Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/5863ea-419a-4c29-8e3e-8d525a563e61/1/zZd3gJy36oVWVgmrpGXSBEMHa_E.roa
File:                     zZd3gJy36oVWVgmrpGXSBEMHa_E.roa (raw, json)
Hash identifier:          pKDeM3EslRORlEnCyv6iQ4XZ7Q0avsrweW8tC90yBl8=
Subject key identifier:   CD:97:77:80:9C:B7:EA:85:56:56:09:AB:A4:65:D2:04:43:07:6B:F1
Certificate issuer:       /CN=d4c7c4eab5c07948cbf44a8a01c6a827fdae9341
Certificate serial:       01941FFA18A8698C382D090B26B512BBC8F1
Authority key identifier: D4:C7:C4:EA:B5:C0:79:48:CB:F4:4A:8A:01:C6:A8:27:FD:AE:93:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1MfE6rXAeUjL9EqKAcaoJ_2uk0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/5863ea-419a-4c29-8e3e-8d525a563e61/1/zZd3gJy36oVWVgmrpGXSBEMHa_E.roa
Signing time:             Wed 01 Jan 2025 03:47:51 +0000
ROA not before:           Wed 01 Jan 2025 03:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41346
IP address blocks:        195.114.28.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/5863ea-419a-4c29-8e3e-8d525a563e61/1/1MfE6rXAeUjL9EqKAcaoJ_2uk0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/5863ea-419a-4c29-8e3e-8d525a563e61/1/1MfE6rXAeUjL9EqKAcaoJ_2uk0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1MfE6rXAeUjL9EqKAcaoJ_2uk0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:18:a8:69:8c:38:2d:09:0b:26:b5:12:bb:c8:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4c7c4eab5c07948cbf44a8a01c6a827fdae9341
        Validity
            Not Before: Jan  1 03:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd9777809cb7ea85565609aba465d20443076bf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:28:fb:2d:91:55:1f:06:b8:36:57:51:9f:3b:
                    d4:73:65:47:5b:56:d6:37:12:3a:d8:92:1a:7a:7e:
                    cd:75:e5:c7:e5:55:c5:95:93:13:4c:a2:9f:ee:ee:
                    c6:75:43:4a:1b:bb:ca:53:d7:d1:81:04:ed:b5:6a:
                    db:34:29:1c:af:09:65:bc:9d:cf:34:df:6f:0b:4d:
                    93:3b:6c:fc:72:50:f4:8e:42:86:bc:9a:2e:18:fe:
                    7d:47:cc:52:97:2c:a7:36:41:a6:e5:d4:b3:88:09:
                    3a:2a:e5:60:e0:ed:43:9a:72:96:af:00:d3:74:96:
                    e9:65:94:77:32:70:3d:ac:12:0f:7b:34:bc:af:47:
                    87:f5:b3:7e:b1:62:0b:60:be:d8:b9:a4:12:6f:9d:
                    4e:35:29:b2:f9:5d:13:c4:58:e4:e7:a8:9c:f9:34:
                    a4:d0:b5:29:0b:67:0f:44:e4:5e:95:74:87:8a:2c:
                    3b:e3:19:e1:51:a8:50:52:54:83:09:f3:55:cb:be:
                    d6:c6:42:5d:1a:1c:48:7e:17:09:ac:8e:a5:c7:ea:
                    1e:b4:68:32:c5:be:e8:54:a5:82:45:15:27:aa:f3:
                    d3:8f:d9:a0:f4:1c:04:78:76:1e:2f:f0:11:f3:72:
                    62:7a:4d:4b:5c:fa:42:07:b5:03:bc:b8:a2:0f:0a:
                    96:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:97:77:80:9C:B7:EA:85:56:56:09:AB:A4:65:D2:04:43:07:6B:F1
            X509v3 Authority Key Identifier:
                keyid:D4:C7:C4:EA:B5:C0:79:48:CB:F4:4A:8A:01:C6:A8:27:FD:AE:93:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1MfE6rXAeUjL9EqKAcaoJ_2uk0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/5863ea-419a-4c29-8e3e-8d525a563e61/1/zZd3gJy36oVWVgmrpGXSBEMHa_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/5863ea-419a-4c29-8e3e-8d525a563e61/1/1MfE6rXAeUjL9EqKAcaoJ_2uk0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:59:33:34:ad:d0:3a:88:98:63:d3:96:ac:e0:f2:20:04:56:
         59:fc:c0:2d:e5:a8:d6:13:bf:88:40:e9:37:d8:e5:39:e8:2f:
         aa:90:be:fc:b8:2b:3f:08:24:86:9c:9a:0e:b3:d7:0c:2e:25:
         93:c4:47:51:88:e4:88:fa:51:dd:67:d5:45:25:74:7b:1b:7a:
         9f:52:13:47:26:2a:62:4d:46:fa:4a:96:81:75:54:c2:4c:0a:
         f1:ff:7c:4b:0f:3d:a0:9e:bf:83:38:6a:4f:92:43:bb:c4:b8:
         e8:c3:ad:57:90:ff:42:a9:58:ff:90:4e:c9:52:e5:b4:c2:4c:
         6e:67:c1:53:fd:1e:55:3f:68:90:8c:e5:54:ed:19:75:62:e9:
         3d:ee:72:f2:52:4b:11:91:59:20:32:af:c5:81:6f:a4:02:d0:
         25:3f:38:51:23:e8:0b:c6:7e:bf:52:d0:f8:24:50:5f:da:fa:
         e8:46:29:cb:7e:a7:96:b2:29:9a:12:bb:46:d2:2b:0b:26:fe:
         10:34:63:65:75:ad:ae:0d:ba:a2:53:4d:bd:31:f2:34:72:81:
         82:65:f7:bc:79:f7:af:ac:b5:8f:ec:cb:26:b1:b3:1a:69:5b:
         45:fe:28:40:0f:70:7b:a0:58:01:d6:ec:c7:23:c4:57:0f:f0:
         f0:fb:53:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hioaYw4LQkLJrUSu8jxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YzdjNGVhYjVjMDc5NDhjYmY0NGE4YTAxYzZhODI3ZmRh
ZTkzNDEwHhcNMjUwMTAxMDM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDk3Nzc4MDljYjdlYTg1NTY1NjA5YWJhNDY1ZDIwNDQzMDc2YmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxij7LZFVHwa4NldRnzvUc2VHW1bW
NxI62JIaen7NdeXH5VXFlZMTTKKf7u7GdUNKG7vKU9fRgQTttWrbNCkcrwllvJ3P
NN9vC02TO2z8clD0jkKGvJouGP59R8xSlyynNkGm5dSziAk6KuVg4O1DmnKWrwDT
dJbpZZR3MnA9rBIPezS8r0eH9bN+sWILYL7YuaQSb51ONSmy+V0TxFjk56ic+TSk
0LUpC2cPRORelXSHiiw74xnhUahQUlSDCfNVy77WxkJdGhxIfhcJrI6lx+oetGgy
xb7oVKWCRRUnqvPTj9mg9BwEeHYeL/AR83Jiek1LXPpCB7UDvLiiDwqWAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2Xd4Cct+qFVlYJq6Rl0gRDB2vxMB8GA1UdIwQY
MBaAFNTHxOq1wHlIy/RKigHGqCf9rpNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU1mRTZyWEFlVWpMOUVxS0FjYW9KXzJ1azBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81ODYzZWEtNDE5YS00YzI5LThlM2Ut
OGQ1MjVhNTYzZTYxLzEvelpkM2dKeTM2b1ZXVmdtcnBHWFNCRU1IYV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81ODYzZWEtNDE5YS00YzI5LThlM2UtOGQ1MjVhNTYzZTYx
LzEvMU1mRTZyWEFlVWpMOUVxS0FjYW9KXzJ1azBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw3IcMA0G
CSqGSIb3DQEBCwUAA4IBAQA3WTM0rdA6iJhj05as4PIgBFZZ/MAt5ajWE7+IQOk3
2OU56C+qkL78uCs/CCSGnJoOs9cMLiWTxEdRiOSI+lHdZ9VFJXR7G3qfUhNHJipi
TUb6SpaBdVTCTArx/3xLDz2gnr+DOGpPkkO7xLjow61XkP9CqVj/kE7JUuW0wkxu
Z8FT/R5VP2iQjOVU7Rl1Yuk97nLyUksRkVkgMq/FgW+kAtAlPzhRI+gLxn6/UtD4
JFBf2vroRinLfqeWsimaErtG0isLJv4QNGNlda2uDbqiU029MfI0coGCZfe8efev
rLWP7MsmsbMaaVtF/ihAD3B7oFgB1uzHI8RXD/Dw+1Mw
-----END CERTIFICATE-----