Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/a07e18-2c6a-4930-be17-e5d7f2ddd4c2/1/ZT0aLcz3pamlNrVns7TQr4489p0.roa
File:                     ZT0aLcz3pamlNrVns7TQr4489p0.roa (raw, json)
Hash identifier:          cOlNpEQ/S8uVIMyLKFsm6sqhZ+q3Enh7gt0vc2/6CUM=
Subject key identifier:   65:3D:1A:2D:CC:F7:A5:A9:A5:36:B5:67:B3:B4:D0:AF:8E:3C:F6:9D
Certificate issuer:       /CN=f20c28d19e0dfb534826aa23aa506af68a305b7a
Certificate serial:       018CC726D20A3C2BAC1BA72B58E7D354B7FD
Authority key identifier: F2:0C:28:D1:9E:0D:FB:53:48:26:AA:23:AA:50:6A:F6:8A:30:5B:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8gwo0Z4N-1NIJqojqlBq9oowW3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/a07e18-2c6a-4930-be17-e5d7f2ddd4c2/1/ZT0aLcz3pamlNrVns7TQr4489p0.roa
Signing time:             Mon 01 Jan 2024 22:30:58 +0000
ROA not before:           Mon 01 Jan 2024 22:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1715
IP address blocks:        138.63.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/a07e18-2c6a-4930-be17-e5d7f2ddd4c2/1/8gwo0Z4N-1NIJqojqlBq9oowW3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/a07e18-2c6a-4930-be17-e5d7f2ddd4c2/1/8gwo0Z4N-1NIJqojqlBq9oowW3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8gwo0Z4N-1NIJqojqlBq9oowW3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:d2:0a:3c:2b:ac:1b:a7:2b:58:e7:d3:54:b7:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f20c28d19e0dfb534826aa23aa506af68a305b7a
        Validity
            Not Before: Jan  1 22:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=653d1a2dccf7a5a9a536b567b3b4d0af8e3cf69d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:6c:b1:3a:9b:16:44:56:45:fa:75:28:02:4b:
                    8f:b3:c9:d8:28:31:91:fc:da:e3:15:74:94:8e:a9:
                    f2:ec:09:62:8f:5b:69:04:79:7f:5e:c5:ef:2c:fa:
                    67:1e:ca:10:12:21:49:3d:1e:d1:80:73:d5:21:e3:
                    6f:58:6f:75:ff:37:17:2c:d4:a5:d4:30:cf:bd:0a:
                    2a:d0:ff:c5:a0:b5:59:2c:89:04:d1:9d:31:f4:a4:
                    51:6c:c7:24:be:25:d9:7a:b7:b5:73:a4:da:41:7d:
                    73:fb:19:47:9e:b8:c6:97:84:c9:ad:64:b8:10:a0:
                    c5:6a:78:69:3e:f8:73:d8:d4:d7:98:88:01:c7:dd:
                    70:f1:13:1d:03:ca:e3:fa:1e:45:9f:4b:ab:26:97:
                    6d:f0:dd:07:4b:04:0f:34:09:bc:2c:9e:b8:f0:fb:
                    07:d5:f4:9e:32:1d:9d:fa:d0:c2:6d:eb:d9:fa:c5:
                    55:1f:06:be:54:60:a4:37:5e:ac:66:ec:13:a3:6b:
                    8c:84:1b:32:12:06:07:58:8c:7f:4e:99:1b:89:db:
                    cc:5d:3f:e6:37:10:70:ae:0e:58:d8:bf:64:9f:fb:
                    ec:72:fa:42:0f:2d:65:a6:65:89:64:87:c7:2a:81:
                    4f:c9:63:77:52:c2:c5:03:39:4f:a8:b4:34:01:0d:
                    6e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:3D:1A:2D:CC:F7:A5:A9:A5:36:B5:67:B3:B4:D0:AF:8E:3C:F6:9D
            X509v3 Authority Key Identifier:
                keyid:F2:0C:28:D1:9E:0D:FB:53:48:26:AA:23:AA:50:6A:F6:8A:30:5B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8gwo0Z4N-1NIJqojqlBq9oowW3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/a07e18-2c6a-4930-be17-e5d7f2ddd4c2/1/ZT0aLcz3pamlNrVns7TQr4489p0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/a07e18-2c6a-4930-be17-e5d7f2ddd4c2/1/8gwo0Z4N-1NIJqojqlBq9oowW3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.63.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         47:25:f6:c9:8f:97:80:39:67:9f:b7:f2:24:5d:ff:7b:67:83:
         2e:bd:0b:f4:85:13:6b:b9:cb:8c:5c:c8:46:43:65:8d:74:92:
         e6:b8:cd:27:3d:80:fe:a3:c6:1f:66:0e:70:56:66:95:df:9a:
         de:11:1b:7c:1d:98:ee:9e:0f:00:8e:57:32:b5:53:be:58:dd:
         8c:72:20:9b:bb:94:ca:a3:ca:fc:a5:55:e9:f4:30:42:2a:fb:
         ad:95:4c:57:bf:f7:83:35:e7:49:35:6d:0a:34:04:62:33:a0:
         c0:14:2d:24:73:02:f7:4f:90:53:5b:b0:92:a2:b7:e2:99:19:
         12:88:79:c3:a0:1d:fc:83:7a:dc:a9:e0:97:8a:c1:c3:9e:59:
         d8:7d:bf:be:89:9e:39:26:3f:4f:56:d0:86:86:30:bf:a6:63:
         83:45:86:12:9c:e6:6c:c0:e2:26:a0:96:96:1d:16:a9:98:81:
         f0:1f:b4:b3:ad:58:2a:82:e5:f6:60:0b:91:1d:f9:72:a1:ba:
         b3:99:7d:cc:49:52:29:2e:ae:60:da:a7:af:8b:f7:b2:7a:8c:
         18:39:10:5d:d2:cb:33:0e:55:0f:28:d0:74:17:56:47:30:44:
         35:6f:c7:4c:47:a6:1a:ba:b0:0d:f7:40:02:21:dd:f9:bc:da:
         76:e0:4a:38
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzHJtIKPCusG6crWOfTVLf9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMGMyOGQxOWUwZGZiNTM0ODI2YWEyM2FhNTA2YWY2OGEz
MDViN2EwHhcNMjQwMTAxMjIzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTNkMWEyZGNjZjdhNWE5YTUzNmI1NjdiM2I0ZDBhZjhlM2NmNjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2yxOpsWRFZF+nUoAkuPs8nYKDGR
/NrjFXSUjqny7Alij1tpBHl/XsXvLPpnHsoQEiFJPR7RgHPVIeNvWG91/zcXLNSl
1DDPvQoq0P/FoLVZLIkE0Z0x9KRRbMckviXZere1c6TaQX1z+xlHnrjGl4TJrWS4
EKDFanhpPvhz2NTXmIgBx91w8RMdA8rj+h5Fn0urJpdt8N0HSwQPNAm8LJ648PsH
1fSeMh2d+tDCbevZ+sVVHwa+VGCkN16sZuwTo2uMhBsyEgYHWIx/TpkbidvMXT/m
NxBwrg5Y2L9kn/vscvpCDy1lpmWJZIfHKoFPyWN3UsLFAzlPqLQ0AQ1ufQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGU9Gi3M96WppTa1Z7O00K+OPPadMB8GA1UdIwQY
MBaAFPIMKNGeDftTSCaqI6pQavaKMFt6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGd3bzBaNE4tMU5JSnFvanFsQnE5b293VzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9hMDdlMTgtMmM2YS00OTMwLWJlMTct
ZTVkN2YyZGRkNGMyLzEvWlQwYUxjejNwYW1sTnJWbnM3VFFyNDQ4OXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9hMDdlMTgtMmM2YS00OTMwLWJlMTctZTVkN2YyZGRkNGMy
LzEvOGd3bzBaNE4tMU5JSnFvanFsQnE5b293VzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAij8wDQYJ
KoZIhvcNAQELBQADggEBAEcl9smPl4A5Z5+38iRd/3tngy69C/SFE2u5y4xcyEZD
ZY10kua4zSc9gP6jxh9mDnBWZpXfmt4RG3wdmO6eDwCOVzK1U75Y3YxyIJu7lMqj
yvylVen0MEIq+62VTFe/94M150k1bQo0BGIzoMAULSRzAvdPkFNbsJKit+KZGRKI
ecOgHfyDetyp4JeKwcOeWdh9v76JnjkmP09W0IaGML+mY4NFhhKc5mzA4iaglpYd
FqmYgfAftLOtWCqC5fZgC5Ed+XKhurOZfcxJUikurmDap6+L97J6jBg5EF3SyzMO
VQ8o0HQXVkcwRDVvx0xHphq6sA33QAIh3fm82nbgSjg=
-----END CERTIFICATE-----