Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/zXcuCycx-WZ0bPeumJj_lncnjws.roa
File:                     zXcuCycx-WZ0bPeumJj_lncnjws.roa (raw, json)
Hash identifier:          fovlQ7/5b0YseluTr1RfjbLxRH9IGpLNQny4U3WpyCo=
Subject key identifier:   CD:77:2E:0B:27:31:F9:66:74:6C:F7:AE:98:98:FF:96:77:27:8F:0B
Certificate issuer:       /CN=ffca997d390cd6e46e0128e50d70b84e7ab6740f
Certificate serial:       018CC6B80C850DAFF505301FE6651EB8B7A7
Authority key identifier: FF:CA:99:7D:39:0C:D6:E4:6E:01:28:E5:0D:70:B8:4E:7A:B6:74:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_8qZfTkM1uRuASjlDXC4Tnq2dA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/zXcuCycx-WZ0bPeumJj_lncnjws.roa
Signing time:             Mon 01 Jan 2024 20:29:59 +0000
ROA not before:           Mon 01 Jan 2024 20:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9215
IP address blocks:        185.57.64.0/24 maxlen: 24
                          185.57.66.0/24 maxlen: 24
                          185.57.65.0/24 maxlen: 24
                          185.57.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/_8qZfTkM1uRuASjlDXC4Tnq2dA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/_8qZfTkM1uRuASjlDXC4Tnq2dA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_8qZfTkM1uRuASjlDXC4Tnq2dA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:0c:85:0d:af:f5:05:30:1f:e6:65:1e:b8:b7:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffca997d390cd6e46e0128e50d70b84e7ab6740f
        Validity
            Not Before: Jan  1 20:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd772e0b2731f966746cf7ae9898ff9677278f0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f1:05:83:e9:49:20:c0:f2:f5:55:3d:f0:ef:
                    14:da:0f:b9:61:11:87:d2:ed:27:ff:8d:49:23:2d:
                    34:6d:78:d2:2b:fa:ca:04:b9:50:eb:84:ce:ec:a4:
                    c8:2a:33:ca:f3:df:49:b7:83:71:30:d6:5b:84:42:
                    16:ae:1d:64:8c:82:6b:f5:50:32:5d:c2:e6:ef:d9:
                    f2:41:78:27:dd:66:87:7a:db:e1:6c:71:36:ce:5a:
                    73:71:fb:5f:76:55:d9:ec:c3:a4:54:07:d1:b9:b1:
                    ef:24:5e:8e:a2:91:b3:44:f3:43:ef:55:19:46:7c:
                    57:85:1d:e5:76:ac:b5:23:cd:7d:2c:84:3b:82:8f:
                    10:a9:77:83:1d:d9:c1:11:cf:c4:10:98:64:e4:a2:
                    64:75:1f:d2:47:9f:21:df:fc:23:13:18:58:73:e6:
                    22:4a:8c:43:2a:c5:c2:59:47:31:8b:f6:38:45:f2:
                    61:91:e9:c7:40:b8:c5:6c:96:e7:c6:ca:36:46:c2:
                    6d:97:7f:83:f3:ac:9f:f7:48:c5:32:58:e7:59:a8:
                    83:fe:7c:38:f8:d2:61:a3:87:c9:d9:08:fb:ec:d5:
                    6c:40:9d:ac:14:63:0f:32:82:85:58:bc:29:49:26:
                    bb:6d:0d:9f:23:a8:e5:40:e3:ea:d9:e3:f5:8b:29:
                    95:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:77:2E:0B:27:31:F9:66:74:6C:F7:AE:98:98:FF:96:77:27:8F:0B
            X509v3 Authority Key Identifier:
