Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/ZG1WOqcat7NEb6oXdVx8DM6AMys.roa
File:                     ZG1WOqcat7NEb6oXdVx8DM6AMys.roa (raw, json)
Hash identifier:          /PuKz7vWYyfh5qGuj9mKKQdo87M6f6ra/vvfo8DY/50=
Subject key identifier:   64:6D:56:3A:A7:1A:B7:B3:44:6F:AA:17:75:5C:7C:0C:CE:80:33:2B
Certificate issuer:       /CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
Certificate serial:       018CC3B741759A0F2F49B2478485B86BFA89
Authority key identifier: 76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/ZG1WOqcat7NEb6oXdVx8DM6AMys.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6762
IP address blocks:        212.24.113.0/24 maxlen: 24
                          185.252.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:41:75:9a:0f:2f:49:b2:47:84:85:b8:6b:fa:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=646d563aa71ab7b3446faa17755c7c0cce80332b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b2:4a:d6:e5:fb:f7:f5:fe:33:0f:21:ce:75:
                    d2:fd:1f:9c:2d:8f:ee:b7:a1:23:6b:8a:73:c2:4c:
                    21:a9:9c:c4:2b:2c:a7:ea:1f:b8:7c:82:5c:48:e7:
                    0a:f4:67:3e:37:3d:b6:fb:51:c2:28:c4:7f:5c:82:
                    40:63:69:0a:fa:34:39:ca:6b:e7:a7:37:50:a7:46:
                    ed:3b:bb:5b:29:dd:dc:ca:ea:0d:00:e3:75:5d:03:
                    b4:be:5f:38:57:35:32:2b:74:f6:a0:89:12:ec:1d:
                    2b:7f:cf:60:48:58:3e:4e:1d:82:fd:ea:09:1d:77:
                    21:ff:2f:f1:67:bb:05:b8:a1:4f:08:c2:8f:40:f4:
                    fd:af:cc:70:64:60:90:81:9e:94:f1:99:27:ea:14:
                    b8:b5:03:96:cd:1c:8b:78:45:75:72:29:7f:8c:19:
                    32:b8:83:ef:92:15:b2:58:7a:71:de:4b:05:a7:a3:
                    9f:7b:34:60:a0:f5:72:e8:fc:67:80:06:2b:e4:ea:
                    ea:46:00:a3:52:dc:37:24:20:6a:dd:8a:7d:c2:e0:
                    37:6a:f0:1d:6e:15:ce:fb:02:0f:d5:46:f9:ca:f3:
                    95:fb:6b:be:76:7f:d4:58:2f:d3:01:e0:59:c8:c7:
                    e3:c6:03:e9:04:74:ba:ae:c7:ea:8b:2d:15:f3:c0:
                    60:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:6D:56:3A:A7:1A:B7:B3:44:6F:AA:17:75:5C:7C:0C:CE:80:33:2B
            X509v3 Authority Key Identifier:
                keyid:76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/ZG1WOqcat7NEb6oXdVx8DM6AMys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.211.0/24
                  212.24.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:97:9d:7d:b0:b7:69:1c:20:d8:0c:4f:a6:b1:45:68:be:da:
         5a:1f:86:ee:c6:9c:fe:a9:bd:0d:57:39:54:3c:68:ba:8e:76:
         e5:5e:e5:8a:37:4c:16:b7:e0:8e:a0:a8:50:f8:23:94:f6:02:
         49:f2:2f:5b:ee:af:56:d9:16:b7:2f:71:fb:16:e0:bf:1d:d0:
         cb:12:06:0f:ec:20:37:fc:58:55:3d:cc:9c:c2:d3:00:5c:e1:
         c9:bc:0f:1f:6b:e6:71:05:fc:46:46:4b:43:28:2d:d0:6d:45:
         d4:94:1d:c2:42:c2:d9:d4:c0:e8:f7:fc:0d:8f:b6:a3:09:ad:
         37:64:f3:27:43:1e:8e:b0:24:24:11:f7:a3:74:50:17:37:0c:
         36:b4:28:56:c0:97:ac:03:b6:f6:37:bb:a2:4e:a6:27:a5:70:
         0f:80:1e:00:2f:9b:c3:7e:49:ac:84:ec:0a:28:37:c0:68:94:
         71:31:0c:8c:fb:9f:4e:b3:7f:90:d2:57:3f:e1:62:cb:c0:eb:
         59:45:9d:45:8d:3f:b0:31:4f:9e:d3:89:81:7b:ff:dd:fd:c5:
         0a:29:dc:15:88:ef:e3:bf:bd:e3:ec:d1:ce:64:93:0e:0e:5b:
         21:74:82:74:2e:8e:3c:95:4e:e1:de:7f:2c:9e:5f:29:0f:a4:
         20:79:9a:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDt0F1mg8vSbJHhIW4a/qJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2YzYmQ0YmZiZDMwNzFjMzhjZDRkNzA5MmJkMzQ5MDky
MGMzZDkwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDZkNTYzYWE3MWFiN2IzNDQ2ZmFhMTc3NTVjN2MwY2NlODAzMzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7JK1uX79/X+Mw8hznXS/R+cLY/u
t6Eja4pzwkwhqZzEKyyn6h+4fIJcSOcK9Gc+Nz22+1HCKMR/XIJAY2kK+jQ5ymvn
pzdQp0btO7tbKd3cyuoNAON1XQO0vl84VzUyK3T2oIkS7B0rf89gSFg+Th2C/eoJ
HXch/y/xZ7sFuKFPCMKPQPT9r8xwZGCQgZ6U8Zkn6hS4tQOWzRyLeEV1cil/jBky
uIPvkhWyWHpx3ksFp6OfezRgoPVy6PxngAYr5OrqRgCjUtw3JCBq3Yp9wuA3avAd
bhXO+wIP1Ub5yvOV+2u+dn/UWC/TAeBZyMfjxgPpBHS6rsfqiy0V88BgLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGRtVjqnGrezRG+qF3VcfAzOgDMrMB8GA1UdIwQY
MBaAFHZ/O9S/vTBxw4zU1wkr00kJIMPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgt
NGZiNTU5YjNiOWIzLzEvWkcxV09xY2F0N05FYjZvWGRWeDhETTZBTXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgtNGZiNTU5YjNiOWIz
LzEvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAufzTAwQA
1BhxMA0GCSqGSIb3DQEBCwUAA4IBAQAbl519sLdpHCDYDE+msUVovtpaH4buxpz+
qb0NVzlUPGi6jnblXuWKN0wWt+COoKhQ+COU9gJJ8i9b7q9W2Ra3L3H7FuC/HdDL
EgYP7CA3/FhVPcycwtMAXOHJvA8fa+ZxBfxGRktDKC3QbUXUlB3CQsLZ1MDo9/wN
j7ajCa03ZPMnQx6OsCQkEfejdFAXNww2tChWwJesA7b2N7uiTqYnpXAPgB4AL5vD
fkmshOwKKDfAaJRxMQyM+59Os3+Q0lc/4WLLwOtZRZ1FjT+wMU+e04mBe//d/cUK
KdwViO/jv73j7NHOZJMODlshdIJ0Lo48lU7h3n8snl8pD6QgeZpf
-----END CERTIFICATE-----