Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/zVSaKUExhHJLuuGxs99kYQGdQi0.roa
File:                     zVSaKUExhHJLuuGxs99kYQGdQi0.roa (raw, json)
Hash identifier:          kRzk6R6AO4mRz5HhKteUKae1kEl/X9QjV+pW67bmw5E=
Subject key identifier:   CD:54:9A:29:41:31:84:72:4B:BA:E1:B1:B3:DF:64:61:01:9D:42:2D
Certificate issuer:       /CN=a608db43964b6986ec740f0b5e33f627589ac560
Certificate serial:       0196387A23B21F335D26EDF2A1491D0EEAD1
Authority key identifier: A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/zVSaKUExhHJLuuGxs99kYQGdQi0.roa
Signing time:             Tue 15 Apr 2025 08:04:10 +0000
ROA not before:           Tue 15 Apr 2025 08:04:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207952
IP address blocks:        176.96.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:38:7a:23:b2:1f:33:5d:26:ed:f2:a1:49:1d:0e:ea:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a608db43964b6986ec740f0b5e33f627589ac560
        Validity
            Not Before: Apr 15 08:04:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd549a29413184724bbae1b1b3df6461019d422d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:fe:f9:ad:79:6f:4d:04:03:2d:3e:7c:7e:6b:
                    6f:4d:55:83:42:e4:90:5b:3f:2f:b0:eb:53:16:3c:
                    22:31:1c:4a:b6:11:9b:7b:8d:2f:b0:06:bc:e2:aa:
                    c4:59:83:50:1a:72:e0:2f:a2:d4:58:70:1a:ad:aa:
                    ed:18:36:11:0a:ed:a7:bc:8a:e1:99:c6:d6:ee:cb:
                    2d:0e:dd:dc:b6:99:89:bc:0f:d2:b9:71:b4:24:13:
                    b3:11:98:44:a7:84:ac:86:9e:bd:86:a3:9f:71:d9:
                    ec:02:17:dd:b6:2d:c3:5c:87:5f:01:7d:76:65:2a:
                    bb:cd:5d:17:6e:1a:f0:eb:7d:a1:e5:77:f7:52:f9:
                    c0:1a:e8:d5:4d:dd:8d:50:f8:13:e6:8c:f5:06:9e:
                    99:13:75:c9:62:8c:7f:68:db:3b:92:ca:16:27:fd:
                    66:f5:45:79:52:d3:70:4d:03:03:ba:5c:26:d7:ec:
                    d1:e8:90:7b:10:79:1a:5a:68:75:57:c7:16:74:fd:
                    26:12:f5:56:50:68:06:42:fa:fb:31:74:92:b3:9c:
                    9d:56:4e:30:45:88:cf:b8:73:81:5f:9a:5c:da:4f:
                    33:81:6b:e4:e3:49:76:c6:4a:00:47:a8:b0:83:83:
                    00:78:b5:2b:f1:b1:10:e1:7c:60:b8:40:89:7d:11:
                    45:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:54:9A:29:41:31:84:72:4B:BA:E1:B1:B3:DF:64:61:01:9D:42:2D
            X509v3 Authority Key Identifier:
                keyid:A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/zVSaKUExhHJLuuGxs99kYQGdQi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.96.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:4d:27:da:b6:09:53:fc:47:06:60:b9:ea:a4:29:8a:dd:02:
         b7:9d:91:58:f9:48:18:12:72:17:be:99:ad:7f:a7:9f:59:f8:
         1c:ba:87:47:00:d3:d3:6e:f4:28:d6:51:03:c5:63:01:ca:67:
         de:69:6f:ec:4e:09:4a:46:c8:70:cc:d0:ce:56:e9:44:6b:22:
         de:de:da:de:51:d1:6a:81:80:4f:9c:78:71:67:b2:be:95:cc:
         7a:d4:f0:83:99:13:da:c0:ed:88:37:89:18:75:71:fb:02:5e:
         d9:28:1c:58:07:57:c2:52:6c:f1:6f:5d:e7:69:01:b0:8f:f7:
         77:d3:64:81:86:5e:19:0f:3b:80:fa:fe:32:62:8c:74:86:ba:
         40:87:73:24:de:5f:34:3c:11:6e:1e:7b:17:29:f2:3f:12:48:
         92:95:da:b9:90:1c:19:70:13:3e:86:b3:f8:75:a2:b0:7c:40:
         3d:af:f8:46:8d:91:05:99:6b:70:f8:c7:85:a2:b1:3d:94:5f:
         23:23:2c:e3:fa:1f:24:2d:e9:63:39:4a:4f:d5:53:a9:c1:09:
         fb:bf:92:7c:2b:e2:a9:ec:26:44:6c:99:24:3c:b5:4e:d2:83:
         58:ac:7b:98:c2:12:49:49:f8:36:7e:e2:68:43:5e:5e:04:ed:
         9c:69:a6:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY4eiOyHzNdJu3yoUkdDurRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MDhkYjQzOTY0YjY5ODZlYzc0MGYwYjVlMzNmNjI3NTg5
YWM1NjAwHhcNMjUwNDE1MDgwNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDU0OWEyOTQxMzE4NDcyNGJiYWUxYjFiM2RmNjQ2MTAxOWQ0MjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuv75rXlvTQQDLT58fmtvTVWDQuSQ
Wz8vsOtTFjwiMRxKthGbe40vsAa84qrEWYNQGnLgL6LUWHAarartGDYRCu2nvIrh
mcbW7sstDt3ctpmJvA/SuXG0JBOzEZhEp4Sshp69hqOfcdnsAhfdti3DXIdfAX12
ZSq7zV0Xbhrw632h5Xf3UvnAGujVTd2NUPgT5oz1Bp6ZE3XJYox/aNs7ksoWJ/1m
9UV5UtNwTQMDulwm1+zR6JB7EHkaWmh1V8cWdP0mEvVWUGgGQvr7MXSSs5ydVk4w
RYjPuHOBX5pc2k8zgWvk40l2xkoAR6iwg4MAeLUr8bEQ4XxguECJfRFF4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM1UmilBMYRyS7rhsbPfZGEBnUItMB8GA1UdIwQY
MBaAFKYI20OWS2mG7HQPC14z9idYmsVgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQt
ZDY0NjgzY2VlMTZmLzEvelZTYUtVRXhoSEpMdXVHeHM5OWtZUUdkUWkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQtZDY0NjgzY2VlMTZm
LzEvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGDkMA0G
CSqGSIb3DQEBCwUAA4IBAQB8TSfatglT/EcGYLnqpCmK3QK3nZFY+UgYEnIXvpmt
f6efWfgcuodHANPTbvQo1lEDxWMBymfeaW/sTglKRshwzNDOVulEayLe3treUdFq
gYBPnHhxZ7K+lcx61PCDmRPawO2IN4kYdXH7Al7ZKBxYB1fCUmzxb13naQGwj/d3
02SBhl4ZDzuA+v4yYox0hrpAh3Mk3l80PBFuHnsXKfI/EkiSldq5kBwZcBM+hrP4
daKwfEA9r/hGjZEFmWtw+MeForE9lF8jIyzj+h8kLeljOUpP1VOpwQn7v5J8K+Kp
7CZEbJkkPLVO0oNYrHuYwhJJSfg2fuJoQ15eBO2caaYr
-----END CERTIFICATE-----