                keyid:FF:CA:99:7D:39:0C:D6:E4:6E:01:28:E5:0D:70:B8:4E:7A:B6:74:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_8qZfTkM1uRuASjlDXC4Tnq2dA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/zXcuCycx-WZ0bPeumJj_lncnjws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/_8qZfTkM1uRuASjlDXC4Tnq2dA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:74:82:4a:42:2f:ff:49:f3:9a:67:ee:f0:c7:76:78:bc:e5:
         89:70:97:1a:f2:8b:92:6c:64:1d:c6:b2:a0:fd:0c:c9:cf:4f:
         27:fe:53:dd:3e:9e:38:19:9d:03:2f:1f:fe:b1:8f:4f:20:60:
         59:7e:8c:3a:14:4c:5b:63:f9:7e:97:51:6c:c2:df:cf:cf:9b:
         1a:f4:64:bf:a2:09:6c:42:38:e7:17:85:98:aa:a8:3c:d1:37:
         88:0d:25:45:69:a4:aa:a4:77:bc:f2:bc:10:27:61:9a:d0:d7:
         fd:a1:14:7e:e5:37:24:23:7f:5f:dd:2a:0d:45:cd:cb:bc:f9:
         7d:0a:53:e8:bf:ac:19:cc:02:7c:23:33:38:56:58:c9:e7:9c:
         7d:ca:47:61:d2:bf:ba:c8:19:b8:79:5d:6a:1d:0a:82:dd:57:
         d3:90:ca:f1:45:1b:39:2c:ab:8f:53:f3:15:ee:ef:7d:a8:37:
         bc:98:b3:66:68:46:98:3a:65:b3:b5:ab:8c:39:95:3c:8d:08:
         e7:4b:7a:af:6a:ad:71:a7:2a:18:39:5c:52:66:a2:ed:0a:df:
         87:05:a9:43:7e:fd:ff:0d:63:38:c1:04:53:4c:19:a3:2d:1a:
         ec:39:9b:fc:c5:e9:36:f0:75:91:d3:1a:db:49:5b:e7:fc:dc:
         aa:f8:7b:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuAyFDa/1BTAf5mUeuLenMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmY2E5OTdkMzkwY2Q2ZTQ2ZTAxMjhlNTBkNzBiODRlN2Fi
Njc0MGYwHhcNMjQwMTAxMjAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDc3MmUwYjI3MzFmOTY2NzQ2Y2Y3YWU5ODk4ZmY5Njc3Mjc4ZjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/EFg+lJIMDy9VU98O8U2g+5YRGH
0u0n/41JIy00bXjSK/rKBLlQ64TO7KTIKjPK899Jt4NxMNZbhEIWrh1kjIJr9VAy
XcLm79nyQXgn3WaHetvhbHE2zlpzcftfdlXZ7MOkVAfRubHvJF6OopGzRPND71UZ
RnxXhR3ldqy1I819LIQ7go8QqXeDHdnBEc/EEJhk5KJkdR/SR58h3/wjExhYc+Yi
SoxDKsXCWUcxi/Y4RfJhkenHQLjFbJbnxso2RsJtl3+D86yf90jFMljnWaiD/nw4
+NJho4fJ2Qj77NVsQJ2sFGMPMoKFWLwpSSa7bQ2fI6jlQOPq2eP1iymV+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM13LgsnMflmdGz3rpiY/5Z3J48LMB8GA1UdIwQY
MBaAFP/KmX05DNbkbgEo5Q1wuE56tnQPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzhxWmZUa00xdVJ1QVNqbERYQzRUbnEyZEE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9hZjBhMmEtN2ViZi00ZGMwLWEzMTkt
ODE5YjdhN2VjNDM0LzEvelhjdUN5Y3gtV1owYlBldW1Kal9sbmNuandzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9hZjBhMmEtN2ViZi00ZGMwLWEzMTktODE5YjdhN2VjNDM0
LzEvXzhxWmZUa00xdVJ1QVNqbERYQzRUbnEyZEE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTlAMA0G
CSqGSIb3DQEBCwUAA4IBAQCrdIJKQi//SfOaZ+7wx3Z4vOWJcJca8ouSbGQdxrKg
/QzJz08n/lPdPp44GZ0DLx/+sY9PIGBZfow6FExbY/l+l1Fswt/Pz5sa9GS/ogls
QjjnF4WYqqg80TeIDSVFaaSqpHe88rwQJ2Ga0Nf9oRR+5TckI39f3SoNRc3LvPl9
ClPov6wZzAJ8IzM4VljJ55x9ykdh0r+6yBm4eV1qHQqC3VfTkMrxRRs5LKuPU/MV
7u99qDe8mLNmaEaYOmWztauMOZU8jQjnS3qvaq1xpyoYOVxSZqLtCt+HBalDfv3/
DWM4wQRTTBmjLRrsOZv8xek28HWR0xrbSVvn/Nyq+Huc
-----END CERTIFICATE-----