Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/zAHW49jMRa09qdlJZMaNZg2k_WE.roa
File:                     zAHW49jMRa09qdlJZMaNZg2k_WE.roa (raw, json)
Hash identifier:          eCKKsCp+XF1V8lY+3kSKIKw+TAFVbCwyAXBOEGpm+zY=
Subject key identifier:   CC:01:D6:E3:D8:CC:45:AD:3D:A9:D9:49:64:C6:8D:66:0D:A4:FD:61
Certificate issuer:       /CN=767c1766fbbdcff68bbc34a3c6be69a0c8a03ab9
Certificate serial:       018EA860E0A35414E88D334C69FA814D56E2
Authority key identifier: 76:7C:17:66:FB:BD:CF:F6:8B:BC:34:A3:C6:BE:69:A0:C8:A0:3A:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/zAHW49jMRa09qdlJZMaNZg2k_WE.roa
Signing time:             Thu 04 Apr 2024 09:11:45 +0000
ROA not before:           Thu 04 Apr 2024 09:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49110
IP address blocks:        185.143.40.0/24 maxlen: 24
                          185.143.41.0/24 maxlen: 24
                          185.143.42.0/24 maxlen: 24
                          185.143.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a8:60:e0:a3:54:14:e8:8d:33:4c:69:fa:81:4d:56:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767c1766fbbdcff68bbc34a3c6be69a0c8a03ab9
        Validity
            Not Before: Apr  4 09:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc01d6e3d8cc45ad3da9d94964c68d660da4fd61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:22:e3:0c:eb:eb:82:0b:fe:89:58:25:10:86:
                    40:66:6b:01:fb:61:15:8b:bb:b9:a2:71:8a:5a:c8:
                    a7:af:14:01:b4:91:6f:5f:96:88:77:fa:eb:68:b2:
                    b1:45:cf:92:39:d1:41:63:c1:bf:1f:eb:30:10:45:
                    6b:16:85:11:da:8d:5b:5c:6a:e8:9f:3a:c8:1d:f9:
                    23:7f:4b:18:b3:50:4b:9c:2b:8d:43:5f:31:1c:67:
                    25:ef:64:60:f4:bf:c2:3a:6e:40:c6:95:bf:16:81:
                    f2:39:ff:87:3a:1c:1a:df:91:87:58:f3:95:ad:8e:
                    62:f1:b9:bd:a1:f0:9f:9f:de:4f:cf:84:cb:28:1a:
                    55:79:5d:95:27:a7:4f:18:1c:5b:38:7d:6a:bd:fa:
                    ab:8a:d8:35:3d:fc:6c:95:47:e9:02:21:0d:6e:c3:
                    65:2b:2e:87:fd:38:a4:d1:ab:b3:71:e0:ef:16:1d:
                    49:8c:7d:4a:75:d2:c5:b0:8a:99:81:2d:b3:3f:d7:
                    e8:76:82:2d:2d:43:e6:c2:95:cd:35:7e:90:b3:d9:
                    bb:81:ef:6b:8f:65:1d:f8:35:13:66:ee:ba:3c:ea:
                    70:ff:3d:db:07:3e:ab:b5:06:cb:d2:b0:b9:c1:9f:
                    44:41:1e:88:12:50:d4:a9:1b:13:5f:ad:db:32:c7:
                    7f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:01:D6:E3:D8:CC:45:AD:3D:A9:D9:49:64:C6:8D:66:0D:A4:FD:61
            X509v3 Authority Key Identifier:
                keyid:76:7C:17:66:FB:BD:CF:F6:8B:BC:34:A3:C6:BE:69:A0:C8:A0:3A:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/zAHW49jMRa09qdlJZMaNZg2k_WE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:8c:09:2a:27:59:54:c0:59:c5:3a:8d:fa:f2:8f:96:ab:ae:
         bb:37:c7:69:a8:8e:74:dd:82:fc:32:d2:eb:a6:d2:5e:58:bb:
         01:61:97:8b:35:aa:d3:08:dc:b1:be:2f:65:ec:6b:44:e2:fd:
         c3:0d:d3:15:45:e6:9e:fa:9e:ee:32:c2:a7:8b:e6:c2:92:0f:
         90:ce:2f:7c:26:64:4e:46:75:35:32:94:d0:3e:82:00:a9:74:
         e1:32:bd:dc:55:2b:09:5f:a7:f6:e4:e3:ea:e6:9e:b6:f1:64:
         19:ec:5a:2e:4f:1e:4a:2e:72:6c:73:99:a8:a0:b1:8d:a6:d8:
         7a:a8:76:45:bf:e1:7e:3b:f7:02:22:9a:ab:05:02:0e:28:76:
         16:36:d7:df:b3:2f:cb:ed:eb:ae:49:42:8f:96:0a:a2:1d:3c:
         ed:ef:70:b6:17:2e:91:83:7c:63:8f:85:c5:6f:4f:5c:d1:f2:
         53:5a:c3:fc:62:7b:1f:89:6d:83:ea:8c:fe:10:74:e8:11:15:
         8f:2e:94:e8:4b:52:39:12:b2:eb:eb:f8:62:90:70:0e:ef:dd:
         80:de:1f:05:53:77:82:b3:d8:92:f4:8c:8c:24:ed:67:e4:df:
         63:a7:38:6b:b9:9b:96:e1:e0:ea:83:44:37:77:ee:9d:61:79:
         35:69:66:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6oYOCjVBTojTNMafqBTVbiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2MxNzY2ZmJiZGNmZjY4YmJjMzRhM2M2YmU2OWEwYzhh
MDNhYjkwHhcNMjQwNDA0MDkxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzAxZDZlM2Q4Y2M0NWFkM2RhOWQ5NDk2NGM2OGQ2NjBkYTRmZDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CLjDOvrggv+iVglEIZAZmsB+2EV
i7u5onGKWsinrxQBtJFvX5aId/rraLKxRc+SOdFBY8G/H+swEEVrFoUR2o1bXGro
nzrIHfkjf0sYs1BLnCuNQ18xHGcl72Rg9L/COm5AxpW/FoHyOf+HOhwa35GHWPOV
rY5i8bm9ofCfn95Pz4TLKBpVeV2VJ6dPGBxbOH1qvfqritg1PfxslUfpAiENbsNl
Ky6H/Tik0auzceDvFh1JjH1KddLFsIqZgS2zP9fodoItLUPmwpXNNX6Qs9m7ge9r
j2Ud+DUTZu66POpw/z3bBz6rtQbL0rC5wZ9EQR6IElDUqRsTX63bMsd/HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwB1uPYzEWtPanZSWTGjWYNpP1hMB8GA1UdIwQY
MBaAFHZ8F2b7vc/2i7w0o8a+aaDIoDq5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG53WFp2dTl6X2FMdkRTanhyNXBvTWlnT3JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84ODQzNTYtN2UyYS00YzJhLThmZjQt
MzU2OGUxZDI5ZDRhLzEvekFIVzQ5ak1SYTA5cWRsSlpNYU5aZzJrX1dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84ODQzNTYtN2UyYS00YzJhLThmZjQtMzU2OGUxZDI5ZDRh
LzEvZG53WFp2dTl6X2FMdkRTanhyNXBvTWlnT3JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY8oMA0G
CSqGSIb3DQEBCwUAA4IBAQAWjAkqJ1lUwFnFOo368o+Wq667N8dpqI503YL8MtLr
ptJeWLsBYZeLNarTCNyxvi9l7GtE4v3DDdMVReae+p7uMsKni+bCkg+Qzi98JmRO
RnU1MpTQPoIAqXThMr3cVSsJX6f25OPq5p628WQZ7FouTx5KLnJsc5mooLGNpth6
qHZFv+F+O/cCIpqrBQIOKHYWNtffsy/L7euuSUKPlgqiHTzt73C2Fy6Rg3xjj4XF
b09c0fJTWsP8YnsfiW2D6oz+EHToERWPLpToS1I5ErLr6/hikHAO792A3h8FU3eC
s9iS9IyMJO1n5N9jpzhruZuW4eDqg0Q3d+6dYXk1aWbs
-----END CERTIFICATE-----