Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ckzJVXw3sdFOPDSDPSBdGUxy-NI.roa
File:                     ckzJVXw3sdFOPDSDPSBdGUxy-NI.roa (raw, json)
Hash identifier:          93TCqZazdOtVWprg4WXW+2JcVUPv8/osyIMq+ayz9q8=
Subject key identifier:   72:4C:C9:55:7C:37:B1:D1:4E:3C:34:83:3D:20:5D:19:4C:72:F8:D2
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018D5B0B3D21EBA36C282A0D446B8602C9AE
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ckzJVXw3sdFOPDSDPSBdGUxy-NI.roa
Signing time:             Tue 30 Jan 2024 15:44:39 +0000
ROA not before:           Tue 30 Jan 2024 15:44:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42289
IP address blocks:        194.85.160.0/22 maxlen: 22
                          194.85.164.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5b:0b:3d:21:eb:a3:6c:28:2a:0d:44:6b:86:02:c9:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jan 30 15:44:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=724cc9557c37b1d14e3c34833d205d194c72f8d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:8e:f5:46:ce:38:ef:42:00:31:f6:e3:c3:28:
                    48:04:a3:9c:a2:c2:7c:32:84:64:e8:53:27:2a:44:
                    68:cf:1a:c9:b8:f1:c4:aa:71:51:37:59:4a:8e:8f:
                    75:c3:eb:d6:7c:ea:d3:b6:d3:0d:29:90:83:da:5b:
                    48:93:41:49:41:5f:bf:d9:06:66:0b:27:3f:9f:aa:
                    61:99:86:fc:f8:ec:0f:55:8f:f7:a2:2a:ff:eb:59:
                    34:3d:ee:d2:ee:11:72:4b:8a:ca:46:a2:11:c5:6c:
                    c4:d5:a8:7f:bd:2a:3e:fd:07:8b:c1:16:d5:09:2c:
                    3d:19:05:b0:34:a9:dd:00:d0:d0:83:bb:e6:52:94:
                    d4:de:f6:2c:24:d6:d4:aa:ce:9c:5c:51:af:86:6d:
                    8e:22:85:7e:66:5b:16:22:df:fd:a0:ce:37:86:e5:
                    58:e9:b6:aa:dc:8e:27:73:05:f8:28:42:2e:28:3b:
                    1d:03:53:9e:e2:cc:51:80:30:11:96:8b:2f:94:e1:
                    59:fb:ec:21:a3:1c:02:b7:f8:f5:68:db:b4:c4:5e:
                    7e:80:03:c3:1c:69:41:ea:90:05:aa:94:90:e7:ec:
                    af:1f:a7:73:7d:fc:61:e3:ac:e4:b2:6b:58:db:f2:
                    7f:54:ab:44:57:a1:b3:60:ec:00:65:e6:de:54:2c:
                    91:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:4C:C9:55:7C:37:B1:D1:4E:3C:34:83:3D:20:5D:19:4C:72:F8:D2
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/ckzJVXw3sdFOPDSDPSBdGUxy-NI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.160.0-194.85.165.255

    Signature Algorithm: sha256WithRSAEncryption
         03:5a:b8:2c:ae:14:1d:47:19:fb:0e:34:13:7b:54:58:61:39:
         d8:2c:d3:de:e8:f9:b9:46:d7:4a:50:25:e2:86:e9:be:42:08:
         19:86:8f:74:51:c2:4e:4a:4f:a0:1d:76:4f:52:71:3c:26:51:
         be:85:3f:ec:89:7f:84:60:33:ab:3d:d3:2f:5b:1c:bf:89:bf:
         10:71:e6:c8:85:60:32:c6:2b:3f:5f:e0:58:5b:a4:24:25:09:
         d4:a9:ef:19:c9:42:6f:d7:05:1f:39:31:a7:3d:42:df:f1:0b:
         b7:a6:79:1b:69:a0:9c:54:d4:f3:01:ed:7a:12:92:86:32:c0:
         82:78:48:83:6a:40:8a:2e:d9:d8:7b:2a:2a:83:83:cf:ea:7c:
         b8:17:86:c4:74:2e:4c:73:67:15:44:25:51:8f:6c:a1:0c:82:
         72:1b:ed:11:61:be:d6:3d:f0:eb:3d:34:5a:f7:b3:42:11:8f:
         86:38:03:22:ee:de:95:a9:5f:08:14:46:e8:f4:dd:a1:4a:30:
         5a:83:96:db:7a:7c:73:8e:7e:bb:2a:b3:a7:03:ce:3d:cc:cc:
         08:1f:34:3f:de:8c:9f:fa:3d:fa:21:ab:c4:67:0e:d9:8e:89:
         d9:43:87:70:7e:9f:f3:4f:97:9d:62:bb:ed:da:63:b5:99:e3:
         4d:35:43:f9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY1bCz0h66NsKCoNRGuGAsmuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwMTMwMTU0NDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjRjYzk1NTdjMzdiMWQxNGUzYzM0ODMzZDIwNWQxOTRjNzJmOGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAho71Rs4470IAMfbjwyhIBKOcosJ8
MoRk6FMnKkRozxrJuPHEqnFRN1lKjo91w+vWfOrTttMNKZCD2ltIk0FJQV+/2QZm
Cyc/n6phmYb8+OwPVY/3oir/61k0Pe7S7hFyS4rKRqIRxWzE1ah/vSo+/QeLwRbV
CSw9GQWwNKndANDQg7vmUpTU3vYsJNbUqs6cXFGvhm2OIoV+ZlsWIt/9oM43huVY
6baq3I4ncwX4KEIuKDsdA1Oe4sxRgDARlosvlOFZ++whoxwCt/j1aNu0xF5+gAPD
HGlB6pAFqpSQ5+yvH6dzffxh46zksmtY2/J/VKtEV6GzYOwAZebeVCyR5QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHJMyVV8N7HRTjw0gz0gXRlMcvjSMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvY2t6SlZYdzNzZEZPUERTRFBTQmRHVXh5LU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAXCVaAD
BAHCVaQwDQYJKoZIhvcNAQELBQADggEBAANauCyuFB1HGfsONBN7VFhhOdgs097o
+blG10pQJeKG6b5CCBmGj3RRwk5KT6Addk9ScTwmUb6FP+yJf4RgM6s90y9bHL+J
vxBx5siFYDLGKz9f4FhbpCQlCdSp7xnJQm/XBR85Mac9Qt/xC7emeRtpoJxU1PMB
7XoSkoYywIJ4SINqQIou2dh7KiqDg8/qfLgXhsR0LkxzZxVEJVGPbKEMgnIb7RFh
vtY98Os9NFr3s0IRj4Y4AyLu3pWpXwgURuj03aFKMFqDltt6fHOOfrsqs6cDzj3M
zAgfND/ejJ/6Pfohq8RnDtmOidlDh3B+n/NPl51iu+3aY7WZ4001Q/k=
-----END CERTIFICATE-----