Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/zXWEkVMj0KHOF0TmrBpdKYH3HKM.roa
File:                     zXWEkVMj0KHOF0TmrBpdKYH3HKM.roa (raw, json)
Hash identifier:          kDgIP3D3nziq8CJtSw9+crUNsI9ccrPi4be/4WyqMJ4=
Subject key identifier:   CD:75:84:91:53:23:D0:A1:CE:17:44:E6:AC:1A:5D:29:81:F7:1C:A3
Certificate issuer:       /CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
Certificate serial:       018CC794EDD4B1FCE23F54535F561470B221
Authority key identifier: F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/zXWEkVMj0KHOF0TmrBpdKYH3HKM.roa
Signing time:             Tue 02 Jan 2024 00:31:15 +0000
ROA not before:           Tue 02 Jan 2024 00:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5488
IP address blocks:        195.66.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ed:d4:b1:fc:e2:3f:54:53:5f:56:14:70:b2:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
        Validity
            Not Before: Jan  2 00:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd7584915323d0a1ce1744e6ac1a5d2981f71ca3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:3b:b8:e3:e0:c9:9a:46:0f:90:61:c0:39:38:
                    60:8e:a1:74:1d:b3:db:3f:03:64:7d:6e:0a:d9:57:
                    b0:23:f2:cc:a7:bc:4d:2c:26:2d:bb:eb:08:a2:ab:
                    3c:b7:95:82:53:96:87:08:6b:fb:5d:85:01:85:86:
                    40:4a:b6:df:5f:c4:d4:5e:12:46:35:a6:45:95:6d:
                    77:a9:4d:c5:0e:da:02:fe:69:b0:0b:a7:5a:14:73:
                    4e:ef:ad:9f:25:4a:01:8c:6d:f0:a6:0c:24:6a:36:
                    c7:e4:95:6e:cb:3a:28:39:dc:79:c4:fd:e2:c8:14:
                    38:d8:9b:d0:1a:a6:71:69:9c:47:67:b6:38:04:14:
                    64:40:a6:f4:88:14:4e:fe:60:6d:ca:fd:b1:79:1f:
                    9a:7d:1e:76:68:12:70:54:5b:50:7e:89:9c:33:5f:
                    bd:71:2b:c6:29:1b:25:92:a4:ac:51:68:97:20:cb:
                    51:92:63:ef:8b:c5:15:0c:b4:a7:03:8a:53:a9:be:
                    7a:65:20:aa:19:72:de:14:36:27:37:df:77:d2:ba:
                    3b:a9:d9:75:d3:75:37:65:fd:e1:96:87:52:be:ce:
                    41:55:54:e8:3e:70:b2:65:47:ac:69:be:2a:22:59:
                    3a:ca:7f:b5:a5:08:d3:0d:d5:76:3f:1b:2a:26:db:
                    b4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:75:84:91:53:23:D0:A1:CE:17:44:E6:AC:1A:5D:29:81:F7:1C:A3
            X509v3 Authority Key Identifier:
                keyid:F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/zXWEkVMj0KHOF0TmrBpdKYH3HKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:59:e7:f0:c8:5d:c0:de:e8:00:7d:82:7c:2b:80:f0:fe:d6:
         05:1c:0c:c1:cd:a4:8b:bb:24:17:ee:db:8f:8f:f6:ca:4f:d8:
         13:af:48:55:ca:a6:33:42:fd:58:62:83:87:ca:77:5e:76:6a:
         31:56:b8:29:ee:1c:43:a5:dd:9b:f2:82:b3:8e:e4:6e:fb:95:
         ed:14:16:a1:4d:b1:e3:20:a6:91:7d:da:ad:63:fc:5a:af:3f:
         26:27:4e:98:95:f3:f7:2f:62:c4:a4:c4:e8:60:4d:40:4b:8c:
         e3:cb:b9:4f:70:45:45:0a:59:4c:00:92:5f:11:83:eb:96:56:
         ef:0d:c5:7f:d8:c1:aa:87:b7:ee:73:b5:d3:e2:78:f8:6f:d9:
         2c:83:78:3f:fd:b1:b9:aa:0a:9c:a9:25:28:fc:32:46:4f:6a:
         18:0c:3a:84:87:ab:1b:3a:8b:bc:cf:82:a5:2c:7b:e6:3b:09:
         8c:64:4e:3d:1c:e9:d2:f0:0b:c2:61:64:a2:41:5d:74:f6:d4:
         b3:6e:c9:10:ca:9f:f7:8d:7a:ca:4e:05:69:0a:1b:c9:d3:3a:
         d4:6d:06:31:82:9b:5a:55:f1:f2:1d:47:0e:fb:82:d3:9d:fc:
         e9:bb:61:d3:01:6b:e4:b4:5d:f3:de:7b:8e:6d:ca:60:20:f8:
         66:bc:e2:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlO3UsfziP1RTX1YUcLIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOTkxOGVkMjE5ZTdkM2Q5MjI3MzdlY2RjNzMxZjBjYTYw
YTY4YjgwHhcNMjQwMTAyMDAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDc1ODQ5MTUzMjNkMGExY2UxNzQ0ZTZhYzFhNWQyOTgxZjcxY2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDu44+DJmkYPkGHAOThgjqF0HbPb
PwNkfW4K2VewI/LMp7xNLCYtu+sIoqs8t5WCU5aHCGv7XYUBhYZASrbfX8TUXhJG
NaZFlW13qU3FDtoC/mmwC6daFHNO762fJUoBjG3wpgwkajbH5JVuyzooOdx5xP3i
yBQ42JvQGqZxaZxHZ7Y4BBRkQKb0iBRO/mBtyv2xeR+afR52aBJwVFtQfomcM1+9
cSvGKRslkqSsUWiXIMtRkmPvi8UVDLSnA4pTqb56ZSCqGXLeFDYnN9930ro7qdl1
03U3Zf3hlodSvs5BVVToPnCyZUesab4qIlk6yn+1pQjTDdV2PxsqJtu0AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM11hJFTI9ChzhdE5qwaXSmB9xyjMB8GA1UdIwQY
MBaAFPGZGO0hnn09kic37NxzHwymCmi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzIt
MzEzZWZlYjBiMTlkLzEvelhXRWtWTWowS0hPRjBUbXJCcGRLWUgzSEtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzItMzEzZWZlYjBiMTlk
LzEvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JrMA0G
CSqGSIb3DQEBCwUAA4IBAQBSWefwyF3A3ugAfYJ8K4Dw/tYFHAzBzaSLuyQX7tuP
j/bKT9gTr0hVyqYzQv1YYoOHyndedmoxVrgp7hxDpd2b8oKzjuRu+5XtFBahTbHj
IKaRfdqtY/xarz8mJ06YlfP3L2LEpMToYE1AS4zjy7lPcEVFCllMAJJfEYPrllbv
DcV/2MGqh7fuc7XT4nj4b9ksg3g//bG5qgqcqSUo/DJGT2oYDDqEh6sbOou8z4Kl
LHvmOwmMZE49HOnS8AvCYWSiQV109tSzbskQyp/3jXrKTgVpChvJ0zrUbQYxgpta
VfHyHUcO+4LTnfzpu2HTAWvktF3z3nuObcpgIPhmvOJH
-----END CERTIFICATE-----