Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/26fcba-78ae-4d38-acaf-31428b050fd7/1/Zaa2ZlTyqcc3-PraTdapPYZfqsc.roa
File:                     Zaa2ZlTyqcc3-PraTdapPYZfqsc.roa (raw, json)
Hash identifier:          c1Zvm+tdmTkZ+280FJdRBPTwLWO6y6WYRa3PAhdHQOc=
Subject key identifier:   65:A6:B6:66:54:F2:A9:C7:37:F8:FA:DA:4D:D6:A9:3D:86:5F:AA:C7
Certificate issuer:       /CN=de3d81211f492edf029a22cc66c20a3b94583590
Certificate serial:       018DC63CA7615764972EB285E8E1D9F50FCA
Authority key identifier: DE:3D:81:21:1F:49:2E:DF:02:9A:22:CC:66:C2:0A:3B:94:58:35:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3j2BIR9JLt8CmiLMZsIKO5RYNZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/26fcba-78ae-4d38-acaf-31428b050fd7/1/Zaa2ZlTyqcc3-PraTdapPYZfqsc.roa
Signing time:             Tue 20 Feb 2024 11:18:00 +0000
ROA not before:           Tue 20 Feb 2024 11:18:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8434
IP address blocks:        82.193.160.0/19 maxlen: 19
                          2a02:2580::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/26fcba-78ae-4d38-acaf-31428b050fd7/1/3j2BIR9JLt8CmiLMZsIKO5RYNZA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/26fcba-78ae-4d38-acaf-31428b050fd7/1/3j2BIR9JLt8CmiLMZsIKO5RYNZA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3j2BIR9JLt8CmiLMZsIKO5RYNZA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:3c:a7:61:57:64:97:2e:b2:85:e8:e1:d9:f5:0f:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de3d81211f492edf029a22cc66c20a3b94583590
        Validity
            Not Before: Feb 20 11:18:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65a6b66654f2a9c737f8fada4dd6a93d865faac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:38:29:f4:5a:a3:f4:c1:33:23:7e:3c:de:2b:
                    91:c5:bc:7e:74:fc:bf:63:27:87:b7:2d:72:9c:12:
                    4a:4d:e0:e3:89:ee:96:a7:f8:22:7f:f5:ca:40:23:
                    7e:ab:62:98:97:35:4c:48:ef:21:30:bb:8b:c8:df:
                    c1:fd:31:74:ba:2b:5b:51:2b:cd:cd:39:d3:ed:2d:
                    a2:18:ae:fa:53:3e:bd:df:27:f0:f0:6e:85:61:2e:
                    15:3a:f9:cf:34:56:c7:1f:40:06:d6:77:53:74:83:
                    b8:b6:53:17:3d:2c:e7:21:bf:4d:dc:8c:64:be:f3:
                    56:78:ff:9f:97:57:de:68:9d:98:70:bf:f4:d3:b1:
                    57:a2:90:cd:94:24:dd:3c:84:7a:39:4b:31:68:fb:
                    fe:8a:bc:7b:92:c5:7d:9f:17:63:45:1b:18:fd:88:
                    a7:37:d5:e3:d5:2d:a3:5f:90:60:94:90:4c:95:44:
                    01:92:a6:00:b9:41:db:ad:fd:7c:01:e1:df:1e:09:
                    95:20:d9:d7:e8:42:fb:f2:a6:63:80:a9:0f:f2:23:
                    c6:7d:1d:f4:06:35:ac:56:52:44:59:55:0c:c2:ea:
                    a2:02:a9:9e:46:14:24:04:d7:b7:a6:b2:7b:cb:bb:
                    8c:a0:8f:a6:ee:98:f4:cb:e7:cb:95:32:ee:77:ea:
                    4b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:A6:B6:66:54:F2:A9:C7:37:F8:FA:DA:4D:D6:A9:3D:86:5F:AA:C7
            X509v3 Authority Key Identifier:
                keyid:DE:3D:81:21:1F:49:2E:DF:02:9A:22:CC:66:C2:0A:3B:94:58:35:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3j2BIR9JLt8CmiLMZsIKO5RYNZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/26fcba-78ae-4d38-acaf-31428b050fd7/1/Zaa2ZlTyqcc3-PraTdapPYZfqsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/26fcba-78ae-4d38-acaf-31428b050fd7/1/3j2BIR9JLt8CmiLMZsIKO5RYNZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.193.160.0/19
                IPv6:
                  2a02:2580::/32

    Signature Algorithm: sha256WithRSAEncryption
         c4:00:71:ad:a4:21:3e:8d:ba:7b:f1:30:2f:56:de:45:cb:f2:
         e4:36:0d:0d:75:0b:fe:8d:19:73:ef:5f:25:1e:73:8b:15:af:
         c5:9e:63:04:b4:63:90:47:c4:1e:b1:dc:94:92:61:3b:61:d4:
         c6:7c:af:d2:9a:69:45:75:ee:92:56:e3:62:75:ef:7b:e4:7d:
         12:26:e1:3b:49:8a:5a:d2:98:45:bb:d4:f7:85:af:55:c5:0d:
         6c:da:e2:c3:1d:75:c9:57:5c:70:e6:07:6f:cf:f6:cb:07:fb:
         a2:64:f6:3e:2c:2d:39:a0:6d:94:fc:dc:f1:e8:64:cd:a7:5c:
         6f:b3:9e:44:c8:8e:54:63:2d:b9:2c:33:d8:3d:40:cc:59:20:
         b9:54:48:f9:6c:56:ae:be:aa:ec:e7:12:da:c6:f2:f6:4c:9f:
         20:76:e8:b5:a3:9c:fd:bf:92:78:ec:f6:f2:fe:4b:05:2c:6d:
         84:6f:1d:21:f4:64:04:31:07:d2:6d:39:8f:1f:94:37:3e:e3:
         05:20:9a:6a:7c:85:b3:b3:b5:9c:ac:cf:64:e6:d2:2c:90:d9:
         6f:24:f1:4f:29:1e:1a:52:6e:bd:4b:2b:3c:d2:12:83:b4:44:
         f1:91:18:4e:01:a6:bb:43:bc:87:01:23:24:d9:fd:72:e5:71:
         ae:d4:c3:20
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3GPKdhV2SXLrKF6OHZ9Q/KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlM2Q4MTIxMWY0OTJlZGYwMjlhMjJjYzY2YzIwYTNiOTQ1
ODM1OTAwHhcNMjQwMjIwMTExODAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWE2YjY2NjU0ZjJhOWM3MzdmOGZhZGE0ZGQ2YTkzZDg2NWZhYWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijgp9Fqj9MEzI3483iuRxbx+dPy/
YyeHty1ynBJKTeDjie6Wp/gif/XKQCN+q2KYlzVMSO8hMLuLyN/B/TF0uitbUSvN
zTnT7S2iGK76Uz693yfw8G6FYS4VOvnPNFbHH0AG1ndTdIO4tlMXPSznIb9N3Ixk
vvNWeP+fl1feaJ2YcL/007FXopDNlCTdPIR6OUsxaPv+irx7ksV9nxdjRRsY/Yin
N9Xj1S2jX5BglJBMlUQBkqYAuUHbrf18AeHfHgmVINnX6EL78qZjgKkP8iPGfR30
BjWsVlJEWVUMwuqiAqmeRhQkBNe3prJ7y7uMoI+m7pj0y+fLlTLud+pLPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGWmtmZU8qnHN/j62k3WqT2GX6rHMB8GA1UdIwQY
MBaAFN49gSEfSS7fApoizGbCCjuUWDWQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2oyQklSOUpMdDhDbWlMTVpzSUtPNVJZTlpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8yNmZjYmEtNzhhZS00ZDM4LWFjYWYt
MzE0MjhiMDUwZmQ3LzEvWmFhMlpsVHlxY2MzLVByYVRkYXBQWVpmcXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8yNmZjYmEtNzhhZS00ZDM4LWFjYWYtMzE0MjhiMDUwZmQ3
LzEvM2oyQklSOUpMdDhDbWlMTVpzSUtPNVJZTlpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFUsGgMA0E
AgACMAcDBQAqAiWAMA0GCSqGSIb3DQEBCwUAA4IBAQDEAHGtpCE+jbp78TAvVt5F
y/LkNg0NdQv+jRlz718lHnOLFa/FnmMEtGOQR8QesdyUkmE7YdTGfK/SmmlFde6S
VuNide975H0SJuE7SYpa0phFu9T3ha9VxQ1s2uLDHXXJV1xw5gdvz/bLB/uiZPY+
LC05oG2U/Nzx6GTNp1xvs55EyI5UYy25LDPYPUDMWSC5VEj5bFauvqrs5xLaxvL2
TJ8gdui1o5z9v5J47Pby/ksFLG2Ebx0h9GQEMQfSbTmPH5Q3PuMFIJpqfIWzs7Wc
rM9k5tIskNlvJPFPKR4aUm69Sys80hKDtETxkRhOAaa7Q7yHASMk2f1y5XGu1MMg
-----END CERTIFICATE-----