Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/782c07-4bba-4810-b98b-059dbcc8dcef/1/zp6z3WfXpBxhmUQVIX6JARr0tS4.roa
File:                     zp6z3WfXpBxhmUQVIX6JARr0tS4.roa (raw, json)
Hash identifier:          rFyV9K4VUGMQTtUgBLXZI8iM3oPqLL1AUtOF072Sv6w=
Subject key identifier:   CE:9E:B3:DD:67:D7:A4:1C:61:99:44:15:21:7E:89:01:1A:F4:B5:2E
Certificate issuer:       /CN=86022e162f6e6b9755ce4ce845120e62939506f7
Certificate serial:       018CC9BBB3A357F15E216C69CC62984631F6
Authority key identifier: 86:02:2E:16:2F:6E:6B:97:55:CE:4C:E8:45:12:0E:62:93:95:06:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hgIuFi9ua5dVzkzoRRIOYpOVBvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/782c07-4bba-4810-b98b-059dbcc8dcef/1/zp6z3WfXpBxhmUQVIX6JARr0tS4.roa
Signing time:             Tue 02 Jan 2024 10:32:50 +0000
ROA not before:           Tue 02 Jan 2024 10:32:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61049
IP address blocks:        83.136.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/782c07-4bba-4810-b98b-059dbcc8dcef/1/hgIuFi9ua5dVzkzoRRIOYpOVBvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/782c07-4bba-4810-b98b-059dbcc8dcef/1/hgIuFi9ua5dVzkzoRRIOYpOVBvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hgIuFi9ua5dVzkzoRRIOYpOVBvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:b3:a3:57:f1:5e:21:6c:69:cc:62:98:46:31:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86022e162f6e6b9755ce4ce845120e62939506f7
        Validity
            Not Before: Jan  2 10:32:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce9eb3dd67d7a41c61994415217e89011af4b52e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:31:83:e6:22:7b:90:4f:20:82:1c:50:8c:b0:
                    b9:bb:48:c6:d3:d9:6f:45:0e:d9:36:10:15:5a:da:
                    9c:7c:8e:eb:5b:03:54:0d:51:59:b9:e4:ff:25:4b:
                    1f:aa:76:23:e0:2b:27:d3:d2:ad:48:aa:69:6c:4f:
                    aa:07:f3:90:35:46:7c:db:4d:21:72:64:ec:8d:e3:
                    47:5c:59:56:63:83:60:73:18:85:0d:61:0c:28:13:
                    3b:53:44:ee:77:dc:3d:24:da:de:0b:17:c0:bc:8c:
                    cb:d2:84:a7:d2:da:60:01:ff:57:05:a3:3c:d0:1c:
                    9e:e6:20:60:45:95:cd:04:27:ed:7f:0e:85:29:80:
                    a5:a5:22:ee:a8:85:c2:1d:b1:a9:44:f3:36:3c:a4:
                    1d:14:3a:58:89:96:f3:0a:8e:a5:6b:a6:33:7b:51:
                    0a:b5:51:b9:61:cc:a7:3d:65:29:c7:e5:54:dd:51:
                    80:76:45:df:28:d5:f5:d0:e4:cf:9e:3d:fc:a4:64:
                    c0:3a:e6:80:46:29:a8:d1:06:86:d1:db:df:90:12:
                    2d:ea:81:da:27:27:76:44:31:4a:36:cd:20:3e:7c:
                    ca:bb:75:8a:7e:1e:85:45:a3:ec:72:01:02:35:e6:
                    58:48:c9:93:bd:3c:ed:0c:d2:12:d4:fc:0f:50:76:
                    3f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:9E:B3:DD:67:D7:A4:1C:61:99:44:15:21:7E:89:01:1A:F4:B5:2E
            X509v3 Authority Key Identifier:
