Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f58da0-dfbe-416a-bfaa-36170cd81330/1/zVlfLN5kFE7S_LzwrTC_Pwc2hkI.roa
File:                     zVlfLN5kFE7S_LzwrTC_Pwc2hkI.roa (raw, json)
Hash identifier:          5rNOEwRFFR2jmUsXQc8yIzJJZmaXarQdg8IT9UHQRAI=
Subject key identifier:   CD:59:5F:2C:DE:64:14:4E:D2:FC:BC:F0:AD:30:BF:3F:07:36:86:42
Certificate issuer:       /CN=987caf0cb6b3301cc084a25d5c21410a92ca7e36
Certificate serial:       018CEDAAD367F54B71704C6D8F291A8BC332
Authority key identifier: 98:7C:AF:0C:B6:B3:30:1C:C0:84:A2:5D:5C:21:41:0A:92:CA:7E:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mHyvDLazMBzAhKJdXCFBCpLKfjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f58da0-dfbe-416a-bfaa-36170cd81330/1/zVlfLN5kFE7S_LzwrTC_Pwc2hkI.roa
Signing time:             Tue 09 Jan 2024 10:00:44 +0000
ROA not before:           Tue 09 Jan 2024 10:00:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12703
IP address blocks:        185.43.48.0/22 maxlen: 24
                          2a01:5ae0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f58da0-dfbe-416a-bfaa-36170cd81330/1/mHyvDLazMBzAhKJdXCFBCpLKfjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f58da0-dfbe-416a-bfaa-36170cd81330/1/mHyvDLazMBzAhKJdXCFBCpLKfjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mHyvDLazMBzAhKJdXCFBCpLKfjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:aa:d3:67:f5:4b:71:70:4c:6d:8f:29:1a:8b:c3:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=987caf0cb6b3301cc084a25d5c21410a92ca7e36
        Validity
            Not Before: Jan  9 10:00:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd595f2cde64144ed2fcbcf0ad30bf3f07368642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ad:dd:1d:6a:f0:41:54:a1:e7:40:0f:6e:1b:
                    f7:a3:89:a8:34:e3:ac:30:97:52:74:63:38:0e:17:
                    83:61:63:d0:02:b3:a2:e1:62:44:92:02:c5:5c:e7:
                    86:6a:33:22:06:e9:76:38:20:bd:f7:75:ea:52:fb:
                    8e:49:20:c2:b3:26:f3:cb:d3:ef:e1:d2:54:5e:11:
                    08:32:8a:2b:84:cc:53:37:08:20:5f:b1:f8:37:83:
                    34:26:cf:7a:cb:3a:45:b4:19:3d:c7:9f:8b:13:f9:
                    1e:60:a4:7c:29:f3:c9:d9:dc:02:cd:89:f5:44:2b:
                    41:4c:83:5f:53:d5:08:b5:e6:93:99:ed:30:d8:b0:
                    28:f6:31:f9:5a:ce:07:45:b9:9e:c2:33:51:bb:d4:
                    41:9c:9d:27:2a:14:07:ee:e5:3b:8a:ef:40:2e:c6:
                    89:a5:b4:8a:c7:32:ee:c1:2e:58:b6:76:27:c7:ce:
                    f4:c0:f1:b6:55:3d:d3:de:d9:0a:41:96:66:51:fc:
                    80:19:25:b4:5c:46:8c:26:b9:8d:ec:7d:3a:97:07:
                    a8:25:e4:49:5a:b6:90:08:e7:7d:4e:cd:b6:65:0e:
                    a2:54:8b:3a:bf:9d:09:61:63:0e:1a:28:70:07:e9:
                    7d:45:f8:db:ec:9e:18:e7:51:26:90:ab:63:0f:7a:
                    cc:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:59:5F:2C:DE:64:14:4E:D2:FC:BC:F0:AD:30:BF:3F:07:36:86:42
            X509v3 Authority Key Identifier:
