Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/ZvjRbM0VAk_kMaMSQ1f8fjYuXWY.roa
File:                     ZvjRbM0VAk_kMaMSQ1f8fjYuXWY.roa (raw, json)
Hash identifier:          pvIXFcZn02IMBNCSsgbMra8JB12ZqwFBtFjoYJ3C2zo=
Subject key identifier:   66:F8:D1:6C:CD:15:02:4F:E4:31:A3:12:43:57:FC:7E:36:2E:5D:66
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018EF0E4BC27CAF3AD041C5488BC727B7BAB
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/ZvjRbM0VAk_kMaMSQ1f8fjYuXWY.roa
Signing time:             Thu 18 Apr 2024 11:08:25 +0000
ROA not before:           Thu 18 Apr 2024 11:08:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206150
IP address blocks:        2a0e:d781::/32 maxlen: 32
                          2a0e:d782::/32 maxlen: 32
                          2a0e:d783::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:e4:bc:27:ca:f3:ad:04:1c:54:88:bc:72:7b:7b:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Apr 18 11:08:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66f8d16ccd15024fe431a3124357fc7e362e5d66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:24:83:59:68:a0:fe:25:70:f2:3d:f6:0d:b1:
                    80:b1:c6:ee:0e:9b:7e:86:d6:9b:8a:fb:98:27:b3:
                    c5:1c:e8:33:f1:97:70:4c:0d:bd:00:c3:28:2c:c8:
                    b6:cc:00:13:66:34:52:07:fd:05:6d:c0:04:46:af:
                    6a:85:3f:f2:a8:bc:72:8c:8d:4b:26:99:24:80:ed:
                    f8:49:82:d3:d8:11:d8:30:db:d1:76:54:bd:b8:7d:
                    1b:ee:60:e0:a0:0b:93:31:31:e8:58:02:46:39:6b:
                    74:0e:c6:e1:47:a6:d1:1a:0b:7c:37:32:d0:6b:98:
                    72:f2:88:ca:50:55:0e:0e:e5:57:02:06:26:2c:69:
                    3d:00:43:1f:77:17:aa:72:84:26:b3:3e:f7:16:7d:
                    fa:98:1a:5b:c2:50:6d:01:17:88:29:2a:34:40:82:
                    60:c8:df:65:0a:b0:f3:a7:e2:19:b3:a4:23:7a:39:
                    22:7e:02:a9:f4:e4:56:c1:6c:ec:80:b2:eb:66:85:
                    cc:3f:73:80:f8:d1:b3:d6:52:47:2b:39:36:c8:0b:
                    63:e4:32:09:de:49:67:5d:08:6b:cd:33:6f:e4:a0:
                    c4:dd:d6:19:14:7e:4f:45:3f:8c:e2:d9:c0:fe:13:
                    cd:b3:de:5d:55:2a:5d:59:fe:fd:df:05:b0:d3:0e:
                    94:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:F8:D1:6C:CD:15:02:4F:E4:31:A3:12:43:57:FC:7E:36:2E:5D:66
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/ZvjRbM0VAk_kMaMSQ1f8fjYuXWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:d781::-2a0e:d783:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         6c:37:d7:99:52:ec:6a:4d:4a:10:55:58:d4:3f:57:7a:ce:89:
         02:39:ab:33:2b:f6:11:67:dd:7f:59:f5:b0:f5:2f:03:4f:4b:
         03:d1:87:77:c4:2f:3e:f9:4d:15:f4:3c:14:20:74:1f:ae:45:
         74:48:8b:65:72:a3:fb:5d:48:1b:b1:0f:48:dd:33:27:00:f7:
         cf:0f:d6:9f:e6:10:5f:a8:aa:5f:25:f1:89:f7:97:ef:f9:e0:
         69:01:71:81:89:c0:ec:ee:8c:0f:01:54:b3:6d:27:06:90:6e:
         63:73:c4:f7:b9:5b:5c:e3:69:e9:31:7a:84:05:0d:df:3a:7b:
         f1:7c:55:8f:36:b7:3a:c1:a1:e5:8c:74:f2:35:eb:3b:96:4c:
         e8:94:1a:fc:67:3f:aa:8e:4e:49:1b:df:c5:a4:8c:b6:71:1c:
         e1:1e:4d:1d:4d:1d:8e:de:14:52:92:d5:17:61:4a:6c:09:41:
         b0:9d:ed:00:9b:59:22:70:30:e6:81:a1:6a:dc:20:e9:39:6e:
         3b:71:b5:7b:c2:4b:4e:94:14:00:9a:f7:d1:5b:cd:30:03:f3:
         46:2c:dc:d0:34:cf:aa:05:84:b2:a3:0f:2f:c3:5b:4c:e5:dc:
         a3:f9:5a:55:b5:d2:b6:0a:a6:f7:38:90:69:2a:55:91:b5:2c:
         be:98:77:ff
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAY7w5LwnyvOtBBxUiLxye3urMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwNDE4MTEwODI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmY4ZDE2Y2NkMTUwMjRmZTQzMWEzMTI0MzU3ZmM3ZTM2MmU1ZDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCSDWWig/iVw8j32DbGAscbuDpt+
htabivuYJ7PFHOgz8ZdwTA29AMMoLMi2zAATZjRSB/0FbcAERq9qhT/yqLxyjI1L
JpkkgO34SYLT2BHYMNvRdlS9uH0b7mDgoAuTMTHoWAJGOWt0DsbhR6bRGgt8NzLQ
a5hy8ojKUFUODuVXAgYmLGk9AEMfdxeqcoQmsz73Fn36mBpbwlBtAReIKSo0QIJg
yN9lCrDzp+IZs6QjejkifgKp9ORWwWzsgLLrZoXMP3OA+NGz1lJHKzk2yAtj5DIJ
3klnXQhrzTNv5KDE3dYZFH5PRT+M4tnA/hPNs95dVSpdWf793wWw0w6UiwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFGb40WzNFQJP5DGjEkNX/H42Ll1mMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvWnZqUmJNMFZBa19rTWFNU1ExZjhmall1WFdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqDteB
AwUCKg7XgDANBgkqhkiG9w0BAQsFAAOCAQEAbDfXmVLsak1KEFVY1D9Xes6JAjmr
Myv2EWfdf1n1sPUvA09LA9GHd8QvPvlNFfQ8FCB0H65FdEiLZXKj+11IG7EPSN0z
JwD3zw/Wn+YQX6iqXyXxifeX7/ngaQFxgYnA7O6MDwFUs20nBpBuY3PE97lbXONp
6TF6hAUN3zp78XxVjza3OsGh5Yx08jXrO5ZM6JQa/Gc/qo5OSRvfxaSMtnEc4R5N
HU0djt4UUpLVF2FKbAlBsJ3tAJtZInAw5oGhatwg6TluO3G1e8JLTpQUAJr30VvN
MAPzRizc0DTPqgWEsqMPL8NbTOXco/laVbXStgqm9ziQaSpVkbUsvph3/w==
-----END CERTIFICATE-----