Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/cb2bdd-3291-40af-8a88-5e9787b6aeaa/1/ZZp0-axHhq9_W128bK8fE1ZHxcw.roa
File:                     ZZp0-axHhq9_W128bK8fE1ZHxcw.roa (raw, json)
Hash identifier:          diVLrz2nC+SHFvgoKrFYHWGKRezJ/5M/qWuNYSW1New=
Subject key identifier:   65:9A:74:F9:AC:47:86:AF:7F:5B:5D:BC:6C:AF:1F:13:56:47:C5:CC
Certificate issuer:       /CN=50542fba0c17b4391e3296c434b5fff23a829b6e
Certificate serial:       018CCA2BA1172CC19AA73A07301481BE2DD5
Authority key identifier: 50:54:2F:BA:0C:17:B4:39:1E:32:96:C4:34:B5:FF:F2:3A:82:9B:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFQvugwXtDkeMpbENLX_8jqCm24.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/cb2bdd-3291-40af-8a88-5e9787b6aeaa/1/ZZp0-axHhq9_W128bK8fE1ZHxcw.roa
Signing time:             Tue 02 Jan 2024 12:35:05 +0000
ROA not before:           Tue 02 Jan 2024 12:35:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200404
IP address blocks:        194.37.93.0/24 maxlen: 24
                          194.37.92.0/24 maxlen: 24
                          194.37.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/cb2bdd-3291-40af-8a88-5e9787b6aeaa/1/UFQvugwXtDkeMpbENLX_8jqCm24.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/cb2bdd-3291-40af-8a88-5e9787b6aeaa/1/UFQvugwXtDkeMpbENLX_8jqCm24.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFQvugwXtDkeMpbENLX_8jqCm24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a1:17:2c:c1:9a:a7:3a:07:30:14:81:be:2d:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50542fba0c17b4391e3296c434b5fff23a829b6e
        Validity
            Not Before: Jan  2 12:35:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=659a74f9ac4786af7f5b5dbc6caf1f135647c5cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:af:bd:db:20:d4:97:7f:c3:fa:29:c4:69:45:
                    91:ad:56:68:01:9a:3c:6a:76:10:b2:f6:7b:0d:53:
                    e3:6f:74:cb:ff:94:e2:81:21:ac:23:13:6f:33:9e:
                    35:89:95:46:af:05:8b:4a:0a:08:fc:33:ab:10:59:
                    a3:8c:58:13:74:48:ec:bd:07:a7:c2:74:fe:03:49:
                    59:a5:9c:40:af:ca:df:66:34:f6:f0:36:75:d5:25:
                    cb:54:0d:a3:6a:a8:23:33:ed:47:ad:62:eb:e3:7c:
                    30:0b:2a:ef:a1:27:0e:0a:1b:6d:bc:13:f9:c6:37:
                    da:a0:0d:30:62:60:50:1d:5c:ec:5b:03:39:33:b3:
                    6a:33:df:af:87:b3:2c:89:a7:96:af:37:18:1b:fd:
                    f4:1d:ad:82:75:c0:5c:e9:5b:9d:45:9e:9f:27:42:
                    c3:46:89:9b:c1:55:11:5c:cd:5c:1d:58:42:16:9b:
                    88:19:ac:db:74:c6:6e:6b:87:24:e4:fd:c2:18:0a:
                    a6:c3:80:c5:c1:f6:3c:1f:1e:7a:53:27:4a:08:31:
                    4b:84:36:ca:25:aa:83:2d:13:6a:3f:57:79:8d:bb:
                    aa:65:60:e3:d0:56:82:f7:f9:92:05:65:60:ce:b0:
                    b3:d4:d3:a3:44:c1:03:e6:48:0a:92:c8:cd:e6:f6:
                    57:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:9A:74:F9:AC:47:86:AF:7F:5B:5D:BC:6C:AF:1F:13:56:47:C5:CC
            X509v3 Authority Key Identifier:
