Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/50b205-8f21-46f5-a3f6-bca0a8f2f78c/1/zKywzAlnjlRE9YjK7gls6BksZ1s.roa
File:                     zKywzAlnjlRE9YjK7gls6BksZ1s.roa (raw, json)
Hash identifier:          62gaDx8bzODunOe5zyuimaRrhDaSOU/2sb/cHsmteK4=
Subject key identifier:   CC:AC:B0:CC:09:67:8E:54:44:F5:88:CA:EE:09:6C:E8:19:2C:67:5B
Certificate issuer:       /CN=c340909aec320a8c2ee1cabce1302cbb7d4e0486
Certificate serial:       018CC6B8CE0B69C7F08203DDE7A168632A3A
Authority key identifier: C3:40:90:9A:EC:32:0A:8C:2E:E1:CA:BC:E1:30:2C:BB:7D:4E:04:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w0CQmuwyCowu4cq84TAsu31OBIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/50b205-8f21-46f5-a3f6-bca0a8f2f78c/1/zKywzAlnjlRE9YjK7gls6BksZ1s.roa
Signing time:             Mon 01 Jan 2024 20:30:49 +0000
ROA not before:           Mon 01 Jan 2024 20:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204599
IP address blocks:        193.105.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/50b205-8f21-46f5-a3f6-bca0a8f2f78c/1/w0CQmuwyCowu4cq84TAsu31OBIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/50b205-8f21-46f5-a3f6-bca0a8f2f78c/1/w0CQmuwyCowu4cq84TAsu31OBIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w0CQmuwyCowu4cq84TAsu31OBIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:ce:0b:69:c7:f0:82:03:dd:e7:a1:68:63:2a:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c340909aec320a8c2ee1cabce1302cbb7d4e0486
        Validity
            Not Before: Jan  1 20:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccacb0cc09678e5444f588caee096ce8192c675b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:77:16:f0:53:59:33:10:0b:02:94:1a:fd:38:
                    5c:0f:00:cf:3a:d5:d9:05:f2:9f:84:b1:b4:7d:a7:
                    28:2b:24:45:fe:fc:53:9d:38:fa:4d:24:b7:b0:9f:
                    e5:57:70:5b:7b:ab:93:e8:15:6c:de:78:4e:45:df:
                    12:dc:76:33:4c:c4:b3:0f:74:39:94:45:6a:85:d4:
                    db:6f:68:9a:62:ed:b4:d3:d3:03:93:75:10:c7:8d:
                    73:b2:4c:6d:81:0b:66:14:4e:be:42:b5:e4:94:af:
                    34:20:4e:a8:9d:02:84:39:64:50:cc:71:8f:8d:f4:
                    6b:eb:8e:e0:fb:9e:2b:42:c5:1b:ba:01:6f:c2:fa:
                    08:40:61:8c:fc:1f:cc:c3:7e:1b:37:ad:74:dd:a9:
                    b2:99:64:92:81:b7:f9:c1:f8:2d:34:37:7d:25:22:
                    84:5a:dd:6f:1a:a6:34:0b:e8:a6:81:ef:40:d0:e3:
                    26:f0:7c:a0:73:90:b2:98:4e:da:43:b0:b8:30:94:
                    8d:ca:56:c4:ac:68:54:0b:b0:e0:4a:f8:d8:80:ef:
                    e9:62:a7:10:4d:95:2a:69:f2:7d:7d:5f:1a:80:77:
                    e4:0d:68:ea:88:bd:a4:04:45:2e:2f:1d:ae:f9:29:
                    99:d6:9e:ab:c3:4e:4b:e2:bb:37:aa:b9:3e:e8:cf:
                    6a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:AC:B0:CC:09:67:8E:54:44:F5:88:CA:EE:09:6C:E8:19:2C:67:5B
            X509v3 Authority Key Identifier:
