Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ZvFr_xh-2nZWjzlJRveCOHEBlGQ.roa
File:                     ZvFr_xh-2nZWjzlJRveCOHEBlGQ.roa (raw, json)
Hash identifier:          ILXibsnmUwkLQ982VSIMWLOJbshmhio8WuJJi291nQM=
Subject key identifier:   66:F1:6B:FF:18:7E:DA:76:56:8F:39:49:46:F7:82:38:71:01:94:64
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348E86453CC2F8179F08C6E2F63E4F4
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ZvFr_xh-2nZWjzlJRveCOHEBlGQ.roa
Signing time:             Mon 01 Jan 2024 04:29:44 +0000
ROA not before:           Mon 01 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212823
IP address blocks:        194.209.192.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e8:64:53:cc:2f:81:79:f0:8c:6e:2f:63:e4:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66f16bff187eda76568f394946f7823871019464
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:1c:16:5c:43:4b:99:69:6b:e3:85:b9:e8:fb:
                    af:87:d9:b8:88:d5:85:41:5d:81:41:96:df:c5:f9:
                    e4:64:6e:f3:d7:aa:f5:68:81:aa:53:ad:44:84:b1:
                    ce:65:66:ee:1d:83:2c:4a:10:ba:07:11:04:77:32:
                    59:b7:8a:5c:d5:cb:4c:c9:ce:94:bc:47:01:5e:7f:
                    81:11:b9:6f:6c:a5:90:5e:e1:9a:96:fa:99:84:ad:
                    d9:9c:b9:46:f8:bb:57:a6:68:fd:b2:e4:b0:71:85:
                    b8:6e:92:1a:0a:d8:8e:cf:7a:ad:79:a7:34:b9:9a:
                    5e:7e:6e:27:75:42:a7:74:74:dd:c9:28:28:6e:da:
                    c1:bb:e1:fc:28:75:70:25:c6:8d:1d:08:64:1e:e9:
                    54:d0:84:68:1e:fe:05:e2:93:c2:d0:1a:ca:54:95:
                    4d:95:45:f4:15:54:16:c6:0a:16:09:a9:e5:52:84:
                    06:1d:4d:c5:d7:79:54:66:29:48:f7:b4:11:76:a8:
                    fa:9a:bc:9e:e0:19:23:30:6e:6d:2c:cf:60:88:d1:
                    09:b1:98:22:dd:39:bd:a3:6d:a4:f3:d8:8c:58:aa:
                    a4:79:9b:6d:fa:5c:09:3f:a8:bc:db:f0:0d:e2:49:
                    39:0c:6f:43:27:74:a3:c1:07:43:c8:e7:2d:ab:8d:
                    2d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:F1:6B:FF:18:7E:DA:76:56:8F:39:49:46:F7:82:38:71:01:94:64
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ZvFr_xh-2nZWjzlJRveCOHEBlGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:c2:73:c4:ab:ff:28:f9:82:03:83:b8:97:8d:43:c3:e4:9a:
         18:cb:73:54:92:69:ba:cb:3b:b7:aa:44:b7:bc:29:71:b8:38:
         60:ac:eb:9d:3c:0a:7a:a2:0c:71:de:49:ec:ec:a4:8a:33:d0:
         9d:a2:74:db:1a:90:4a:7d:b4:3c:37:02:cc:7a:cb:8e:62:f2:
         88:03:08:d7:5c:b1:66:ed:6e:99:74:48:c8:94:ce:97:59:68:
         80:13:2f:bc:cc:01:4e:f9:5a:c0:a3:e8:d1:5c:cb:8e:89:de:
         20:98:71:69:5e:55:50:20:68:f9:f7:33:50:d8:da:9a:b8:18:
         a0:d1:bb:ca:b1:7a:a5:a0:e5:25:06:b8:d9:79:ce:57:8d:39:
         57:51:b0:ce:8e:9f:4f:48:68:3f:a9:c7:2c:b8:28:5d:2a:c2:
         b5:65:9e:0f:0e:b3:94:b9:b1:58:d5:7f:02:2a:cf:98:b6:36:
         6a:e0:cd:87:79:cf:98:76:bf:b4:20:e5:09:54:36:65:c4:0a:
         7a:14:f8:b4:64:8c:f5:01:2d:1c:4e:30:0f:a2:8a:a2:05:77:
         3c:7b:e5:68:8e:ce:dc:fb:d3:79:f2:d2:98:f7:e4:19:1c:a1:
         47:9f:b7:01:17:8e:95:b1:08:15:d3:35:de:d0:9c:2e:0b:87:
         eb:b4:2e:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOhkU8wvgXnwjG4vY+T0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmYxNmJmZjE4N2VkYTc2NTY4ZjM5NDk0NmY3ODIzODcxMDE5NDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBwWXENLmWlr44W56Puvh9m4iNWF
QV2BQZbfxfnkZG7z16r1aIGqU61EhLHOZWbuHYMsShC6BxEEdzJZt4pc1ctMyc6U
vEcBXn+BEblvbKWQXuGalvqZhK3ZnLlG+LtXpmj9suSwcYW4bpIaCtiOz3qteac0
uZpefm4ndUKndHTdySgobtrBu+H8KHVwJcaNHQhkHulU0IRoHv4F4pPC0BrKVJVN
lUX0FVQWxgoWCanlUoQGHU3F13lUZilI97QRdqj6mrye4BkjMG5tLM9giNEJsZgi
3Tm9o22k89iMWKqkeZtt+lwJP6i82/AN4kk5DG9DJ3SjwQdDyOctq40t5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbxa/8Yftp2Vo85SUb3gjhxAZRkMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvWnZGcl94aC0yblpXanpsSlJ2ZUNPSEVCbEdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwtHAMA0G
CSqGSIb3DQEBCwUAA4IBAQAbwnPEq/8o+YIDg7iXjUPD5JoYy3NUkmm6yzu3qkS3
vClxuDhgrOudPAp6ogxx3kns7KSKM9CdonTbGpBKfbQ8NwLMesuOYvKIAwjXXLFm
7W6ZdEjIlM6XWWiAEy+8zAFO+VrAo+jRXMuOid4gmHFpXlVQIGj59zNQ2NqauBig
0bvKsXqloOUlBrjZec5XjTlXUbDOjp9PSGg/qccsuChdKsK1ZZ4PDrOUubFY1X8C
Ks+YtjZq4M2Hec+Ydr+0IOUJVDZlxAp6FPi0ZIz1AS0cTjAPooqiBXc8e+Vojs7c
+9N58tKY9+QZHKFHn7cBF46VsQgV0zXe0JwuC4frtC5i
-----END CERTIFICATE-----