Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/Z_e71hj2oOgBz5IuU18Wz30iY7A.roa
File:                     Z_e71hj2oOgBz5IuU18Wz30iY7A.roa (raw, json)
Hash identifier:          6DejAFnrnwgY06QDp0LhDZBWpdvZoFHnL8ARCBk6A04=
Subject key identifier:   67:F7:BB:D6:18:F6:A0:E8:01:CF:92:2E:53:5F:16:CF:7D:22:63:B0
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CC94DFEB1C1F71A364763A58C2995A50A
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/Z_e71hj2oOgBz5IuU18Wz30iY7A.roa
Signing time:             Tue 02 Jan 2024 08:33:01 +0000
ROA not before:           Tue 02 Jan 2024 08:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34723
IP address blocks:        86.106.200.0/21 maxlen: 24
                          89.45.16.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 06:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:fe:b1:c1:f7:1a:36:47:63:a5:8c:29:95:a5:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 08:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67f7bbd618f6a0e801cf922e535f16cf7d2263b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ee:e4:6e:2b:32:4b:5e:0c:34:d7:ac:65:da:
                    a2:67:68:fb:ff:d8:17:98:5c:0c:ea:c4:3d:7b:03:
                    73:f7:8d:b9:c7:5a:a0:09:19:8b:33:c2:97:32:9c:
                    ad:31:4b:1c:72:58:8e:2f:80:77:a5:41:fa:28:f3:
                    6b:fa:3c:7e:ff:c1:f3:67:ea:6a:d8:b4:00:57:2d:
                    02:cf:58:f2:f0:10:0a:5c:ba:90:c2:82:40:08:36:
                    22:6f:31:ec:08:6e:c9:98:5e:0f:53:16:e9:99:56:
                    bb:cc:7a:69:52:d1:bc:70:7d:01:e2:03:b8:a4:01:
                    26:db:2e:c6:26:c2:0c:28:4d:ca:b7:ac:25:00:c0:
                    7e:11:b4:34:23:cc:a6:b4:c3:f4:9f:5d:53:6e:c4:
                    64:2d:ce:3c:e6:06:23:06:9f:1c:70:69:b7:e5:2d:
                    d1:e9:62:64:06:d0:5e:f3:29:4c:a3:2f:bb:4e:6a:
                    bb:2e:f6:ab:fb:ab:f7:85:b9:79:eb:e4:ad:9e:93:
                    a0:9a:f2:08:52:a2:72:7a:b4:fa:f5:06:94:ea:46:
                    c9:39:89:bc:c6:eb:a1:09:3a:82:ee:7f:79:f2:d5:
                    5a:88:49:cc:d4:cb:36:68:05:59:8a:7e:e3:62:bd:
                    3d:e9:f5:e1:77:88:4a:33:73:c9:81:16:3e:d5:d9:
                    3d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:F7:BB:D6:18:F6:A0:E8:01:CF:92:2E:53:5F:16:CF:7D:22:63:B0
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/Z_e71hj2oOgBz5IuU18Wz30iY7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.200.0/21
                  89.45.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         54:8d:53:34:b7:ae:75:00:0c:0f:46:19:67:11:1c:5e:4a:7e:
         1d:4d:7f:a7:c2:36:52:1c:1a:e0:6b:1d:5f:43:8c:1f:67:3a:
         d9:6c:01:70:a4:80:69:e7:d9:b6:b2:a3:11:88:a5:a9:00:b3:
         f0:ae:02:81:73:ed:7b:3a:a5:87:21:d9:59:23:cc:47:41:93:
         bc:da:f5:15:44:3b:86:d6:1a:cf:e4:54:1a:c8:b1:1a:2a:65:
         e0:58:6c:58:6c:94:ed:a6:84:8d:9e:59:ce:7f:5c:b9:c3:b8:
         a5:74:1a:d3:6a:98:2e:e1:05:62:39:4f:ac:00:ea:7c:13:64:
         26:69:61:3c:56:35:05:b2:75:4b:3d:13:61:86:00:6d:50:b4:
         00:fb:87:9f:5d:5a:70:50:31:6e:b3:43:6f:20:26:8a:18:d4:
         2a:c0:97:68:1f:9d:d4:6f:a1:64:3f:b9:61:73:f6:34:77:a2:
         19:15:5d:0c:28:61:ce:45:c6:6c:50:72:42:7f:1b:8b:00:fe:
         e6:40:76:a0:74:0e:68:08:47:60:a9:d6:a1:3a:7b:86:19:9e:
         f0:cc:a3:fa:a5:83:99:79:4a:c8:1b:23:43:5c:be:44:89:10:
         64:dc:3b:65:1e:41:63:32:8c:53:ae:70:1d:d1:8a:59:3a:34:
         7d:3c:58:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTf6xwfcaNkdjpYwplaUKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTAyMDgzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2Y3YmJkNjE4ZjZhMGU4MDFjZjkyMmU1MzVmMTZjZjdkMjI2M2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAju7kbisyS14MNNesZdqiZ2j7/9gX
mFwM6sQ9ewNz9425x1qgCRmLM8KXMpytMUsccliOL4B3pUH6KPNr+jx+/8HzZ+pq
2LQAVy0Cz1jy8BAKXLqQwoJACDYibzHsCG7JmF4PUxbpmVa7zHppUtG8cH0B4gO4
pAEm2y7GJsIMKE3Kt6wlAMB+EbQ0I8ymtMP0n11TbsRkLc485gYjBp8ccGm35S3R
6WJkBtBe8ylMoy+7Tmq7Lvar+6v3hbl56+StnpOgmvIIUqJyerT69QaU6kbJOYm8
xuuhCTqC7n958tVaiEnM1Ms2aAVZin7jYr096fXhd4hKM3PJgRY+1dk96QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGf3u9YY9qDoAc+SLlNfFs99ImOwMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvWl9lNzFoajJvT2dCejVJdVUxOFd6MzBpWTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDVmrIAwQD
WS0QMA0GCSqGSIb3DQEBCwUAA4IBAQBUjVM0t651AAwPRhlnERxeSn4dTX+nwjZS
HBrgax1fQ4wfZzrZbAFwpIBp59m2sqMRiKWpALPwrgKBc+17OqWHIdlZI8xHQZO8
2vUVRDuG1hrP5FQayLEaKmXgWGxYbJTtpoSNnlnOf1y5w7ildBrTapgu4QViOU+s
AOp8E2QmaWE8VjUFsnVLPRNhhgBtULQA+4efXVpwUDFus0NvICaKGNQqwJdoH53U
b6FkP7lhc/Y0d6IZFV0MKGHORcZsUHJCfxuLAP7mQHagdA5oCEdgqdahOnuGGZ7w
zKP6pYOZeUrIGyNDXL5EiRBk3DtlHkFjMoxTrnAd0YpZOjR9PFj7
-----END CERTIFICATE-----