Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/8d666d-06ab-44d2-a6a5-af635d875575/1/ZXdIvBTI-IdKjiomddQAWbnLa80.roa
File:                     ZXdIvBTI-IdKjiomddQAWbnLa80.roa (raw, json)
Hash identifier:          E37cbmEY/FwFwBGHU5Hs5d7Zn0Vba5Xx5/FZNLnsb0A=
Subject key identifier:   65:77:48:BC:14:C8:F8:87:4A:8E:2A:26:75:D4:00:59:B9:CB:6B:CD
Certificate issuer:       /CN=9ccf53f1e0ae6f5f33dbcf80ea8c741f682485fe
Certificate serial:       018D3A7ECA3E00C231457E9FCA292485C00B
Authority key identifier: 9C:CF:53:F1:E0:AE:6F:5F:33:DB:CF:80:EA:8C:74:1F:68:24:85:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nM9T8eCub18z28-A6ox0H2gkhf4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/8d666d-06ab-44d2-a6a5-af635d875575/1/ZXdIvBTI-IdKjiomddQAWbnLa80.roa
Signing time:             Wed 24 Jan 2024 08:03:24 +0000
ROA not before:           Wed 24 Jan 2024 08:03:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49223
IP address blocks:        185.59.156.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/8d666d-06ab-44d2-a6a5-af635d875575/1/nM9T8eCub18z28-A6ox0H2gkhf4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/8d666d-06ab-44d2-a6a5-af635d875575/1/nM9T8eCub18z28-A6ox0H2gkhf4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nM9T8eCub18z28-A6ox0H2gkhf4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3a:7e:ca:3e:00:c2:31:45:7e:9f:ca:29:24:85:c0:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ccf53f1e0ae6f5f33dbcf80ea8c741f682485fe
        Validity
            Not Before: Jan 24 08:03:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=657748bc14c8f8874a8e2a2675d40059b9cb6bcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:10:f0:55:83:52:c6:c6:33:46:9e:02:2f:ff:
                    16:9a:6e:26:fa:f9:8f:29:c8:99:17:50:1c:28:ba:
                    8c:7b:13:fe:67:81:41:46:c0:e8:de:bb:ea:e8:3a:
                    f7:4c:d4:26:01:9f:e5:45:f1:28:a1:50:50:af:c8:
                    b9:1f:33:94:e3:c2:2b:7d:57:b1:6e:20:c8:c4:b2:
                    3e:12:43:3d:05:87:cf:8c:fb:40:71:f5:58:57:c8:
                    83:79:2a:e6:f7:83:d0:10:15:cb:90:e6:73:6c:9a:
                    2a:42:27:f5:06:8a:8a:08:50:f2:b3:f8:4d:6c:09:
                    e7:b8:cb:3d:2b:db:5c:c3:3a:2f:63:26:02:a4:3e:
                    97:a2:16:6d:a6:9d:ce:db:ee:4e:37:9f:85:24:e6:
                    28:ba:bc:3b:ca:48:d4:52:2b:7b:15:74:86:65:10:
                    64:16:b2:69:35:7c:3b:95:75:ae:77:f4:49:b8:99:
                    6d:b4:df:47:0e:c1:b2:45:67:bd:13:60:03:e7:5d:
                    e6:b5:db:2d:1a:a9:26:7f:c7:50:d0:48:b0:23:9f:
                    6e:26:48:2d:df:d0:cb:7a:43:ec:b2:19:10:3f:67:
                    82:c4:5e:6f:33:24:9b:1d:06:5f:22:26:97:41:58:
                    73:9d:1c:29:e0:68:6f:9e:a0:2e:71:aa:b9:02:8e:
                    0e:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:77:48:BC:14:C8:F8:87:4A:8E:2A:26:75:D4:00:59:B9:CB:6B:CD
            X509v3 Authority Key Identifier:
