Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1ZmANyHq6Fpy4ldqweHYl-a0vjc.roa
File:                     1ZmANyHq6Fpy4ldqweHYl-a0vjc.roa (raw, json)
Hash identifier:          0LoGa9U7faeCqtQFJpKj+nkAEbDJ3x/3+yv4du1g9BU=
Subject key identifier:   D5:99:80:37:21:EA:E8:5A:72:E2:57:6A:C1:E1:D8:97:E6:B4:BE:37
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AF89887228E94BACF315A6B720631
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1ZmANyHq6Fpy4ldqweHYl-a0vjc.roa
Signing time:             Mon 01 Jan 2024 18:30:51 +0000
ROA not before:           Mon 01 Jan 2024 18:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210840
IP address blocks:        85.120.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f8:98:87:22:8e:94:ba:cf:31:5a:6b:72:06:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d599803721eae85a72e2576ac1e1d897e6b4be37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:0a:87:a8:28:59:57:27:45:c1:f4:1a:e4:ad:
                    d3:02:f7:6e:01:5b:d2:b4:88:59:27:5a:0b:61:e6:
                    2d:9e:94:58:3c:29:99:ef:5b:5b:9a:59:f4:50:43:
                    37:aa:65:61:b4:63:ae:0a:4a:a9:98:96:15:fc:16:
                    82:4f:f1:d0:11:41:8d:b9:b7:fc:3c:bf:6b:4a:7c:
                    2a:0a:b1:67:3c:c2:61:50:71:f4:39:2e:8d:f7:93:
                    4d:a1:9b:ab:8a:8b:3d:80:09:60:e1:4c:e6:8f:30:
                    17:78:63:43:ef:ee:c3:26:fc:ef:27:6c:d1:03:59:
                    2d:d7:c2:27:55:19:70:eb:63:a6:50:19:cc:7c:90:
                    16:22:4f:a6:3e:7e:3e:ad:32:d6:56:f5:77:cc:1d:
                    58:0c:5e:90:f2:7f:15:b1:57:9d:6b:85:1f:61:57:
                    e0:98:f4:5d:cd:78:1e:92:0e:5d:5b:24:12:bc:a4:
                    29:15:5b:ef:2f:48:67:67:10:57:f6:1e:e2:9d:39:
                    df:0f:37:8a:f4:f3:60:f1:d9:16:af:b4:15:a2:a5:
                    f2:b9:42:6b:d5:b4:c9:6d:a5:13:ef:30:a9:b3:f7:
                    9a:6a:1d:36:f9:75:a2:42:22:d3:4a:a6:28:52:8a:
                    d4:09:27:5c:95:1b:44:e5:64:43:ea:fc:21:0f:97:
                    dc:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:99:80:37:21:EA:E8:5A:72:E2:57:6A:C1:E1:D8:97:E6:B4:BE:37
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/1ZmANyHq6Fpy4ldqweHYl-a0vjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:35:5b:26:8c:7b:50:09:ba:96:34:e1:75:8f:14:20:49:6c:
         25:dc:f8:b4:c9:33:86:08:92:74:ee:67:82:2e:99:eb:cb:82:
         0f:f0:10:7a:47:b2:3d:e2:4b:75:70:c0:a1:a6:a6:8e:7a:eb:
         3f:a3:13:24:b2:24:fc:51:bc:1c:2d:40:a4:8f:18:5a:c8:58:
         87:00:dc:ca:b6:cb:7c:bc:6e:f3:e6:f9:04:4e:e6:04:27:10:
         15:2c:be:0d:9e:3e:ab:04:8a:79:ec:ce:14:bd:22:27:aa:dc:
         3e:0d:53:ac:37:e9:02:f1:b7:19:62:00:25:b7:89:50:62:53:
         17:02:89:99:0f:dc:da:6e:6b:f0:7b:4f:62:41:1a:21:b1:b2:
         5d:63:66:db:5d:dd:28:01:3c:d5:5b:ad:14:d5:bd:a8:17:14:
         eb:f1:cd:20:be:7b:9f:f1:36:65:68:40:46:81:0a:71:6b:e5:
         f7:c5:d6:26:16:f9:bf:49:04:48:94:2a:d9:29:16:87:b0:28:
         67:90:ed:36:a1:dc:6f:bf:34:23:4b:f6:52:22:d3:39:a3:89:
         5d:24:51:51:b6:9d:24:ac:53:bf:3c:ed:74:12:23:21:1e:51:
         51:31:0f:23:bf:41:9b:5f:b1:28:70:67:83:71:5c:20:93:a4:
         19:19:a0:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSviYhyKOlLrPMVprcgYxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTk5ODAzNzIxZWFlODVhNzJlMjU3NmFjMWUxZDg5N2U2YjRiZTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwqHqChZVydFwfQa5K3TAvduAVvS
tIhZJ1oLYeYtnpRYPCmZ71tbmln0UEM3qmVhtGOuCkqpmJYV/BaCT/HQEUGNubf8
PL9rSnwqCrFnPMJhUHH0OS6N95NNoZurios9gAlg4UzmjzAXeGND7+7DJvzvJ2zR
A1kt18InVRlw62OmUBnMfJAWIk+mPn4+rTLWVvV3zB1YDF6Q8n8VsVeda4UfYVfg
mPRdzXgekg5dWyQSvKQpFVvvL0hnZxBX9h7inTnfDzeK9PNg8dkWr7QVoqXyuUJr
1bTJbaUT7zCps/eaah02+XWiQiLTSqYoUorUCSdclRtE5WRD6vwhD5fc1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWZgDch6uhacuJXasHh2JfmtL43MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvMVptQU55SHE2RnB5NGxkcXdlSFlsLWEwdmpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXgWMA0G
CSqGSIb3DQEBCwUAA4IBAQBXNVsmjHtQCbqWNOF1jxQgSWwl3Pi0yTOGCJJ07meC
Lpnry4IP8BB6R7I94kt1cMChpqaOeus/oxMksiT8UbwcLUCkjxhayFiHANzKtst8
vG7z5vkETuYEJxAVLL4Nnj6rBIp57M4UvSInqtw+DVOsN+kC8bcZYgAlt4lQYlMX
AomZD9zabmvwe09iQRohsbJdY2bbXd0oATzVW60U1b2oFxTr8c0gvnuf8TZlaEBG
gQpxa+X3xdYmFvm/SQRIlCrZKRaHsChnkO02odxvvzQjS/ZSItM5o4ldJFFRtp0k
rFO/PO10EiMhHlFRMQ8jv0GbX7EocGeDcVwgk6QZGaBi
-----END CERTIFICATE-----