Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ZtMAkmjbH0OEc8xGqP2jRvngrG0.roa
File:                     ZtMAkmjbH0OEc8xGqP2jRvngrG0.roa (raw, json)
Hash identifier:          16kLgb0DhEM98Ahvx9wj6xFky/CVGqcwKUHAyfydoUY=
Subject key identifier:   66:D3:00:92:68:DB:1F:43:84:73:CC:46:A8:FD:A3:46:F9:E0:AC:6D
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CCA2A7A8FFA322CC7C4C7364596788CA3
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ZtMAkmjbH0OEc8xGqP2jRvngrG0.roa
Signing time:             Tue 02 Jan 2024 12:33:50 +0000
ROA not before:           Tue 02 Jan 2024 12:33:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399114
IP address blocks:        185.80.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:7a:8f:fa:32:2c:c7:c4:c7:36:45:96:78:8c:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 12:33:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66d3009268db1f438473cc46a8fda346f9e0ac6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ce:d5:a3:eb:47:f1:59:0c:56:e0:1e:28:45:
                    03:b8:b3:da:16:b9:5c:f2:0e:bc:cd:cf:94:ab:92:
                    40:b3:21:0e:1b:ef:16:cc:f5:e1:39:fd:ae:20:18:
                    85:88:5a:7f:5a:65:98:1c:70:db:3a:71:9e:a2:78:
                    ae:bc:e8:48:d5:59:f8:43:2e:91:2e:25:48:ea:bc:
                    ca:19:dc:0b:2d:92:2b:d7:3d:e3:42:41:93:e4:90:
                    05:46:4a:ff:55:d8:c3:29:ec:59:d1:c4:cd:13:1a:
                    9e:02:88:e6:78:ae:12:1d:d4:03:44:5e:77:79:09:
                    f4:1b:28:1c:64:39:5a:23:bf:63:30:e0:6d:1b:cc:
                    74:49:ff:0b:46:25:6d:09:fe:3f:06:6b:d1:d6:08:
                    d8:55:cd:f9:40:68:9a:4f:72:43:86:54:b3:89:9f:
                    c9:89:43:1c:9f:18:dc:6c:18:a2:bd:7e:7e:a8:54:
                    10:83:8c:df:3c:49:e9:d5:4a:7f:97:9c:13:a5:97:
                    19:b9:f1:61:44:10:37:da:62:76:38:c1:68:15:ad:
                    f1:c5:b0:44:f5:61:d0:bf:bf:e9:ce:d4:e9:99:82:
                    7e:b1:0d:11:11:92:cf:2d:f4:89:e5:e7:23:91:7c:
                    a8:fc:e6:d2:55:e1:4e:37:28:73:d2:93:37:26:5c:
                    d5:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:D3:00:92:68:DB:1F:43:84:73:CC:46:A8:FD:A3:46:F9:E0:AC:6D
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/ZtMAkmjbH0OEc8xGqP2jRvngrG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         df:4a:5c:35:47:42:91:69:f2:05:f8:d5:57:6e:0f:2c:22:b7:
         90:5a:37:14:11:2a:9a:55:23:78:64:8f:e0:1d:ee:52:d1:a9:
         65:f4:ea:99:c1:b0:ea:96:31:cf:14:e6:b9:6e:ed:8d:c2:d4:
         48:54:8b:69:78:97:79:99:a6:fe:d8:4c:f2:93:e7:07:a9:a7:
         39:07:3a:17:bf:18:27:c4:ff:16:10:f6:ad:fb:57:f6:93:c7:
         81:fd:85:97:1b:f7:74:1d:7a:97:67:9c:6e:db:42:97:d2:81:
         e1:d9:f4:5d:85:4f:10:8c:d7:cc:69:67:92:18:25:ec:c9:71:
         d4:64:76:4d:cf:0a:d3:5c:ca:80:f4:6c:3c:e4:67:e0:84:d1:
         73:28:06:0a:ca:f1:53:f5:f5:58:56:57:db:57:8b:09:fd:46:
         67:73:4c:d6:7b:44:d3:c1:5a:54:59:3f:7c:f1:84:d6:64:35:
         cc:c3:45:3b:80:3a:4b:50:13:b6:68:3e:34:b6:66:e8:7c:3f:
         5f:76:f0:47:59:a0:7c:13:fb:e0:82:a0:80:27:68:2b:ca:e2:
         a8:14:d0:39:6c:4e:38:c0:63:74:70:b9:3d:d8:32:b6:d8:0a:
         87:95:0c:32:1a:84:b9:09:8e:7a:c7:ab:f4:ae:f8:0b:2a:ce:
         47:86:b2:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnqP+jIsx8THNkWWeIyjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTAyMTIzMzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmQzMDA5MjY4ZGIxZjQzODQ3M2NjNDZhOGZkYTM0NmY5ZTBhYzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnM7Vo+tH8VkMVuAeKEUDuLPaFrlc
8g68zc+Uq5JAsyEOG+8WzPXhOf2uIBiFiFp/WmWYHHDbOnGeoniuvOhI1Vn4Qy6R
LiVI6rzKGdwLLZIr1z3jQkGT5JAFRkr/VdjDKexZ0cTNExqeAojmeK4SHdQDRF53
eQn0GygcZDlaI79jMOBtG8x0Sf8LRiVtCf4/BmvR1gjYVc35QGiaT3JDhlSziZ/J
iUMcnxjcbBiivX5+qFQQg4zfPEnp1Up/l5wTpZcZufFhRBA32mJ2OMFoFa3xxbBE
9WHQv7/pztTpmYJ+sQ0REZLPLfSJ5ecjkXyo/ObSVeFONyhz0pM3JlzVPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbTAJJo2x9DhHPMRqj9o0b54KxtMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvWnRNQWttamJIME9FYzh4R3FQMmpSdm5nckcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVDFMA0G
CSqGSIb3DQEBCwUAA4IBAQDfSlw1R0KRafIF+NVXbg8sIreQWjcUESqaVSN4ZI/g
He5S0all9OqZwbDqljHPFOa5bu2NwtRIVItpeJd5mab+2Ezyk+cHqac5BzoXvxgn
xP8WEPat+1f2k8eB/YWXG/d0HXqXZ5xu20KX0oHh2fRdhU8QjNfMaWeSGCXsyXHU
ZHZNzwrTXMqA9Gw85GfghNFzKAYKyvFT9fVYVlfbV4sJ/UZnc0zWe0TTwVpUWT98
8YTWZDXMw0U7gDpLUBO2aD40tmbofD9fdvBHWaB8E/vggqCAJ2gryuKoFNA5bE44
wGN0cLk92DK22AqHlQwyGoS5CY56x6v0rvgLKs5HhrIN
-----END CERTIFICATE-----