Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/ZOOEXvp9Ev04V5Xa_mMFS31e5oo.roa
File:                     ZOOEXvp9Ev04V5Xa_mMFS31e5oo.roa (raw, json)
Hash identifier:          522jXiVhIQbXOAFG0LN15nh78zWRUZmp/FMDVVJJkbo=
Subject key identifier:   64:E3:84:5E:FA:7D:12:FD:38:57:95:DA:FE:63:05:4B:7D:5E:E6:8A
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC80135000E2EEA8DA19895A0FF65940D
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/ZOOEXvp9Ev04V5Xa_mMFS31e5oo.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205625
IP address blocks:        159.148.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:35:00:0e:2e:ea:8d:a1:98:95:a0:ff:65:94:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64e3845efa7d12fd385795dafe63054b7d5ee68a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:43:69:bb:ce:22:cd:80:a6:c8:ac:38:03:15:
                    91:5f:2a:7a:0b:64:42:65:f9:65:10:08:83:9f:29:
                    0c:d4:fe:b2:72:23:82:3e:59:36:28:fa:f5:4b:79:
                    1c:c1:33:3a:95:4e:13:9f:a0:be:22:97:f0:e1:43:
                    99:1b:06:ac:ea:61:1f:1f:a7:79:d1:e4:9d:84:9f:
                    e8:4c:ee:e3:de:f2:c4:76:27:11:88:23:ab:a8:30:
                    be:3e:12:a9:b4:b5:f5:1f:94:da:38:76:71:68:d0:
                    51:41:6e:e7:3f:83:48:b7:1e:d9:4d:50:13:66:22:
                    9f:70:7b:35:c3:ef:b0:11:87:a8:a9:94:93:60:00:
                    02:3b:15:85:cf:e2:c8:d6:1b:80:45:ff:ee:63:10:
                    7c:0f:35:5b:7d:b1:0f:fd:34:05:f2:c5:0c:38:79:
                    df:42:8c:c8:88:30:a5:d7:01:67:40:e7:69:50:14:
                    32:6c:ba:a7:36:2b:d1:f0:18:13:ae:2f:25:9c:ae:
                    2c:fb:5f:1c:57:a9:67:7a:5c:73:7b:fd:09:3f:e3:
                    c0:90:1d:04:69:ff:f3:d9:14:18:b3:4a:15:72:e9:
                    c8:7b:69:9b:40:19:31:94:eb:d0:0c:89:cd:03:41:
                    b4:43:b4:d6:46:40:0a:2e:a7:05:37:64:19:9d:d9:
                    c8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:E3:84:5E:FA:7D:12:FD:38:57:95:DA:FE:63:05:4B:7D:5E:E6:8A
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/ZOOEXvp9Ev04V5Xa_mMFS31e5oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:8f:da:6e:a4:9c:fe:fe:ce:46:f1:24:3d:b1:0e:ec:1c:76:
         54:02:96:b8:82:39:1f:17:af:34:d5:c6:83:86:0c:33:88:c1:
         b2:f0:f0:34:00:12:4b:fd:bf:2c:ef:cb:69:aa:8f:7e:7f:b6:
         83:07:55:ea:3b:be:54:6f:fe:4c:92:d7:61:8b:24:d4:4a:36:
         df:3c:1e:cc:ca:98:9f:d5:cc:b6:2f:ba:a9:b0:6c:0e:5b:9b:
         a9:36:9d:17:24:62:7f:53:6b:72:52:b1:4e:31:19:ed:f2:ed:
         9a:73:bb:c4:dc:90:78:15:e5:6f:b3:42:b4:ac:3a:bc:68:7d:
         18:66:9b:34:64:16:e1:64:58:cc:6e:d4:71:06:36:30:4c:76:
         b1:d3:f8:d6:56:d6:a5:5b:b3:37:9f:bf:16:60:a7:b5:88:1d:
         d6:22:1a:04:72:fe:a0:08:27:c9:8f:97:f9:7c:b2:2d:2d:e1:
         b7:44:76:46:ab:43:d6:0d:42:06:aa:04:39:a9:fc:a7:96:04:
         c4:40:6e:33:be:05:c3:32:e0:35:4a:47:0a:04:95:af:b8:0e:
         c5:33:83:12:0f:d0:dc:fd:ad:91:9c:9f:d9:74:40:64:20:62:
         a6:02:7b:13:07:71:d7:f1:16:8e:b7:f4:de:02:9b:f3:ca:4b:
         1a:99:9b:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATUADi7qjaGYlaD/ZZQNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGUzODQ1ZWZhN2QxMmZkMzg1Nzk1ZGFmZTYzMDU0YjdkNWVlNjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnENpu84izYCmyKw4AxWRXyp6C2RC
ZfllEAiDnykM1P6yciOCPlk2KPr1S3kcwTM6lU4Tn6C+Ipfw4UOZGwas6mEfH6d5
0eSdhJ/oTO7j3vLEdicRiCOrqDC+PhKptLX1H5TaOHZxaNBRQW7nP4NItx7ZTVAT
ZiKfcHs1w++wEYeoqZSTYAACOxWFz+LI1huARf/uYxB8DzVbfbEP/TQF8sUMOHnf
QozIiDCl1wFnQOdpUBQybLqnNivR8BgTri8lnK4s+18cV6lnelxze/0JP+PAkB0E
af/z2RQYs0oVcunIe2mbQBkxlOvQDInNA0G0Q7TWRkAKLqcFN2QZndnI4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTjhF76fRL9OFeV2v5jBUt9XuaKMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvWk9PRVh2cDlFdjA0VjVYYV9tTUZTMzFlNW9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5QsMA0G
CSqGSIb3DQEBCwUAA4IBAQArj9pupJz+/s5G8SQ9sQ7sHHZUApa4gjkfF6801caD
hgwziMGy8PA0ABJL/b8s78tpqo9+f7aDB1XqO75Ub/5MktdhiyTUSjbfPB7Mypif
1cy2L7qpsGwOW5upNp0XJGJ/U2tyUrFOMRnt8u2ac7vE3JB4FeVvs0K0rDq8aH0Y
Zps0ZBbhZFjMbtRxBjYwTHax0/jWVtalW7M3n78WYKe1iB3WIhoEcv6gCCfJj5f5
fLItLeG3RHZGq0PWDUIGqgQ5qfynlgTEQG4zvgXDMuA1SkcKBJWvuA7FM4MSD9Dc
/a2RnJ/ZdEBkIGKmAnsTB3HX8RaOt/TeApvzyksamZtB
-----END CERTIFICATE-----