Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/Z8cChkJdSPCDS7aon6LJWCEUZmg.roa
File:                     Z8cChkJdSPCDS7aon6LJWCEUZmg.roa (raw, json)
Hash identifier:          UAk1nCsbW7JKIHVGYC28zNeP6d1qpxa8fqEHSuxhw8A=
Subject key identifier:   67:C7:02:86:42:5D:48:F0:83:4B:B6:A8:9F:A2:C9:58:21:14:66:68
Certificate issuer:       /CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
Certificate serial:       018CC56E2EE7DB9430E54D388405BF10372E
Authority key identifier: F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/Z8cChkJdSPCDS7aon6LJWCEUZmg.roa
Signing time:             Mon 01 Jan 2024 14:29:41 +0000
ROA not before:           Mon 01 Jan 2024 14:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204300
IP address blocks:        195.225.128.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 22:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:2e:e7:db:94:30:e5:4d:38:84:05:bf:10:37:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f440e5eba2f8bfc8fe8fe56cc88a4289652390ba
        Validity
            Not Before: Jan  1 14:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67c70286425d48f0834bb6a89fa2c95821146668
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:89:3e:9e:ed:6e:d7:66:49:fc:aa:a7:3f:0a:
                    0d:ab:32:36:d2:db:04:50:d2:e3:b7:fd:ee:a8:c4:
                    25:ed:5c:0a:54:cb:1d:1e:1f:f3:7b:f5:92:b6:90:
                    63:39:66:46:ef:76:22:ae:3e:4f:4a:a9:59:ec:92:
                    9a:43:4e:29:a5:6a:8d:c9:86:9f:a7:b3:36:48:d5:
                    8c:cc:7b:1a:4f:f1:ce:05:d7:c6:fd:c9:7d:e2:65:
                    63:80:e5:1f:09:d5:13:48:4c:19:f0:06:f5:1e:69:
                    10:5d:44:1c:e2:d8:9c:4c:85:40:5a:cb:3f:f5:9a:
                    43:85:e6:43:07:e3:48:fc:0c:bb:f4:05:63:46:d7:
                    c1:60:93:99:f1:a2:2a:23:08:75:71:0f:89:85:4c:
                    d5:d2:7a:d4:43:c7:a3:83:08:23:16:d0:45:5c:21:
                    b0:e2:29:89:98:ac:35:7f:f8:73:be:a0:50:aa:c2:
                    3f:07:b3:a3:11:88:ca:82:b4:5f:71:0c:52:03:32:
                    05:48:e7:21:d2:98:74:ae:d7:18:5b:ca:7a:aa:06:
                    d9:5a:ea:ce:f0:9e:0e:c5:8f:b5:92:67:67:e7:5d:
                    6b:32:af:49:95:5e:9f:62:0c:67:b6:aa:47:93:4a:
                    9f:e1:37:26:82:53:3d:5e:55:ee:73:de:cf:6b:c9:
                    b8:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C7:02:86:42:5D:48:F0:83:4B:B6:A8:9F:A2:C9:58:21:14:66:68
            X509v3 Authority Key Identifier:
