:3E:E2:4C:7A:D9:B2:C6:04:32:E1:4E:DA:38:49:B5:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U7u7qj7iTHrZssYEMuFO2jhJteI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/Z_ui10teqBpVvNo5dUa4DuR76CQ.roa
Signing time:             Mon 21 Apr 2025 19:21:10 +0000
ROA not before:           Mon 21 Apr 2025 19:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12337
IP address blocks:        212.29.18.0/24 maxlen: 24
                          212.29.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/U7u7qj7iTHrZssYEMuFO2jhJteI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/U7u7qj7iTHrZssYEMuFO2jhJteI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U7u7qj7iTHrZssYEMuFO2jhJteI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 04 May 2025 10:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:59:cc:1b:33:9e:21:59:cf:b6:fc:3a:3c:b1:09:a9:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53bbbbaa3ee24c7ad9b2c60432e14eda3849b5e2
        Validity
            Not Before: Apr 21 19:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67fba2d74b5ea81a55bcda397546b80ee47be824
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:03:4e:1b:93:90:ee:83:ee:78:b1:e2:bd:bc:
                    0b:8e:d4:22:63:24:2e:2c:20:59:29:c8:e1:74:97:
                    7f:fd:28:58:25:ee:98:e1:8e:90:cc:7b:3b:a9:c5:
                    78:56:b8:73:1c:2b:7d:a7:07:e2:ad:5c:0f:35:a3:
                    00:8b:d0:16:bd:e1:0d:e1:55:8c:95:da:12:03:14:
                    05:15:a2:94:3b:10:52:c7:31:05:5b:6b:3a:06:df:
                    9a:a6:89:10:60:b9:e2:96:da:f4:1f:c2:96:e1:33:
                    48:20:34:d2:34:8a:40:63:67:eb:8c:ab:f1:7e:c3:
                    f5:d8:6a:50:da:72:b8:d8:d5:4d:ad:1a:73:48:b2:
                    14:0a:43:be:da:54:a0:78:a4:c7:d2:90:b6:c9:cb:
                    16:32:bd:e9:65:3a:65:a5:8c:a9:da:11:8c:e0:11:
                    a5:c0:70:b7:62:58:d1:43:80:c3:98:61:f8:a3:ef:
                    9e:92:89:8f:44:8f:8c:05:db:29:fb:69:1f:b2:40:
                    77:56:89:f8:44:23:d2:24:22:08:4a:fc:4d:42:0d:
                    d8:ca:01:7a:23:ca:87:f4:46:32:0f:f0:db:83:8a:
                    8b:a7:41:fa:95:0b:2d:79:56:ae:23:a5:08:86:b8:
                    37:ee:47:14:00:fe:ba:aa:f1:92:1e:e4:d7:82:9e:
                    fa:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:FB:A2:D7:4B:5E:A8:1A:55:BC:DA:39:75:46:B8:0E:E4:7B:E8:24
            X509v3 Authority Key Identifier:
                keyid:53:BB:BB:AA:3E:E2:4C:7A:D9:B2:C6:04:32:E1:4E:DA:38:49:B5:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7u7qj7iTHrZssYEMuFO2jhJteI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/Z_ui10teqBpVvNo5dUa4DuR76CQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/3394c0-4587-444e-9a25-00ecf0c4d0ef/1/U7u7qj7iTHrZssYEMuFO2jhJteI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.29.18.0/24
