Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/zPUU7PCg0t844Q-9WRi7WkAfL9E.roa
File:                     zPUU7PCg0t844Q-9WRi7WkAfL9E.roa (raw, json)
Hash identifier:          6XwvGSLpTu7H6isidOtDLywpnVdK6vK++oW/2HA/TcA=
Subject key identifier:   CC:F5:14:EC:F0:A0:D2:DF:38:E1:0F:BD:59:18:BB:5A:40:1F:2F:D1
Certificate issuer:       /CN=6aa6f9e3e2622a7815a259e58d552439c255a31b
Certificate serial:       018CC80132DEA885AC7CF577746F24F5D3C8
Authority key identifier: 6A:A6:F9:E3:E2:62:2A:78:15:A2:59:E5:8D:55:24:39:C2:55:A3:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/zPUU7PCg0t844Q-9WRi7WkAfL9E.roa
Signing time:             Tue 02 Jan 2024 02:29:30 +0000
ROA not before:           Tue 02 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207211
IP address blocks:        185.157.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:03:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:32:de:a8:85:ac:7c:f5:77:74:6f:24:f5:d3:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa6f9e3e2622a7815a259e58d552439c255a31b
        Validity
            Not Before: Jan  2 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccf514ecf0a0d2df38e10fbd5918bb5a401f2fd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:28:31:23:ab:5e:07:b0:d5:5d:2e:9d:da:99:
                    53:38:26:47:31:60:89:3c:2c:37:df:5a:0d:28:59:
                    f5:01:43:9e:e8:59:b9:8c:49:6d:7a:0c:48:0b:8d:
                    c7:a1:8f:8d:38:0f:04:7f:c3:5d:e7:3d:12:0e:f3:
                    bd:60:24:b1:36:c2:60:6d:6d:da:33:4b:ee:57:bd:
                    51:a8:fc:c7:e3:ee:97:a4:96:e3:66:39:af:86:06:
                    32:45:c0:b3:b5:80:73:73:17:e0:04:ab:83:1b:f9:
                    a3:22:b9:e4:16:35:d9:db:4c:07:73:1e:c0:8d:fc:
                    56:08:a4:a0:4c:d3:d8:c4:57:63:8d:a0:c5:51:58:
                    17:2e:01:1a:be:e8:79:f3:80:20:08:2e:e6:ba:8f:
                    9f:19:62:24:ea:59:6f:72:5e:37:c3:b8:78:7f:e6:
                    17:cc:05:aa:99:62:39:6f:6b:18:b3:6a:91:18:3f:
                    58:42:4c:f1:b3:b9:ef:0c:b6:5a:a8:54:a2:12:84:
                    0c:da:62:1d:b1:b8:fb:d7:9c:0b:5a:df:74:f3:aa:
                    49:b6:ff:f9:0e:c7:ff:10:f7:04:3b:30:6e:b3:5a:
                    42:57:d7:83:9e:fe:1a:02:20:60:ad:2f:82:a8:5a:
                    4e:f7:34:25:0d:0e:97:16:ae:a3:dd:a1:c5:8c:01:
                    9b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:F5:14:EC:F0:A0:D2:DF:38:E1:0F:BD:59:18:BB:5A:40:1F:2F:D1
            X509v3 Authority Key Identifier:
