Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/zmGIWV2G4DUOfIOL8HAHjTtmltk.roa
File:                     zmGIWV2G4DUOfIOL8HAHjTtmltk.roa (raw, json)
Hash identifier:          s/1IvO4wXtnqx2OXDVM0HKyVOZ6VPAuXGzFmz9vyDEI=
Subject key identifier:   CE:61:88:59:5D:86:E0:35:0E:7C:83:8B:F0:70:07:8D:3B:66:96:D9
Certificate issuer:       /CN=9f5646f7d8afc0a933fb33333f37013d83a04d00
Certificate serial:       018CC5010CC6AC76C2CD6FE0072516BDF039
Authority key identifier: 9F:56:46:F7:D8:AF:C0:A9:33:FB:33:33:3F:37:01:3D:83:A0:4D:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n1ZG99ivwKkz-zMzPzcBPYOgTQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/zmGIWV2G4DUOfIOL8HAHjTtmltk.roa
Signing time:             Mon 01 Jan 2024 12:30:29 +0000
ROA not before:           Mon 01 Jan 2024 12:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201841
IP address blocks:        195.146.135.0/24 maxlen: 24
                          195.146.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/n1ZG99ivwKkz-zMzPzcBPYOgTQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/n1ZG99ivwKkz-zMzPzcBPYOgTQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n1ZG99ivwKkz-zMzPzcBPYOgTQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0c:c6:ac:76:c2:cd:6f:e0:07:25:16:bd:f0:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f5646f7d8afc0a933fb33333f37013d83a04d00
        Validity
            Not Before: Jan  1 12:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce6188595d86e0350e7c838bf070078d3b6696d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0a:6a:5c:20:f3:a9:18:6a:76:d7:8d:ac:2a:
                    d5:83:67:b6:33:ea:db:bf:bd:a5:f7:23:86:c4:5a:
                    47:31:d8:68:6d:cd:1e:d1:33:4b:46:aa:43:99:39:
                    aa:c6:8f:24:44:1f:e8:f8:de:e3:5d:42:ff:3b:92:
                    43:05:f1:e8:df:72:24:81:8b:fc:68:94:08:ec:02:
                    15:bd:c8:13:2b:98:bc:24:46:eb:8b:7d:d6:bc:1e:
                    2d:98:c5:04:13:97:87:d9:e3:8a:e0:b2:6f:89:1e:
                    5f:29:4a:c8:12:dc:9e:1c:b7:5d:44:b6:fa:85:91:
                    ba:84:10:47:89:53:60:9f:8a:3b:53:16:af:94:d2:
                    84:7c:c7:5c:95:9a:29:62:a8:02:f5:1b:13:f1:b7:
                    c2:48:82:59:f1:7e:a2:fa:b9:8a:81:43:46:f0:19:
                    e6:57:6d:53:b3:80:e8:26:57:4b:fc:97:14:13:3d:
                    ac:81:63:45:1f:4a:7a:bf:2e:18:25:8a:16:02:29:
                    74:f6:15:03:9a:85:cf:ac:85:e5:75:1e:a4:51:ec:
                    56:88:d4:f7:ff:6a:c2:81:f3:c4:13:52:fa:fe:9f:
                    78:cf:ed:be:d2:5b:2b:67:db:b0:5a:8b:34:61:43:
                    26:05:6e:63:8a:1f:50:3c:9a:4e:7c:c1:89:78:e1:
                    1f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:61:88:59:5D:86:E0:35:0E:7C:83:8B:F0:70:07:8D:3B:66:96:D9
            X509v3 Authority Key Identifier:
