Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/zbt_g1wWOMoxJvhv7qoXmrGYD3E.roa
File:                     zbt_g1wWOMoxJvhv7qoXmrGYD3E.roa (raw, json)
Hash identifier:          cVp278pky6pqTOKORoTOCsZmJer/spAaUAyFNPTyW2M=
Subject key identifier:   CD:BB:7F:83:5C:16:38:CA:31:26:F8:6F:EE:AA:17:9A:B1:98:0F:71
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC80120518DA246D4E5FDB96FB978FB37
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/zbt_g1wWOMoxJvhv7qoXmrGYD3E.roa
Signing time:             Tue 02 Jan 2024 02:29:26 +0000
ROA not before:           Tue 02 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        85.254.64.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:20:51:8d:a2:46:d4:e5:fd:b9:6f:b9:78:fb:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdbb7f835c1638ca3126f86feeaa179ab1980f71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a7:ee:fd:42:8d:38:ff:60:2a:c3:4c:74:ad:
                    9a:55:98:c1:29:a3:08:fd:6d:78:da:89:57:7d:b7:
                    74:6c:26:9a:c9:2d:4a:47:67:b8:35:cf:ab:a5:b2:
                    57:96:64:fc:50:3e:fe:eb:e8:2c:15:93:eb:87:65:
                    9e:37:ba:2f:4f:e4:c7:8e:37:f1:27:d1:93:ab:ea:
                    c0:57:25:8a:8d:d8:f3:7d:c3:4e:9c:93:27:21:c9:
                    20:8d:13:17:89:38:47:8d:d7:fd:4f:ce:e7:24:ed:
                    38:cd:ca:71:37:11:89:99:04:89:b2:3f:87:58:7a:
                    69:6e:fa:e4:9d:82:e6:6f:2c:91:a1:46:90:b3:c7:
                    45:5f:58:23:bb:7e:ac:57:5b:ba:46:37:64:78:8f:
                    aa:eb:6e:fc:64:11:b6:8c:53:1c:ad:f3:bc:7d:72:
                    fa:d7:62:b8:69:e5:c8:86:d0:81:71:62:b8:7a:ab:
                    f0:75:2b:3e:ab:d1:4c:e3:92:65:aa:70:ad:0d:48:
                    26:27:a2:8a:39:e5:d0:7c:fe:11:35:85:bb:db:f8:
                    bc:bb:7a:99:12:43:83:02:59:f3:32:6e:f7:c8:bf:
                    9c:33:8e:d3:e3:3c:b1:06:b3:d8:bc:15:f7:f3:d8:
                    a3:d0:72:1c:b4:ee:da:b6:af:c0:b6:29:fa:97:53:
                    89:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:BB:7F:83:5C:16:38:CA:31:26:F8:6F:EE:AA:17:9A:B1:98:0F:71
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/zbt_g1wWOMoxJvhv7qoXmrGYD3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.254.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:d5:1a:10:0f:7a:2a:51:5c:7f:11:93:0f:3d:ce:88:79:fd:
         b2:e4:67:4a:83:27:2e:14:2d:53:06:e0:ae:bc:35:77:ef:7e:
         aa:57:92:54:fe:c3:e7:a4:61:1b:07:ba:83:15:83:ac:3d:56:
         8d:8f:db:2b:ea:76:ee:7f:36:05:38:30:ad:5a:5f:92:f2:df:
         87:18:14:c1:c4:27:d0:78:87:9e:68:fc:e8:ff:aa:45:90:83:
         ab:b6:ac:68:fc:19:b4:b6:1a:5e:bc:be:c4:16:0e:40:0f:1e:
         9c:0c:cc:8b:6e:c0:76:9d:64:a4:80:9d:3d:f4:82:5c:49:d6:
         f9:06:92:56:46:39:3d:b5:96:4d:77:2a:29:97:4d:0f:83:0f:
         39:69:a2:48:06:00:f3:3d:96:20:55:f8:1d:b5:3a:23:9b:53:
         63:c6:65:3e:ef:b0:00:00:65:d6:75:81:1e:a0:f1:9b:62:78:
         ba:8c:ba:7a:22:74:6b:f8:09:2d:e8:42:df:7e:53:59:e8:4b:
         4f:af:73:77:e0:cc:32:b6:c6:04:b8:cf:d0:03:df:3c:1f:6a:
         61:99:1e:e2:83:f8:ec:cb:91:55:69:80:66:13:d1:f7:8b:05:
         fa:92:91:22:a0:d3:b3:17:ab:be:bf:6e:ce:20:2e:9e:a2:4d:
         e4:76:c8:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASBRjaJG1OX9uW+5ePs3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGJiN2Y4MzVjMTYzOGNhMzEyNmY4NmZlZWFhMTc5YWIxOTgwZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiafu/UKNOP9gKsNMdK2aVZjBKaMI
/W142olXfbd0bCaayS1KR2e4Nc+rpbJXlmT8UD7+6+gsFZPrh2WeN7ovT+THjjfx
J9GTq+rAVyWKjdjzfcNOnJMnIckgjRMXiThHjdf9T87nJO04zcpxNxGJmQSJsj+H
WHppbvrknYLmbyyRoUaQs8dFX1gju36sV1u6RjdkeI+q6278ZBG2jFMcrfO8fXL6
12K4aeXIhtCBcWK4eqvwdSs+q9FM45JlqnCtDUgmJ6KKOeXQfP4RNYW72/i8u3qZ
EkODAlnzMm73yL+cM47T4zyxBrPYvBX389ij0HIctO7atq/Atin6l1OJOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM27f4NcFjjKMSb4b+6qF5qxmA9xMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvemJ0X2cxd1dPTW94SnZodjdxb1htckdZRDNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVf5AMA0G
CSqGSIb3DQEBCwUAA4IBAQAS1RoQD3oqUVx/EZMPPc6Ief2y5GdKgycuFC1TBuCu
vDV3736qV5JU/sPnpGEbB7qDFYOsPVaNj9sr6nbufzYFODCtWl+S8t+HGBTBxCfQ
eIeeaPzo/6pFkIOrtqxo/Bm0thpevL7EFg5ADx6cDMyLbsB2nWSkgJ099IJcSdb5
BpJWRjk9tZZNdyopl00Pgw85aaJIBgDzPZYgVfgdtTojm1NjxmU+77AAAGXWdYEe
oPGbYni6jLp6InRr+Akt6ELfflNZ6EtPr3N34MwytsYEuM/QA988H2phmR7ig/js
y5FVaYBmE9H3iwX6kpEioNOzF6u+v27OIC6eok3kdshq
-----END CERTIFICATE-----