                keyid:F4:40:E5:EB:A2:F8:BF:C8:FE:8F:E5:6C:C8:8A:42:89:65:23:90:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9EDl66L4v8j-j-VsyIpCiWUjkLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/Z8cChkJdSPCDS7aon6LJWCEUZmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/de8662-993f-47f7-a27f-00b92c1c1ef4/1/9EDl66L4v8j-j-VsyIpCiWUjkLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:64:34:7b:33:8c:3f:e1:3d:84:2b:cd:df:78:64:b6:06:03:
         ee:87:8e:4a:66:a4:4b:34:3e:cc:c9:05:3d:3a:e6:60:e4:11:
         f5:d9:1f:55:9d:f8:fb:48:97:bb:43:10:2f:f4:c3:ce:c8:db:
         d3:97:1f:ac:86:0e:39:bf:29:44:cd:2b:2d:a9:32:17:c8:6c:
         55:f0:36:a5:77:b4:63:35:18:aa:e4:ed:a9:85:2c:a9:90:61:
         2f:08:90:97:59:b9:e4:9c:23:cf:6d:65:20:37:1b:18:e8:c4:
         5f:05:45:aa:21:1a:06:29:e0:46:c5:33:4e:1b:7a:c5:cf:13:
         27:9c:48:a2:fd:c0:8a:41:e4:ca:58:8a:b3:86:4f:60:a9:00:
         30:88:cd:4f:f5:d1:fa:51:61:6b:05:89:ce:ed:af:89:e4:58:
         c7:90:34:a6:9e:03:e7:ba:a2:f8:8a:1c:21:70:61:01:fa:f4:
         8c:f2:a7:22:62:af:b4:41:58:e6:de:d0:2f:46:a4:14:d4:eb:
         b9:e3:11:06:e0:95:0a:ce:15:16:87:19:b7:d2:bb:b4:bb:fd:
         74:94:f3:96:08:9f:21:e9:d6:ba:32:68:c7:b7:58:eb:dd:a0:
         15:20:5d:3f:95:a3:41:5e:c0:d8:00:0b:bf:c4:c3:47:bb:c0:
         9f:5c:a9:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbi7n25Qw5U04hAW/EDcuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0NDBlNWViYTJmOGJmYzhmZThmZTU2Y2M4OGE0Mjg5NjUy
MzkwYmEwHhcNMjQwMTAxMTQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2M3MDI4NjQyNWQ0OGYwODM0YmI2YTg5ZmEyYzk1ODIxMTQ2NjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Yk+nu1u12ZJ/KqnPwoNqzI20tsE
UNLjt/3uqMQl7VwKVMsdHh/ze/WStpBjOWZG73Yirj5PSqlZ7JKaQ04ppWqNyYaf
p7M2SNWMzHsaT/HOBdfG/cl94mVjgOUfCdUTSEwZ8Ab1HmkQXUQc4ticTIVAWss/
9ZpDheZDB+NI/Ay79AVjRtfBYJOZ8aIqIwh1cQ+JhUzV0nrUQ8ejgwgjFtBFXCGw
4imJmKw1f/hzvqBQqsI/B7OjEYjKgrRfcQxSAzIFSOch0ph0rtcYW8p6qgbZWurO
8J4OxY+1kmdn511rMq9JlV6fYgxntqpHk0qf4TcmglM9XlXuc97Pa8m4RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfHAoZCXUjwg0u2qJ+iyVghFGZoMB8GA1UdIwQY
MBaAFPRA5eui+L/I/o/lbMiKQollI5C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2Yt
MDBiOTJjMWMxZWY0LzEvWjhjQ2hrSmRTUENEUzdhb242TEpXQ0VVWm1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9kZTg2NjItOTkzZi00N2Y3LWEyN2YtMDBiOTJjMWMxZWY0
LzEvOUVEbDY2TDR2OGotai1Wc3lJcENpV1Vqa0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw+GAMA0G
CSqGSIb3DQEBCwUAA4IBAQA5ZDR7M4w/4T2EK83feGS2BgPuh45KZqRLND7MyQU9
OuZg5BH12R9Vnfj7SJe7QxAv9MPOyNvTlx+shg45vylEzSstqTIXyGxV8Dald7Rj
NRiq5O2phSypkGEvCJCXWbnknCPPbWUgNxsY6MRfBUWqIRoGKeBGxTNOG3rFzxMn
nEii/cCKQeTKWIqzhk9gqQAwiM1P9dH6UWFrBYnO7a+J5FjHkDSmngPnuqL4ihwh
cGEB+vSM8qciYq+0QVjm3tAvRqQU1Ou54xEG4JUKzhUWhxm30ru0u/10lPOWCJ8h
6da6MmjHt1jr3aAVIF0/laNBXsDYAAu/xMNHu8CfXKkx
-----END CERTIFICATE-----