Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/zsetB9lXxTPEgEwWWpCwjj12YNg.roa
File:                     zsetB9lXxTPEgEwWWpCwjj12YNg.roa (raw, json)
Hash identifier:          Krmj1SJ+iuECQDViIisdxmCqnMEZwLnRoTzdwbkzTC0=
Subject key identifier:   CE:C7:AD:07:D9:57:C5:33:C4:80:4C:16:5A:90:B0:8E:3D:76:60:D8
Certificate issuer:       /CN=4dd1b2587490ad061cb207176bdeec81a531588c
Certificate serial:       018CC86F2332A604E8AE5AC52B79922DB313
Authority key identifier: 4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/zsetB9lXxTPEgEwWWpCwjj12YNg.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43123
IP address blocks:        195.219.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:23:32:a6:04:e8:ae:5a:c5:2b:79:92:2d:b3:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd1b2587490ad061cb207176bdeec81a531588c
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cec7ad07d957c533c4804c165a90b08e3d7660d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:44:d0:6f:d2:f0:1a:93:e1:2e:12:65:a5:60:
                    e5:3f:f4:7c:2f:30:3d:0c:fa:50:18:80:67:3b:31:
                    04:7d:c1:0d:e9:c3:6b:73:17:23:be:a2:f7:55:b2:
                    1b:b7:e9:e4:01:7f:d2:12:5e:2a:0d:ae:f0:a2:60:
                    bb:16:0c:d9:21:64:f0:a4:40:7a:16:a8:a9:5c:6d:
                    02:82:6f:99:f2:30:6c:ce:c5:6a:b8:c2:d3:dc:85:
                    c9:d7:72:0c:0b:29:98:2d:b7:88:52:a0:85:f0:45:
                    8b:00:3c:04:3d:ed:ea:52:fd:d5:6d:a5:60:dc:6a:
                    d2:18:6e:a3:bb:bb:7d:df:82:db:fc:c1:2c:a5:03:
                    06:c5:74:c4:77:05:dc:50:02:2a:79:ce:ab:9a:01:
                    00:ee:a1:81:56:ea:9e:1b:f6:20:06:f3:b2:cf:b4:
                    91:63:ea:d6:47:19:ac:9e:e6:66:cb:57:c7:21:f5:
                    c5:ee:e6:4a:9c:14:76:3d:f9:31:59:37:9e:fa:74:
                    c0:8c:e1:df:c3:38:5d:47:35:f5:9b:d7:2c:b0:02:
                    bc:93:6a:c5:04:26:82:22:0d:17:85:b8:92:2d:89:
                    08:5e:b7:7a:57:36:21:55:74:e7:fa:65:f1:a6:89:
                    37:82:bd:55:28:05:be:88:b3:35:d4:a7:78:59:71:
                    de:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:C7:AD:07:D9:57:C5:33:C4:80:4C:16:5A:90:B0:8E:3D:76:60:D8
            X509v3 Authority Key Identifier:
                keyid:4D:D1:B2:58:74:90:AD:06:1C:B2:07:17:6B:DE:EC:81:A5:31:58:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdGyWHSQrQYcsgcXa97sgaUxWIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/zsetB9lXxTPEgEwWWpCwjj12YNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/01d2af-1f21-4b80-b665-db463c5fb0b4/1/TdGyWHSQrQYcsgcXa97sgaUxWIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.219.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:66:15:97:e2:29:9b:a9:93:58:fc:12:a6:03:f3:69:2a:b1:
         13:e2:45:b5:60:ab:cc:c0:a2:64:6c:6a:5d:5b:24:5b:17:9f:
         be:3c:ad:ee:97:69:02:07:c7:04:e5:ff:fb:0f:58:6c:a7:4f:
         4a:3a:ce:eb:d0:02:de:ae:4b:b8:e8:2c:39:67:5d:1f:8e:fc:
         cd:38:40:a8:17:6f:34:c9:83:4d:aa:cf:fc:5d:73:ea:96:ec:
         9f:a9:af:7b:d1:cc:d2:cb:f1:68:09:ef:d6:12:df:a1:80:c9:
         17:00:48:8e:8e:25:be:3f:99:19:b2:25:69:e7:82:06:70:d9:
         6c:6e:6a:3d:fd:d7:d5:11:1d:b0:a3:ba:9e:99:8a:68:bc:19:
         77:6c:c2:40:12:f0:d5:fb:53:2d:cd:7a:5d:77:6b:98:ff:c6:
         35:c7:1e:d7:1f:cf:49:be:70:07:26:eb:65:7c:54:02:c3:23:
         2e:c7:ed:e2:51:0f:e8:24:d1:bf:13:4f:73:79:3b:be:1a:c2:
         79:82:52:c3:5e:97:2a:3d:9b:33:d4:ac:c6:2f:88:42:d2:c7:
         07:3b:f9:e4:d1:81:61:83:65:9e:ee:64:2c:22:22:45:97:17:
         64:03:8b:3a:35:17:23:cc:a3:73:92:f2:62:62:c8:62:51:7f:
         aa:62:69:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyMypgTorlrFK3mSLbMTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDFiMjU4NzQ5MGFkMDYxY2IyMDcxNzZiZGVlYzgxYTUz
MTU4OGMwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWM3YWQwN2Q5NTdjNTMzYzQ4MDRjMTY1YTkwYjA4ZTNkNzY2MGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUTQb9LwGpPhLhJlpWDlP/R8LzA9
DPpQGIBnOzEEfcEN6cNrcxcjvqL3VbIbt+nkAX/SEl4qDa7womC7FgzZIWTwpEB6
FqipXG0Cgm+Z8jBszsVquMLT3IXJ13IMCymYLbeIUqCF8EWLADwEPe3qUv3VbaVg
3GrSGG6ju7t934Lb/MEspQMGxXTEdwXcUAIqec6rmgEA7qGBVuqeG/YgBvOyz7SR
Y+rWRxmsnuZmy1fHIfXF7uZKnBR2PfkxWTee+nTAjOHfwzhdRzX1m9cssAK8k2rF
BCaCIg0XhbiSLYkIXrd6VzYhVXTn+mXxpok3gr1VKAW+iLM11Kd4WXHetQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM7HrQfZV8UzxIBMFlqQsI49dmDYMB8GA1UdIwQY
MBaAFE3Rslh0kK0GHLIHF2ve7IGlMViMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUt
ZGI0NjNjNWZiMGI0LzEvenNldEI5bFh4VFBFZ0V3V1dwQ3dqajEyWU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8wMWQyYWYtMWYyMS00YjgwLWI2NjUtZGI0NjNjNWZiMGI0
LzEvVGRHeVdIU1FyUVljc2djWGE5N3NnYVV4V0l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9snMA0G
CSqGSIb3DQEBCwUAA4IBAQBnZhWX4imbqZNY/BKmA/NpKrET4kW1YKvMwKJkbGpd
WyRbF5++PK3ul2kCB8cE5f/7D1hsp09KOs7r0ALerku46Cw5Z10fjvzNOECoF280
yYNNqs/8XXPqluyfqa970czSy/FoCe/WEt+hgMkXAEiOjiW+P5kZsiVp54IGcNls
bmo9/dfVER2wo7qemYpovBl3bMJAEvDV+1MtzXpdd2uY/8Y1xx7XH89JvnAHJutl
fFQCwyMux+3iUQ/oJNG/E09zeTu+GsJ5glLDXpcqPZsz1KzGL4hC0scHO/nk0YFh
g2We7mQsIiJFlxdkA4s6NRcjzKNzkvJiYshiUX+qYmmu
-----END CERTIFICATE-----