Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/ZG1_aTQaR9Be7fw7MQSaxTtMROM.roa
File:                     ZG1_aTQaR9Be7fw7MQSaxTtMROM.roa (raw, json)
Hash identifier:          gUkxH2dlXj2daFVl2lDeQiFLHXqZNQuoYmwLdeihtEw=
Subject key identifier:   64:6D:7F:69:34:1A:47:D0:5E:ED:FC:3B:31:04:9A:C5:3B:4C:44:E3
Certificate issuer:       /CN=427ce5719caa681adbd493a8d9a38a675d6bd639
Certificate serial:       018CC8DF73B495EF5996D4628B8B64EE2095
Authority key identifier: 42:7C:E5:71:9C:AA:68:1A:DB:D4:93:A8:D9:A3:8A:67:5D:6B:D6:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/ZG1_aTQaR9Be7fw7MQSaxTtMROM.roa
Signing time:             Tue 02 Jan 2024 06:32:16 +0000
ROA not before:           Tue 02 Jan 2024 06:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47420
IP address blocks:        176.52.185.0/24 maxlen: 24
                          2a02:f181:3000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:73:b4:95:ef:59:96:d4:62:8b:8b:64:ee:20:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=427ce5719caa681adbd493a8d9a38a675d6bd639
        Validity
            Not Before: Jan  2 06:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=646d7f69341a47d05eedfc3b31049ac53b4c44e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:9b:b3:1a:74:19:5f:7d:a5:d0:10:5c:28:1d:
                    0d:70:d4:20:be:e6:16:c2:fa:95:0b:7c:49:91:66:
                    73:32:32:27:54:7b:02:72:20:ca:1a:7c:50:c4:9e:
                    a8:77:ad:49:7a:bf:e4:96:51:fb:77:aa:bd:af:56:
                    c1:d6:cb:8f:49:1c:87:f8:24:76:d1:15:63:34:3a:
                    28:78:4a:29:2d:4b:9b:92:54:06:aa:9c:26:b9:20:
                    c9:10:9e:5f:74:bf:83:74:36:23:09:b9:2e:51:f1:
                    b7:36:5b:bc:ff:c6:3f:92:d3:ca:32:8d:ba:4c:cc:
                    ca:8f:45:1b:70:d9:b1:c8:70:02:00:67:8e:4d:c2:
                    1b:fa:2a:93:65:10:04:09:b5:ce:ce:a2:d4:f4:74:
                    67:0a:ce:44:a8:97:56:49:b1:92:23:3a:d3:2e:e2:
                    69:68:cf:86:c9:56:26:c5:f6:a9:89:f0:1e:d5:b9:
                    80:5a:ae:c5:92:ca:ef:b3:c1:19:c5:cc:69:18:4d:
                    dc:b8:6b:e4:f2:db:1c:13:a9:f7:3f:c6:d8:1f:fd:
                    ee:07:2a:ca:07:f8:e1:9e:e2:df:a5:c2:e2:3e:e2:
                    14:d7:63:c3:a3:79:d5:09:15:f0:6b:e1:1f:be:11:
                    d2:8b:64:ce:1a:44:ba:39:bf:5c:6d:d7:3b:b3:e8:
                    d1:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:6D:7F:69:34:1A:47:D0:5E:ED:FC:3B:31:04:9A:C5:3B:4C:44:E3
            X509v3 Authority Key Identifier:
                keyid:42:7C:E5:71:9C:AA:68:1A:DB:D4:93:A8:D9:A3:8A:67:5D:6B:D6:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QnzlcZyqaBrb1JOo2aOKZ11r1jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/ZG1_aTQaR9Be7fw7MQSaxTtMROM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3e3548-fdb5-4ded-ba59-091c2d303fe8/1/QnzlcZyqaBrb1JOo2aOKZ11r1jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.52.185.0/24
