Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/ZXmE7M56evfS6vRCe1mEdERCOjA.roa
File:                     ZXmE7M56evfS6vRCe1mEdERCOjA.roa (raw, json)
Hash identifier:          a6GwOr4qUhfXvk8P3OR/5N5btsSsgBpZxMtC8UkmzZE=
Subject key identifier:   65:79:84:EC:CE:7A:7A:F7:D2:EA:F4:42:7B:59:84:74:44:42:3A:30
Certificate issuer:       /CN=f84128146b7bec8bd1185bbe0c3b9340aaf5b714
Certificate serial:       018CC56EB0B3493AB52B80D6978C29B8EF1B
Authority key identifier: F8:41:28:14:6B:7B:EC:8B:D1:18:5B:BE:0C:3B:93:40:AA:F5:B7:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/ZXmE7M56evfS6vRCe1mEdERCOjA.roa
Signing time:             Mon 01 Jan 2024 14:30:14 +0000
ROA not before:           Mon 01 Jan 2024 14:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47475
IP address blocks:        195.43.146.0/24 maxlen: 24
                          91.194.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-EEoFGt77IvRGFu-DDuTQKr1txQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-EEoFGt77IvRGFu-DDuTQKr1txQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b0:b3:49:3a:b5:2b:80:d6:97:8c:29:b8:ef:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f84128146b7bec8bd1185bbe0c3b9340aaf5b714
        Validity
            Not Before: Jan  1 14:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=657984ecce7a7af7d2eaf4427b59847444423a30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:96:ca:86:df:11:88:d7:4f:cd:af:5c:dc:d3:
                    cd:c6:87:66:7d:f2:ce:d4:14:f1:c4:ed:d9:87:fe:
                    07:d1:50:ca:f4:85:24:17:44:e0:bd:11:ec:90:b2:
                    03:d0:f1:ec:af:c9:2f:7d:d4:7b:1e:54:d3:9c:7c:
                    d3:04:82:15:db:63:12:dc:b6:c9:ca:32:b2:f5:f3:
                    68:ba:5b:6f:01:8e:c2:de:b5:10:6c:57:3e:7a:1e:
                    b8:a2:49:9a:e0:00:f0:0a:c3:55:8c:1c:68:38:22:
                    c9:b3:21:b3:0b:6e:d2:16:89:b4:61:ba:11:7a:c0:
                    f9:e6:23:00:7a:38:7b:c6:c7:d4:bb:3c:84:22:23:
                    85:f5:2a:6d:13:1a:b3:4f:43:6d:c4:2d:77:45:74:
                    b6:1d:00:e1:08:5a:de:e5:32:40:74:51:6a:27:8a:
                    1c:2e:6b:2e:fe:ac:08:ee:38:be:de:b1:3d:31:75:
                    34:24:72:a8:e3:c3:6d:b4:b5:34:8f:d9:8d:d6:d8:
                    52:88:4d:e5:d5:5d:bb:fd:83:ee:31:fe:47:51:d9:
                    18:46:35:9b:2f:ab:81:58:b1:6d:40:f7:5d:04:1c:
                    6d:57:27:7c:1c:bd:a4:09:8d:7e:1e:2f:1b:ba:0d:
                    eb:bd:fa:6d:00:23:8f:85:22:5a:95:d8:85:1a:73:
                    b5:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:79:84:EC:CE:7A:7A:F7:D2:EA:F4:42:7B:59:84:74:44:42:3A:30
            X509v3 Authority Key Identifier:
                keyid:F8:41:28:14:6B:7B:EC:8B:D1:18:5B:BE:0C:3B:93:40:AA:F5:B7:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-EEoFGt77IvRGFu-DDuTQKr1txQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/ZXmE7M56evfS6vRCe1mEdERCOjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/fb2411-485b-4143-9241-13839640a604/1/1-EEoFGt77IvRGFu-DDuTQKr1txQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.80.0/24
                  195.43.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:75:a9:89:9b:d6:cd:5a:8c:f3:53:ce:f3:f7:3a:34:67:f8:
         c6:6c:ea:17:de:f4:8a:0d:72:85:37:62:75:25:53:8d:03:9b:
         6f:43:3d:15:dd:b1:2c:26:8c:1b:64:9a:46:8b:4f:69:71:a1:
         60:4e:5b:e9:0e:12:ce:8d:29:03:e3:c0:c8:21:0a:3a:2f:3c:
         b4:a9:68:c7:f7:00:5c:0f:11:b2:a9:7a:ed:5d:9f:b6:43:9b:
         80:44:ca:09:5b:39:2e:0e:49:2a:88:72:2e:c6:9d:8e:7f:7f:
         b7:53:59:85:bd:2a:3a:05:d6:0b:56:e3:14:bb:ec:b2:a0:8a:
         a4:c6:a3:33:d7:ae:ec:19:20:4b:4b:f1:2a:f7:61:bb:60:0c:
         0e:a2:3c:72:f1:e8:c4:2a:c0:55:d4:4b:1c:f3:78:c5:1c:b3:
         6a:5c:60:71:3e:3e:18:b5:b6:4e:9d:e6:7a:1e:50:7c:5a:07:
         7c:48:ab:42:18:38:78:81:fd:cc:34:7b:77:2d:7e:ba:f5:f6:
         9a:77:92:70:a5:b4:c3:83:0c:63:d5:07:d9:1a:5f:9b:b1:2f:
         59:cb:30:e5:49:8e:7d:78:f2:9e:aa:9d:e5:44:20:79:37:d9:
         35:f1:ea:4b:ba:d2:ff:82:53:4e:78:3b:ea:b1:02:39:57:18:
         3b:94:a2:af
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFbrCzSTq1K4DWl4wpuO8bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NDEyODE0NmI3YmVjOGJkMTE4NWJiZTBjM2I5MzQwYWFm
NWI3MTQwHhcNMjQwMTAxMTQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTc5ODRlY2NlN2E3YWY3ZDJlYWY0NDI3YjU5ODQ3NDQ0NDIzYTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpbKht8RiNdPza9c3NPNxodmffLO
1BTxxO3Zh/4H0VDK9IUkF0TgvRHskLID0PHsr8kvfdR7HlTTnHzTBIIV22MS3LbJ
yjKy9fNoultvAY7C3rUQbFc+eh64okma4ADwCsNVjBxoOCLJsyGzC27SFom0YboR
esD55iMAejh7xsfUuzyEIiOF9SptExqzT0NtxC13RXS2HQDhCFre5TJAdFFqJ4oc
Lmsu/qwI7ji+3rE9MXU0JHKo48NttLU0j9mN1thSiE3l1V27/YPuMf5HUdkYRjWb
L6uBWLFtQPddBBxtVyd8HL2kCY1+Hi8bug3rvfptACOPhSJaldiFGnO1dwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGV5hOzOenr30ur0QntZhHREQjowMB8GA1UdIwQY
MBaAFPhBKBRre+yL0Rhbvgw7k0Cq9bcUMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1FRW9GR3Q3N0l2UkdGdS1ERHVUUUtyMXR4US5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIvZmIyNDExLTQ4NWItNDE0My05MjQx
LTEzODM5NjQwYTYwNC8xL1pYbUU3TTU2ZXZmUzZ2UkNlMW1FZEVSQ09qQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjIvZmIyNDExLTQ4NWItNDE0My05MjQxLTEzODM5NjQwYTYw
NC8xLzEtRUVvRkd0NzdJdlJHRnUtRER1VFFLcjF0eFEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABbwlAD
BADDK5IwDQYJKoZIhvcNAQELBQADggEBACp1qYmb1s1ajPNTzvP3OjRn+MZs6hfe
9IoNcoU3YnUlU40Dm29DPRXdsSwmjBtkmkaLT2lxoWBOW+kOEs6NKQPjwMghCjov
PLSpaMf3AFwPEbKpeu1dn7ZDm4BEyglbOS4OSSqIci7GnY5/f7dTWYW9KjoF1gtW
4xS77LKgiqTGozPXruwZIEtL8Sr3YbtgDA6iPHLx6MQqwFXUSxzzeMUcs2pcYHE+
Phi1tk6d5noeUHxaB3xIq0IYOHiB/cw0e3ctfrr19pp3knCltMODDGPVB9kaX5ux
L1nLMOVJjn148p6qneVEIHk32TXx6ku60v+CU054O+qxAjlXGDuUoq8=
-----END CERTIFICATE-----