Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/6d74fd-5bb9-42f8-bb51-0d9cd7e8ff36/1/z8Hb0geikKB_RiZ11VTNPag117E.roa
File:                     z8Hb0geikKB_RiZ11VTNPag117E.roa (raw, json)
Hash identifier:          euctAZ5NBLVYmnhQ1pHyOP17Ot7hcxhndr/jkttDfmI=
Subject key identifier:   CF:C1:DB:D2:07:A2:90:A0:7F:46:26:75:D5:54:CD:3D:A8:35:D7:B1
Certificate issuer:       /CN=01d6ef0479f9fdfa826657dfd8e0ef3668ca1abf
Certificate serial:       018CC793EF6D7071956B55A95D70FB6D46AA
Authority key identifier: 01:D6:EF:04:79:F9:FD:FA:82:66:57:DF:D8:E0:EF:36:68:CA:1A:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AdbvBHn5_fqCZlff2ODvNmjKGr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/6d74fd-5bb9-42f8-bb51-0d9cd7e8ff36/1/z8Hb0geikKB_RiZ11VTNPag117E.roa
Signing time:             Tue 02 Jan 2024 00:30:10 +0000
ROA not before:           Tue 02 Jan 2024 00:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2852
IP address blocks:        147.33.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/6d74fd-5bb9-42f8-bb51-0d9cd7e8ff36/1/AdbvBHn5_fqCZlff2ODvNmjKGr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/6d74fd-5bb9-42f8-bb51-0d9cd7e8ff36/1/AdbvBHn5_fqCZlff2ODvNmjKGr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AdbvBHn5_fqCZlff2ODvNmjKGr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:ef:6d:70:71:95:6b:55:a9:5d:70:fb:6d:46:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01d6ef0479f9fdfa826657dfd8e0ef3668ca1abf
        Validity
            Not Before: Jan  2 00:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfc1dbd207a290a07f462675d554cd3da835d7b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:04:75:e6:76:34:75:96:0d:70:20:7c:63:a0:
                    f8:c9:14:8b:21:91:ad:fb:81:60:d9:bb:17:a4:8d:
                    c7:8f:b7:1f:df:08:d5:36:df:58:d3:1d:46:e2:e1:
                    31:42:3d:56:78:57:94:f3:e5:0d:29:01:50:c8:13:
                    41:c9:8f:eb:4e:e0:19:29:f6:72:c6:5d:57:9d:4c:
                    80:d6:96:7b:b9:64:22:42:72:50:e0:90:d6:16:2a:
                    b8:08:79:74:42:59:c0:30:06:44:be:f2:95:81:76:
                    d7:9f:b8:f4:79:12:3f:96:02:0c:ff:a2:a1:da:72:
                    8c:58:8c:c9:70:f5:ca:8e:ad:38:12:7f:66:8c:4b:
                    c5:51:78:ba:b4:af:e9:6f:c2:4c:b4:0d:2e:dd:ef:
                    99:2a:34:ce:55:5a:68:c4:32:92:bc:51:92:71:9c:
                    92:21:4d:1a:ec:6d:30:69:31:75:65:e6:b5:92:0b:
                    58:ed:0f:9a:25:6a:0b:3b:12:5d:58:97:57:64:67:
                    78:53:97:b2:b1:24:7b:9a:c3:39:a4:66:a7:7e:25:
                    40:c8:96:2b:bf:10:93:b8:84:40:77:9c:74:fc:5b:
                    7a:fb:ed:54:76:fa:8f:59:a1:e5:8a:df:18:00:8e:
                    6b:8b:a4:34:c6:24:01:73:4f:08:52:4e:a1:a4:e5:
                    cc:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:C1:DB:D2:07:A2:90:A0:7F:46:26:75:D5:54:CD:3D:A8:35:D7:B1
            X509v3 Authority Key Identifier:
