Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/zo157da-AB6HI374tBFkz6iDmOk.roa
File:                     zo157da-AB6HI374tBFkz6iDmOk.roa (raw, json)
Hash identifier:          a8NBWQzChpeRoliTClZgXPSTJGxIjnt6GocR1e8Aj/4=
Subject key identifier:   CE:8D:79:ED:D6:BE:00:1E:87:23:7E:F8:B4:11:64:CF:A8:83:98:E9
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       018DF45CF17F39A3204B98F663CB51D38611
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/zo157da-AB6HI374tBFkz6iDmOk.roa
Signing time:             Thu 29 Feb 2024 10:15:48 +0000
ROA not before:           Thu 29 Feb 2024 10:15:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16125
IP address blocks:        82.206.0.0/23 maxlen: 23
                          82.206.10.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 11:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:5c:f1:7f:39:a3:20:4b:98:f6:63:cb:51:d3:86:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Feb 29 10:15:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce8d79edd6be001e87237ef8b41164cfa88398e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2a:ec:b4:fd:1a:af:d1:50:1a:e8:c5:14:2a:
                    5e:d5:cb:d2:0f:b7:4c:1e:0d:fa:46:c8:a7:5b:dc:
                    cd:2b:c7:66:70:7e:ab:92:ec:30:62:8c:85:94:cc:
                    cb:d9:60:d0:59:d8:5c:72:5c:ae:e0:7c:c5:5b:f5:
                    47:ba:24:00:7b:e6:76:9b:7a:81:a1:1c:d7:88:d5:
                    26:14:db:10:2e:37:26:20:1f:0f:b1:cf:79:eb:8c:
                    78:b4:0c:39:be:1a:ce:de:30:c8:43:66:ea:ae:22:
                    31:17:99:59:6b:c3:c9:eb:78:70:6f:8d:2b:b6:c8:
                    a2:9b:59:51:67:b2:63:19:01:9f:c1:77:29:91:44:
                    36:65:5f:d7:e8:80:a0:08:e2:07:18:33:24:38:d3:
                    b5:e0:d9:cc:c6:e4:44:3f:f7:25:9e:cd:59:63:03:
                    80:8f:c6:bc:8e:d6:ca:9f:43:12:e5:84:44:5f:8d:
                    8f:42:33:23:eb:73:22:bc:96:a5:67:bc:af:f3:e5:
                    83:d3:d0:2d:5c:78:d3:71:56:7e:df:8a:96:84:0a:
                    13:e9:0a:15:8e:1c:01:2b:fb:73:6a:8c:e8:47:76:
                    3c:e2:8a:2b:3f:08:cd:a0:a2:90:db:d3:cc:5c:85:
                    53:f1:b2:b3:77:1c:6f:50:01:c3:28:cb:7f:cc:c1:
                    80:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:8D:79:ED:D6:BE:00:1E:87:23:7E:F8:B4:11:64:CF:A8:83:98:E9
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/zo157da-AB6HI374tBFkz6iDmOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.0.0/23
                  82.206.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:5f:6e:92:2f:99:04:49:f6:09:d8:f8:fd:4e:91:47:0d:57:
         52:bb:59:46:6b:e7:f7:fe:e9:25:38:9d:1e:c5:5b:33:d9:9b:
         7c:02:59:67:2d:52:71:56:5d:9d:13:6c:6c:c8:13:78:84:e3:
         1c:94:62:fe:2f:57:bf:d9:95:71:aa:b1:c0:50:2b:37:2e:48:
         a7:d1:b5:dd:48:7a:bc:cc:ef:ec:fa:86:42:87:56:15:60:7d:
         f7:2f:22:10:91:d6:e1:0a:c4:7d:72:20:3f:a0:5f:f6:56:fc:
         4a:8f:b1:66:43:ae:e3:98:de:82:dc:94:51:e3:7a:ae:03:e9:
         60:bc:3a:fb:b2:7a:3d:91:79:6a:ee:78:98:f0:fb:5c:da:55:
         fe:86:f4:b4:d7:2b:8e:f8:d7:87:ae:56:53:d5:aa:2c:f4:0d:
         8c:66:a1:a2:90:e8:30:f3:5f:06:ec:e1:c7:01:3f:b8:96:30:
         66:7b:40:ef:6f:32:d7:a5:06:19:da:6d:b2:02:3d:df:d6:7c:
         c2:98:0a:0f:57:83:ab:66:97:8c:27:05:5f:5e:e8:a1:65:8a:
         b7:9a:65:45:94:4c:f6:79:e1:7b:c9:e9:52:39:5a:92:ad:89:
         1e:4a:3b:a4:5c:95:a3:e7:78:f2:96:0d:a6:4d:4c:8e:3f:f8:
         6b:5e:b0:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY30XPF/OaMgS5j2Y8tR04YRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjQwMjI5MTAxNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZThkNzllZGQ2YmUwMDFlODcyMzdlZjhiNDExNjRjZmE4ODM5OGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSrstP0ar9FQGujFFCpe1cvSD7dM
Hg36RsinW9zNK8dmcH6rkuwwYoyFlMzL2WDQWdhcclyu4HzFW/VHuiQAe+Z2m3qB
oRzXiNUmFNsQLjcmIB8Psc9564x4tAw5vhrO3jDIQ2bqriIxF5lZa8PJ63hwb40r
tsiim1lRZ7JjGQGfwXcpkUQ2ZV/X6ICgCOIHGDMkONO14NnMxuREP/clns1ZYwOA
j8a8jtbKn0MS5YREX42PQjMj63MivJalZ7yv8+WD09AtXHjTcVZ+34qWhAoT6QoV
jhwBK/tzaozoR3Y84oorPwjNoKKQ29PMXIVT8bKzdxxvUAHDKMt/zMGAhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM6Nee3WvgAehyN++LQRZM+og5jpMB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvem8xNTdkYS1BQjZISTM3NHRCRmt6NmlEbU9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUs4AAwQB
Us4KMA0GCSqGSIb3DQEBCwUAA4IBAQA0X26SL5kESfYJ2Pj9TpFHDVdSu1lGa+f3
/uklOJ0exVsz2Zt8AllnLVJxVl2dE2xsyBN4hOMclGL+L1e/2ZVxqrHAUCs3Lkin
0bXdSHq8zO/s+oZCh1YVYH33LyIQkdbhCsR9ciA/oF/2VvxKj7FmQ67jmN6C3JRR
43quA+lgvDr7sno9kXlq7niY8Ptc2lX+hvS01yuO+NeHrlZT1aos9A2MZqGikOgw
818G7OHHAT+4ljBme0DvbzLXpQYZ2m2yAj3f1nzCmAoPV4OrZpeMJwVfXuihZYq3
mmVFlEz2eeF7yelSOVqSrYkeSjukXJWj53jylg2mTUyOP/hrXrAp
-----END CERTIFICATE-----