                keyid:C3:40:90:9A:EC:32:0A:8C:2E:E1:CA:BC:E1:30:2C:BB:7D:4E:04:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w0CQmuwyCowu4cq84TAsu31OBIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/50b205-8f21-46f5-a3f6-bca0a8f2f78c/1/zKywzAlnjlRE9YjK7gls6BksZ1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/50b205-8f21-46f5-a3f6-bca0a8f2f78c/1/w0CQmuwyCowu4cq84TAsu31OBIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:43:cd:6a:98:d3:87:1a:de:6d:6b:5e:93:81:1c:36:0e:8c:
         74:73:0a:c6:ef:c3:74:91:cd:d3:05:b1:00:15:33:9a:65:90:
         ce:56:30:e0:e4:7b:fa:b3:9c:46:b7:48:8c:ae:23:34:87:87:
         09:08:5b:85:4f:16:86:28:e4:a8:4d:6e:a1:fe:62:a0:17:d0:
         a2:d7:8e:4d:a2:61:15:23:b8:0c:11:35:ad:e7:24:25:08:81:
         d2:5f:ce:ac:c4:9b:bb:b3:68:18:9a:b0:ae:08:ca:4b:cd:85:
         5b:81:97:57:6a:8c:13:46:83:4f:a0:29:a6:b8:e3:d3:eb:a2:
         82:aa:50:59:d1:8d:b3:e8:9d:1d:e4:ee:f2:f8:98:f6:6c:15:
         ba:a3:9e:41:dc:5e:9f:1f:92:fc:6b:80:89:d0:81:5b:f8:cb:
         09:48:55:60:c3:5f:32:d6:41:38:eb:e6:95:15:1c:ca:aa:a5:
         90:cc:c8:3d:d1:a8:c0:ef:29:f4:3a:cb:9f:aa:dd:2a:d1:24:
         ea:82:f3:cd:de:09:54:46:48:33:ff:fa:7a:2f:22:2d:c5:53:
         2f:f9:bd:6b:d0:b9:3c:45:59:63:c7:bf:07:7b:7e:71:e9:9e:
         12:db:27:4c:00:70:8c:58:ab:af:af:19:36:d1:cf:71:1e:1d:
         a1:08:35:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuM4LacfwggPd56FoYyo6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNDA5MDlhZWMzMjBhOGMyZWUxY2FiY2UxMzAyY2JiN2Q0
ZTA0ODYwHhcNMjQwMTAxMjAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2FjYjBjYzA5Njc4ZTU0NDRmNTg4Y2FlZTA5NmNlODE5MmM2NzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoncW8FNZMxALApQa/ThcDwDPOtXZ
BfKfhLG0facoKyRF/vxTnTj6TSS3sJ/lV3Bbe6uT6BVs3nhORd8S3HYzTMSzD3Q5
lEVqhdTbb2iaYu2009MDk3UQx41zskxtgQtmFE6+QrXklK80IE6onQKEOWRQzHGP
jfRr647g+54rQsUbugFvwvoIQGGM/B/Mw34bN6103amymWSSgbf5wfgtNDd9JSKE
Wt1vGqY0C+imge9A0OMm8Hygc5CymE7aQ7C4MJSNylbErGhUC7DgSvjYgO/pYqcQ
TZUqafJ9fV8agHfkDWjqiL2kBEUuLx2u+SmZ1p6rw05L4rs3qrk+6M9qkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyssMwJZ45URPWIyu4JbOgZLGdbMB8GA1UdIwQY
MBaAFMNAkJrsMgqMLuHKvOEwLLt9TgSGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzBDUW11d3lDb3d1NGNxODRUQXN1MzFPQklZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MGIyMDUtOGYyMS00NmY1LWEzZjYt
YmNhMGE4ZjJmNzhjLzEvekt5d3pBbG5qbFJFOVlqSzdnbHM2QmtzWjFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MGIyMDUtOGYyMS00NmY1LWEzZjYtYmNhMGE4ZjJmNzhj
LzEvdzBDUW11d3lDb3d1NGNxODRUQXN1MzFPQklZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWkSMA0G
CSqGSIb3DQEBCwUAA4IBAQASQ81qmNOHGt5ta16TgRw2Dox0cwrG78N0kc3TBbEA
FTOaZZDOVjDg5Hv6s5xGt0iMriM0h4cJCFuFTxaGKOSoTW6h/mKgF9Ci145NomEV
I7gMETWt5yQlCIHSX86sxJu7s2gYmrCuCMpLzYVbgZdXaowTRoNPoCmmuOPT66KC
qlBZ0Y2z6J0d5O7y+Jj2bBW6o55B3F6fH5L8a4CJ0IFb+MsJSFVgw18y1kE46+aV
FRzKqqWQzMg90ajA7yn0Osufqt0q0STqgvPN3glURkgz//p6LyItxVMv+b1r0Lk8
RVljx78He35x6Z4S2ydMAHCMWKuvrxk20c9xHh2hCDXH
-----END CERTIFICATE-----