Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/987b3c-f345-4112-9240-a4c0aba9bbeb/1/ZOWGFapmqYmYjG1ZzoOe6jNiNV8.roa
File:                     ZOWGFapmqYmYjG1ZzoOe6jNiNV8.roa (raw, json)
Hash identifier:          IAmugNWbNIxTCfUrbHxnaivO0SsEuAS4hdFkXNnQFyA=
Subject key identifier:   64:E5:86:15:AA:66:A9:89:98:8C:6D:59:CE:83:9E:EA:33:62:35:5F
Certificate issuer:       /CN=2aa3e30497620868e17acb478682ce7a0bd13534
Certificate serial:       018CC64B63031362CF09C3B5899F3C710C25
Authority key identifier: 2A:A3:E3:04:97:62:08:68:E1:7A:CB:47:86:82:CE:7A:0B:D1:35:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KqPjBJdiCGjhestHhoLOegvRNTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/987b3c-f345-4112-9240-a4c0aba9bbeb/1/ZOWGFapmqYmYjG1ZzoOe6jNiNV8.roa
Signing time:             Mon 01 Jan 2024 18:31:18 +0000
ROA not before:           Mon 01 Jan 2024 18:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202042
IP address blocks:        185.6.76.0/22 maxlen: 24
                          2a03:e40::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/987b3c-f345-4112-9240-a4c0aba9bbeb/1/KqPjBJdiCGjhestHhoLOegvRNTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/987b3c-f345-4112-9240-a4c0aba9bbeb/1/KqPjBJdiCGjhestHhoLOegvRNTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KqPjBJdiCGjhestHhoLOegvRNTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:63:03:13:62:cf:09:c3:b5:89:9f:3c:71:0c:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2aa3e30497620868e17acb478682ce7a0bd13534
        Validity
            Not Before: Jan  1 18:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64e58615aa66a989988c6d59ce839eea3362355f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:28:2e:04:12:63:75:a0:05:1d:c8:93:dd:65:
                    d4:c3:00:b8:fa:4f:0a:e4:fc:8e:44:dc:0a:65:5d:
                    94:14:e3:0e:fe:00:03:6e:e5:aa:1b:98:c7:29:85:
                    3f:ab:82:54:92:28:f1:f3:5f:bf:df:7c:37:bb:50:
                    30:bd:07:7e:7b:d6:ce:07:b1:a8:be:cb:4c:60:f0:
                    3c:50:b4:42:c8:e8:03:71:b8:98:99:78:72:2c:04:
                    c1:e0:b0:08:60:1a:ec:b7:5e:f4:0a:d9:32:37:59:
                    59:28:09:63:fa:01:4a:cb:06:11:f4:32:85:a8:1a:
                    02:73:75:53:10:14:03:c7:66:59:2a:a5:7b:1f:2d:
                    cc:1b:f2:aa:cd:39:6f:c9:4e:eb:93:09:a6:b8:01:
                    39:fc:60:28:bb:21:ff:03:6e:e4:8d:17:9a:92:74:
                    e3:b7:1a:09:7f:3f:48:5b:50:a8:71:9d:a5:c3:51:
                    a0:6b:48:f2:4a:62:d5:da:3f:a8:7e:5c:5c:98:9a:
                    ad:62:73:05:46:44:b4:76:f6:fa:22:f1:3f:e5:ad:
                    0d:94:97:a3:b3:a2:ae:1e:de:19:89:76:c7:08:34:
                    01:92:5d:07:7e:84:48:e8:07:c2:3f:8d:e4:97:61:
                    5e:71:0d:e2:1c:a7:9a:5a:80:c9:8e:22:a3:03:78:
                    63:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:E5:86:15:AA:66:A9:89:98:8C:6D:59:CE:83:9E:EA:33:62:35:5F
            X509v3 Authority Key Identifier:
