Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/c2829f-b3ed-44d3-a5cf-0c1f69b7aee7/1/zrAZ7mGtNoaHqJhokRJDLmTJGfU.roa
File:                     zrAZ7mGtNoaHqJhokRJDLmTJGfU.roa (raw, json)
Hash identifier:          xePTqj6jseK4V9y0vP+MjbQhyLuSwb7HrglvKMlaW54=
Subject key identifier:   CE:B0:19:EE:61:AD:36:86:87:A8:98:68:91:12:43:2E:64:C9:19:F5
Certificate issuer:       /CN=a071571c8e10b419d7a3bf36e1085ffd5cd78a98
Certificate serial:       018CC64B83299AEBA9B1B6DF5E92F7C2672D
Authority key identifier: A0:71:57:1C:8E:10:B4:19:D7:A3:BF:36:E1:08:5F:FD:5C:D7:8A:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oHFXHI4QtBnXo7824Qhf_VzXipg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/c2829f-b3ed-44d3-a5cf-0c1f69b7aee7/1/zrAZ7mGtNoaHqJhokRJDLmTJGfU.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31564
IP address blocks:        195.178.112.0/23 maxlen: 23
                          193.17.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/c2829f-b3ed-44d3-a5cf-0c1f69b7aee7/1/oHFXHI4QtBnXo7824Qhf_VzXipg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/c2829f-b3ed-44d3-a5cf-0c1f69b7aee7/1/oHFXHI4QtBnXo7824Qhf_VzXipg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oHFXHI4QtBnXo7824Qhf_VzXipg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:83:29:9a:eb:a9:b1:b6:df:5e:92:f7:c2:67:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a071571c8e10b419d7a3bf36e1085ffd5cd78a98
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ceb019ee61ad368687a898689112432e64c919f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:ed:06:6b:2c:20:67:39:66:38:7f:1a:0d:f1:
                    af:b3:bd:5f:a3:eb:9c:30:96:b4:8e:07:5d:17:8d:
                    5d:29:75:15:b0:b4:10:df:12:46:91:6d:3b:db:d8:
                    20:94:69:2a:e2:f3:f0:1e:3e:ef:99:c4:40:f5:61:
                    1a:15:32:f6:9d:56:a6:b2:82:24:51:dd:78:94:16:
                    27:c0:44:54:de:69:35:8c:d9:15:fb:f8:1c:db:96:
                    d7:20:ec:9b:2a:cd:d7:d9:b6:45:96:d9:5e:e4:64:
                    85:02:1f:c8:53:f6:35:64:2f:6e:a4:89:e5:f2:84:
                    a1:52:af:9f:ba:77:0c:65:ea:1c:b3:b0:81:dc:50:
                    95:8d:58:e8:29:fe:1a:c0:29:91:9a:c8:75:4f:bc:
                    49:97:b6:4d:fb:5a:33:c1:e8:84:11:5b:2b:43:ec:
                    68:cf:13:b8:4a:6d:da:a3:eb:df:28:c6:74:fb:51:
                    02:0d:5a:a5:ae:b0:ae:d3:51:e7:7e:fd:e2:3c:ed:
                    07:7f:96:99:db:e8:38:e7:a7:c1:2e:8d:bb:23:37:
                    f7:7f:e6:93:81:09:df:5a:db:e4:4a:65:88:22:3f:
                    fc:e0:22:cf:a6:17:61:68:9d:d2:26:1a:30:25:16:
                    61:9f:52:ff:b1:80:c0:ab:f2:49:78:a5:14:3e:0f:
                    fc:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B0:19:EE:61:AD:36:86:87:A8:98:68:91:12:43:2E:64:C9:19:F5
            X509v3 Authority Key Identifier:
