Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/zkzr2l1aP0Uzlf7G7ROTnD5S774.roa
File:                     zkzr2l1aP0Uzlf7G7ROTnD5S774.roa (raw, json)
Hash identifier:          CYTLmjqCLjv28b2fBHu9e2JY/s6S3Lw+3COyJhVmoFQ=
Subject key identifier:   CE:4C:EB:DA:5D:5A:3F:45:33:95:FE:C6:ED:13:93:9C:3E:52:EF:BE
Certificate issuer:       /CN=947320d030930178e6f7ceef91d2ab8784d3dc16
Certificate serial:       018CC6B7E064BC0BDDD048F550160DFBFC93
Authority key identifier: 94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/zkzr2l1aP0Uzlf7G7ROTnD5S774.roa
Signing time:             Mon 01 Jan 2024 20:29:48 +0000
ROA not before:           Mon 01 Jan 2024 20:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211895
IP address blocks:        185.39.18.0/24 maxlen: 24
                          194.61.120.0/24 maxlen: 24
                          2a10:1fc0:c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:e0:64:bc:0b:dd:d0:48:f5:50:16:0d:fb:fc:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=947320d030930178e6f7ceef91d2ab8784d3dc16
        Validity
            Not Before: Jan  1 20:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce4cebda5d5a3f453395fec6ed13939c3e52efbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d9:71:12:fc:e0:f9:d2:9f:62:00:f7:df:82:
                    ae:9f:2a:86:70:9d:40:89:e9:c1:bd:d4:1f:6e:38:
                    84:7c:87:dd:e9:85:17:7e:a1:65:48:57:e9:1b:27:
                    c7:d1:02:a1:0e:00:01:0a:2e:e4:b7:bc:c2:36:90:
                    e3:d3:0a:44:6a:25:d7:6d:ef:c6:d1:02:b1:71:94:
                    ae:7f:21:8c:0f:bb:d6:44:a6:05:be:02:03:b2:b2:
                    7b:9c:38:3b:a2:fb:0b:7e:68:c9:d5:4a:3d:b1:66:
                    94:16:32:d6:a4:18:ed:1c:2c:41:93:45:f7:cf:6e:
                    bd:d5:9c:6b:b6:d4:64:cb:31:2b:0d:47:f8:b2:c6:
                    ee:80:29:ea:e0:91:9c:fc:dc:d8:d0:4b:ee:81:37:
                    e3:67:42:34:5d:a0:7e:64:44:46:57:af:a3:e0:71:
                    af:d1:ff:8e:1b:45:e2:03:d0:80:50:96:4d:9c:46:
                    37:e4:a1:20:e3:bd:6c:93:dd:9c:bb:59:e8:b5:cf:
                    3d:f9:4e:96:d1:5a:3a:59:14:37:f2:19:fe:51:b3:
                    89:dc:04:be:5a:d3:da:01:7a:d9:88:17:58:a8:73:
                    63:38:27:1f:83:24:1d:13:da:91:bf:eb:95:fc:69:
                    25:8a:47:f6:da:fe:19:1a:e0:2c:82:94:f1:7d:72:
                    24:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:4C:EB:DA:5D:5A:3F:45:33:95:FE:C6:ED:13:93:9C:3E:52:EF:BE
            X509v3 Authority Key Identifier:
                keyid:94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/zkzr2l1aP0Uzlf7G7ROTnD5S774.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.18.0/24
