Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/zYegAH-ad7d5onhBOC83dQwCFf4.roa
File:                     zYegAH-ad7d5onhBOC83dQwCFf4.roa (raw, json)
Hash identifier:          mfvcBp5EuSQPnl1M0ZApi4+1cY71wCI+8pDFgRrY7V0=
Subject key identifier:   CD:87:A0:00:7F:9A:77:B7:79:A2:78:41:38:2F:37:75:0C:02:15:FE
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF3C99E9071D8DBB7315035495998
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/zYegAH-ad7d5onhBOC83dQwCFf4.roa
Signing time:             Mon 01 Jan 2024 00:29:29 +0000
ROA not before:           Mon 01 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199891
IP address blocks:        82.160.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f3:c9:9e:90:71:d8:db:b7:31:50:35:49:59:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd87a0007f9a77b779a27841382f37750c0215fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e3:c7:71:6b:6a:30:0e:a6:97:3f:78:13:39:
                    ad:6e:6b:52:58:77:fc:26:40:95:e5:3f:13:db:d3:
                    e5:8f:05:ad:e4:67:a5:05:eb:6c:14:7a:80:9d:84:
                    00:4d:2d:85:0c:cd:8a:35:ec:6c:a0:4d:63:ec:87:
                    44:bf:70:1d:02:cc:28:df:ad:68:0e:91:4f:ca:0e:
                    d7:a9:36:cb:db:e8:07:51:a5:d1:22:99:de:d4:4d:
                    05:c4:76:1a:20:7c:e0:74:e1:46:a8:30:ea:d6:ad:
                    f6:0e:13:55:e1:56:7b:67:9f:a1:16:25:ef:6a:bb:
                    64:48:3e:2d:db:90:0d:e9:83:65:e8:38:33:2d:cf:
                    e7:c8:f7:03:05:5d:d9:c4:64:9a:56:40:ad:e2:f7:
                    8c:82:dc:16:94:f5:f3:cb:a7:55:2e:78:4f:3f:ee:
                    e0:db:49:36:9e:b4:64:ca:e9:83:66:8e:ea:b4:7f:
                    b3:65:33:72:4b:50:90:60:62:b0:1b:15:d5:87:c8:
                    00:90:65:c5:d0:71:ff:9d:a7:bf:fe:79:4d:5b:21:
                    c2:0e:c5:5e:4c:b1:08:10:8c:e7:4b:34:3a:fa:2c:
                    9c:18:21:5b:e8:4b:75:90:7c:68:19:63:ef:32:66:
                    8e:e6:aa:95:35:56:51:49:f5:c4:e8:5d:28:11:ae:
                    6e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:87:A0:00:7F:9A:77:B7:79:A2:78:41:38:2F:37:75:0C:02:15:FE
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/zYegAH-ad7d5onhBOC83dQwCFf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.160.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:04:ef:69:7f:17:0c:49:8f:8e:76:00:8b:1f:f0:ad:21:b7:
         43:aa:b5:5a:18:12:05:a6:55:7c:8b:48:ba:95:6d:5b:74:d8:
         6c:a0:ef:97:53:53:54:21:65:99:6a:e6:20:ff:b2:77:78:52:
         d1:e5:39:40:07:98:3e:be:d3:0c:d6:4c:b1:80:1e:f2:65:d4:
         ee:74:db:37:fd:90:54:14:47:87:0a:fa:77:0d:1e:cb:65:36:
         bc:3d:63:13:59:82:ef:3e:b1:8f:00:ee:01:94:f4:bf:e9:64:
         a5:ac:c8:1e:7d:13:f5:c1:54:40:14:8f:3c:d4:99:ea:70:1d:
         8d:7a:3e:33:d8:22:83:d6:cf:61:81:17:f3:67:86:07:de:fb:
         04:fd:d0:2a:75:53:e8:df:ec:fc:65:0e:fe:18:ba:6c:27:0d:
         3a:71:e2:ac:64:0c:a5:7b:25:10:b4:cb:87:dd:1c:55:fb:0d:
         72:20:1b:3b:39:87:d0:98:74:d6:e8:91:5b:32:99:ae:f5:77:
         12:e9:85:11:15:52:9a:20:f9:c1:50:6f:82:f1:47:a0:6e:36:
         bd:da:e7:74:ac:75:05:43:67:c1:03:82:36:a4:63:b8:6c:97:
         da:34:ac:91:b0:dd:3e:82:43:bd:cb:24:d0:5d:a3:54:4d:6b:
         56:f9:09:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPPJnpBx2Nu3MVA1SVmYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDg3YTAwMDdmOWE3N2I3NzlhMjc4NDEzODJmMzc3NTBjMDIxNWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOPHcWtqMA6mlz94EzmtbmtSWHf8
JkCV5T8T29PljwWt5GelBetsFHqAnYQATS2FDM2KNexsoE1j7IdEv3AdAswo361o
DpFPyg7XqTbL2+gHUaXRIpne1E0FxHYaIHzgdOFGqDDq1q32DhNV4VZ7Z5+hFiXv
artkSD4t25AN6YNl6DgzLc/nyPcDBV3ZxGSaVkCt4veMgtwWlPXzy6dVLnhPP+7g
20k2nrRkyumDZo7qtH+zZTNyS1CQYGKwGxXVh8gAkGXF0HH/nae//nlNWyHCDsVe
TLEIEIznSzQ6+iycGCFb6Et1kHxoGWPvMmaO5qqVNVZRSfXE6F0oEa5ulwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2HoAB/mne3eaJ4QTgvN3UMAhX+MB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvelllZ0FILWFkN2Q1b25oQk9DODNkUXdDRmY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUqDcMA0G
CSqGSIb3DQEBCwUAA4IBAQANBO9pfxcMSY+OdgCLH/CtIbdDqrVaGBIFplV8i0i6
lW1bdNhsoO+XU1NUIWWZauYg/7J3eFLR5TlAB5g+vtMM1kyxgB7yZdTudNs3/ZBU
FEeHCvp3DR7LZTa8PWMTWYLvPrGPAO4BlPS/6WSlrMgefRP1wVRAFI881JnqcB2N
ej4z2CKD1s9hgRfzZ4YH3vsE/dAqdVPo3+z8ZQ7+GLpsJw06ceKsZAyleyUQtMuH
3RxV+w1yIBs7OYfQmHTW6JFbMpmu9XcS6YURFVKaIPnBUG+C8Uegbja92ud0rHUF
Q2fBA4I2pGO4bJfaNKyRsN0+gkO9yyTQXaNUTWtW+Qms
-----END CERTIFICATE-----