Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Zr0-0l8vXiaqPfObPTXfC08DZII.roa
File:                     Zr0-0l8vXiaqPfObPTXfC08DZII.roa (raw, json)
Hash identifier:          YxypRljyjKXz4c09kRCTblZcwVRE04cFFy54jiM9JHw=
Subject key identifier:   66:BD:3E:D2:5F:2F:5E:26:AA:3D:F3:9B:3D:35:DF:0B:4F:03:64:82
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018DE6296322D1EF1CACA0B04B19F6F700F3
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Zr0-0l8vXiaqPfObPTXfC08DZII.roa
Signing time:             Mon 26 Feb 2024 16:04:48 +0000
ROA not before:           Mon 26 Feb 2024 16:04:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39238
IP address blocks:        147.45.52.0/22 maxlen: 22
                          147.45.56.0/22 maxlen: 22
                          147.45.80.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e6:29:63:22:d1:ef:1c:ac:a0:b0:4b:19:f6:f7:00:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Feb 26 16:04:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66bd3ed25f2f5e26aa3df39b3d35df0b4f036482
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:30:2a:db:cf:a2:13:ef:5b:08:95:a0:41:b8:
                    74:a6:fe:fb:ae:a5:1c:7b:fe:c7:4a:43:43:18:59:
                    cd:51:de:68:9d:c4:5c:44:1d:00:8a:e2:fc:c8:e3:
                    22:89:b0:47:7e:1e:df:95:93:a0:2e:8a:03:64:e9:
                    55:6c:2c:97:d8:02:58:99:59:86:33:73:83:8c:e3:
                    21:1a:db:3b:47:f6:76:ce:62:5a:14:08:8f:a8:38:
                    ca:17:37:c0:a6:59:6d:63:8d:ed:17:ff:0f:b8:d7:
                    d8:04:a9:c0:c8:e5:b7:06:fd:92:d1:13:95:ec:6f:
                    16:b6:74:4e:c0:8c:02:49:ff:1a:29:6f:33:ba:de:
                    59:d7:91:e8:44:25:1e:eb:90:d6:4c:01:79:06:96:
                    0c:23:44:7a:b1:7a:4e:2a:a4:64:6e:2a:73:71:6a:
                    a1:54:14:14:a8:13:ad:f2:d0:35:da:d6:60:be:9e:
                    2c:f5:18:6a:aa:bb:32:26:02:41:2a:d3:24:cf:54:
                    04:e1:69:cf:46:cd:f8:7e:ad:7e:0c:6c:1d:1c:51:
                    e8:27:69:05:73:f1:e8:b6:27:49:8e:bc:56:13:06:
                    3a:77:ef:35:ed:11:87:fa:7f:5a:10:d3:93:1d:11:
                    96:e9:a5:e2:84:c0:e0:91:e7:f5:15:59:5b:df:51:
                    21:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:BD:3E:D2:5F:2F:5E:26:AA:3D:F3:9B:3D:35:DF:0B:4F:03:64:82
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Zr0-0l8vXiaqPfObPTXfC08DZII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.52.0-147.45.59.255
                  147.45.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:c0:5a:3e:c3:52:79:02:65:ba:c6:10:90:26:5e:38:f4:1a:
         67:49:2f:fc:53:4b:42:b6:65:43:c9:1a:53:8a:b5:54:03:fa:
         6f:16:de:02:64:02:61:16:20:5e:e0:62:f5:e8:e6:cc:85:f9:
         34:20:e9:38:0e:1d:09:55:96:d9:4e:e4:e8:f8:4b:9c:e0:80:
         47:83:24:8b:31:2d:e6:b6:fc:31:c0:da:7b:ad:a7:5c:01:39:
         27:20:91:2a:2b:7d:cc:44:29:5a:1a:54:04:55:db:13:a2:c8:
         6a:8a:ba:2a:63:88:de:c9:70:a2:f0:81:00:c7:41:5b:79:af:
         d4:c9:15:fb:d1:d3:d5:e5:b9:43:4f:0f:b7:27:bd:c2:39:d2:
         0b:d4:af:65:82:ac:2e:12:aa:76:5f:51:c8:67:0e:9a:0d:94:
         9a:af:22:02:10:9a:ff:6b:c4:60:9e:51:e2:82:50:09:35:e0:
         63:ed:fb:ff:c9:15:31:b7:14:cf:3b:ac:73:65:d5:b7:b3:85:
         96:cf:0a:d9:40:e9:98:84:55:c4:03:ea:97:b7:0d:62:ee:8a:
         3d:e5:15:ef:bb:96:30:d5:2d:05:31:49:b3:f3:f7:5f:fa:34:
         3b:c0:c7:ff:1c:20:70:1c:11:e4:02:b9:16:7d:cc:b3:d6:0c:
         a2:9a:42:58
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY3mKWMi0e8crKCwSxn29wDzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMjI2MTYwNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmJkM2VkMjVmMmY1ZTI2YWEzZGYzOWIzZDM1ZGYwYjRmMDM2NDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzAq28+iE+9bCJWgQbh0pv77rqUc
e/7HSkNDGFnNUd5oncRcRB0AiuL8yOMiibBHfh7flZOgLooDZOlVbCyX2AJYmVmG
M3ODjOMhGts7R/Z2zmJaFAiPqDjKFzfAplltY43tF/8PuNfYBKnAyOW3Bv2S0ROV
7G8WtnROwIwCSf8aKW8zut5Z15HoRCUe65DWTAF5BpYMI0R6sXpOKqRkbipzcWqh
VBQUqBOt8tA12tZgvp4s9RhqqrsyJgJBKtMkz1QE4WnPRs34fq1+DGwdHFHoJ2kF
c/HotidJjrxWEwY6d+817RGH+n9aENOTHRGW6aXihMDgkef1FVlb31EhbwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGa9PtJfL14mqj3zmz013wtPA2SCMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvWnIwLTBsOHZYaWFxUGZPYlBUWGZDMDhEWklJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAKTLTQD
BAKTLTgDBAKTLVAwDQYJKoZIhvcNAQELBQADggEBAE3AWj7DUnkCZbrGEJAmXjj0
GmdJL/xTS0K2ZUPJGlOKtVQD+m8W3gJkAmEWIF7gYvXo5syF+TQg6TgOHQlVltlO
5Oj4S5zggEeDJIsxLea2/DHA2nutp1wBOScgkSorfcxEKVoaVARV2xOiyGqKuipj
iN7JcKLwgQDHQVt5r9TJFfvR09XluUNPD7cnvcI50gvUr2WCrC4SqnZfUchnDpoN
lJqvIgIQmv9rxGCeUeKCUAk14GPt+//JFTG3FM87rHNl1bezhZbPCtlA6ZiEVcQD
6pe3DWLuij3lFe+7ljDVLQUxSbPz91/6NDvAx/8cIHAcEeQCuRZ9zLPWDKKaQlg=
-----END CERTIFICATE-----