                  194.61.120.0/24
                IPv6:
                  2a10:1fc0:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:23:4c:09:98:7b:15:ea:73:56:5d:2b:b9:c0:b0:78:3e:c1:
         21:34:f1:dc:93:26:18:3d:8b:5c:82:eb:ac:d2:46:6f:09:f2:
         4c:03:d9:88:a3:c4:f8:f9:3f:d3:4a:f3:76:cb:98:3e:4c:ca:
         dd:d1:4d:49:2b:e0:58:08:a9:70:a2:84:89:77:eb:5b:36:3f:
         48:94:b2:6e:4e:4d:a7:e2:36:66:b7:d7:e2:29:20:9d:cc:95:
         26:49:24:0a:b9:4f:4a:fb:cb:d5:09:cd:5a:88:8b:7e:9d:ba:
         5e:05:d2:d6:b7:21:a3:44:97:a7:29:69:49:6c:c8:4c:2d:2d:
         ff:db:09:02:4e:9e:9e:3b:67:5f:76:e6:ac:24:13:ff:53:da:
         da:14:76:08:d6:63:b9:d1:8f:ec:ff:24:3f:31:68:df:b5:75:
         4f:ca:93:37:5d:60:5b:5d:0d:f8:a8:9a:e2:7e:64:8b:11:ee:
         ca:a9:f6:5a:e7:0b:05:b2:63:01:eb:e2:b6:a5:11:fb:2f:09:
         59:80:54:2c:a5:e4:08:c9:d2:29:b9:3a:8e:25:fe:51:0f:28:
         74:7c:8a:15:16:83:87:bb:b6:e1:f5:11:f1:b4:7c:90:c5:74:
         5c:44:29:76:76:29:2d:83:65:7c:85:30:79:9b:3d:56:4d:5d:
         d0:2d:cf:da
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzGt+BkvAvd0Ej1UBYN+/yTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NzMyMGQwMzA5MzAxNzhlNmY3Y2VlZjkxZDJhYjg3ODRk
M2RjMTYwHhcNMjQwMTAxMjAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTRjZWJkYTVkNWEzZjQ1MzM5NWZlYzZlZDEzOTM5YzNlNTJlZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtlxEvzg+dKfYgD334KunyqGcJ1A
ienBvdQfbjiEfIfd6YUXfqFlSFfpGyfH0QKhDgABCi7kt7zCNpDj0wpEaiXXbe/G
0QKxcZSufyGMD7vWRKYFvgIDsrJ7nDg7ovsLfmjJ1Uo9sWaUFjLWpBjtHCxBk0X3
z2691ZxrttRkyzErDUf4ssbugCnq4JGc/NzY0EvugTfjZ0I0XaB+ZERGV6+j4HGv
0f+OG0XiA9CAUJZNnEY35KEg471sk92cu1notc89+U6W0Vo6WRQ38hn+UbOJ3AS+
WtPaAXrZiBdYqHNjOCcfgyQdE9qRv+uV/Gklikf22v4ZGuAsgpTxfXIkfQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFM5M69pdWj9FM5X+xu0Tk5w+Uu++MB8GA1UdIwQY
MBaAFJRzINAwkwF45vfO75HSq4eE09wWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEt
OGFjNGEyMTkzOGI0LzEvemt6cjJsMWFQMFV6bGY3RzdST1RuRDVTNzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEtOGFjNGEyMTkzOGI0
LzEvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAuScSAwQA
wj14MA8EAgACMAkDBwAqEB/AAAwwDQYJKoZIhvcNAQELBQADggEBALQjTAmYexXq
c1ZdK7nAsHg+wSE08dyTJhg9i1yC66zSRm8J8kwD2YijxPj5P9NK83bLmD5Myt3R
TUkr4FgIqXCihIl361s2P0iUsm5OTafiNma31+IpIJ3MlSZJJAq5T0r7y9UJzVqI
i36dul4F0ta3IaNEl6cpaUlsyEwtLf/bCQJOnp47Z1925qwkE/9T2toUdgjWY7nR
j+z/JD8xaN+1dU/KkzddYFtdDfiomuJ+ZIsR7sqp9lrnCwWyYwHr4ralEfsvCVmA
VCyl5AjJ0im5Oo4l/lEPKHR8ihUWg4e7tuH1EfG0fJDFdFxEKXZ2KS2DZXyFMHmb
PVZNXdAtz9o=
-----END CERTIFICATE-----