Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/ZmI9zHGr-xXV-t9JmsYql9Kb-vc.roa
File:                     ZmI9zHGr-xXV-t9JmsYql9Kb-vc.roa (raw, json)
Hash identifier:          8sItW5jlxUxH/hxYtjZMf/oGPuNaLBD3qKG25g/1VPE=
Subject key identifier:   66:62:3D:CC:71:AB:FB:15:D5:FA:DF:49:9A:C6:2A:97:D2:9B:FA:F7
Certificate issuer:       /CN=d79d856aaa9ead12f75cb68cdae96a0d2c8dde1e
Certificate serial:       018CC501086E811A4681A651A414909039E9
Authority key identifier: D7:9D:85:6A:AA:9E:AD:12:F7:5C:B6:8C:DA:E9:6A:0D:2C:8D:DE:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/152FaqqerRL3XLaM2ulqDSyN3h4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/ZmI9zHGr-xXV-t9JmsYql9Kb-vc.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6453
IP address blocks:        193.188.12.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/152FaqqerRL3XLaM2ulqDSyN3h4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/152FaqqerRL3XLaM2ulqDSyN3h4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/152FaqqerRL3XLaM2ulqDSyN3h4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:08:6e:81:1a:46:81:a6:51:a4:14:90:90:39:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d79d856aaa9ead12f75cb68cdae96a0d2c8dde1e
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66623dcc71abfb15d5fadf499ac62a97d29bfaf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:eb:93:66:8e:8a:3b:d6:d5:17:38:67:38:36:
                    84:e1:ca:a7:46:54:c4:ec:38:33:7c:0a:47:24:18:
                    14:15:26:35:94:8a:cc:1d:a1:2f:ce:a5:63:c1:90:
                    29:44:dc:8e:09:ef:69:bb:e9:d3:00:48:ca:f1:f1:
                    2d:f0:50:b3:e5:82:8f:75:46:6e:61:b8:5b:fd:fc:
                    5a:5c:41:8f:7d:58:44:92:a9:4e:cd:3a:32:a5:5b:
                    66:d9:99:d5:dd:17:3f:ac:9b:c5:3f:15:6b:1b:c0:
                    0a:c2:4d:a5:37:b6:57:c4:56:df:2d:09:fe:50:46:
                    eb:87:ea:c0:9e:87:e6:d6:fb:bf:e4:d3:b1:57:bc:
                    64:61:a3:c7:b6:5b:e3:36:a8:5a:86:31:73:d7:57:
                    c2:5f:8d:78:05:98:0f:7e:f0:ba:98:51:08:f6:59:
                    47:cf:87:6e:ac:5d:cc:23:18:52:0c:59:ff:16:c8:
                    ee:55:69:a6:a8:22:07:f5:45:90:34:14:19:e2:d6:
                    34:3e:fe:fc:b4:bd:2f:6a:10:98:a9:35:48:cb:21:
                    ad:ba:31:02:d4:f9:26:35:f0:c9:13:01:96:17:17:
                    0c:5f:c6:32:9a:c0:e2:a8:73:77:80:f4:9b:b5:61:
                    23:cb:8f:6c:7b:82:3a:32:82:c1:4e:5c:38:82:8e:
                    25:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:62:3D:CC:71:AB:FB:15:D5:FA:DF:49:9A:C6:2A:97:D2:9B:FA:F7
            X509v3 Authority Key Identifier:
                keyid:D7:9D:85:6A:AA:9E:AD:12:F7:5C:B6:8C:DA:E9:6A:0D:2C:8D:DE:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/152FaqqerRL3XLaM2ulqDSyN3h4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/ZmI9zHGr-xXV-t9JmsYql9Kb-vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/152FaqqerRL3XLaM2ulqDSyN3h4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:08:3e:60:21:cc:b4:8d:05:11:da:db:9a:50:dc:6c:b8:2c:
         72:0a:43:d5:98:5b:bb:c5:89:ec:6f:be:1b:55:e1:56:66:51:
         c4:95:3f:25:40:9a:c3:da:3e:2d:2e:65:36:60:a0:78:9c:06:
         23:82:fb:f5:c4:a7:a9:2d:64:94:7c:46:09:80:83:4b:48:45:
         e8:62:3e:96:9e:de:45:05:f5:37:ef:4f:a3:cc:3c:67:49:ee:
         76:4f:bf:55:0c:48:b1:11:60:70:f8:6a:37:5e:17:75:61:41:
         f5:a7:6b:67:8e:cb:e3:fc:77:6f:8a:29:6f:6a:f4:50:3d:1e:
         a9:f9:17:73:e4:11:b5:15:a2:fb:c2:f3:5a:68:1f:c9:3a:bc:
         99:11:a7:37:4f:81:fb:b2:48:9b:91:96:c7:48:df:6e:0e:96:
         bd:fa:8f:66:02:4c:d9:7e:e3:4a:57:6c:7c:e1:3d:c1:a7:b4:
         cd:4b:c4:11:30:08:99:ec:38:a9:9e:e7:d8:56:25:fe:2d:63:
         db:cf:c3:c3:df:37:f9:69:b9:e7:ea:8d:2e:29:25:0f:0e:c4:
         5d:f8:07:53:8f:4a:cc:c8:96:cd:bd:cd:c2:46:ee:44:45:6f:
         39:b5:f2:62:59:bb:5e:17:1b:f8:b0:d9:16:61:0c:fc:ad:3f:
         47:1c:60:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQhugRpGgaZRpBSQkDnpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OWQ4NTZhYWE5ZWFkMTJmNzVjYjY4Y2RhZTk2YTBkMmM4
ZGRlMWUwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjYyM2RjYzcxYWJmYjE1ZDVmYWRmNDk5YWM2MmE5N2QyOWJmYWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOuTZo6KO9bVFzhnODaE4cqnRlTE
7DgzfApHJBgUFSY1lIrMHaEvzqVjwZApRNyOCe9pu+nTAEjK8fEt8FCz5YKPdUZu
Ybhb/fxaXEGPfVhEkqlOzToypVtm2ZnV3Rc/rJvFPxVrG8AKwk2lN7ZXxFbfLQn+
UEbrh+rAnofm1vu/5NOxV7xkYaPHtlvjNqhahjFz11fCX414BZgPfvC6mFEI9llH
z4durF3MIxhSDFn/FsjuVWmmqCIH9UWQNBQZ4tY0Pv78tL0vahCYqTVIyyGtujEC
1PkmNfDJEwGWFxcMX8YymsDiqHN3gPSbtWEjy49se4I6MoLBTlw4go4ldQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZiPcxxq/sV1frfSZrGKpfSm/r3MB8GA1UdIwQY
MBaAFNedhWqqnq0S91y2jNrpag0sjd4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTUyRmFxcWVyUkwzWExhTTJ1bHFEU3lOM2g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9hNWJhYTItMmEzNS00Yzc2LWE5NDAt
NTk5MGNkNGRlODhiLzEvWm1JOXpIR3IteFhWLXQ5Sm1zWXFsOUtiLXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9hNWJhYTItMmEzNS00Yzc2LWE5NDAtNTk5MGNkNGRlODhi
LzEvMTUyRmFxcWVyUkwzWExhTTJ1bHFEU3lOM2g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwbwMMA0G
CSqGSIb3DQEBCwUAA4IBAQCGCD5gIcy0jQUR2tuaUNxsuCxyCkPVmFu7xYnsb74b
VeFWZlHElT8lQJrD2j4tLmU2YKB4nAYjgvv1xKepLWSUfEYJgINLSEXoYj6Wnt5F
BfU370+jzDxnSe52T79VDEixEWBw+Go3Xhd1YUH1p2tnjsvj/HdviilvavRQPR6p
+Rdz5BG1FaL7wvNaaB/JOryZEac3T4H7skibkZbHSN9uDpa9+o9mAkzZfuNKV2x8
4T3Bp7TNS8QRMAiZ7DipnufYViX+LWPbz8PD3zf5abnn6o0uKSUPDsRd+AdTj0rM
yJbNvc3CRu5ERW85tfJiWbteFxv4sNkWYQz8rT9HHGBo
-----END CERTIFICATE-----