Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ZmhSz_A7j2l4e-yrAjRgAR4pBkE.roa
File:                     ZmhSz_A7j2l4e-yrAjRgAR4pBkE.roa (raw, json)
Hash identifier:          jLiEJtQiUHzE9x4CZRwnaKgLmNzrVz3M0ao6g+uh4SM=
Subject key identifier:   66:68:52:CF:F0:3B:8F:69:78:7B:EC:AB:02:34:60:01:1E:29:06:41
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB31DD4497A0CDE5F85FCAAF61AD32
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ZmhSz_A7j2l4e-yrAjRgAR4pBkE.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202822
IP address blocks:        185.147.50.0/24 maxlen: 25

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:31:dd:44:97:a0:cd:e5:f8:5f:ca:af:61:ad:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=666852cff03b8f69787becab023460011e290641
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f0:be:40:b1:4b:18:87:25:ad:a9:1f:f1:01:
                    22:1d:3d:5a:ee:ef:48:bf:d2:bf:fa:71:54:03:6c:
                    e0:f8:13:58:98:24:4a:bb:a4:75:55:eb:35:e7:01:
                    c0:df:e3:d9:47:0e:c7:fb:5e:12:f5:29:82:fa:a8:
                    30:69:ca:12:95:d7:83:18:01:d6:87:4f:63:b4:28:
                    39:79:d8:d0:97:5b:a8:fc:b1:7d:df:8f:9c:72:af:
                    ea:cb:be:10:b1:34:c4:be:ad:9d:dd:ac:a5:77:17:
                    ec:8c:91:76:73:59:f4:31:95:90:b6:7b:48:c3:86:
                    7f:8a:f5:ad:b1:5e:2e:37:0f:be:dd:80:a3:b1:2f:
                    63:14:24:9f:d6:e5:eb:71:38:07:70:7d:f9:5e:8c:
                    4d:8e:c8:7e:1e:b7:e6:bc:ea:bf:85:f9:a9:a9:a5:
                    38:01:ac:23:f4:c2:ea:64:96:3d:23:ff:ca:8f:8c:
                    88:82:25:08:45:01:96:f7:44:9d:7e:62:fe:cd:51:
                    7a:e4:2b:4f:7f:a9:a2:8e:7f:47:f8:d8:8e:df:46:
                    35:57:44:03:d2:72:b0:34:f2:c7:85:38:38:f2:7b:
                    6d:da:fd:2a:8f:b8:b5:6b:bf:97:ab:34:22:b3:cb:
                    fd:a0:7e:35:9a:28:a2:cd:e8:ab:41:43:99:22:fd:
                    ad:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:68:52:CF:F0:3B:8F:69:78:7B:EC:AB:02:34:60:01:1E:29:06:41
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/ZmhSz_A7j2l4e-yrAjRgAR4pBkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:a6:c5:81:26:d8:08:37:e9:71:13:be:a3:9f:c1:1d:b5:39:
         fc:05:b0:d9:48:6a:a2:0d:b3:35:55:89:a9:b4:1a:af:9c:4c:
         71:f0:12:d7:73:3a:99:cd:de:95:49:e3:80:e5:b1:60:c6:ab:
         77:bd:f7:7e:65:f4:da:b4:e0:d8:9c:4e:9d:22:ae:eb:ad:99:
         d2:40:7a:34:b1:05:1c:e1:d1:88:06:8f:f4:26:c1:62:07:66:
         79:80:72:83:66:bf:be:4b:1e:b6:2c:ca:63:6e:e9:f9:5e:a1:
         73:0f:7e:b4:64:1c:19:ce:7d:7f:af:10:93:ae:d2:31:2b:4b:
         d8:44:f7:3b:db:78:ee:7f:ab:33:fa:8d:a8:0e:bc:fa:cb:6c:
         99:70:17:f6:6d:e2:c1:ff:65:8d:60:19:3a:97:8b:d8:89:fd:
         09:9a:9a:34:bf:29:b7:38:a1:b8:b0:17:fc:f9:da:11:17:d8:
         31:00:c6:e2:c9:1d:5f:c4:08:ae:db:ef:fd:30:43:81:f7:58:
         57:7c:3d:b6:a2:58:23:c1:2e:45:d3:1b:61:75:d4:9c:f9:d8:
         2f:dc:80:80:c6:b8:77:8e:f5:54:e0:c3:e3:17:1a:48:77:dd:
         12:5a:24:1b:1d:23:4c:dd:29:3b:95:5a:2c:b6:bd:58:9c:4e:
         1d:89:14:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zHdRJegzeX4X8qvYa0yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjY4NTJjZmYwM2I4ZjY5Nzg3YmVjYWIwMjM0NjAwMTFlMjkwNjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPC+QLFLGIclrakf8QEiHT1a7u9I
v9K/+nFUA2zg+BNYmCRKu6R1Ves15wHA3+PZRw7H+14S9SmC+qgwacoSldeDGAHW
h09jtCg5edjQl1uo/LF934+ccq/qy74QsTTEvq2d3ayldxfsjJF2c1n0MZWQtntI
w4Z/ivWtsV4uNw++3YCjsS9jFCSf1uXrcTgHcH35XoxNjsh+HrfmvOq/hfmpqaU4
Aawj9MLqZJY9I//Kj4yIgiUIRQGW90SdfmL+zVF65CtPf6mijn9H+NiO30Y1V0QD
0nKwNPLHhTg48ntt2v0qj7i1a7+XqzQis8v9oH41miiizeirQUOZIv2tRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZoUs/wO49peHvsqwI0YAEeKQZBMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvWm1oU3pfQTdqMmw0ZS15ckFqUmdBUjRwQmtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZMyMA0G
CSqGSIb3DQEBCwUAA4IBAQAIpsWBJtgIN+lxE76jn8EdtTn8BbDZSGqiDbM1VYmp
tBqvnExx8BLXczqZzd6VSeOA5bFgxqt3vfd+ZfTatODYnE6dIq7rrZnSQHo0sQUc
4dGIBo/0JsFiB2Z5gHKDZr++Sx62LMpjbun5XqFzD360ZBwZzn1/rxCTrtIxK0vY
RPc723juf6sz+o2oDrz6y2yZcBf2beLB/2WNYBk6l4vYif0Jmpo0vym3OKG4sBf8
+doRF9gxAMbiyR1fxAiu2+/9MEOB91hXfD22olgjwS5F0xthddSc+dgv3ICAxrh3
jvVU4MPjFxpId90SWiQbHSNM3Sk7lVostr1YnE4diRT8
-----END CERTIFICATE-----