                keyid:A0:71:57:1C:8E:10:B4:19:D7:A3:BF:36:E1:08:5F:FD:5C:D7:8A:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oHFXHI4QtBnXo7824Qhf_VzXipg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/c2829f-b3ed-44d3-a5cf-0c1f69b7aee7/1/zrAZ7mGtNoaHqJhokRJDLmTJGfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/c2829f-b3ed-44d3-a5cf-0c1f69b7aee7/1/oHFXHI4QtBnXo7824Qhf_VzXipg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.73.0/24
                  195.178.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:ee:82:61:d8:0b:41:6d:bc:2f:dc:0c:79:6e:88:1f:4d:08:
         5b:2f:48:b9:0f:64:bc:a6:29:f0:24:f3:ec:b6:4b:bd:80:3f:
         73:07:e0:c3:8d:f7:f8:3b:95:03:71:52:52:9a:91:25:83:ed:
         1c:59:86:e8:e1:31:46:7a:fb:f5:cd:64:f2:55:1e:5d:72:00:
         21:2e:40:45:29:1e:bd:e3:a8:12:dd:8c:3f:76:23:f5:bd:2b:
         e9:d0:e1:5d:0d:09:89:94:85:59:6c:27:d9:bc:25:50:12:e0:
         d9:5b:f6:9a:d2:b2:37:c4:39:dd:71:6d:06:f1:c4:d4:d0:af:
         23:90:2a:9d:78:3e:6e:fb:e9:8a:9f:61:79:a4:1b:76:a9:89:
         0a:19:1c:db:bf:70:21:2a:b8:46:52:5d:af:60:88:f1:33:77:
         2d:b4:0a:7c:ad:4c:d9:c8:8e:25:35:a4:27:03:a1:92:c7:bf:
         19:7d:69:82:aa:b1:4c:2b:0d:67:60:57:21:8e:b8:52:f9:98:
         7b:68:3d:6b:98:12:05:fd:62:d8:a0:e1:50:7f:10:01:61:7a:
         ef:fc:56:34:dd:5d:98:0b:69:b4:99:ed:ca:e0:3e:49:51:70:
         eb:36:52:dc:ff:3e:a1:11:63:2b:fe:42:86:12:6b:bc:f1:ef:
         fe:5f:c1:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS4MpmuupsbbfXpL3wmctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwNzE1NzFjOGUxMGI0MTlkN2EzYmYzNmUxMDg1ZmZkNWNk
NzhhOTgwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWIwMTllZTYxYWQzNjg2ODdhODk4Njg5MTEyNDMyZTY0YzkxOWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6u0GaywgZzlmOH8aDfGvs71fo+uc
MJa0jgddF41dKXUVsLQQ3xJGkW0729gglGkq4vPwHj7vmcRA9WEaFTL2nVamsoIk
Ud14lBYnwERU3mk1jNkV+/gc25bXIOybKs3X2bZFltle5GSFAh/IU/Y1ZC9upInl
8oShUq+funcMZeocs7CB3FCVjVjoKf4awCmRmsh1T7xJl7ZN+1ozweiEEVsrQ+xo
zxO4Sm3ao+vfKMZ0+1ECDVqlrrCu01Hnfv3iPO0Hf5aZ2+g456fBLo27Izf3f+aT
gQnfWtvkSmWIIj/84CLPphdhaJ3SJhowJRZhn1L/sYDAq/JJeKUUPg/8qwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM6wGe5hrTaGh6iYaJESQy5kyRn1MB8GA1UdIwQY
MBaAFKBxVxyOELQZ16O/NuEIX/1c14qYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0hGWEhJNFF0Qm5Ybzc4MjRRaGZfVnpYaXBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9jMjgyOWYtYjNlZC00NGQzLWE1Y2Yt
MGMxZjY5YjdhZWU3LzEvenJBWjdtR3ROb2FIcUpob2tSSkRMbVRKR2ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9jMjgyOWYtYjNlZC00NGQzLWE1Y2YtMGMxZjY5YjdhZWU3
LzEvb0hGWEhJNFF0Qm5Ybzc4MjRRaGZfVnpYaXBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRFJAwQB
w7JwMA0GCSqGSIb3DQEBCwUAA4IBAQAn7oJh2AtBbbwv3Ax5bogfTQhbL0i5D2S8
pinwJPPstku9gD9zB+DDjff4O5UDcVJSmpElg+0cWYbo4TFGevv1zWTyVR5dcgAh
LkBFKR6946gS3Yw/diP1vSvp0OFdDQmJlIVZbCfZvCVQEuDZW/aa0rI3xDndcW0G
8cTU0K8jkCqdeD5u++mKn2F5pBt2qYkKGRzbv3AhKrhGUl2vYIjxM3cttAp8rUzZ
yI4lNaQnA6GSx78ZfWmCqrFMKw1nYFchjrhS+Zh7aD1rmBIF/WLYoOFQfxABYXrv
/FY03V2YC2m0me3K4D5JUXDrNlLc/z6hEWMr/kKGEmu88e/+X8He
-----END CERTIFICATE-----