Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ZzL3wR4It5l1oWO2fn2I94yVnyA.roa
File:                     ZzL3wR4It5l1oWO2fn2I94yVnyA.roa (raw, json)
Hash identifier:          qU09CT6kKowETdHTpeIh7Ldv4MHaquGw1dp+8s/nCkw=
Subject key identifier:   67:32:F7:C1:1E:08:B7:99:75:A1:63:B6:7E:7D:88:F7:8C:95:9F:20
Certificate issuer:       /CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
Certificate serial:       018E95D31FE3F09935325A2529F2AAFEA514
Authority key identifier: 8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ZzL3wR4It5l1oWO2fn2I94yVnyA.roa
Signing time:             Sun 31 Mar 2024 18:43:45 +0000
ROA not before:           Sun 31 Mar 2024 18:43:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400866
IP address blocks:        185.101.46.0/24 maxlen: 24
                          185.101.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:95:d3:1f:e3:f0:99:35:32:5a:25:29:f2:aa:fe:a5:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a5a3417fbe25c2e467c18485c181a7776f96ff4
        Validity
            Not Before: Mar 31 18:43:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6732f7c11e08b79975a163b67e7d88f78c959f20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:59:48:1f:19:24:4f:6b:ff:6c:88:f2:66:d6:
                    ba:3b:00:a8:e3:07:5d:3d:13:dd:e4:0b:3a:ca:bc:
                    0f:1d:51:13:18:b4:f5:72:55:2e:2f:bf:b7:0e:fd:
                    55:59:fb:e9:73:37:0e:e0:74:66:f2:b1:53:6a:3b:
                    73:b5:06:db:dd:81:e9:f1:3d:9a:7e:47:01:ae:1a:
                    c9:19:a7:2f:57:a6:70:9f:38:52:ce:1f:89:97:49:
                    e9:60:1d:a2:17:dd:8e:2f:60:af:d7:41:a7:f8:25:
                    0c:ab:03:b8:90:a0:13:94:28:21:d0:7a:e3:31:05:
                    ff:37:27:06:c0:42:c0:14:a9:07:49:27:66:24:23:
                    cf:b2:fb:dc:cc:0f:d3:f5:af:78:9e:99:65:26:7d:
                    43:9c:21:55:d2:85:29:42:ac:78:76:c3:97:8c:45:
                    0c:a1:88:eb:b9:be:90:a8:62:93:3e:8e:85:62:e0:
                    00:77:53:f5:d9:b8:13:35:00:b2:01:bc:4d:03:d2:
                    d6:5c:1f:f5:0f:52:ce:a9:58:97:74:c4:25:67:d0:
                    de:be:60:b4:29:7c:9b:fd:e9:a0:0f:e8:6b:12:ab:
                    f9:62:0c:68:71:ef:b3:eb:2c:c8:a5:29:25:e9:fb:
                    67:11:e7:a0:8a:c4:b3:b6:fb:19:5d:0a:71:0f:f0:
                    eb:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:32:F7:C1:1E:08:B7:99:75:A1:63:B6:7E:7D:88:F7:8C:95:9F:20
            X509v3 Authority Key Identifier:
                keyid:8A:5A:34:17:FB:E2:5C:2E:46:7C:18:48:5C:18:1A:77:76:F9:6F:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilo0F_viXC5GfBhIXBgad3b5b_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ZzL3wR4It5l1oWO2fn2I94yVnyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9c6e07-693f-46ce-8646-d7abcd0ef64a/1/ilo0F_viXC5GfBhIXBgad3b5b_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:5c:f7:79:94:54:4c:94:39:e8:ad:16:9b:f5:59:56:0f:1d:
         10:5f:83:fe:df:c5:10:68:70:21:85:9a:5b:a8:a7:32:4e:3c:
         5a:89:1f:cc:b7:f3:f2:ef:c6:99:dc:66:63:2d:2b:fe:ed:c5:
         06:06:d8:8b:08:b4:f7:e4:09:c4:60:28:22:3f:53:1d:77:b4:
         04:7f:88:1a:69:72:54:44:5d:12:78:8b:4b:54:e3:11:63:72:
         74:27:02:8a:f8:38:f4:2f:96:fe:6f:03:2b:a7:e7:0f:4d:e9:
         90:18:4f:17:3d:fa:38:1b:ac:3b:67:5e:2a:de:b7:c5:5e:1e:
         c2:05:bc:7c:07:90:26:1e:99:25:cd:34:4e:bd:19:e1:b4:7d:
         b0:f2:a5:3a:9a:c4:3c:22:3e:09:cd:6c:8d:37:d5:cd:c9:c8:
         0d:05:53:6e:62:84:5f:31:96:97:96:55:19:bb:81:1c:a9:d9:
         80:7f:4d:b0:b3:20:f5:f5:6f:2d:fb:48:01:2a:0e:74:71:75:
         44:e2:cc:78:21:39:2a:52:ab:e5:62:07:bb:db:94:0c:ae:1f:
         08:1d:79:27:1d:39:34:2a:58:db:86:bf:88:2d:dc:bf:9f:f4:
         f7:ea:5a:20:27:b7:f6:9d:0d:81:7f:ca:2b:c5:bd:1e:1a:21:
         56:fb:0d:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6V0x/j8Jk1MlolKfKq/qUUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNWEzNDE3ZmJlMjVjMmU0NjdjMTg0ODVjMTgxYTc3NzZm
OTZmZjQwHhcNMjQwMzMxMTg0MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzMyZjdjMTFlMDhiNzk5NzVhMTYzYjY3ZTdkODhmNzhjOTU5ZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkllIHxkkT2v/bIjyZta6OwCo4wdd
PRPd5As6yrwPHVETGLT1clUuL7+3Dv1VWfvpczcO4HRm8rFTajtztQbb3YHp8T2a
fkcBrhrJGacvV6ZwnzhSzh+Jl0npYB2iF92OL2Cv10Gn+CUMqwO4kKATlCgh0Hrj
MQX/NycGwELAFKkHSSdmJCPPsvvczA/T9a94npllJn1DnCFV0oUpQqx4dsOXjEUM
oYjrub6QqGKTPo6FYuAAd1P12bgTNQCyAbxNA9LWXB/1D1LOqViXdMQlZ9DevmC0
KXyb/emgD+hrEqv5Ygxoce+z6yzIpSkl6ftnEeegisSztvsZXQpxD/DruQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcy98EeCLeZdaFjtn59iPeMlZ8gMB8GA1UdIwQY
MBaAFIpaNBf74lwuRnwYSFwYGnd2+W/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYt
ZDdhYmNkMGVmNjRhLzEvWnpMM3dSNEl0NWwxb1dPMmZuMkk5NHlWbnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YzZlMDctNjkzZi00NmNlLTg2NDYtZDdhYmNkMGVmNjRh
LzEvaWxvMEZfdmlYQzVHZkJoSVhCZ2FkM2I1Yl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWUuMA0G
CSqGSIb3DQEBCwUAA4IBAQALXPd5lFRMlDnorRab9VlWDx0QX4P+38UQaHAhhZpb
qKcyTjxaiR/Mt/Py78aZ3GZjLSv+7cUGBtiLCLT35AnEYCgiP1Mdd7QEf4gaaXJU
RF0SeItLVOMRY3J0JwKK+Dj0L5b+bwMrp+cPTemQGE8XPfo4G6w7Z14q3rfFXh7C
Bbx8B5AmHpklzTROvRnhtH2w8qU6msQ8Ij4JzWyNN9XNycgNBVNuYoRfMZaXllUZ
u4EcqdmAf02wsyD19W8t+0gBKg50cXVE4sx4ITkqUqvlYge725QMrh8IHXknHTk0
Kljbhr+ILdy/n/T36logJ7f2nQ2Bf8orxb0eGiFW+w2u
-----END CERTIFICATE-----