Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/ZWXRdsaXrREmROIKyClX9_e5QJ4.roa
File:                     ZWXRdsaXrREmROIKyClX9_e5QJ4.roa (raw, json)
Hash identifier:          Upd8mc3L9xNVJYLWcP/eji2N/Y38AZTlP0rYXbzzZUA=
Subject key identifier:   65:65:D1:76:C6:97:AD:11:26:44:E2:0A:C8:29:57:F7:F7:B9:40:9E
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       018CC801C631C6D8B22B93266A9BAA25BB30
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/ZWXRdsaXrREmROIKyClX9_e5QJ4.roa
Signing time:             Tue 02 Jan 2024 02:30:08 +0000
ROA not before:           Tue 02 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201295
IP address blocks:        94.74.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c6:31:c6:d8:b2:2b:93:26:6a:9b:aa:25:bb:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Jan  2 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6565d176c697ad112644e20ac82957f7f7b9409e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:98:82:ce:38:60:60:d0:83:28:f9:05:8c:e7:
                    f0:25:30:79:3c:64:d6:e8:c5:66:a1:b3:e6:59:69:
                    63:c8:8e:a0:b6:cc:56:9d:b9:54:35:7a:a2:4e:df:
                    16:26:b2:ef:37:53:da:dc:34:37:8a:c8:8e:c7:42:
                    60:3b:18:1b:b6:ca:a6:8c:38:02:b7:3c:60:d4:c8:
                    e7:24:aa:67:ed:27:b3:3b:87:45:55:5f:e9:e1:1d:
                    81:68:65:79:1a:13:bf:63:38:b6:35:2a:b3:16:a5:
                    9d:41:28:85:a4:5d:6e:b3:f3:36:d2:fe:7d:71:03:
                    e3:1f:86:17:fc:89:bd:5f:0b:8d:e3:33:43:56:4c:
                    4b:cb:cf:93:9c:90:14:9a:85:78:1f:d1:87:e2:e1:
                    bd:16:f6:6a:de:f2:f0:06:fe:af:f0:b2:61:53:10:
                    33:37:b5:05:33:92:3d:b2:51:76:a3:70:b4:22:5e:
                    09:15:86:8a:35:17:f2:c0:96:48:2b:7e:52:9e:ec:
                    85:c7:23:aa:c8:50:23:8f:63:8d:47:e5:05:ef:07:
                    0c:4c:d5:08:ce:9b:43:52:56:ec:03:9c:87:74:b5:
                    08:72:2e:38:4c:04:37:c8:00:4d:bf:6c:b4:5f:b4:
                    31:5c:ee:01:33:7f:93:fa:e4:64:e1:26:78:19:ec:
                    4a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:65:D1:76:C6:97:AD:11:26:44:E2:0A:C8:29:57:F7:F7:B9:40:9E
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/ZWXRdsaXrREmROIKyClX9_e5QJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.74.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:0a:19:13:cc:09:f9:a3:96:bb:08:59:c9:61:6d:7a:c6:f9:
         57:cd:2f:40:73:78:19:86:8b:25:6c:ac:65:40:f1:ed:e7:02:
         a9:9e:16:cd:80:8f:44:69:45:6e:c9:d1:21:f4:f1:ca:48:27:
         cb:ee:e0:1b:7d:22:85:2d:c6:ee:a3:99:9e:da:87:1c:96:fd:
         6c:ce:83:df:32:dc:ba:e2:94:5b:cb:83:64:eb:79:fe:49:66:
         8a:f6:e3:e2:57:30:10:4b:80:45:c8:95:5e:69:2c:e2:18:ec:
         78:ca:de:fa:d7:56:ca:31:4d:ee:d0:9f:99:07:e5:83:c8:ef:
         df:af:c8:50:b2:f7:9b:87:66:19:28:ae:bc:0e:75:f3:b8:57:
         67:9c:ed:31:63:e3:d6:e4:43:29:30:fb:19:c0:a9:6b:08:74:
         f0:a3:67:86:d5:75:5e:cc:77:f2:83:e9:20:a0:df:4c:8e:c0:
         1c:3a:9f:e9:21:c8:6e:da:b4:f8:b4:1a:fe:78:c4:12:65:6e:
         47:54:ac:70:2e:ae:c8:61:88:00:af:d7:c6:f9:73:2c:0f:f4:
         d6:96:19:6f:5f:0e:34:15:31:01:2a:fa:5d:05:c1:f6:56:03:
         03:15:6f:c6:d1:8b:42:da:ff:8b:3d:95:f4:db:0e:df:e7:cf:
         57:93:6f:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAcYxxtiyK5MmapuqJbswMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjQwMTAyMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTY1ZDE3NmM2OTdhZDExMjY0NGUyMGFjODI5NTdmN2Y3Yjk0MDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipiCzjhgYNCDKPkFjOfwJTB5PGTW
6MVmobPmWWljyI6gtsxWnblUNXqiTt8WJrLvN1Pa3DQ3isiOx0JgOxgbtsqmjDgC
tzxg1MjnJKpn7SezO4dFVV/p4R2BaGV5GhO/Yzi2NSqzFqWdQSiFpF1us/M20v59
cQPjH4YX/Im9XwuN4zNDVkxLy8+TnJAUmoV4H9GH4uG9FvZq3vLwBv6v8LJhUxAz
N7UFM5I9slF2o3C0Il4JFYaKNRfywJZIK35SnuyFxyOqyFAjj2ONR+UF7wcMTNUI
zptDUlbsA5yHdLUIci44TAQ3yABNv2y0X7QxXO4BM3+T+uRk4SZ4GexKQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVl0XbGl60RJkTiCsgpV/f3uUCeMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvWldYUmRzYVhyUkVtUk9JS3lDbFg5X2U1UUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXkqRMA0G
CSqGSIb3DQEBCwUAA4IBAQBCChkTzAn5o5a7CFnJYW16xvlXzS9Ac3gZhoslbKxl
QPHt5wKpnhbNgI9EaUVuydEh9PHKSCfL7uAbfSKFLcbuo5me2occlv1szoPfMty6
4pRby4Nk63n+SWaK9uPiVzAQS4BFyJVeaSziGOx4yt7611bKMU3u0J+ZB+WDyO/f
r8hQsvebh2YZKK68DnXzuFdnnO0xY+PW5EMpMPsZwKlrCHTwo2eG1XVezHfyg+kg
oN9MjsAcOp/pIchu2rT4tBr+eMQSZW5HVKxwLq7IYYgAr9fG+XMsD/TWlhlvXw40
FTEBKvpdBcH2VgMDFW/G0YtC2v+LPZX02w7f589Xk2+T
-----END CERTIFICATE-----