                keyid:50:54:2F:BA:0C:17:B4:39:1E:32:96:C4:34:B5:FF:F2:3A:82:9B:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFQvugwXtDkeMpbENLX_8jqCm24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/cb2bdd-3291-40af-8a88-5e9787b6aeaa/1/ZZp0-axHhq9_W128bK8fE1ZHxcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/cb2bdd-3291-40af-8a88-5e9787b6aeaa/1/UFQvugwXtDkeMpbENLX_8jqCm24.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.37.92.0/23
                  194.37.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:0e:d5:27:70:d3:3e:52:fa:bc:89:13:8a:45:50:01:f5:3a:
         04:7a:23:b9:0b:b1:f6:d6:cc:1d:5b:d0:31:f3:bb:43:1a:65:
         38:06:2a:76:d3:dc:7a:4b:e5:4a:09:92:96:44:56:69:29:bf:
         1e:a5:e8:d0:2f:7b:a8:30:0a:a3:e8:ba:79:fe:2b:3d:10:9a:
         34:de:b8:8a:33:15:0b:18:46:8f:54:74:f2:74:5b:29:32:84:
         84:b9:97:d5:0d:2a:95:74:bc:0e:3b:e2:cc:65:c3:de:ab:e4:
         6d:40:b2:b1:d7:d7:d2:cf:85:98:e9:88:8b:9b:0e:6b:0d:e3:
         cf:b8:eb:22:50:53:25:65:3b:20:8b:d2:f9:19:d2:41:0a:8d:
         54:b1:8c:fe:f9:9b:bb:33:c6:0c:a3:7c:01:b8:11:f0:27:89:
         89:c6:ae:1a:af:c7:93:74:14:db:3f:59:1d:6b:30:96:22:28:
         f7:9f:12:a2:5d:31:ee:a3:d8:7b:43:8a:c3:d2:d0:05:37:a7:
         29:2c:43:7c:07:cf:e4:70:34:71:85:61:37:0a:e7:38:76:cf:
         2e:89:03:ef:77:e1:bc:64:cc:5f:48:96:41:ac:15:a4:d1:6e:
         b6:8a:95:bc:a9:62:3f:14:e8:4f:80:de:ef:27:18:0e:39:29:
         41:85:fc:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK6EXLMGapzoHMBSBvi3VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTQyZmJhMGMxN2I0MzkxZTMyOTZjNDM0YjVmZmYyM2E4
MjliNmUwHhcNMjQwMTAyMTIzNTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTlhNzRmOWFjNDc4NmFmN2Y1YjVkYmM2Y2FmMWYxMzU2NDdjNWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAja+92yDUl3/D+inEaUWRrVZoAZo8
anYQsvZ7DVPjb3TL/5TigSGsIxNvM541iZVGrwWLSgoI/DOrEFmjjFgTdEjsvQen
wnT+A0lZpZxAr8rfZjT28DZ11SXLVA2jaqgjM+1HrWLr43wwCyrvoScOChttvBP5
xjfaoA0wYmBQHVzsWwM5M7NqM9+vh7MsiaeWrzcYG/30Ha2CdcBc6VudRZ6fJ0LD
RombwVURXM1cHVhCFpuIGazbdMZua4ck5P3CGAqmw4DFwfY8Hx56UydKCDFLhDbK
JaqDLRNqP1d5jbuqZWDj0FaC9/mSBWVgzrCz1NOjRMED5kgKksjN5vZXCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGWadPmsR4avf1tdvGyvHxNWR8XMMB8GA1UdIwQY
MBaAFFBUL7oMF7Q5HjKWxDS1//I6gptuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZRdnVnd1h0RGtlTXBiRU5MWF84anFDbTI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9jYjJiZGQtMzI5MS00MGFmLThhODgt
NWU5Nzg3YjZhZWFhLzEvWlpwMC1heEhocTlfVzEyOGJLOGZFMVpIeGN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9jYjJiZGQtMzI5MS00MGFmLThhODgtNWU5Nzg3YjZhZWFh
LzEvVUZRdnVnd1h0RGtlTXBiRU5MWF84anFDbTI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwiVcAwQA
wiVfMA0GCSqGSIb3DQEBCwUAA4IBAQBJDtUncNM+Uvq8iROKRVAB9ToEeiO5C7H2
1swdW9Ax87tDGmU4Bip209x6S+VKCZKWRFZpKb8epejQL3uoMAqj6Lp5/is9EJo0
3riKMxULGEaPVHTydFspMoSEuZfVDSqVdLwOO+LMZcPeq+RtQLKx19fSz4WY6YiL
mw5rDePPuOsiUFMlZTsgi9L5GdJBCo1UsYz++Zu7M8YMo3wBuBHwJ4mJxq4ar8eT
dBTbP1kdazCWIij3nxKiXTHuo9h7Q4rD0tAFN6cpLEN8B8/kcDRxhWE3Cuc4ds8u
iQPvd+G8ZMxfSJZBrBWk0W62ipW8qWI/FOhPgN7vJxgOOSlBhfzQ
-----END CERTIFICATE-----