                keyid:86:02:2E:16:2F:6E:6B:97:55:CE:4C:E8:45:12:0E:62:93:95:06:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hgIuFi9ua5dVzkzoRRIOYpOVBvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/782c07-4bba-4810-b98b-059dbcc8dcef/1/zp6z3WfXpBxhmUQVIX6JARr0tS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/782c07-4bba-4810-b98b-059dbcc8dcef/1/hgIuFi9ua5dVzkzoRRIOYpOVBvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.136.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:d6:f2:3f:85:5d:a5:04:d4:f3:50:ca:8d:94:15:26:27:c8:
         6e:c9:22:4d:d3:c3:54:aa:d7:d7:83:f0:c6:76:43:3e:29:b3:
         de:76:91:41:4d:40:82:8b:40:c7:45:33:59:dd:31:af:77:87:
         22:5c:56:d7:0d:9d:15:3a:e0:51:0c:9f:e6:50:08:3a:14:83:
         78:49:b8:44:0e:7e:c0:59:d1:0d:49:ce:72:25:d9:c9:3c:20:
         61:f3:96:88:1a:8d:4b:e1:6b:99:af:d4:d2:76:1c:f2:6d:2c:
         47:6f:22:13:1d:fc:b1:86:65:ea:97:e8:7b:32:d9:89:55:fd:
         f8:1b:9d:b7:f8:cb:aa:eb:61:6d:4b:c3:b2:bf:30:9d:c3:6e:
         6d:6e:07:fb:65:96:2a:da:21:fe:3e:58:78:8f:af:6f:7c:36:
         e7:c3:2a:1c:21:5b:81:ed:d7:12:37:6c:9b:48:2d:68:30:b5:
         17:40:bf:85:99:2b:ce:12:58:cf:6a:31:44:ed:e3:9a:89:c7:
         b6:68:d9:04:4f:bb:09:84:1a:14:4a:d6:5f:6e:6d:f5:17:37:
         fb:70:0f:91:62:eb:6f:7c:54:52:86:ba:34:a1:0c:e5:20:c6:
         78:4f:98:3e:5e:16:e2:d9:f7:58:af:b7:22:21:3a:50:93:7e:
         1d:14:bb:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu7OjV/FeIWxpzGKYRjH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MDIyZTE2MmY2ZTZiOTc1NWNlNGNlODQ1MTIwZTYyOTM5
NTA2ZjcwHhcNMjQwMTAyMTAzMjUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTllYjNkZDY3ZDdhNDFjNjE5OTQ0MTUyMTdlODkwMTFhZjRiNTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzGD5iJ7kE8gghxQjLC5u0jG09lv
RQ7ZNhAVWtqcfI7rWwNUDVFZueT/JUsfqnYj4Csn09KtSKppbE+qB/OQNUZ8200h
cmTsjeNHXFlWY4NgcxiFDWEMKBM7U0Tud9w9JNreCxfAvIzL0oSn0tpgAf9XBaM8
0Bye5iBgRZXNBCftfw6FKYClpSLuqIXCHbGpRPM2PKQdFDpYiZbzCo6la6Yze1EK
tVG5YcynPWUpx+VU3VGAdkXfKNX10OTPnj38pGTAOuaARimo0QaG0dvfkBIt6oHa
Jyd2RDFKNs0gPnzKu3WKfh6FRaPscgECNeZYSMmTvTztDNIS1PwPUHY//QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6es91n16QcYZlEFSF+iQEa9LUuMB8GA1UdIwQY
MBaAFIYCLhYvbmuXVc5M6EUSDmKTlQb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGdJdUZpOXVhNWRWemt6b1JSSU9ZcE9WQnZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC83ODJjMDctNGJiYS00ODEwLWI5OGIt
MDU5ZGJjYzhkY2VmLzEvenA2ejNXZlhwQnhobVVRVklYNkpBUnIwdFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC83ODJjMDctNGJiYS00ODEwLWI5OGItMDU5ZGJjYzhkY2Vm
LzEvaGdJdUZpOXVhNWRWemt6b1JSSU9ZcE9WQnZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU4g0MA0G
CSqGSIb3DQEBCwUAA4IBAQCN1vI/hV2lBNTzUMqNlBUmJ8huySJN08NUqtfXg/DG
dkM+KbPedpFBTUCCi0DHRTNZ3TGvd4ciXFbXDZ0VOuBRDJ/mUAg6FIN4SbhEDn7A
WdENSc5yJdnJPCBh85aIGo1L4WuZr9TSdhzybSxHbyITHfyxhmXql+h7MtmJVf34
G523+Muq62FtS8OyvzCdw25tbgf7ZZYq2iH+Plh4j69vfDbnwyocIVuB7dcSN2yb
SC1oMLUXQL+FmSvOEljPajFE7eOaice2aNkET7sJhBoUStZfbm31Fzf7cA+RYutv
fFRShro0oQzlIMZ4T5g+Xhbi2fdYr7ciITpQk34dFLut
-----END CERTIFICATE-----