Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/24f509-ec2c-486d-9b01-09d8e493c1f9/1/ZA5-rroQl_4ApuEK0haugCjFgiI.roa
File:                     ZA5-rroQl_4ApuEK0haugCjFgiI.roa (raw, json)
Hash identifier:          tVP5vUDdFUU/qazKEx75AJuFHlybV7SFim9pQRw0QBY=
Subject key identifier:   64:0E:7E:AE:BA:10:97:FE:00:A6:E1:0A:D2:16:AE:80:28:C5:82:22
Certificate issuer:       /CN=52f941173564a09b7cf8efdd9875614262a7dd61
Certificate serial:       018CC3B6F19970AA27942E4AABFD7C656CF9
Authority key identifier: 52:F9:41:17:35:64:A0:9B:7C:F8:EF:DD:98:75:61:42:62:A7:DD:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UvlBFzVkoJt8-O_dmHVhQmKn3WE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/24f509-ec2c-486d-9b01-09d8e493c1f9/1/ZA5-rroQl_4ApuEK0haugCjFgiI.roa
Signing time:             Mon 01 Jan 2024 06:29:55 +0000
ROA not before:           Mon 01 Jan 2024 06:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200987
IP address blocks:        195.189.148.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/24f509-ec2c-486d-9b01-09d8e493c1f9/1/UvlBFzVkoJt8-O_dmHVhQmKn3WE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/24f509-ec2c-486d-9b01-09d8e493c1f9/1/UvlBFzVkoJt8-O_dmHVhQmKn3WE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UvlBFzVkoJt8-O_dmHVhQmKn3WE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f1:99:70:aa:27:94:2e:4a:ab:fd:7c:65:6c:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52f941173564a09b7cf8efdd9875614262a7dd61
        Validity
            Not Before: Jan  1 06:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=640e7eaeba1097fe00a6e10ad216ae8028c58222
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:98:ab:1c:22:7f:e8:c0:dd:ea:9f:2d:23:01:
                    42:40:52:49:b0:f4:b9:78:e0:1f:54:4a:e3:be:04:
                    38:1b:92:d7:6d:0c:f5:83:11:e8:ad:76:8c:32:29:
                    ca:7f:55:34:c1:87:f9:33:fe:d1:67:6d:c9:38:9b:
                    52:bb:d8:42:a8:d3:c6:29:89:ed:18:48:1d:c6:fc:
                    14:19:5b:1e:d3:01:60:df:7e:44:0c:d2:2b:36:64:
                    1c:e5:9d:9c:55:e4:5f:5c:35:c2:b6:84:b4:69:88:
                    3a:25:e3:55:fc:29:b8:bf:50:18:d3:63:cb:23:b5:
                    90:e0:52:c8:b3:e6:be:6c:2c:97:b9:16:81:e6:7b:
                    a8:9c:d4:7d:f8:34:5f:c2:e7:b9:77:8d:bf:95:e2:
                    99:fe:61:56:29:8b:f2:b4:82:8d:6c:9d:12:0b:19:
                    59:36:26:81:03:b4:4e:ec:5b:97:b2:6c:f6:bb:8b:
                    82:3b:84:30:ad:fc:c8:17:ab:87:ce:cd:38:f4:1e:
                    d2:63:9f:06:15:4e:b4:9d:ec:2a:55:60:da:1e:cb:
                    0d:9d:95:7c:e9:df:9b:61:20:a8:5f:25:d7:71:14:
                    c4:55:d8:26:1d:65:90:29:fd:32:c3:44:ca:b3:d7:
                    a2:b0:1f:7d:67:1c:f6:ff:9d:e2:1c:b8:6a:88:6f:
                    69:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:0E:7E:AE:BA:10:97:FE:00:A6:E1:0A:D2:16:AE:80:28:C5:82:22
            X509v3 Authority Key Identifier:
                keyid:52:F9:41:17:35:64:A0:9B:7C:F8:EF:DD:98:75:61:42:62:A7:DD:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UvlBFzVkoJt8-O_dmHVhQmKn3WE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/24f509-ec2c-486d-9b01-09d8e493c1f9/1/ZA5-rroQl_4ApuEK0haugCjFgiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/24f509-ec2c-486d-9b01-09d8e493c1f9/1/UvlBFzVkoJt8-O_dmHVhQmKn3WE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:71:3a:b3:1a:ef:d4:6e:69:cc:78:5e:e7:db:fd:d6:46:35:
         33:5e:66:06:55:cf:88:a4:10:f2:9c:ed:21:35:cf:18:ca:3f:
         51:28:ab:39:b4:93:50:10:cb:0a:6e:95:05:1a:e7:c8:39:03:
         f0:86:d4:8e:a8:b5:d9:35:01:5a:23:45:a1:16:46:ea:1c:bb:
         91:4e:25:48:7a:22:53:10:60:6e:4f:ff:e4:cf:26:3a:4d:5b:
         b4:c3:9a:37:64:cf:47:a5:01:3f:ac:dd:71:dd:b9:bf:f1:ab:
         4e:cc:18:e4:7b:53:60:12:62:b3:e6:a5:b9:62:13:f9:ea:0d:
         18:32:66:b4:f3:b8:9b:9d:91:42:aa:0f:22:40:92:94:b9:aa:
         d8:ee:24:8c:a7:80:e8:f4:24:1e:e2:b4:66:8a:d8:1a:2e:82:
         dc:99:b2:ae:6a:24:db:57:59:f4:d8:38:7e:f8:a0:58:8e:ca:
         c5:9d:06:4a:bb:fe:58:89:c2:c9:d9:33:ef:4e:e0:8f:6d:f2:
         cd:74:20:7f:a9:4b:90:fc:35:a4:80:6d:70:35:f4:b2:d1:6b:
         78:3b:d3:f4:78:9d:14:60:02:c3:bc:29:96:60:e1:de:5b:53:
         c2:1e:83:c8:4f:db:88:51:b1:db:a3:fe:97:15:5b:b1:93:16:
         e1:16:1c:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvGZcKonlC5Kq/18ZWz5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZjk0MTE3MzU2NGEwOWI3Y2Y4ZWZkZDk4NzU2MTQyNjJh
N2RkNjEwHhcNMjQwMTAxMDYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDBlN2VhZWJhMTA5N2ZlMDBhNmUxMGFkMjE2YWU4MDI4YzU4MjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5irHCJ/6MDd6p8tIwFCQFJJsPS5
eOAfVErjvgQ4G5LXbQz1gxHorXaMMinKf1U0wYf5M/7RZ23JOJtSu9hCqNPGKYnt
GEgdxvwUGVse0wFg335EDNIrNmQc5Z2cVeRfXDXCtoS0aYg6JeNV/Cm4v1AY02PL
I7WQ4FLIs+a+bCyXuRaB5nuonNR9+DRfwue5d42/leKZ/mFWKYvytIKNbJ0SCxlZ
NiaBA7RO7FuXsmz2u4uCO4QwrfzIF6uHzs049B7SY58GFU60newqVWDaHssNnZV8
6d+bYSCoXyXXcRTEVdgmHWWQKf0yw0TKs9eisB99Zxz2/53iHLhqiG9ppQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQOfq66EJf+AKbhCtIWroAoxYIiMB8GA1UdIwQY
MBaAFFL5QRc1ZKCbfPjv3Zh1YUJip91hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXZsQkZ6VmtvSnQ4LU9fZG1IVmhRbUtuM1dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8yNGY1MDktZWMyYy00ODZkLTliMDEt
MDlkOGU0OTNjMWY5LzEvWkE1LXJyb1FsXzRBcHVFSzBoYXVnQ2pGZ2lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8yNGY1MDktZWMyYy00ODZkLTliMDEtMDlkOGU0OTNjMWY5
LzEvVXZsQkZ6VmtvSnQ4LU9fZG1IVmhRbUtuM1dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw72UMA0G
CSqGSIb3DQEBCwUAA4IBAQCKcTqzGu/UbmnMeF7n2/3WRjUzXmYGVc+IpBDynO0h
Nc8Yyj9RKKs5tJNQEMsKbpUFGufIOQPwhtSOqLXZNQFaI0WhFkbqHLuRTiVIeiJT
EGBuT//kzyY6TVu0w5o3ZM9HpQE/rN1x3bm/8atOzBjke1NgEmKz5qW5YhP56g0Y
Mma087ibnZFCqg8iQJKUuarY7iSMp4Do9CQe4rRmitgaLoLcmbKuaiTbV1n02Dh+
+KBYjsrFnQZKu/5YicLJ2TPvTuCPbfLNdCB/qUuQ/DWkgG1wNfSy0Wt4O9P0eJ0U
YALDvCmWYOHeW1PCHoPIT9uIUbHbo/6XFVuxkxbhFhxB
-----END CERTIFICATE-----