                keyid:9C:CF:53:F1:E0:AE:6F:5F:33:DB:CF:80:EA:8C:74:1F:68:24:85:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nM9T8eCub18z28-A6ox0H2gkhf4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/8d666d-06ab-44d2-a6a5-af635d875575/1/ZXdIvBTI-IdKjiomddQAWbnLa80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/8d666d-06ab-44d2-a6a5-af635d875575/1/nM9T8eCub18z28-A6ox0H2gkhf4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:8a:7f:26:9b:a7:90:88:69:dd:25:30:d7:a8:4e:3d:68:2e:
         7e:ed:fa:6c:99:4f:d2:aa:d5:ff:a8:72:22:ea:bc:f2:21:d9:
         0c:cb:79:5c:04:c1:0c:fb:76:bf:d7:e0:24:cd:43:0f:89:2c:
         f4:6f:5e:c9:fa:80:8a:10:32:86:a6:85:9c:79:09:ef:66:31:
         6e:30:fb:de:a1:9b:8e:1a:e4:36:17:e9:63:5c:2a:e4:54:1d:
         d3:21:22:f3:cc:58:08:15:81:f4:95:ca:73:a5:c7:c4:bc:1e:
         4f:64:a6:09:be:d9:58:07:61:42:dc:f1:da:cd:79:43:e4:57:
         05:8f:05:b7:2c:da:bd:cb:c3:79:a0:b5:3d:8f:e5:92:24:37:
         c0:e0:f6:62:18:30:5d:c3:28:f3:14:97:1a:db:1c:d4:e3:14:
         45:62:1e:6c:13:06:3f:a3:1c:09:63:4b:22:b7:eb:95:0d:6c:
         9e:dc:4a:de:19:b8:52:4c:3f:f6:f6:2e:a5:42:4c:47:2e:3f:
         6c:5d:c3:5c:e1:d7:c0:b1:fb:3c:9b:11:9f:ce:94:01:57:29:
         8b:14:a9:8a:09:09:a3:51:71:bd:4a:5e:91:bc:3c:4f:e9:7a:
         3b:f0:80:9b:c5:28:30:da:49:10:a6:81:ae:e3:1e:b1:d3:03:
         44:dd:23:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY06fso+AMIxRX6fyikkhcALMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljY2Y1M2YxZTBhZTZmNWYzM2RiY2Y4MGVhOGM3NDFmNjgy
NDg1ZmUwHhcNMjQwMTI0MDgwMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTc3NDhiYzE0YzhmODg3NGE4ZTJhMjY3NWQ0MDA1OWI5Y2I2YmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRDwVYNSxsYzRp4CL/8Wmm4m+vmP
KciZF1AcKLqMexP+Z4FBRsDo3rvq6Dr3TNQmAZ/lRfEooVBQr8i5HzOU48IrfVex
biDIxLI+EkM9BYfPjPtAcfVYV8iDeSrm94PQEBXLkOZzbJoqQif1BoqKCFDys/hN
bAnnuMs9K9tcwzovYyYCpD6XohZtpp3O2+5ON5+FJOYourw7ykjUUit7FXSGZRBk
FrJpNXw7lXWud/RJuJlttN9HDsGyRWe9E2AD513mtdstGqkmf8dQ0EiwI59uJkgt
39DLekPsshkQP2eCxF5vMySbHQZfIiaXQVhznRwp4GhvnqAucaq5Ao4OWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGV3SLwUyPiHSo4qJnXUAFm5y2vNMB8GA1UdIwQY
MBaAFJzPU/Hgrm9fM9vPgOqMdB9oJIX+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk05VDhlQ3ViMTh6MjgtQTZveDBIMmdraGY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi84ZDY2NmQtMDZhYi00NGQyLWE2YTUt
YWY2MzVkODc1NTc1LzEvWlhkSXZCVEktSWRLamlvbWRkUUFXYm5MYTgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi84ZDY2NmQtMDZhYi00NGQyLWE2YTUtYWY2MzVkODc1NTc1
LzEvbk05VDhlQ3ViMTh6MjgtQTZveDBIMmdraGY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTucMA0G
CSqGSIb3DQEBCwUAA4IBAQCAin8mm6eQiGndJTDXqE49aC5+7fpsmU/SqtX/qHIi
6rzyIdkMy3lcBMEM+3a/1+AkzUMPiSz0b17J+oCKEDKGpoWceQnvZjFuMPveoZuO
GuQ2F+ljXCrkVB3TISLzzFgIFYH0lcpzpcfEvB5PZKYJvtlYB2FC3PHazXlD5FcF
jwW3LNq9y8N5oLU9j+WSJDfA4PZiGDBdwyjzFJca2xzU4xRFYh5sEwY/oxwJY0si
t+uVDWye3EreGbhSTD/29i6lQkxHLj9sXcNc4dfAsfs8mxGfzpQBVymLFKmKCQmj
UXG9Sl6RvDxP6Xo78ICbxSgw2kkQpoGu4x6x0wNE3SPl
-----END CERTIFICATE-----