Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/f180ff-336c-4b45-9378-568672c25ca8/1/ZYrJ0Lt2gZLrcOYeOISfIrzQVzQ.roa
File:                     ZYrJ0Lt2gZLrcOYeOISfIrzQVzQ.roa (raw, json)
Hash identifier:          pvbIi7/Am13TVxox11NydRzlcIjsWZL0wVxrinj3yic=
Subject key identifier:   65:8A:C9:D0:BB:76:81:92:EB:70:E6:1E:38:84:9F:22:BC:D0:57:34
Certificate issuer:       /CN=922e330b5879590abae81bf40a91a5101bc18fa0
Certificate serial:       018CC80163C4559288F49830D68C4D3397AD
Authority key identifier: 92:2E:33:0B:58:79:59:0A:BA:E8:1B:F4:0A:91:A5:10:1B:C1:8F:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ki4zC1h5WQq66Bv0CpGlEBvBj6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/f180ff-336c-4b45-9378-568672c25ca8/1/ZYrJ0Lt2gZLrcOYeOISfIrzQVzQ.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8966
IP address blocks:        185.120.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/f180ff-336c-4b45-9378-568672c25ca8/1/ki4zC1h5WQq66Bv0CpGlEBvBj6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/f180ff-336c-4b45-9378-568672c25ca8/1/ki4zC1h5WQq66Bv0CpGlEBvBj6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ki4zC1h5WQq66Bv0CpGlEBvBj6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:63:c4:55:92:88:f4:98:30:d6:8c:4d:33:97:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=922e330b5879590abae81bf40a91a5101bc18fa0
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=658ac9d0bb768192eb70e61e38849f22bcd05734
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a7:a3:1b:42:1c:dd:d3:04:11:ce:06:fc:11:
                    4a:44:f8:d0:a4:a3:19:d4:7b:d4:03:e0:16:dd:11:
                    5e:5b:a5:d2:64:37:b9:f7:94:71:94:cc:d3:7b:2e:
                    6e:03:77:a3:2e:39:65:1f:16:2f:d0:5c:bf:c6:1e:
                    cd:1d:19:a2:72:59:6b:d1:59:17:5d:3b:59:29:9e:
                    6d:12:ac:a5:e2:27:ce:1e:ce:c0:ee:8a:98:d0:12:
                    7d:5f:84:40:1b:b3:75:a5:99:36:46:b9:bc:74:37:
                    96:24:48:95:8b:41:63:e1:37:76:18:2b:7e:82:ad:
                    29:3c:92:64:88:93:35:5f:e3:5e:da:7d:cf:3d:7d:
                    53:62:90:b5:66:8d:a0:f1:45:2e:fe:d0:94:93:14:
                    8c:d0:cd:58:08:8f:af:58:b0:35:f6:34:fa:29:9b:
                    70:07:19:72:61:c1:cb:55:8d:87:b1:b4:c5:67:bb:
                    28:96:5e:c9:5a:cd:eb:55:5b:18:fd:63:38:e2:14:
                    60:d0:bd:88:58:c3:38:de:35:ac:f9:5e:ba:e1:70:
                    5e:73:09:a7:0d:87:bd:c7:90:33:7b:64:c8:c1:2a:
                    cd:07:3c:7c:89:2e:81:66:54:a3:dc:c0:94:cb:c7:
                    ad:65:cc:e8:a9:a9:92:68:40:50:c3:c8:ce:25:b8:
                    a7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:8A:C9:D0:BB:76:81:92:EB:70:E6:1E:38:84:9F:22:BC:D0:57:34
            X509v3 Authority Key Identifier:
                keyid:92:2E:33:0B:58:79:59:0A:BA:E8:1B:F4:0A:91:A5:10:1B:C1:8F:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ki4zC1h5WQq66Bv0CpGlEBvBj6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f180ff-336c-4b45-9378-568672c25ca8/1/ZYrJ0Lt2gZLrcOYeOISfIrzQVzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f180ff-336c-4b45-9378-568672c25ca8/1/ki4zC1h5WQq66Bv0CpGlEBvBj6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:9f:77:85:3b:84:da:04:4b:b2:b0:5b:a5:f6:ed:38:d7:ad:
         b0:38:23:7b:af:d8:50:bb:4c:9b:a3:59:e5:f9:7b:cd:95:6a:
         72:b8:d2:e6:1d:5b:c9:37:6f:ca:26:43:f0:8c:e0:23:87:dc:
         e0:47:b4:fd:ad:43:50:c4:fb:f8:0b:64:ba:c1:af:db:c5:f2:
         e8:7c:e4:1a:b3:7d:af:d7:0f:15:42:5e:c9:1e:1c:c6:0b:22:
         26:16:11:7a:dd:09:f5:8e:ee:ea:04:d0:77:19:a2:70:65:b9:
         50:a4:46:89:39:d4:b5:39:ca:0b:ea:03:89:68:2a:a8:24:7f:
         2e:50:6f:09:f5:3c:83:56:5e:ba:77:6f:2a:14:b1:c8:84:5b:
         03:58:49:66:29:79:d1:e5:a9:84:b3:a7:67:55:36:c3:41:6f:
         f8:f8:64:ce:b8:0c:b3:43:70:4d:5f:a0:ce:35:d0:77:cf:2c:
         6d:5a:41:67:33:0a:c1:b7:ae:08:de:c5:a6:d1:14:79:01:3c:
         d9:a6:05:0e:f6:fc:6a:67:c8:80:9e:65:54:95:06:3b:d6:e5:
         70:88:b3:d2:2e:e3:f5:53:bf:d0:06:d1:d2:5a:a6:65:89:c6:
         ed:61:44:5f:43:b7:dd:9b:27:32:dd:7f:b9:b2:27:c5:74:fe:
         61:36:9e:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWPEVZKI9Jgw1oxNM5etMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMmUzMzBiNTg3OTU5MGFiYWU4MWJmNDBhOTFhNTEwMWJj
MThmYTAwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NThhYzlkMGJiNzY4MTkyZWI3MGU2MWUzODg0OWYyMmJjZDA1NzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaejG0Ic3dMEEc4G/BFKRPjQpKMZ
1HvUA+AW3RFeW6XSZDe595RxlMzTey5uA3ejLjllHxYv0Fy/xh7NHRmicllr0VkX
XTtZKZ5tEqyl4ifOHs7A7oqY0BJ9X4RAG7N1pZk2Rrm8dDeWJEiVi0Fj4Td2GCt+
gq0pPJJkiJM1X+Ne2n3PPX1TYpC1Zo2g8UUu/tCUkxSM0M1YCI+vWLA19jT6KZtw
BxlyYcHLVY2HsbTFZ7soll7JWs3rVVsY/WM44hRg0L2IWMM43jWs+V664XBecwmn
DYe9x5Aze2TIwSrNBzx8iS6BZlSj3MCUy8etZczoqamSaEBQw8jOJbinMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGWKydC7doGS63DmHjiEnyK80Fc0MB8GA1UdIwQY
MBaAFJIuMwtYeVkKuugb9AqRpRAbwY+gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2k0ekMxaDVXUXE2NkJ2MENwR2xFQnZCajZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9mMTgwZmYtMzM2Yy00YjQ1LTkzNzgt
NTY4NjcyYzI1Y2E4LzEvWllySjBMdDJnWkxyY09ZZU9JU2ZJcnpRVnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9mMTgwZmYtMzM2Yy00YjQ1LTkzNzgtNTY4NjcyYzI1Y2E4
LzEva2k0ekMxaDVXUXE2NkJ2MENwR2xFQnZCajZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXgfMA0G
CSqGSIb3DQEBCwUAA4IBAQBIn3eFO4TaBEuysFul9u04162wOCN7r9hQu0ybo1nl
+XvNlWpyuNLmHVvJN2/KJkPwjOAjh9zgR7T9rUNQxPv4C2S6wa/bxfLofOQas32v
1w8VQl7JHhzGCyImFhF63Qn1ju7qBNB3GaJwZblQpEaJOdS1OcoL6gOJaCqoJH8u
UG8J9TyDVl66d28qFLHIhFsDWElmKXnR5amEs6dnVTbDQW/4+GTOuAyzQ3BNX6DO
NdB3zyxtWkFnMwrBt64I3sWm0RR5ATzZpgUO9vxqZ8iAnmVUlQY71uVwiLPSLuP1
U7/QBtHSWqZlicbtYURfQ7fdmycy3X+5sifFdP5hNp6J
-----END CERTIFICATE-----