Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/29a52e-58a0-4238-aeb1-8b7a4abf1ca2/1/ZqAcmb1aNfacQkxqwU6ps24KV9I.roa
File:                     ZqAcmb1aNfacQkxqwU6ps24KV9I.roa (raw, json)
Hash identifier:          FhAKzOmnkPx3zs485lQu2KjwAN19ruV6SuSo/lvCgPY=
Subject key identifier:   66:A0:1C:99:BD:5A:35:F6:9C:42:4C:6A:C1:4E:A9:B3:6E:0A:57:D2
Certificate issuer:       /CN=edae0186c6823014bc2c42d04ea650bf5ccb9976
Certificate serial:       018CC6B928C027165A2CEF7F4734D9FA49D7
Authority key identifier: ED:AE:01:86:C6:82:30:14:BC:2C:42:D0:4E:A6:50:BF:5C:CB:99:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7a4BhsaCMBS8LELQTqZQv1zLmXY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/29a52e-58a0-4238-aeb1-8b7a4abf1ca2/1/ZqAcmb1aNfacQkxqwU6ps24KV9I.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200319
IP address blocks:        194.48.224.0/22 maxlen: 24
                          2a0c:f440::/29 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/29a52e-58a0-4238-aeb1-8b7a4abf1ca2/1/7a4BhsaCMBS8LELQTqZQv1zLmXY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/29a52e-58a0-4238-aeb1-8b7a4abf1ca2/1/7a4BhsaCMBS8LELQTqZQv1zLmXY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7a4BhsaCMBS8LELQTqZQv1zLmXY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:28:c0:27:16:5a:2c:ef:7f:47:34:d9:fa:49:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edae0186c6823014bc2c42d04ea650bf5ccb9976
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66a01c99bd5a35f69c424c6ac14ea9b36e0a57d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c7:ac:81:30:d9:62:35:ee:1f:89:16:43:ad:
                    00:fb:32:d7:cc:f5:00:36:b8:c1:9a:ed:80:09:51:
                    ac:eb:2a:75:12:e3:61:05:29:f5:23:19:5c:69:ad:
                    fe:33:89:39:58:05:e6:77:a8:51:67:aa:5c:6e:0d:
                    a1:80:cd:65:f5:f1:e1:97:f0:0a:4b:93:1a:c0:6e:
                    f7:7f:3d:26:6a:84:64:d3:b2:a2:5b:ec:76:2a:27:
                    54:d0:2a:4c:af:de:0f:cc:3d:da:ea:9f:6b:bc:67:
                    a4:ab:33:f5:6a:bc:f6:20:be:cd:4e:b8:7e:ad:0a:
                    f1:07:c1:9d:14:5f:a0:56:e0:60:1b:5b:80:41:3e:
                    f8:7b:5b:99:70:3a:11:19:3f:b6:4a:c2:d9:09:e9:
                    ee:29:2c:82:f5:8b:ee:bc:be:d6:9a:91:c7:57:0f:
                    58:92:ae:11:90:05:b6:83:3b:26:ff:1f:49:8f:12:
                    d0:54:0d:81:26:81:2b:30:f5:c0:ce:06:e1:57:bf:
                    9c:b5:ff:60:57:56:fc:75:45:3d:a4:8d:ed:a5:88:
                    22:55:2f:7f:f0:84:99:b1:8b:66:75:fd:5d:8d:6e:
                    5e:32:70:a0:24:42:ee:fb:ed:71:8e:42:f1:23:9a:
                    4b:b9:ae:29:58:23:08:1a:39:df:32:8e:cc:f8:b1:
                    06:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:A0:1C:99:BD:5A:35:F6:9C:42:4C:6A:C1:4E:A9:B3:6E:0A:57:D2
            X509v3 Authority Key Identifier:
