Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/586f77-6f32-4b96-9838-a5894693af10/1/ZpVkBcT2Sjrp0vPKPAFgS6a_xUE.roa
File:                     ZpVkBcT2Sjrp0vPKPAFgS6a_xUE.roa (raw, json)
Hash identifier:          ECRoqrdwc5MXUo3bHWrdfjy11UKF1zOywq0hnqyD/hc=
Subject key identifier:   66:95:64:05:C4:F6:4A:3A:E9:D2:F3:CA:3C:01:60:4B:A6:BF:C5:41
Certificate issuer:       /CN=8ac14985cb544c6d23d19bb43ac93711afe91f18
Certificate serial:       018CC86F1CFFFAC89CF9E9352EFA1BE42CC1
Authority key identifier: 8A:C1:49:85:CB:54:4C:6D:23:D1:9B:B4:3A:C9:37:11:AF:E9:1F:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/isFJhctUTG0j0Zu0Osk3Ea_pHxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/586f77-6f32-4b96-9838-a5894693af10/1/ZpVkBcT2Sjrp0vPKPAFgS6a_xUE.roa
Signing time:             Tue 02 Jan 2024 04:29:34 +0000
ROA not before:           Tue 02 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51621
IP address blocks:        185.216.49.0/24 maxlen: 24
                          2a10:a900::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/586f77-6f32-4b96-9838-a5894693af10/1/isFJhctUTG0j0Zu0Osk3Ea_pHxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/586f77-6f32-4b96-9838-a5894693af10/1/isFJhctUTG0j0Zu0Osk3Ea_pHxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/isFJhctUTG0j0Zu0Osk3Ea_pHxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:02:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1c:ff:fa:c8:9c:f9:e9:35:2e:fa:1b:e4:2c:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ac14985cb544c6d23d19bb43ac93711afe91f18
        Validity
            Not Before: Jan  2 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66956405c4f64a3ae9d2f3ca3c01604ba6bfc541
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:24:bc:02:51:8e:5a:fe:c0:19:13:30:2f:dc:
                    d7:8e:08:69:a3:23:08:47:69:42:23:94:b7:9e:2c:
                    b0:aa:a5:2e:b0:ad:77:29:1e:e0:97:66:0b:dc:7d:
                    3c:90:46:df:6b:7c:d3:34:c4:e4:01:3f:4e:c5:30:
                    a0:2c:4a:a1:53:0e:70:75:4c:28:e2:fe:f3:2f:01:
                    30:d3:de:ce:83:ee:0d:1e:7f:af:e3:e6:31:1a:04:
                    74:dc:2d:a0:a8:78:ce:2e:0f:61:7e:dd:2d:90:be:
                    8a:07:e7:0b:51:47:0b:d2:21:e3:d6:d7:72:a6:bb:
                    34:81:17:6f:52:57:03:99:07:ff:8d:aa:9b:33:da:
                    a4:3a:4e:b6:34:c4:3f:96:3e:81:38:e6:93:c1:cc:
                    5f:6b:32:e8:8e:50:68:29:e8:9e:20:ff:07:08:8b:
                    38:d3:2c:7c:55:ea:29:d1:d5:5d:da:0f:c7:20:3c:
                    c6:3d:95:aa:32:80:ff:b5:4f:dc:1b:7b:b4:92:aa:
                    03:66:ab:9b:a3:f3:b3:3e:32:30:81:de:45:71:24:
                    47:94:99:12:c4:3d:e6:d7:c3:c9:93:48:ba:f9:6d:
                    8f:d0:5a:c1:05:dd:6c:f0:28:b0:60:34:4c:01:02:
                    3f:a0:a8:4d:33:0e:ce:0d:06:29:4d:71:f9:64:5d:
                    3c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:95:64:05:C4:F6:4A:3A:E9:D2:F3:CA:3C:01:60:4B:A6:BF:C5:41
            X509v3 Authority Key Identifier:
                keyid:8A:C1:49:85:CB:54:4C:6D:23:D1:9B:B4:3A:C9:37:11:AF:E9:1F:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/isFJhctUTG0j0Zu0Osk3Ea_pHxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/586f77-6f32-4b96-9838-a5894693af10/1/ZpVkBcT2Sjrp0vPKPAFgS6a_xUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/586f77-6f32-4b96-9838-a5894693af10/1/isFJhctUTG0j0Zu0Osk3Ea_pHxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.49.0/24
                IPv6:
                  2a10:a900::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:7f:02:49:e8:f5:83:6c:bc:32:07:9b:aa:c2:d1:49:18:25:
         c6:4b:98:ec:34:a5:f5:77:1c:ca:78:13:7d:e8:d3:70:ac:d2:
         4b:1c:cb:8a:d7:36:94:40:dc:34:ad:0c:6d:96:ac:69:2c:e9:
         52:58:d9:87:63:70:57:40:2f:ea:2d:a4:12:27:57:42:e7:93:
         97:48:60:0c:a6:26:48:46:0d:03:2f:c3:d9:46:5b:c5:86:d4:
         60:6f:14:87:6a:3b:af:8b:03:61:27:44:a2:fd:70:67:ae:2a:
         12:c0:af:fd:9d:b2:10:04:90:8c:af:87:86:81:9b:1b:1a:bf:
         21:2f:ac:1d:cf:e0:ed:36:a3:d4:90:48:4b:72:1a:11:a4:47:
         62:b4:8d:f8:53:f9:65:7e:ac:d0:a5:28:ca:b8:8f:87:39:03:
         80:76:41:e8:9d:33:9d:0c:e0:5c:0c:1b:02:4a:ff:32:e1:ec:
         a4:9d:08:68:b5:8b:34:1f:8c:fb:42:26:42:45:08:c5:52:ec:
         9d:c7:54:86:d8:a9:a2:75:d1:b1:a3:9f:5c:c6:6e:07:5e:90:
         3c:74:10:ae:e4:7f:03:f0:b7:f9:dc:f4:99:7f:7a:0a:a3:be:
         9b:c4:19:2d:0c:3f:d5:1e:3e:fd:3e:b6:06:bf:1b:13:84:05:
         45:d9:50:47
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbxz/+sic+ek1Lvob5CzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYzE0OTg1Y2I1NDRjNmQyM2QxOWJiNDNhYzkzNzExYWZl
OTFmMTgwHhcNMjQwMTAyMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Njk1NjQwNWM0ZjY0YTNhZTlkMmYzY2EzYzAxNjA0YmE2YmZjNTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCS8AlGOWv7AGRMwL9zXjghpoyMI
R2lCI5S3niywqqUusK13KR7gl2YL3H08kEbfa3zTNMTkAT9OxTCgLEqhUw5wdUwo
4v7zLwEw097Og+4NHn+v4+YxGgR03C2gqHjOLg9hft0tkL6KB+cLUUcL0iHj1tdy
prs0gRdvUlcDmQf/jaqbM9qkOk62NMQ/lj6BOOaTwcxfazLojlBoKeieIP8HCIs4
0yx8Veop0dVd2g/HIDzGPZWqMoD/tU/cG3u0kqoDZqubo/OzPjIwgd5FcSRHlJkS
xD3m18PJk0i6+W2P0FrBBd1s8CiwYDRMAQI/oKhNMw7ODQYpTXH5ZF08LQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGaVZAXE9ko66dLzyjwBYEumv8VBMB8GA1UdIwQY
MBaAFIrBSYXLVExtI9GbtDrJNxGv6R8YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXNGSmhjdFVURzBqMFp1ME9zazNFYV9wSHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS81ODZmNzctNmYzMi00Yjk2LTk4Mzgt
YTU4OTQ2OTNhZjEwLzEvWnBWa0JjVDJTanJwMHZQS1BBRmdTNmFfeFVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS81ODZmNzctNmYzMi00Yjk2LTk4MzgtYTU4OTQ2OTNhZjEw
LzEvaXNGSmhjdFVURzBqMFp1ME9zazNFYV9wSHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudgxMA0E
AgACMAcDBQMqEKkAMA0GCSqGSIb3DQEBCwUAA4IBAQBlfwJJ6PWDbLwyB5uqwtFJ
GCXGS5jsNKX1dxzKeBN96NNwrNJLHMuK1zaUQNw0rQxtlqxpLOlSWNmHY3BXQC/q
LaQSJ1dC55OXSGAMpiZIRg0DL8PZRlvFhtRgbxSHajuviwNhJ0Si/XBnrioSwK/9
nbIQBJCMr4eGgZsbGr8hL6wdz+DtNqPUkEhLchoRpEditI34U/llfqzQpSjKuI+H
OQOAdkHonTOdDOBcDBsCSv8y4eyknQhotYs0H4z7QiZCRQjFUuydx1SG2KmiddGx
o59cxm4HXpA8dBCu5H8D8Lf53PSZf3oKo76bxBktDD/VHj79PrYGvxsThAVF2VBH
-----END CERTIFICATE-----