                keyid:98:7C:AF:0C:B6:B3:30:1C:C0:84:A2:5D:5C:21:41:0A:92:CA:7E:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mHyvDLazMBzAhKJdXCFBCpLKfjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f58da0-dfbe-416a-bfaa-36170cd81330/1/zVlfLN5kFE7S_LzwrTC_Pwc2hkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f58da0-dfbe-416a-bfaa-36170cd81330/1/mHyvDLazMBzAhKJdXCFBCpLKfjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.48.0/22
                IPv6:
                  2a01:5ae0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:cd:68:92:34:24:16:25:1c:da:b6:36:e5:b3:11:a2:46:20:
         7d:e9:f2:9a:b6:1b:2f:58:2a:a7:14:4d:58:95:f5:ce:c9:2c:
         cd:f3:0d:08:72:70:16:3c:d3:6c:db:c5:f1:2c:6c:09:08:47:
         db:56:21:d8:cc:19:b6:8c:cc:ec:a0:18:c7:50:b9:ff:5a:54:
         cf:3b:0c:6c:48:f0:4b:f1:a4:b0:6d:73:ac:65:f8:61:be:57:
         16:62:85:cf:8c:ba:98:b8:71:67:19:84:3d:78:75:f6:d3:0e:
         2e:dc:dd:12:5b:f8:72:ea:e8:c9:1b:0e:2f:9b:88:ce:78:ea:
         6f:7d:8e:d3:a1:fd:22:1c:6e:8a:cd:30:a4:5e:3e:2d:a5:32:
         4e:4b:d4:15:40:35:67:36:ca:8c:b0:13:46:86:9d:74:9f:1b:
         e0:5b:6f:b9:b7:b8:50:f7:6c:52:5e:89:d9:47:0c:7e:6c:b8:
         b8:f3:21:88:0c:07:2f:cb:a4:f6:c6:38:15:fb:42:c6:23:8c:
         41:8e:15:ea:e5:62:4d:f7:8a:9d:c6:52:25:29:8c:ce:17:1d:
         8a:0e:32:ed:ce:24:cf:2b:85:37:01:f5:ca:f3:10:af:f8:f0:
         c3:e4:dc:58:07:09:c7:f1:9e:1a:4e:65:d5:cf:29:33:4a:0f:
         98:24:6b:53
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYztqtNn9UtxcExtjykai8MyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4N2NhZjBjYjZiMzMwMWNjMDg0YTI1ZDVjMjE0MTBhOTJj
YTdlMzYwHhcNMjQwMTA5MTAwMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDU5NWYyY2RlNjQxNDRlZDJmY2JjZjBhZDMwYmYzZjA3MzY4NjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm63dHWrwQVSh50APbhv3o4moNOOs
MJdSdGM4DheDYWPQArOi4WJEkgLFXOeGajMiBul2OCC993XqUvuOSSDCsybzy9Pv
4dJUXhEIMoorhMxTNwggX7H4N4M0Js96yzpFtBk9x5+LE/keYKR8KfPJ2dwCzYn1
RCtBTINfU9UIteaTme0w2LAo9jH5Ws4HRbmewjNRu9RBnJ0nKhQH7uU7iu9ALsaJ
pbSKxzLuwS5YtnYnx870wPG2VT3T3tkKQZZmUfyAGSW0XEaMJrmN7H06lweoJeRJ
WraQCOd9Ts22ZQ6iVIs6v50JYWMOGihwB+l9Rfjb7J4Y51EmkKtjD3rM/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM1ZXyzeZBRO0vy88K0wvz8HNoZCMB8GA1UdIwQY
MBaAFJh8rwy2szAcwISiXVwhQQqSyn42MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUh5dkRMYXpNQnpBaEtKZFhDRkJDcExLZmpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mNThkYTAtZGZiZS00MTZhLWJmYWEt
MzYxNzBjZDgxMzMwLzEvelZsZkxONWtGRTdTX0x6d3JUQ19Qd2MyaGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mNThkYTAtZGZiZS00MTZhLWJmYWEtMzYxNzBjZDgxMzMw
LzEvbUh5dkRMYXpNQnpBaEtKZFhDRkJDcExLZmpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSswMA0E
AgACMAcDBQAqAVrgMA0GCSqGSIb3DQEBCwUAA4IBAQCfzWiSNCQWJRzatjblsxGi
RiB96fKathsvWCqnFE1YlfXOySzN8w0IcnAWPNNs28XxLGwJCEfbViHYzBm2jMzs
oBjHULn/WlTPOwxsSPBL8aSwbXOsZfhhvlcWYoXPjLqYuHFnGYQ9eHX20w4u3N0S
W/hy6ujJGw4vm4jOeOpvfY7Tof0iHG6KzTCkXj4tpTJOS9QVQDVnNsqMsBNGhp10
nxvgW2+5t7hQ92xSXonZRwx+bLi48yGIDAcvy6T2xjgV+0LGI4xBjhXq5WJN94qd
xlIlKYzOFx2KDjLtziTPK4U3AfXK8xCv+PDD5NxYBwnH8Z4aTmXVzykzSg+YJGtT
-----END CERTIFICATE-----