                keyid:2A:A3:E3:04:97:62:08:68:E1:7A:CB:47:86:82:CE:7A:0B:D1:35:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KqPjBJdiCGjhestHhoLOegvRNTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/987b3c-f345-4112-9240-a4c0aba9bbeb/1/ZOWGFapmqYmYjG1ZzoOe6jNiNV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/987b3c-f345-4112-9240-a4c0aba9bbeb/1/KqPjBJdiCGjhestHhoLOegvRNTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.6.76.0/22
                IPv6:
                  2a03:e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:1d:d3:1c:67:6c:8d:0e:cf:e4:5a:3d:d1:0d:17:36:91:ad:
         68:21:5c:41:9c:57:38:12:5c:2c:7c:b9:ea:da:26:fd:85:aa:
         22:0b:47:5c:2d:ba:6b:8c:88:52:74:48:4c:52:9a:6b:d7:70:
         19:13:da:2b:94:7a:98:c0:be:97:fc:34:d5:00:85:35:61:60:
         73:df:b1:7c:68:74:d9:47:bc:25:7e:bb:ca:7d:78:c6:3f:00:
         ac:72:61:51:1c:47:f6:4c:f6:79:de:90:41:95:f7:22:7c:4a:
         46:de:26:4c:c1:b5:ca:0d:f9:58:f4:73:ff:24:6a:81:4e:a0:
         dc:db:25:12:1e:ef:54:12:10:2e:5d:9e:13:d5:4a:d5:a8:96:
         cb:9f:58:c2:99:3d:91:50:1d:2a:ea:cd:47:e7:04:08:41:6b:
         c0:38:87:68:42:d5:32:bf:db:18:2f:c6:c0:49:d2:8a:24:1c:
         8e:a1:51:3f:43:32:fd:74:93:ab:a4:5f:6c:63:14:4a:97:18:
         c7:15:a9:bf:86:ac:cb:62:ca:6d:48:4f:b9:02:c7:ba:4a:df:
         f5:92:f2:79:aa:9c:37:74:e2:ae:e4:d7:25:75:82:4a:96:5c:
         c3:ed:0c:1b:93:dc:9f:c4:8a:59:59:ab:e1:07:ba:df:c3:c4:
         9d:0b:17:9e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGS2MDE2LPCcO1iZ88cQwlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYTNlMzA0OTc2MjA4NjhlMTdhY2I0Nzg2ODJjZTdhMGJk
MTM1MzQwHhcNMjQwMTAxMTgzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGU1ODYxNWFhNjZhOTg5OTg4YzZkNTljZTgzOWVlYTMzNjIzNTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCguBBJjdaAFHciT3WXUwwC4+k8K
5PyORNwKZV2UFOMO/gADbuWqG5jHKYU/q4JUkijx81+/33w3u1AwvQd+e9bOB7Go
vstMYPA8ULRCyOgDcbiYmXhyLATB4LAIYBrst170CtkyN1lZKAlj+gFKywYR9DKF
qBoCc3VTEBQDx2ZZKqV7Hy3MG/KqzTlvyU7rkwmmuAE5/GAouyH/A27kjReaknTj
txoJfz9IW1CocZ2lw1Gga0jySmLV2j+oflxcmJqtYnMFRkS0dvb6IvE/5a0NlJej
s6KuHt4ZiXbHCDQBkl0HfoRI6AfCP43kl2FecQ3iHKeaWoDJjiKjA3hjaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGTlhhWqZqmJmIxtWc6DnuozYjVfMB8GA1UdIwQY
MBaAFCqj4wSXYgho4XrLR4aCznoL0TU0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3FQakJKZGlDR2poZXN0SGhvTE9lZ3ZSTlRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS85ODdiM2MtZjM0NS00MTEyLTkyNDAt
YTRjMGFiYTliYmViLzEvWk9XR0ZhcG1xWW1ZakcxWnpvT2U2ak5pTlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS85ODdiM2MtZjM0NS00MTEyLTkyNDAtYTRjMGFiYTliYmVi
LzEvS3FQakJKZGlDR2poZXN0SGhvTE9lZ3ZSTlRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQZMMA0E
AgACMAcDBQAqAw5AMA0GCSqGSIb3DQEBCwUAA4IBAQAgHdMcZ2yNDs/kWj3RDRc2
ka1oIVxBnFc4ElwsfLnq2ib9haoiC0dcLbprjIhSdEhMUppr13AZE9orlHqYwL6X
/DTVAIU1YWBz37F8aHTZR7wlfrvKfXjGPwCscmFRHEf2TPZ53pBBlfcifEpG3iZM
wbXKDflY9HP/JGqBTqDc2yUSHu9UEhAuXZ4T1UrVqJbLn1jCmT2RUB0q6s1H5wQI
QWvAOIdoQtUyv9sYL8bASdKKJByOoVE/QzL9dJOrpF9sYxRKlxjHFam/hqzLYspt
SE+5Ase6St/1kvJ5qpw3dOKu5NcldYJKllzD7Qwbk9yfxIpZWavhB7rfw8SdCxee
-----END CERTIFICATE-----