                keyid:ED:AE:01:86:C6:82:30:14:BC:2C:42:D0:4E:A6:50:BF:5C:CB:99:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a4BhsaCMBS8LELQTqZQv1zLmXY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/29a52e-58a0-4238-aeb1-8b7a4abf1ca2/1/ZqAcmb1aNfacQkxqwU6ps24KV9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/29a52e-58a0-4238-aeb1-8b7a4abf1ca2/1/7a4BhsaCMBS8LELQTqZQv1zLmXY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.224.0/22
                IPv6:
                  2a0c:f440::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:41:6e:d9:eb:d2:d8:42:49:a8:2d:30:e7:a5:ef:05:7c:01:
         39:73:a9:1b:49:ec:fd:a7:59:5e:81:40:ae:43:f3:77:94:53:
         08:d4:20:8f:0b:0c:c8:b0:ff:64:38:c9:c3:17:24:c6:00:a4:
         cb:b3:04:8e:18:12:2d:9f:28:ea:26:21:c7:a3:08:b2:06:c8:
         da:75:65:53:83:4b:b5:1f:51:c1:24:25:8c:62:35:e8:24:c6:
         fb:9e:23:e1:20:21:b4:33:f9:da:a8:8a:06:38:cd:ad:eb:01:
         c3:29:bd:4f:79:b3:8e:4f:3b:a2:84:d8:a8:f0:c6:88:4d:a4:
         7e:e6:34:c0:52:4f:0e:26:de:d7:c5:15:5e:0d:52:21:3c:a8:
         51:c7:65:9d:27:d4:b7:79:04:12:45:f2:12:43:e2:b8:6c:11:
         be:2a:02:14:d1:40:11:1d:8e:50:60:b8:0a:1b:b3:db:df:15:
         3f:4a:33:17:ba:11:15:d7:68:5f:d3:76:47:e7:68:8f:a3:de:
         9a:13:7b:d9:ca:21:d9:36:78:5a:f4:40:a6:a7:fd:9d:a6:ba:
         4d:f1:4b:8c:e9:25:de:24:2c:06:63:59:8f:1c:42:6d:32:02:
         8a:a5:9e:61:20:92:53:d8:bb:c1:5d:01:1c:ca:d3:b0:4a:d7:
         33:a6:54:65
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuSjAJxZaLO9/RzTZ+knXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkYWUwMTg2YzY4MjMwMTRiYzJjNDJkMDRlYTY1MGJmNWNj
Yjk5NzYwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmEwMWM5OWJkNWEzNWY2OWM0MjRjNmFjMTRlYTliMzZlMGE1N2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsesgTDZYjXuH4kWQ60A+zLXzPUA
NrjBmu2ACVGs6yp1EuNhBSn1Ixlcaa3+M4k5WAXmd6hRZ6pcbg2hgM1l9fHhl/AK
S5MawG73fz0maoRk07KiW+x2KidU0CpMr94PzD3a6p9rvGekqzP1arz2IL7NTrh+
rQrxB8GdFF+gVuBgG1uAQT74e1uZcDoRGT+2SsLZCenuKSyC9YvuvL7WmpHHVw9Y
kq4RkAW2gzsm/x9JjxLQVA2BJoErMPXAzgbhV7+ctf9gV1b8dUU9pI3tpYgiVS9/
8ISZsYtmdf1djW5eMnCgJELu++1xjkLxI5pLua4pWCMIGjnfMo7M+LEGOwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGagHJm9WjX2nEJMasFOqbNuClfSMB8GA1UdIwQY
MBaAFO2uAYbGgjAUvCxC0E6mUL9cy5l2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2E0QmhzYUNNQlM4TEVMUVRxWlF2MXpMbVhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8yOWE1MmUtNThhMC00MjM4LWFlYjEt
OGI3YTRhYmYxY2EyLzEvWnFBY21iMWFOZmFjUWt4cXdVNnBzMjRLVjlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8yOWE1MmUtNThhMC00MjM4LWFlYjEtOGI3YTRhYmYxY2Ey
LzEvN2E0QmhzYUNNQlM4TEVMUVRxWlF2MXpMbVhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwjDgMA0E
AgACMAcDBQMqDPRAMA0GCSqGSIb3DQEBCwUAA4IBAQAzQW7Z69LYQkmoLTDnpe8F
fAE5c6kbSez9p1legUCuQ/N3lFMI1CCPCwzIsP9kOMnDFyTGAKTLswSOGBItnyjq
JiHHowiyBsjadWVTg0u1H1HBJCWMYjXoJMb7niPhICG0M/naqIoGOM2t6wHDKb1P
ebOOTzuihNio8MaITaR+5jTAUk8OJt7XxRVeDVIhPKhRx2WdJ9S3eQQSRfISQ+K4
bBG+KgIU0UARHY5QYLgKG7Pb3xU/SjMXuhEV12hf03ZH52iPo96aE3vZyiHZNnha
9ECmp/2dprpN8UuM6SXeJCwGY1mPHEJtMgKKpZ5hIJJT2LvBXQEcytOwStczplRl
-----END CERTIFICATE-----