Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ZyIC1yrHQCkMB3zc97f1EBaVdlg.roa
File:                     ZyIC1yrHQCkMB3zc97f1EBaVdlg.roa (raw, json)
Hash identifier:          ra1AGr5wQyoofkQSdBZTB+/r/LQD9QLLZFYbzMXZ5YA=
Subject key identifier:   67:22:02:D7:2A:C7:40:29:0C:07:7C:DC:F7:B7:F5:10:16:95:76:58
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E0DB67079ECF81CA3521E7A059036
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ZyIC1yrHQCkMB3zc97f1EBaVdlg.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201781
IP address blocks:        146.185.246.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0d:b6:70:79:ec:f8:1c:a3:52:1e:7a:05:90:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=672202d72ac740290c077cdcf7b7f51016957658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:4a:f3:c8:e4:9e:b4:51:26:0a:98:9e:ee:a2:
                    23:1c:09:36:96:7b:b9:74:dd:9e:65:e0:20:90:31:
                    7f:3b:f2:d0:9f:3e:2e:2f:bd:e4:78:33:cd:2c:8d:
                    8a:f9:4c:e5:f4:d7:0c:d0:d5:b5:b1:1b:73:ed:6e:
                    1c:87:a6:20:f3:e0:5c:0c:eb:5c:7d:50:3f:b6:1e:
                    e3:27:7c:dc:f8:8f:42:78:c4:e7:95:6c:95:08:aa:
                    0e:51:f8:11:8c:d5:0c:c8:33:6e:55:79:e6:71:af:
                    53:2e:ee:bb:8d:7c:4a:5c:76:09:42:13:3d:1b:d7:
                    e6:1a:2e:48:93:82:81:9d:b8:47:24:43:af:a8:bf:
                    e5:ea:26:ab:f4:0d:a8:9f:7e:2d:4b:51:6c:ff:3d:
                    f2:c0:f6:b8:6c:85:3d:2e:5f:59:ac:d0:a8:e3:b7:
                    b8:3c:4e:a2:62:65:ac:e3:66:39:0a:1b:1c:fd:c4:
                    9f:c6:4e:8a:12:4a:f6:fb:33:6e:84:b0:dd:a7:fe:
                    5b:f6:1e:a5:f8:bf:84:0b:1c:b8:cc:46:74:1b:81:
                    58:b6:97:35:ae:1a:5a:f1:4d:83:b2:a0:4c:0d:92:
                    f1:73:e1:4f:5b:57:a7:ca:aa:54:90:39:63:7a:03:
                    00:92:30:2f:88:84:93:54:a9:9b:79:4e:ae:fe:08:
                    5b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:22:02:D7:2A:C7:40:29:0C:07:7C:DC:F7:B7:F5:10:16:95:76:58
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/ZyIC1yrHQCkMB3zc97f1EBaVdlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.185.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:bc:1d:3d:48:94:53:85:72:64:00:5c:3f:6e:93:32:8c:7c:
         11:a4:f3:85:4f:00:20:b0:b8:f4:ad:a3:1c:9c:98:19:7b:8e:
         e1:a1:67:a8:8c:04:55:50:45:f3:75:f4:5e:d7:83:97:75:25:
         df:52:22:be:ce:40:3c:c1:e5:1b:65:10:6b:a4:e6:88:a0:3e:
         c7:f6:02:e7:83:15:ce:9b:cb:b5:4f:70:8a:6c:88:df:76:f4:
         17:06:60:dc:d4:dd:21:cf:a9:81:b9:42:20:10:df:e1:f8:88:
         b4:98:c4:9d:2c:24:cd:5b:58:59:6d:4f:30:cd:17:70:99:91:
         3a:2b:cf:3b:0b:44:02:bc:62:46:8b:68:60:be:2e:c3:f6:15:
         67:b4:70:09:7b:7c:eb:6f:d9:8e:d1:35:16:e1:13:e2:4c:9c:
         9d:a6:42:44:da:4d:b0:f7:a7:53:ea:8d:af:5b:25:07:a6:97:
         a5:9c:37:92:f0:d3:d4:bc:07:ac:4f:b6:35:14:e2:de:40:80:
         85:b7:36:2b:de:90:45:a9:1f:06:24:1c:a0:36:eb:5c:c7:9e:
         b9:80:b2:a8:b6:15:87:1b:47:f7:3e:57:a3:af:8e:8b:2f:3d:
         83:f4:a7:70:c8:e9:87:18:61:69:87:6f:c2:03:f5:97:14:5e:
         ff:57:ef:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbg22cHns+ByjUh56BZA2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzIyMDJkNzJhYzc0MDI5MGMwNzdjZGNmN2I3ZjUxMDE2OTU3NjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUrzyOSetFEmCpie7qIjHAk2lnu5
dN2eZeAgkDF/O/LQnz4uL73keDPNLI2K+Uzl9NcM0NW1sRtz7W4ch6Yg8+BcDOtc
fVA/th7jJ3zc+I9CeMTnlWyVCKoOUfgRjNUMyDNuVXnmca9TLu67jXxKXHYJQhM9
G9fmGi5Ik4KBnbhHJEOvqL/l6iar9A2on34tS1Fs/z3ywPa4bIU9Ll9ZrNCo47e4
PE6iYmWs42Y5Chsc/cSfxk6KEkr2+zNuhLDdp/5b9h6l+L+ECxy4zEZ0G4FYtpc1
rhpa8U2DsqBMDZLxc+FPW1enyqpUkDljegMAkjAviISTVKmbeU6u/ghbMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGciAtcqx0ApDAd83Pe39RAWlXZYMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvWnlJQzF5ckhRQ2tNQjN6Yzk3ZjFFQmFWZGxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkrn2MA0G
CSqGSIb3DQEBCwUAA4IBAQCGvB09SJRThXJkAFw/bpMyjHwRpPOFTwAgsLj0raMc
nJgZe47hoWeojARVUEXzdfRe14OXdSXfUiK+zkA8weUbZRBrpOaIoD7H9gLngxXO
m8u1T3CKbIjfdvQXBmDc1N0hz6mBuUIgEN/h+Ii0mMSdLCTNW1hZbU8wzRdwmZE6
K887C0QCvGJGi2hgvi7D9hVntHAJe3zrb9mO0TUW4RPiTJydpkJE2k2w96dT6o2v
WyUHppelnDeS8NPUvAesT7Y1FOLeQICFtzYr3pBFqR8GJBygNutcx565gLKothWH
G0f3Plejr46LLz2D9KdwyOmHGGFph2/CA/WXFF7/V+/v
-----END CERTIFICATE-----