                  212.29.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:d9:47:15:ce:8f:5d:75:c3:77:dd:00:2c:6c:ed:76:5b:5e:
         d5:9a:8f:7c:b1:97:09:a7:1f:00:aa:45:9a:c8:e7:28:a3:02:
         59:f2:31:c6:62:54:63:30:e1:22:af:2a:a3:ca:f1:57:06:fb:
         82:e8:2f:0f:92:b8:34:95:69:3f:d2:a0:19:ae:44:25:38:04:
         6d:17:a2:5a:8a:56:4a:f4:be:7e:9d:66:ab:6f:f4:d6:f7:1a:
         7c:d5:1e:a7:a0:12:7a:f2:11:bf:ac:77:a3:80:13:b4:a1:b9:
         a6:db:b8:21:7b:4c:66:29:e5:90:56:59:bd:54:92:1d:67:7f:
         0e:50:70:34:c3:32:d8:55:48:ec:08:d1:be:ff:53:7a:85:e5:
         fd:e9:db:40:aa:62:15:f6:56:e2:41:d5:b5:a9:f8:c1:84:15:
         c5:6a:2f:12:16:3c:06:d1:7f:31:0f:5b:6e:a5:92:72:38:63:
         1e:e3:81:d3:b6:de:85:b7:2f:97:bf:7a:ba:b7:ca:45:41:62:
         80:a7:12:66:b5:95:69:db:d3:18:9a:1f:c9:7a:e9:ed:e2:df:
         b3:c8:d1:02:ae:12:68:e5:a2:94:07:01:89:79:5c:bf:89:70:
         be:f3:c4:b8:c8:69:00:02:a6:9e:2f:7a:c6:bc:81:b1:ae:ff:
         8b:12:8c:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZZzBszniFZz7b8OjyxCam0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYmJiYmFhM2VlMjRjN2FkOWIyYzYwNDMyZTE0ZWRhMzg0
OWI1ZTIwHhcNMjUwNDIxMTkyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2ZiYTJkNzRiNWVhODFhNTViY2RhMzk3NTQ2YjgwZWU0N2JlODI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3gNOG5OQ7oPueLHivbwLjtQiYyQu
LCBZKcjhdJd//ShYJe6Y4Y6QzHs7qcV4VrhzHCt9pwfirVwPNaMAi9AWveEN4VWM
ldoSAxQFFaKUOxBSxzEFW2s6Bt+apokQYLniltr0H8KW4TNIIDTSNIpAY2frjKvx
fsP12GpQ2nK42NVNrRpzSLIUCkO+2lSgeKTH0pC2ycsWMr3pZTplpYyp2hGM4BGl
wHC3YljRQ4DDmGH4o++ekomPRI+MBdsp+2kfskB3Von4RCPSJCIISvxNQg3YygF6
I8qH9EYyD/Dbg4qLp0H6lQsteVauI6UIhrg37kcUAP66qvGSHuTXgp76rwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGf7otdLXqgaVbzaOXVGuA7ke+gkMB8GA1UdIwQY
MBaAFFO7u6o+4kx62bLGBDLhTto4SbXiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTd1N3FqN2lUSHJac3NZRU11Rk8yamhKdGVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8zMzk0YzAtNDU4Ny00NDRlLTlhMjUt
MDBlY2YwYzRkMGVmLzEvWl91aTEwdGVxQnBWdk5vNWRVYTREdVI3NkNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8zMzk0YzAtNDU4Ny00NDRlLTlhMjUtMDBlY2YwYzRkMGVm
LzEvVTd1N3FqN2lUSHJac3NZRU11Rk8yamhKdGVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1B0SAwQA
1B0cMA0GCSqGSIb3DQEBCwUAA4IBAQDN2UcVzo9ddcN33QAsbO12W17Vmo98sZcJ
px8AqkWayOcoowJZ8jHGYlRjMOEiryqjyvFXBvuC6C8Pkrg0lWk/0qAZrkQlOARt
F6JailZK9L5+nWarb/TW9xp81R6noBJ68hG/rHejgBO0obmm27ghe0xmKeWQVlm9
VJIdZ38OUHA0wzLYVUjsCNG+/1N6heX96dtAqmIV9lbiQdW1qfjBhBXFai8SFjwG
0X8xD1tupZJyOGMe44HTtt6Fty+Xv3q6t8pFQWKApxJmtZVp29MYmh/Jeunt4t+z
yNECrhJo5aKUBwGJeVy/iXC+88S4yGkAAqaeL3rGvIGxrv+LEowa
-----END CERTIFICATE-----