Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/zQU-f7eJyE6ZitM-08L_2KztDK4.roa
File:                     zQU-f7eJyE6ZitM-08L_2KztDK4.roa (raw, json)
Hash identifier:          KpmNRdty71dsGXA+Pn5wqcueX6YOF+qfBqJEBDCMbs0=
Subject key identifier:   CD:05:3E:7F:B7:89:C8:4E:99:8A:D3:3E:D3:C2:FF:D8:AC:ED:0C:AE
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B73D2EF79C1C2FAE117C141361F358
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/zQU-f7eJyE6ZitM-08L_2KztDK4.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206713
IP address blocks:        194.51.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3d:2e:f7:9c:1c:2f:ae:11:7c:14:13:61:f3:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd053e7fb789c84e998ad33ed3c2ffd8aced0cae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:99:fd:a9:79:2f:fb:3f:59:74:76:6f:f4:67:
                    47:fd:9c:58:42:11:30:ac:58:f8:97:2e:31:8d:38:
                    c8:d6:7d:03:1a:fe:5b:bc:e6:d2:c9:a4:07:31:6c:
                    e4:32:07:9f:55:6f:6a:de:cc:c4:81:a3:e2:e4:38:
                    8a:f8:7d:dc:7f:0f:d4:05:ab:93:4a:0c:6f:6c:6f:
                    c0:dc:1a:e9:94:e1:e4:ce:5b:c8:42:4f:09:e5:39:
                    f4:7a:28:1e:b9:dd:b0:b6:95:db:80:a7:14:b4:6d:
                    50:78:ae:b7:19:78:ea:bf:8f:ec:00:4c:db:6e:5a:
                    fb:f7:51:90:9e:95:cf:b0:a1:ac:b5:b9:cd:40:e8:
                    8f:3d:53:69:66:37:09:f6:0b:55:c8:94:12:4c:6d:
                    39:d5:b6:f5:24:2c:79:3a:88:90:87:fc:2d:c1:03:
                    de:93:7e:de:a6:c6:a8:62:6d:26:33:a0:c7:79:7f:
                    bb:82:e4:4d:5c:87:25:20:cf:29:2e:1b:e5:98:fd:
                    d8:b0:8a:18:2e:c0:ac:78:e6:8e:40:d4:8a:54:e2:
                    25:b0:22:67:b6:9e:c1:13:34:a5:68:3c:1a:c1:08:
                    e0:b6:a9:02:47:b2:d0:b0:17:a3:43:e8:0e:25:be:
                    da:bf:4a:ba:09:c6:29:f8:73:ce:63:59:56:ba:bc:
                    1c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:05:3E:7F:B7:89:C8:4E:99:8A:D3:3E:D3:C2:FF:D8:AC:ED:0C:AE
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/zQU-f7eJyE6ZitM-08L_2KztDK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.51.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:a2:df:90:80:7a:4d:75:a8:e4:9c:c3:d4:c8:58:14:96:fd:
         63:be:17:55:3a:bc:1e:f8:3a:f4:d4:41:0d:77:0a:16:53:70:
         83:e3:27:8f:7d:0d:91:d8:5e:5a:75:82:03:1f:4b:15:f2:c3:
         1c:f6:3c:e5:f3:86:73:37:2c:28:b7:47:53:3e:a5:0e:0a:3f:
         d0:97:c0:ac:5c:b9:11:43:51:a2:2b:e1:92:08:36:62:d1:f3:
         8f:59:67:bf:da:e1:ec:8b:a8:1c:c5:44:1b:24:d0:6d:5a:33:
         f1:85:ff:b7:24:d0:61:20:74:1a:64:d9:7b:9b:07:89:a9:dd:
         8e:ad:e0:46:f7:11:10:cc:27:38:ef:ae:97:bf:b3:3c:ab:11:
         9f:bd:04:a9:20:9b:cf:77:7d:2d:8d:26:d1:9b:7f:f8:f6:52:
         72:32:50:12:01:c0:43:c8:2e:71:96:ee:eb:e8:2b:c8:44:cf:
         18:90:03:df:32:dd:b1:11:e4:b3:f2:08:13:20:07:94:5f:16:
         ea:08:30:ac:67:10:47:da:bb:63:05:66:79:60:92:d6:67:60:
         7f:35:34:2e:36:66:76:2b:2d:98:6c:25:9d:44:9a:7e:7d:47:
         84:44:b1:79:7f:08:ac:e8:52:9b:fa:09:bf:84:b9:a3:80:cc:
         e5:a5:44:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtz0u95wcL64RfBQTYfNYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDA1M2U3ZmI3ODljODRlOTk4YWQzM2VkM2MyZmZkOGFjZWQwY2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpn9qXkv+z9ZdHZv9GdH/ZxYQhEw
rFj4ly4xjTjI1n0DGv5bvObSyaQHMWzkMgefVW9q3szEgaPi5DiK+H3cfw/UBauT
SgxvbG/A3BrplOHkzlvIQk8J5Tn0eigeud2wtpXbgKcUtG1QeK63GXjqv4/sAEzb
blr791GQnpXPsKGstbnNQOiPPVNpZjcJ9gtVyJQSTG051bb1JCx5OoiQh/wtwQPe
k37epsaoYm0mM6DHeX+7guRNXIclIM8pLhvlmP3YsIoYLsCseOaOQNSKVOIlsCJn
tp7BEzSlaDwawQjgtqkCR7LQsBejQ+gOJb7av0q6CcYp+HPOY1lWurwcxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0FPn+3ichOmYrTPtPC/9is7QyuMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvelFVLWY3ZUp5RTZaaXRNLTA4TF8yS3p0REs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjMjMA0G
CSqGSIb3DQEBCwUAA4IBAQCmot+QgHpNdajknMPUyFgUlv1jvhdVOrwe+Dr01EEN
dwoWU3CD4yePfQ2R2F5adYIDH0sV8sMc9jzl84ZzNywot0dTPqUOCj/Ql8CsXLkR
Q1GiK+GSCDZi0fOPWWe/2uHsi6gcxUQbJNBtWjPxhf+3JNBhIHQaZNl7mweJqd2O
reBG9xEQzCc4766Xv7M8qxGfvQSpIJvPd30tjSbRm3/49lJyMlASAcBDyC5xlu7r
6CvIRM8YkAPfMt2xEeSz8ggTIAeUXxbqCDCsZxBH2rtjBWZ5YJLWZ2B/NTQuNmZ2
Ky2YbCWdRJp+fUeERLF5fwis6FKb+gm/hLmjgMzlpUT2
-----END CERTIFICATE-----