Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/8903ca-fb67-4ee7-a23a-db7690e45765/1/zdotN8UaFsg0JdPp66-1xPhYolc.roa
File:                     zdotN8UaFsg0JdPp66-1xPhYolc.roa (raw, json)
Hash identifier:          O6nxqqFLsCBKIyewwOFECDVIP8KAi5i3Tm6ybU6L61w=
Subject key identifier:   CD:DA:2D:37:C5:1A:16:C8:34:25:D3:E9:EB:AF:B5:C4:F8:58:A2:57
Certificate issuer:       /CN=fd4d1cbaa900c9dabd2a1f768198a1e55bcfb50f
Certificate serial:       018CFD1C042A3137998F3183E48AFC5E3B54
Authority key identifier: FD:4D:1C:BA:A9:00:C9:DA:BD:2A:1F:76:81:98:A1:E5:5B:CF:B5:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_U0cuqkAydq9Kh92gZih5VvPtQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/8903ca-fb67-4ee7-a23a-db7690e45765/1/zdotN8UaFsg0JdPp66-1xPhYolc.roa
Signing time:             Fri 12 Jan 2024 09:58:40 +0000
ROA not before:           Fri 12 Jan 2024 09:58:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48084
IP address blocks:        185.214.244.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/8903ca-fb67-4ee7-a23a-db7690e45765/1/_U0cuqkAydq9Kh92gZih5VvPtQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/8903ca-fb67-4ee7-a23a-db7690e45765/1/_U0cuqkAydq9Kh92gZih5VvPtQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_U0cuqkAydq9Kh92gZih5VvPtQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fd:1c:04:2a:31:37:99:8f:31:83:e4:8a:fc:5e:3b:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd4d1cbaa900c9dabd2a1f768198a1e55bcfb50f
        Validity
            Not Before: Jan 12 09:58:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdda2d37c51a16c83425d3e9ebafb5c4f858a257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:6a:e3:81:f6:ce:c1:6d:01:44:f0:38:02:f9:
                    f5:b1:6a:00:f1:67:38:3d:6e:81:c1:4d:3f:32:1c:
                    aa:a0:fa:a6:2c:c0:17:73:c7:3d:fd:a3:0b:1a:46:
                    f8:81:7b:27:23:23:a6:a9:35:82:b5:da:b0:b3:0f:
                    79:ad:ca:b3:fe:1f:75:e2:bf:18:56:5f:9f:a6:3d:
                    b3:11:74:21:99:0e:39:3e:fb:a6:fd:6b:14:b1:4c:
                    5c:f6:92:43:7c:e7:dc:12:6f:09:5b:03:fb:b4:8e:
                    ca:72:0f:3f:e3:23:93:0e:79:dc:5b:7f:94:91:7b:
                    e1:94:ea:91:bb:b8:d0:a0:d3:be:eb:ed:a1:a1:da:
                    85:35:68:12:fc:c4:84:2a:5f:8d:29:e1:fd:13:0d:
                    60:52:1d:8e:29:ee:1f:e0:a5:47:80:39:e0:85:ee:
                    ec:81:cb:0b:af:89:25:02:ed:21:6b:9b:d2:14:94:
                    8e:09:74:8b:58:e7:ed:4e:73:35:a2:e4:6c:d1:55:
                    e8:37:9c:0e:f0:f3:c1:e7:4d:92:f0:58:3a:18:e1:
                    ca:fe:8e:8d:6d:53:a9:97:47:4d:6b:b8:50:93:b4:
                    43:41:62:e4:02:2b:56:6b:8d:cc:85:5f:8a:04:2c:
                    a1:dd:01:8e:69:3d:7a:f3:9f:7b:39:81:ad:e4:21:
                    e6:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:DA:2D:37:C5:1A:16:C8:34:25:D3:E9:EB:AF:B5:C4:F8:58:A2:57
            X509v3 Authority Key Identifier:
                keyid:FD:4D:1C:BA:A9:00:C9:DA:BD:2A:1F:76:81:98:A1:E5:5B:CF:B5:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_U0cuqkAydq9Kh92gZih5VvPtQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8903ca-fb67-4ee7-a23a-db7690e45765/1/zdotN8UaFsg0JdPp66-1xPhYolc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8903ca-fb67-4ee7-a23a-db7690e45765/1/_U0cuqkAydq9Kh92gZih5VvPtQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:15:2c:be:bd:0b:7d:a8:b7:e5:95:96:7f:34:61:df:fc:f0:
         18:f4:2a:21:02:2e:c7:7f:86:4f:a1:5e:88:d2:82:c0:e5:fe:
         6d:bf:8c:a7:ac:53:4f:42:13:39:db:34:8f:42:ab:98:cf:6d:
         6a:65:41:0f:b0:aa:5f:f8:e2:ca:9a:f0:15:5f:df:73:63:38:
         99:46:9c:6c:9f:1a:f2:93:40:3e:54:dc:4c:46:35:49:68:59:
         d1:e3:d4:86:df:a1:91:df:44:7d:d7:f2:75:db:00:5a:01:64:
         c6:c0:32:ef:0d:85:02:98:a4:33:4e:10:73:e2:e4:9a:3a:72:
         44:db:be:99:3d:bd:8e:02:77:1a:ba:c5:36:fd:21:b7:e6:37:
         ad:7c:9c:b5:b6:42:23:86:50:1a:dc:3a:9a:ba:7e:c1:7f:15:
         58:3b:e3:48:40:83:d0:7f:3f:52:bb:b1:f7:eb:bb:d5:3f:db:
         7c:da:06:c9:da:fa:df:0b:72:12:cc:e5:2b:9b:34:d0:84:55:
         eb:5b:d1:c0:73:19:96:1b:50:9e:6b:da:08:c5:2f:8a:2d:b6:
         b9:c7:0d:f7:9d:8c:86:cd:0e:f2:dd:3e:92:5c:73:a5:31:b0:
         69:8a:81:0b:45:5e:4d:db:76:c2:2b:fb:74:c4:c2:27:73:cc:
         ed:c8:6d:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz9HAQqMTeZjzGD5Ir8XjtUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkNGQxY2JhYTkwMGM5ZGFiZDJhMWY3NjgxOThhMWU1NWJj
ZmI1MGYwHhcNMjQwMTEyMDk1ODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGRhMmQzN2M1MWExNmM4MzQyNWQzZTllYmFmYjVjNGY4NThhMjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWrjgfbOwW0BRPA4Avn1sWoA8Wc4
PW6BwU0/MhyqoPqmLMAXc8c9/aMLGkb4gXsnIyOmqTWCtdqwsw95rcqz/h914r8Y
Vl+fpj2zEXQhmQ45Pvum/WsUsUxc9pJDfOfcEm8JWwP7tI7Kcg8/4yOTDnncW3+U
kXvhlOqRu7jQoNO+6+2hodqFNWgS/MSEKl+NKeH9Ew1gUh2OKe4f4KVHgDnghe7s
gcsLr4klAu0ha5vSFJSOCXSLWOftTnM1ouRs0VXoN5wO8PPB502S8Fg6GOHK/o6N
bVOpl0dNa7hQk7RDQWLkAitWa43MhV+KBCyh3QGOaT168597OYGt5CHmqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3aLTfFGhbINCXT6euvtcT4WKJXMB8GA1UdIwQY
MBaAFP1NHLqpAMnavSofdoGYoeVbz7UPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1UwY3Vxa0F5ZHE5S2g5MmdaaWg1VnZQdFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi84OTAzY2EtZmI2Ny00ZWU3LWEyM2Et
ZGI3NjkwZTQ1NzY1LzEvemRvdE44VWFGc2cwSmRQcDY2LTF4UGhZb2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi84OTAzY2EtZmI2Ny00ZWU3LWEyM2EtZGI3NjkwZTQ1NzY1
LzEvX1UwY3Vxa0F5ZHE5S2g5MmdaaWg1VnZQdFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudb0MA0G
CSqGSIb3DQEBCwUAA4IBAQAwFSy+vQt9qLfllZZ/NGHf/PAY9CohAi7Hf4ZPoV6I
0oLA5f5tv4ynrFNPQhM52zSPQquYz21qZUEPsKpf+OLKmvAVX99zYziZRpxsnxry
k0A+VNxMRjVJaFnR49SG36GR30R91/J12wBaAWTGwDLvDYUCmKQzThBz4uSaOnJE
276ZPb2OAncausU2/SG35jetfJy1tkIjhlAa3Dqaun7BfxVYO+NIQIPQfz9Su7H3
67vVP9t82gbJ2vrfC3ISzOUrmzTQhFXrW9HAcxmWG1Cea9oIxS+KLba5xw33nYyG
zQ7y3T6SXHOlMbBpioELRV5N23bCK/t0xMInc8ztyG1G
-----END CERTIFICATE-----