                IPv6:
                  2a02:f181:3000::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:e8:b7:bc:11:de:fa:d6:15:39:81:35:b5:4a:aa:3c:03:7f:
         99:42:8a:24:0b:57:a7:f5:55:7c:9f:6a:2a:df:09:cd:07:26:
         a0:18:58:2c:6a:e1:b0:2f:37:4f:11:f3:1d:96:41:f2:da:9f:
         d5:50:a3:b3:66:fb:0f:93:49:f9:a5:72:33:55:54:d6:aa:fd:
         8d:c7:82:26:c7:46:b5:96:54:93:e7:bd:46:2a:ff:3d:21:9b:
         5f:85:51:05:bd:b7:85:16:c9:a1:89:3e:4f:af:19:96:62:1c:
         5e:ca:b0:b7:b7:4e:0e:3a:94:e2:61:af:17:3c:4a:f7:27:a6:
         59:52:96:78:ef:30:53:b3:37:7f:bc:b6:c1:80:88:57:98:d6:
         a9:07:5b:b0:6f:60:4a:1a:4d:e2:9e:a1:77:62:44:f3:ca:ec:
         f5:88:37:9f:9f:33:c6:c3:57:1c:65:d9:5d:77:0c:27:ae:3b:
         2f:5f:64:f4:f5:61:86:6e:c3:aa:7e:af:d9:30:25:6a:09:28:
         df:ca:e8:ad:36:78:50:d4:e7:20:17:83:71:b2:15:2e:17:89:
         fd:1d:29:b6:66:a9:bc:38:51:29:05:45:4f:98:f6:0b:8a:2b:
         f5:75:39:6d:b5:69:1a:63:fd:22:69:ee:ad:92:c0:40:0c:c5:
         01:17:56:80
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI33O0le9ZltRii4tk7iCVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyN2NlNTcxOWNhYTY4MWFkYmQ0OTNhOGQ5YTM4YTY3NWQ2
YmQ2MzkwHhcNMjQwMTAyMDYzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDZkN2Y2OTM0MWE0N2QwNWVlZGZjM2IzMTA0OWFjNTNiNGM0NGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipuzGnQZX32l0BBcKB0NcNQgvuYW
wvqVC3xJkWZzMjInVHsCciDKGnxQxJ6od61Jer/kllH7d6q9r1bB1suPSRyH+CR2
0RVjNDooeEopLUubklQGqpwmuSDJEJ5fdL+DdDYjCbkuUfG3Nlu8/8Y/ktPKMo26
TMzKj0UbcNmxyHACAGeOTcIb+iqTZRAECbXOzqLU9HRnCs5EqJdWSbGSIzrTLuJp
aM+GyVYmxfapifAe1bmAWq7Fksrvs8EZxcxpGE3cuGvk8tscE6n3P8bYH/3uByrK
B/jhnuLfpcLiPuIU12PDo3nVCRXwa+EfvhHSi2TOGkS6Ob9cbdc7s+jRPQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGRtf2k0GkfQXu38OzEEmsU7TETjMB8GA1UdIwQY
MBaAFEJ85XGcqmga29STqNmjimdda9Y5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW56bGNaeXFhQnJiMUpPbzJhT0taMTFyMWprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8zZTM1NDgtZmRiNS00ZGVkLWJhNTkt
MDkxYzJkMzAzZmU4LzEvWkcxX2FUUWFSOUJlN2Z3N01RU2F4VHRNUk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8zZTM1NDgtZmRiNS00ZGVkLWJhNTktMDkxYzJkMzAzZmU4
LzEvUW56bGNaeXFhQnJiMUpPbzJhT0taMTFyMWprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAsDS5MA8E
AgACMAkDBwAqAvGBMAAwDQYJKoZIhvcNAQELBQADggEBABDot7wR3vrWFTmBNbVK
qjwDf5lCiiQLV6f1VXyfairfCc0HJqAYWCxq4bAvN08R8x2WQfLan9VQo7Nm+w+T
SfmlcjNVVNaq/Y3HgibHRrWWVJPnvUYq/z0hm1+FUQW9t4UWyaGJPk+vGZZiHF7K
sLe3Tg46lOJhrxc8SvcnpllSlnjvMFOzN3+8tsGAiFeY1qkHW7BvYEoaTeKeoXdi
RPPK7PWIN5+fM8bDVxxl2V13DCeuOy9fZPT1YYZuw6p+r9kwJWoJKN/K6K02eFDU
5yAXg3GyFS4Xif0dKbZmqbw4USkFRU+Y9guKK/V1OW21aRpj/SJp7q2SwEAMxQEX
VoA=
-----END CERTIFICATE-----