                keyid:6A:A6:F9:E3:E2:62:2A:78:15:A2:59:E5:8D:55:24:39:C2:55:A3:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/zPUU7PCg0t844Q-9WRi7WkAfL9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:dc:50:47:79:6a:4e:cb:13:93:b4:10:3a:13:9d:54:17:76:
         ee:f8:85:dd:16:b6:1a:8e:11:4b:a3:f3:d5:93:82:31:e7:0c:
         23:43:27:d9:21:d4:2a:af:bd:e4:ca:63:c0:e4:51:c9:36:cf:
         5d:ae:b9:aa:67:85:69:87:04:b3:38:8d:e9:ab:70:c9:59:f9:
         b2:04:03:d5:63:b7:c4:80:05:fc:8f:f3:f2:cf:1a:97:e5:65:
         01:20:47:0c:22:3b:8c:ec:61:16:0a:72:c7:24:b2:66:12:81:
         90:06:9c:04:85:80:74:68:77:bc:7d:24:39:2c:5a:1f:32:8d:
         8d:d2:4f:12:e4:a9:3a:2d:5d:1c:c9:8b:37:8f:04:99:c0:39:
         76:06:01:78:19:14:27:84:a1:e4:9c:9c:38:79:d9:8a:dc:f5:
         78:66:31:d1:8e:0f:d1:d5:b1:6d:01:cd:a8:78:2b:3b:f6:ee:
         f5:f0:d9:fe:fb:3d:8b:7d:5d:9a:70:0e:d4:f8:5a:6b:59:5d:
         a2:2f:52:7a:7d:b0:a4:ec:6d:26:94:f9:11:8d:5b:99:f2:71:
         f4:0a:89:f3:4e:49:3a:95:15:43:b9:c9:e8:30:50:e4:7f:d3:
         41:63:ac:94:0c:dd:94:8a:4c:d0:ee:09:39:c9:36:4f:17:90:
         da:b0:1e:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATLeqIWsfPV3dG8k9dPIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYTZmOWUzZTI2MjJhNzgxNWEyNTllNThkNTUyNDM5YzI1
NWEzMWIwHhcNMjQwMTAyMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2Y1MTRlY2YwYTBkMmRmMzhlMTBmYmQ1OTE4YmI1YTQwMWYyZmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhigxI6teB7DVXS6d2plTOCZHMWCJ
PCw331oNKFn1AUOe6Fm5jEltegxIC43HoY+NOA8Ef8Nd5z0SDvO9YCSxNsJgbW3a
M0vuV71RqPzH4+6XpJbjZjmvhgYyRcCztYBzcxfgBKuDG/mjIrnkFjXZ20wHcx7A
jfxWCKSgTNPYxFdjjaDFUVgXLgEavuh584AgCC7muo+fGWIk6llvcl43w7h4f+YX
zAWqmWI5b2sYs2qRGD9YQkzxs7nvDLZaqFSiEoQM2mIdsbj715wLWt9086pJtv/5
Dsf/EPcEOzBus1pCV9eDnv4aAiBgrS+CqFpO9zQlDQ6XFq6j3aHFjAGbOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMz1FOzwoNLfOOEPvVkYu1pAHy/RMB8GA1UdIwQY
MBaAFGqm+ePiYip4FaJZ5Y1VJDnCVaMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFiNTQtSmlLbmdWb2xubGpWVWtPY0pWb3hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MzY4MDYtYmI2ZC00NWYzLTg4Mzct
YzUwNzM0ZDAyMGYwLzEvelBVVTdQQ2cwdDg0NFEtOVdSaTdXa0FmTDlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MzY4MDYtYmI2ZC00NWYzLTg4MzctYzUwNzM0ZDAyMGYw
LzEvYXFiNTQtSmlLbmdWb2xubGpWVWtPY0pWb3hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ3MMA0G
CSqGSIb3DQEBCwUAA4IBAQDB3FBHeWpOyxOTtBA6E51UF3bu+IXdFrYajhFLo/PV
k4Ix5wwjQyfZIdQqr73kymPA5FHJNs9drrmqZ4VphwSzOI3pq3DJWfmyBAPVY7fE
gAX8j/PyzxqX5WUBIEcMIjuM7GEWCnLHJLJmEoGQBpwEhYB0aHe8fSQ5LFofMo2N
0k8S5Kk6LV0cyYs3jwSZwDl2BgF4GRQnhKHknJw4edmK3PV4ZjHRjg/R1bFtAc2o
eCs79u718Nn++z2LfV2acA7U+FprWV2iL1J6fbCk7G0mlPkRjVuZ8nH0ConzTkk6
lRVDucnoMFDkf9NBY6yUDN2UikzQ7gk5yTZPF5DasB7G
-----END CERTIFICATE-----