                keyid:9F:56:46:F7:D8:AF:C0:A9:33:FB:33:33:3F:37:01:3D:83:A0:4D:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n1ZG99ivwKkz-zMzPzcBPYOgTQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/zmGIWV2G4DUOfIOL8HAHjTtmltk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/n1ZG99ivwKkz-zMzPzcBPYOgTQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.146.135.0/24
                  195.146.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:2e:e0:28:b7:8e:ca:b7:af:54:5b:dc:cd:cd:31:3f:28:63:
         00:2d:22:aa:e7:49:03:26:41:4e:60:3e:d6:8f:8d:88:de:77:
         f6:46:20:0c:72:3f:fa:62:24:4e:8d:c8:6e:67:1b:7c:e2:3d:
         8c:bd:3b:c8:88:73:d9:ae:d7:35:13:68:d7:8d:7c:49:8f:e3:
         84:a2:a2:68:8f:3a:3f:0e:8e:e3:9f:a8:d7:bc:de:ce:d4:c2:
         28:b5:fa:42:a7:cd:4b:27:3e:b0:26:60:10:a0:6a:35:84:4d:
         35:62:e1:0b:23:f3:1c:b2:64:ae:a5:32:e3:44:f8:6c:f1:a5:
         5d:2c:cf:43:ef:ae:65:1b:6d:7f:26:48:f4:a8:ba:ff:3d:59:
         fb:ee:69:d0:33:88:a4:f6:aa:bc:2f:91:d6:07:9c:cb:10:a7:
         36:5d:94:6c:9b:6f:b1:6a:f1:d7:9c:a4:1b:1f:99:f5:b1:2c:
         27:6f:72:a8:d6:51:4c:7a:4a:f6:1a:c8:6a:77:a4:93:51:7e:
         6d:19:03:03:5a:86:16:9e:fe:f6:ab:a9:5a:6b:bd:96:9a:84:
         73:12:6e:51:90:26:95:30:cf:04:05:b9:23:7b:b9:58:ae:49:
         e6:26:b5:a8:49:16:64:7b:fb:ce:4e:95:b5:16:82:21:7c:40:
         5f:cf:c1:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAQzGrHbCzW/gByUWvfA5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmNTY0NmY3ZDhhZmMwYTkzM2ZiMzMzMzNmMzcwMTNkODNh
MDRkMDAwHhcNMjQwMTAxMTIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTYxODg1OTVkODZlMDM1MGU3YzgzOGJmMDcwMDc4ZDNiNjY5NmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQpqXCDzqRhqdteNrCrVg2e2M+rb
v72l9yOGxFpHMdhobc0e0TNLRqpDmTmqxo8kRB/o+N7jXUL/O5JDBfHo33IkgYv8
aJQI7AIVvcgTK5i8JEbri33WvB4tmMUEE5eH2eOK4LJviR5fKUrIEtyeHLddRLb6
hZG6hBBHiVNgn4o7UxavlNKEfMdclZopYqgC9RsT8bfCSIJZ8X6i+rmKgUNG8Bnm
V21Ts4DoJldL/JcUEz2sgWNFH0p6vy4YJYoWAil09hUDmoXPrIXldR6kUexWiNT3
/2rCgfPEE1L6/p94z+2+0lsrZ9uwWos0YUMmBW5jih9QPJpOfMGJeOEf6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM5hiFldhuA1DnyDi/BwB407ZpbZMB8GA1UdIwQY
MBaAFJ9WRvfYr8CpM/szMz83AT2DoE0AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjFaRzk5aXZ3S2t6LXpNelB6Y0JQWU9nVFFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi85MTY5MTctODhjNS00ZTdiLTgxMWUt
N2QzMmNhMDY1YjY2LzEvem1HSVdWMkc0RFVPZklPTDhIQUhqVHRtbHRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi85MTY5MTctODhjNS00ZTdiLTgxMWUtN2QzMmNhMDY1YjY2
LzEvbjFaRzk5aXZ3S2t6LXpNelB6Y0JQWU9nVFFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw5KHAwQA
w5KQMA0GCSqGSIb3DQEBCwUAA4IBAQA+LuAot47Kt69UW9zNzTE/KGMALSKq50kD
JkFOYD7Wj42I3nf2RiAMcj/6YiROjchuZxt84j2MvTvIiHPZrtc1E2jXjXxJj+OE
oqJojzo/Do7jn6jXvN7O1MIotfpCp81LJz6wJmAQoGo1hE01YuELI/McsmSupTLj
RPhs8aVdLM9D765lG21/Jkj0qLr/PVn77mnQM4ik9qq8L5HWB5zLEKc2XZRsm2+x
avHXnKQbH5n1sSwnb3Ko1lFMekr2Gshqd6STUX5tGQMDWoYWnv72q6laa72WmoRz
Em5RkCaVMM8EBbkje7lYrknmJrWoSRZke/vOTpW1FoIhfEBfz8ET
-----END CERTIFICATE-----