Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/ad7ac3-b8ad-42b0-ad2a-ae967d739dd3/1/zWVyfjyt4BvVztTZQafoaPtX6XQ.roa
File:                     zWVyfjyt4BvVztTZQafoaPtX6XQ.roa (raw, json)
Hash identifier:          4Tx0sjKUfluv462eT5ALhA1qp4mQGHqPoakoY7b//b4=
Subject key identifier:   CD:65:72:7E:3C:AD:E0:1B:D5:CE:D4:D9:41:A7:E8:68:FB:57:E9:74
Certificate issuer:       /CN=3ba1782b6afba7c6bcf070b93fed4cc84af41352
Certificate serial:       018CC3B70917377B55466976107C7E6DD85D
Authority key identifier: 3B:A1:78:2B:6A:FB:A7:C6:BC:F0:70:B9:3F:ED:4C:C8:4A:F4:13:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O6F4K2r7p8a88HC5P-1MyEr0E1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/ad7ac3-b8ad-42b0-ad2a-ae967d739dd3/1/zWVyfjyt4BvVztTZQafoaPtX6XQ.roa
Signing time:             Mon 01 Jan 2024 06:30:01 +0000
ROA not before:           Mon 01 Jan 2024 06:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205312
IP address blocks:        185.17.169.0/24 maxlen: 24
                          37.220.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/ad7ac3-b8ad-42b0-ad2a-ae967d739dd3/1/O6F4K2r7p8a88HC5P-1MyEr0E1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/ad7ac3-b8ad-42b0-ad2a-ae967d739dd3/1/O6F4K2r7p8a88HC5P-1MyEr0E1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O6F4K2r7p8a88HC5P-1MyEr0E1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:09:17:37:7b:55:46:69:76:10:7c:7e:6d:d8:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ba1782b6afba7c6bcf070b93fed4cc84af41352
        Validity
            Not Before: Jan  1 06:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd65727e3cade01bd5ced4d941a7e868fb57e974
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:22:46:0f:34:3d:50:21:3e:76:d2:cd:a9:d8:
                    e5:99:d3:76:e2:8d:18:b1:23:5f:bf:fc:c5:1d:93:
                    08:cb:08:27:37:9f:56:d9:2f:c7:09:20:a0:e1:cc:
                    d8:4c:d4:29:83:1f:b8:2c:0d:2f:17:e1:c9:84:9d:
                    32:9e:ea:7f:47:44:ab:5e:a8:5f:5f:88:4d:d4:b7:
                    f3:7b:32:44:d1:b3:2b:ef:c1:ec:7a:cb:28:ed:be:
                    83:47:11:88:e3:56:bc:19:fe:3a:27:84:60:7d:f1:
                    20:30:61:ee:d6:fb:b4:30:c8:00:0a:f8:42:23:96:
                    e5:ee:17:70:68:4c:c8:ae:f0:c5:59:ba:24:30:bf:
                    e4:e0:14:f4:7a:16:83:f3:4f:97:a9:fc:6b:8d:ef:
                    4a:79:4d:9c:64:23:26:95:06:3c:73:d8:75:68:b5:
                    79:ba:be:2b:96:77:6e:de:c1:b4:b5:7d:42:fb:38:
                    e9:ae:11:29:f3:92:20:e4:cb:b2:44:07:ab:18:08:
                    05:61:3c:a7:00:41:d3:92:b0:91:49:40:6f:2f:02:
                    5d:8f:c4:f5:53:0f:4f:0b:3a:a1:ad:1f:81:74:4b:
                    bd:62:8d:b5:39:d6:e2:50:4f:a3:27:3d:a2:c5:40:
                    73:95:43:a8:35:e1:1b:3f:03:7f:95:fd:7c:e0:25:
                    cb:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:65:72:7E:3C:AD:E0:1B:D5:CE:D4:D9:41:A7:E8:68:FB:57:E9:74
            X509v3 Authority Key Identifier:
                keyid:3B:A1:78:2B:6A:FB:A7:C6:BC:F0:70:B9:3F:ED:4C:C8:4A:F4:13:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6F4K2r7p8a88HC5P-1MyEr0E1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/ad7ac3-b8ad-42b0-ad2a-ae967d739dd3/1/zWVyfjyt4BvVztTZQafoaPtX6XQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/ad7ac3-b8ad-42b0-ad2a-ae967d739dd3/1/O6F4K2r7p8a88HC5P-1MyEr0E1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.220.164.0/24
                  185.17.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:b8:5f:3e:c4:80:b0:8e:47:1d:28:72:19:8a:aa:01:30:3b:
         28:9a:1d:ab:1e:68:6a:61:4d:d3:b5:7f:c4:e8:a9:41:5e:0e:
         b7:22:8b:5a:0c:a8:a5:70:16:dd:20:ba:cc:52:c3:74:a7:4c:
         9e:de:d5:72:b9:f0:01:60:f1:de:9b:97:4a:67:32:ec:de:9d:
         92:a8:87:7f:2d:4e:f6:79:f7:40:ea:b1:19:67:6e:ee:b7:10:
         e3:c2:ca:d1:d6:f6:d2:4c:44:9c:d2:4a:14:32:15:49:ed:6d:
         a6:8c:d0:ef:90:94:ae:92:7d:ce:9d:7a:64:bd:e5:d5:6a:89:
         32:e3:5a:a3:4e:36:35:27:e7:04:17:b4:3f:24:17:b7:76:10:
         7d:6d:1d:44:37:39:4d:d5:66:ea:f2:ea:77:e3:84:31:30:d4:
         b1:fa:4e:fc:67:d5:8f:a0:d1:7d:dd:00:ef:e1:2a:fc:4b:d2:
         86:44:71:84:e4:83:2c:84:b1:3e:74:e3:c5:19:ec:f5:d4:ed:
         83:fa:d8:c3:a2:1c:9d:cd:f5:8f:9b:a1:8d:cf:9b:63:1a:ad:
         c6:95:de:fe:7d:0c:79:a7:36:1e:14:cc:bf:c3:1d:4e:96:f0:
         f5:ab:a9:06:d7:ec:4d:69:fc:5f:0a:a8:38:b2:9e:d6:34:a7:
         37:ae:02:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtwkXN3tVRml2EHx+bdhdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTE3ODJiNmFmYmE3YzZiY2YwNzBiOTNmZWQ0Y2M4NGFm
NDEzNTIwHhcNMjQwMTAxMDYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDY1NzI3ZTNjYWRlMDFiZDVjZWQ0ZDk0MWE3ZTg2OGZiNTdlOTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgyJGDzQ9UCE+dtLNqdjlmdN24o0Y
sSNfv/zFHZMIywgnN59W2S/HCSCg4czYTNQpgx+4LA0vF+HJhJ0ynup/R0SrXqhf
X4hN1LfzezJE0bMr78Hsesso7b6DRxGI41a8Gf46J4RgffEgMGHu1vu0MMgACvhC
I5bl7hdwaEzIrvDFWbokML/k4BT0ehaD80+Xqfxrje9KeU2cZCMmlQY8c9h1aLV5
ur4rlndu3sG0tX1C+zjprhEp85Ig5MuyRAerGAgFYTynAEHTkrCRSUBvLwJdj8T1
Uw9PCzqhrR+BdEu9Yo21OdbiUE+jJz2ixUBzlUOoNeEbPwN/lf184CXLvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM1lcn48reAb1c7U2UGn6Gj7V+l0MB8GA1UdIwQY
MBaAFDuheCtq+6fGvPBwuT/tTMhK9BNSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZGNEsycjdwOGE4OEhDNVAtMU15RXIwRTFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9hZDdhYzMtYjhhZC00MmIwLWFkMmEt
YWU5NjdkNzM5ZGQzLzEveldWeWZqeXQ0QnZWenRUWlFhZm9hUHRYNlhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9hZDdhYzMtYjhhZC00MmIwLWFkMmEtYWU5NjdkNzM5ZGQz
LzEvTzZGNEsycjdwOGE4OEhDNVAtMU15RXIwRTFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJdykAwQA
uRGpMA0GCSqGSIb3DQEBCwUAA4IBAQAyuF8+xICwjkcdKHIZiqoBMDsomh2rHmhq
YU3TtX/E6KlBXg63IotaDKilcBbdILrMUsN0p0ye3tVyufABYPHem5dKZzLs3p2S
qId/LU72efdA6rEZZ27utxDjwsrR1vbSTESc0koUMhVJ7W2mjNDvkJSukn3OnXpk
veXVaoky41qjTjY1J+cEF7Q/JBe3dhB9bR1ENzlN1Wbq8up344QxMNSx+k78Z9WP
oNF93QDv4Sr8S9KGRHGE5IMshLE+dOPFGez11O2D+tjDohydzfWPm6GNz5tjGq3G
ld7+fQx5pzYeFMy/wx1OlvD1q6kG1+xNafxfCqg4sp7WNKc3rgKC
-----END CERTIFICATE-----