Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/zjmuuzG6K9WSxZZNizgXyVvz-0A.roa
File:                     zjmuuzG6K9WSxZZNizgXyVvz-0A.roa (raw, json)
Hash identifier:          3Nsl1OWxJ54PmQPNBUlvRbYtSzbuDvXk8fSrYwv4N9g=
Subject key identifier:   CE:39:AE:BB:31:BA:2B:D5:92:C5:96:4D:8B:38:17:C9:5B:F3:FB:40
Certificate issuer:       /CN=ad80679b96ca322bfa85500cab206c6d47412edf
Certificate serial:       018CC26D75B1A93CE920ADC282BB1A490730
Authority key identifier: AD:80:67:9B:96:CA:32:2B:FA:85:50:0C:AB:20:6C:6D:47:41:2E:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/zjmuuzG6K9WSxZZNizgXyVvz-0A.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51540
IP address blocks:        195.42.241.0/24 maxlen: 24
                          195.42.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:75:b1:a9:3c:e9:20:ad:c2:82:bb:1a:49:07:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad80679b96ca322bfa85500cab206c6d47412edf
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce39aebb31ba2bd592c5964d8b3817c95bf3fb40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:67:13:0c:71:8e:a2:6f:17:98:7c:ae:cf:c2:
                    c9:28:81:20:a9:88:98:16:aa:9e:b1:f6:3b:da:a3:
                    2b:d6:92:e2:81:17:b6:85:de:f0:ec:df:9a:c2:a8:
                    d3:c8:58:61:0b:68:7f:c1:b4:7a:8b:02:e0:cd:e5:
                    91:98:cb:9d:37:77:8b:21:49:b2:30:b5:e7:e8:f5:
                    64:16:fa:ba:cf:f3:24:aa:6a:4a:86:68:41:94:58:
                    b2:f5:13:3a:7d:09:a5:0a:91:a2:81:43:0b:ba:3e:
                    0b:17:14:ee:a0:d6:75:55:10:7b:a1:25:21:6a:00:
                    7c:01:69:23:1e:27:a3:47:df:4a:23:01:b1:1b:6c:
                    bc:f6:f7:31:f2:41:a1:3c:5c:48:15:d7:58:90:7f:
                    5b:aa:5d:a4:30:7e:11:6c:ff:be:3d:16:d6:50:2d:
                    c5:4a:53:0a:36:f2:cc:0a:29:0b:ae:8f:3c:7c:0c:
                    6f:43:08:3c:b9:76:d7:a6:63:bd:9a:bd:e2:cb:a5:
                    e3:8d:93:be:42:4e:2f:70:f7:84:39:91:98:3f:36:
                    3f:3a:f5:63:98:fd:03:72:56:fe:12:c7:09:41:ec:
                    b0:1b:82:08:ac:9d:2e:02:7a:69:b0:1b:14:56:0e:
                    2d:7d:ea:de:77:ad:43:49:d3:c6:97:09:00:a1:06:
                    df:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:39:AE:BB:31:BA:2B:D5:92:C5:96:4D:8B:38:17:C9:5B:F3:FB:40
            X509v3 Authority Key Identifier:
                keyid:AD:80:67:9B:96:CA:32:2B:FA:85:50:0C:AB:20:6C:6D:47:41:2E:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rYBnm5bKMiv6hVAMqyBsbUdBLt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/zjmuuzG6K9WSxZZNizgXyVvz-0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a1399a-ea6b-4a09-8b40-90c0bde09869/1/rYBnm5bKMiv6hVAMqyBsbUdBLt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.42.241.0-195.42.242.255

