Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/fc7aee-233c-4d64-9293-05978a5a1d69/1/ZPpfofbyBUXeLE8IiyMnh0DTy9A.roa
File:                     ZPpfofbyBUXeLE8IiyMnh0DTy9A.roa (raw, json)
Hash identifier:          l/k0zrb0UCMo89FnUADuMJHcx0PoUxoXPjKqUMhKU60=
Subject key identifier:   64:FA:5F:A1:F6:F2:05:45:DE:2C:4F:08:8B:23:27:87:40:D3:CB:D0
Certificate issuer:       /CN=3f46c351ee89c9f5558167530704885b8be46eaa
Certificate serial:       018CC5DCFEF833C16DC7A10758FF12FEDA3C
Authority key identifier: 3F:46:C3:51:EE:89:C9:F5:55:81:67:53:07:04:88:5B:8B:E4:6E:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P0bDUe6JyfVVgWdTBwSIW4vkbqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/fc7aee-233c-4d64-9293-05978a5a1d69/1/ZPpfofbyBUXeLE8IiyMnh0DTy9A.roa
Signing time:             Mon 01 Jan 2024 16:30:43 +0000
ROA not before:           Mon 01 Jan 2024 16:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205930
IP address blocks:        185.169.68.0/22 maxlen: 22
                          2a0b:40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/fc7aee-233c-4d64-9293-05978a5a1d69/1/P0bDUe6JyfVVgWdTBwSIW4vkbqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/fc7aee-233c-4d64-9293-05978a5a1d69/1/P0bDUe6JyfVVgWdTBwSIW4vkbqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P0bDUe6JyfVVgWdTBwSIW4vkbqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:fe:f8:33:c1:6d:c7:a1:07:58:ff:12:fe:da:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f46c351ee89c9f5558167530704885b8be46eaa
        Validity
            Not Before: Jan  1 16:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64fa5fa1f6f20545de2c4f088b23278740d3cbd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:52:0d:44:fe:94:f8:64:35:a9:67:e9:d5:b3:
                    f6:5c:6c:2c:ac:e1:16:3f:df:21:e7:fb:76:ba:51:
                    7a:f1:01:f5:26:6a:85:b6:ad:8a:c9:84:23:ea:03:
                    27:c8:f8:6c:48:10:61:1b:12:d2:91:54:b0:d6:27:
                    f3:31:5f:79:b4:f7:8b:81:a7:e3:c7:60:26:1e:8c:
                    91:09:e7:f4:1f:87:9a:f4:94:f9:d2:e6:98:3e:46:
                    fd:cd:bd:03:10:0b:2f:05:e5:ab:85:73:00:70:48:
                    4b:d9:29:ca:10:d5:82:14:6d:53:77:89:d0:f6:44:
                    87:43:2d:bf:96:9f:69:6d:a8:bb:4a:5b:3d:49:df:
                    e0:96:93:ef:de:56:1a:4d:15:58:9f:55:68:ad:43:
                    e6:7b:0f:56:b0:ff:fd:73:79:8e:7e:2e:bc:50:96:
                    af:be:16:3b:79:d1:c3:de:aa:83:83:09:4b:41:fb:
                    76:b9:5c:88:d4:8c:d3:f5:e6:80:71:a5:96:80:11:
                    f3:30:3b:b3:23:71:7e:72:c1:73:19:a2:ec:5d:c4:
                    35:5f:85:15:62:ff:a8:a6:d6:23:ef:06:5e:73:9a:
                    b0:df:b4:df:e5:4c:c6:d7:11:28:71:e3:74:28:6c:
                    06:87:b3:84:8c:99:e5:2a:10:c8:54:90:18:1e:5c:
                    14:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:FA:5F:A1:F6:F2:05:45:DE:2C:4F:08:8B:23:27:87:40:D3:CB:D0
            X509v3 Authority Key Identifier:
                keyid:3F:46:C3:51:EE:89:C9:F5:55:81:67:53:07:04:88:5B:8B:E4:6E:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P0bDUe6JyfVVgWdTBwSIW4vkbqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/fc7aee-233c-4d64-9293-05978a5a1d69/1/ZPpfofbyBUXeLE8IiyMnh0DTy9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/fc7aee-233c-4d64-9293-05978a5a1d69/1/P0bDUe6JyfVVgWdTBwSIW4vkbqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.68.0/22
                IPv6:
                  2a0b:40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0e:8b:14:6d:af:db:9e:81:bb:7b:fa:5e:a2:cd:c9:0d:66:66:
         72:fd:61:a4:18:fd:c0:89:d7:a6:45:71:83:c2:37:72:e0:21:
         d1:5b:9d:ab:6a:23:69:3d:9d:ca:22:f4:05:aa:11:e4:0d:5e:
         8a:e4:50:31:22:ed:36:12:07:36:a3:eb:cc:bb:83:8e:0c:71:
         cf:dc:11:7a:96:83:31:57:78:2e:de:70:18:a0:c6:09:1c:01:
         80:99:ae:f0:40:13:2c:50:c9:7d:38:63:7d:61:b1:b8:ba:02:
         30:60:e9:6c:cb:d6:a7:f7:ee:7a:f8:5a:9b:fb:6f:12:db:a6:
         d4:f6:63:f0:8e:6e:46:21:23:d2:66:f2:f2:44:e7:60:97:29:
         8f:ae:eb:cc:81:01:58:83:d3:0d:af:6a:6f:ba:bd:b5:0e:2d:
         07:1e:5b:2c:56:83:6b:22:51:f2:ac:81:e3:7d:c2:a8:1c:3b:
         4b:4d:dd:63:46:c7:6b:d0:cd:ef:e0:30:10:6b:87:f2:da:af:
         64:f5:68:a8:6b:51:49:c5:58:83:87:2a:69:78:f9:05:eb:62:
         47:f1:a7:48:b6:26:fa:a4:c4:c2:29:1e:a0:7e:7a:cd:a4:1b:
         e8:eb:c3:cd:da:89:bb:40:d2:3d:32:ee:b6:7a:9b:cd:95:cc:
         c2:7f:83:03
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3P74M8Ftx6EHWP8S/to8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNDZjMzUxZWU4OWM5ZjU1NTgxNjc1MzA3MDQ4ODViOGJl
NDZlYWEwHhcNMjQwMTAxMTYzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGZhNWZhMWY2ZjIwNTQ1ZGUyYzRmMDg4YjIzMjc4NzQwZDNjYmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVINRP6U+GQ1qWfp1bP2XGwsrOEW
P98h5/t2ulF68QH1JmqFtq2KyYQj6gMnyPhsSBBhGxLSkVSw1ifzMV95tPeLgafj
x2AmHoyRCef0H4ea9JT50uaYPkb9zb0DEAsvBeWrhXMAcEhL2SnKENWCFG1Td4nQ
9kSHQy2/lp9pbai7Sls9Sd/glpPv3lYaTRVYn1VorUPmew9WsP/9c3mOfi68UJav
vhY7edHD3qqDgwlLQft2uVyI1IzT9eaAcaWWgBHzMDuzI3F+csFzGaLsXcQ1X4UV
Yv+optYj7wZec5qw37Tf5UzG1xEoceN0KGwGh7OEjJnlKhDIVJAYHlwUoQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGT6X6H28gVF3ixPCIsjJ4dA08vQMB8GA1UdIwQY
MBaAFD9Gw1Huicn1VYFnUwcEiFuL5G6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDBiRFVlNkp5ZlZWZ1dkVEJ3U0lXNHZrYnFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9mYzdhZWUtMjMzYy00ZDY0LTkyOTMt
MDU5NzhhNWExZDY5LzEvWlBwZm9mYnlCVVhlTEU4SWl5TW5oMERUeTlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9mYzdhZWUtMjMzYy00ZDY0LTkyOTMtMDU5NzhhNWExZDY5
LzEvUDBiRFVlNkp5ZlZWZ1dkVEJ3U0lXNHZrYnFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCualEMA0E
AgACMAcDBQMqCwBAMA0GCSqGSIb3DQEBCwUAA4IBAQAOixRtr9uegbt7+l6izckN
ZmZy/WGkGP3AidemRXGDwjdy4CHRW52raiNpPZ3KIvQFqhHkDV6K5FAxIu02Egc2
o+vMu4OODHHP3BF6loMxV3gu3nAYoMYJHAGAma7wQBMsUMl9OGN9YbG4ugIwYOls
y9an9+56+Fqb+28S26bU9mPwjm5GISPSZvLyROdglymPruvMgQFYg9MNr2pvur21
Di0HHlssVoNrIlHyrIHjfcKoHDtLTd1jRsdr0M3v4DAQa4fy2q9k9Wioa1FJxViD
hyppePkF62JH8adItib6pMTCKR6gfnrNpBvo68PN2om7QNI9Mu62epvNlczCf4MD
-----END CERTIFICATE-----