                keyid:01:D6:EF:04:79:F9:FD:FA:82:66:57:DF:D8:E0:EF:36:68:CA:1A:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AdbvBHn5_fqCZlff2ODvNmjKGr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/6d74fd-5bb9-42f8-bb51-0d9cd7e8ff36/1/z8Hb0geikKB_RiZ11VTNPag117E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/6d74fd-5bb9-42f8-bb51-0d9cd7e8ff36/1/AdbvBHn5_fqCZlff2ODvNmjKGr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.33.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         95:61:d4:04:55:5a:b7:a8:f7:68:21:40:e7:9a:2b:b4:56:e1:
         2f:4b:30:c9:62:0c:97:fb:d1:87:ca:4a:b9:3c:f2:90:ee:fc:
         b6:ff:09:f4:ec:1d:e6:d3:51:61:67:e4:aa:af:2b:55:2e:76:
         bd:c1:0d:ae:4c:02:29:f5:4a:f1:68:fc:f1:b6:60:2f:e7:20:
         45:e7:28:32:05:af:72:ad:39:c3:1f:b7:0a:50:74:35:3b:de:
         90:a6:56:a8:bd:0d:5a:bf:c8:4b:16:71:de:80:49:4e:c7:c7:
         f3:9e:39:d3:e5:fe:a9:8f:6b:f8:8f:8a:1c:32:ca:44:33:44:
         0b:5a:5f:99:da:e6:28:91:b4:d6:69:bd:76:7f:6e:7b:57:ed:
         52:89:70:35:3f:7b:13:6e:6a:f4:94:43:89:c0:d6:3b:93:42:
         1a:d9:0e:a5:e5:cd:0e:14:ea:3f:8c:f9:3a:e7:d1:43:1c:82:
         d0:a0:09:9b:85:9c:ed:22:1c:05:78:c0:c3:b0:4e:84:4f:6a:
         b9:02:0b:f2:08:c0:ba:75:97:5d:d8:79:ba:63:56:01:55:ba:
         c7:1e:e6:76:16:7a:d1:01:93:61:58:bb:3d:ce:67:29:04:79:
         c7:34:9d:62:53:e2:86:9f:d0:2d:c3:b4:de:cf:31:b6:7d:b6:
         65:4d:be:c4
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzHk+9tcHGVa1WpXXD7bUaqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxZDZlZjA0NzlmOWZkZmE4MjY2NTdkZmQ4ZTBlZjM2Njhj
YTFhYmYwHhcNMjQwMTAyMDAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmMxZGJkMjA3YTI5MGEwN2Y0NjI2NzVkNTU0Y2QzZGE4MzVkN2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAR15nY0dZYNcCB8Y6D4yRSLIZGt
+4Fg2bsXpI3Hj7cf3wjVNt9Y0x1G4uExQj1WeFeU8+UNKQFQyBNByY/rTuAZKfZy
xl1XnUyA1pZ7uWQiQnJQ4JDWFiq4CHl0QlnAMAZEvvKVgXbXn7j0eRI/lgIM/6Kh
2nKMWIzJcPXKjq04En9mjEvFUXi6tK/pb8JMtA0u3e+ZKjTOVVpoxDKSvFGScZyS
IU0a7G0waTF1Zea1kgtY7Q+aJWoLOxJdWJdXZGd4U5eysSR7msM5pGanfiVAyJYr
vxCTuIRAd5x0/Ft6++1UdvqPWaHlit8YAI5ri6Q0xiQBc08IUk6hpOXMzwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFM/B29IHopCgf0YmddVUzT2oNdexMB8GA1UdIwQY
MBaAFAHW7wR5+f36gmZX39jg7zZoyhq/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWRidkJIbjVfZnFDWmxmZjJPRHZObWpLR3I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni82ZDc0ZmQtNWJiOS00MmY4LWJiNTEt
MGQ5Y2Q3ZThmZjM2LzEvejhIYjBnZWlrS0JfUmlaMTFWVE5QYWcxMTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni82ZDc0ZmQtNWJiOS00MmY4LWJiNTEtMGQ5Y2Q3ZThmZjM2
LzEvQWRidkJIbjVfZnFDWmxmZjJPRHZObWpLR3I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkyEwDQYJ
KoZIhvcNAQELBQADggEBAJVh1ARVWreo92ghQOeaK7RW4S9LMMliDJf70YfKSrk8
8pDu/Lb/CfTsHebTUWFn5KqvK1Uudr3BDa5MAin1SvFo/PG2YC/nIEXnKDIFr3Kt
OcMftwpQdDU73pCmVqi9DVq/yEsWcd6ASU7Hx/OeOdPl/qmPa/iPihwyykQzRAta
X5na5iiRtNZpvXZ/bntX7VKJcDU/exNuavSUQ4nA1juTQhrZDqXlzQ4U6j+M+Trn
0UMcgtCgCZuFnO0iHAV4wMOwToRParkCC/IIwLp1l13YebpjVgFVusce5nYWetEB
k2FYuz3OZykEecc0nWJT4oaf0C3DtN7PMbZ9tmVNvsQ=
-----END CERTIFICATE-----