    Signature Algorithm: sha256WithRSAEncryption
         b9:fd:bc:41:23:64:22:7d:1a:5f:7d:ff:bc:ad:25:74:ba:ea:
         64:55:fa:cd:b0:dc:2f:63:b2:62:4b:db:50:61:f4:a0:0d:e3:
         a7:54:af:bc:59:e8:17:bd:e7:46:da:40:ae:4e:50:c4:3c:50:
         a7:f9:03:8f:ce:5b:17:86:dd:fd:c7:3b:0b:fb:d0:68:e2:09:
         3f:4d:36:d4:5f:75:7f:29:05:f6:3b:7c:20:69:c9:d9:8e:5d:
         ae:77:7d:a0:ec:1d:b1:87:92:f0:00:d8:ae:10:ad:f9:c1:48:
         9a:63:b4:ca:fc:16:da:de:02:af:16:8e:44:75:76:4a:8c:c2:
         ad:bc:ba:58:9c:e5:17:e4:a5:0b:15:a2:1f:ba:77:31:9d:d7:
         58:39:44:ec:b2:c6:b3:f6:d7:b1:12:95:7d:91:8e:83:4f:f5:
         2d:dc:5e:1b:53:17:15:49:0b:d4:12:45:b4:e1:60:72:8d:1b:
         ba:1c:00:fb:10:e0:aa:68:e0:26:cc:e7:28:16:0c:f3:79:ef:
         33:7f:0f:7b:76:97:23:a2:1e:ed:75:53:cf:89:17:6c:ed:6e:
         cc:ad:ba:68:58:c4:3e:bd:1c:d1:15:f7:3f:81:6f:2c:7a:fc:
         2d:1b:d9:61:db:6e:cf:29:a5:2c:00:c2:ab:00:f9:31:cd:f7:
         07:e2:5f:aa
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzCbXWxqTzpIK3CgrsaSQcwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkODA2NzliOTZjYTMyMmJmYTg1NTAwY2FiMjA2YzZkNDc0
MTJlZGYwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTM5YWViYjMxYmEyYmQ1OTJjNTk2NGQ4YjM4MTdjOTViZjNmYjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWcTDHGOom8XmHyuz8LJKIEgqYiY
FqqesfY72qMr1pLigRe2hd7w7N+awqjTyFhhC2h/wbR6iwLgzeWRmMudN3eLIUmy
MLXn6PVkFvq6z/MkqmpKhmhBlFiy9RM6fQmlCpGigUMLuj4LFxTuoNZ1VRB7oSUh
agB8AWkjHiejR99KIwGxG2y89vcx8kGhPFxIFddYkH9bql2kMH4RbP++PRbWUC3F
SlMKNvLMCikLro88fAxvQwg8uXbXpmO9mr3iy6XjjZO+Qk4vcPeEOZGYPzY/OvVj
mP0Dclb+EscJQeywG4IIrJ0uAnppsBsUVg4tfered61DSdPGlwkAoQbf5QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFM45rrsxuivVksWWTYs4F8lb8/tAMB8GA1UdIwQY
MBaAFK2AZ5uWyjIr+oVQDKsgbG1HQS7fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcllCbm01YktNaXY2aFZBTXF5QnNiVWRCTHQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9hMTM5OWEtZWE2Yi00YTA5LThiNDAt
OTBjMGJkZTA5ODY5LzEvemptdXV6RzZLOVdTeFpaTml6Z1h5VnZ6LTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9hMTM5OWEtZWE2Yi00YTA5LThiNDAtOTBjMGJkZTA5ODY5
LzEvcllCbm01YktNaXY2aFZBTXF5QnNiVWRCTHQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADDKvED
BADDKvIwDQYJKoZIhvcNAQELBQADggEBALn9vEEjZCJ9Gl99/7ytJXS66mRV+s2w
3C9jsmJL21Bh9KAN46dUr7xZ6Be950baQK5OUMQ8UKf5A4/OWxeG3f3HOwv70Gji
CT9NNtRfdX8pBfY7fCBpydmOXa53faDsHbGHkvAA2K4QrfnBSJpjtMr8FtreAq8W
jkR1dkqMwq28ulic5RfkpQsVoh+6dzGd11g5ROyyxrP217ESlX2RjoNP9S3cXhtT
FxVJC9QSRbThYHKNG7ocAPsQ4Kpo4CbM5ygWDPN57zN/D3t2lyOiHu11U8+JF2zt
bsytumhYxD69HNEV9z+Bbyx6/C0b2WHbbs8ppSwAwqsA+THN9wfiX6o=
-----END CERTIFICATE-----