Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/zPnIk52I5e5XOQDAPWorSCsh2bE.roa
File:                     zPnIk52I5e5XOQDAPWorSCsh2bE.roa (raw, json)
Hash identifier:          ebhrifEspAUlL85Ks+w2MqxaGTghdPylk2skGOusE5k=
Subject key identifier:   CC:F9:C8:93:9D:88:E5:EE:57:39:00:C0:3D:6A:2B:48:2B:21:D9:B1
Certificate issuer:       /CN=6d7ea43a1c4755787d491fba563b88811dccc5f8
Certificate serial:       018CF2D1C7889DF3E1094628E4E4FA9A9F85
Authority key identifier: 6D:7E:A4:3A:1C:47:55:78:7D:49:1F:BA:56:3B:88:81:1D:CC:C5:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/zPnIk52I5e5XOQDAPWorSCsh2bE.roa
Signing time:             Wed 10 Jan 2024 10:01:23 +0000
ROA not before:           Wed 10 Jan 2024 10:01:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29686
IP address blocks:        195.28.12.0/23 maxlen: 24
                          91.199.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f2:d1:c7:88:9d:f3:e1:09:46:28:e4:e4:fa:9a:9f:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d7ea43a1c4755787d491fba563b88811dccc5f8
        Validity
            Not Before: Jan 10 10:01:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccf9c8939d88e5ee573900c03d6a2b482b21d9b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:62:1a:3b:90:a5:c8:65:b8:af:a9:50:b8:c2:
                    ac:ef:9e:0f:de:f1:80:e3:ac:7e:08:f6:c9:f6:03:
                    19:98:05:9f:6e:74:b4:95:af:dc:ba:60:96:29:da:
                    07:69:30:da:9c:62:fd:d4:38:cd:ec:1b:49:0b:49:
                    ee:b0:b0:13:15:44:04:ea:e1:63:93:78:a5:e4:55:
                    cb:c5:60:5c:f8:a7:7a:a8:65:6b:24:5c:0b:9f:7a:
                    19:e4:11:7e:4c:a2:62:1f:c5:41:b0:fa:02:4d:c7:
                    dd:df:9f:e1:37:0e:21:ed:60:23:b8:06:88:9e:fb:
                    be:31:72:27:2f:92:fb:8b:5e:e4:c8:5b:3d:fb:27:
                    f3:9d:c1:d6:b3:5f:bb:cc:c0:1b:c5:2d:09:91:e2:
                    f0:99:89:58:e8:91:bb:6c:b5:cf:ca:8d:34:03:54:
                    d7:e7:69:11:87:4e:d7:e0:7f:79:a5:35:0b:31:98:
                    2d:77:25:34:48:47:70:fe:e2:92:44:2d:10:c5:7f:
                    f5:a5:39:29:53:21:e0:c9:b3:52:43:46:33:6f:8a:
                    0d:dc:b3:9e:8c:e1:d3:7c:5f:ea:85:0c:62:30:e6:
                    a9:55:43:94:7a:8c:4f:53:03:8e:c8:4d:6f:64:e4:
                    2a:c7:25:ae:6e:c2:c1:80:50:8b:05:63:12:9a:5a:
                    13:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:F9:C8:93:9D:88:E5:EE:57:39:00:C0:3D:6A:2B:48:2B:21:D9:B1
            X509v3 Authority Key Identifier:
                keyid:6D:7E:A4:3A:1C:47:55:78:7D:49:1F:BA:56:3B:88:81:1D:CC:C5:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/zPnIk52I5e5XOQDAPWorSCsh2bE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5c9996-6f6b-4c31-863e-589d30ffaa8c/1/bX6kOhxHVXh9SR-6VjuIgR3Mxfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.225.0/24
                  195.28.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:26:19:43:57:4c:8f:de:2d:05:6d:e5:f4:12:0e:85:c5:2d:
         6f:fd:b7:be:3a:41:9c:51:57:6b:44:dd:58:4a:8b:e7:9d:5e:
         49:a4:bd:2d:66:90:79:4a:47:f6:75:f6:52:50:f5:68:de:b8:
         23:c9:65:c6:5f:e7:92:a2:72:3e:79:7c:8b:3d:c0:d0:ea:7c:
         6f:d5:94:52:42:2e:95:d9:72:63:0d:93:15:91:c8:89:41:0e:
         46:66:31:53:85:7b:48:39:a7:a0:da:41:4b:88:6e:b2:93:9f:
         fd:93:32:de:aa:8b:03:df:90:d5:76:57:bc:62:45:62:9a:84:
         35:85:02:90:51:12:5c:53:6f:cd:f0:4d:dd:b2:03:f7:04:94:
         4b:d8:74:25:5c:cb:13:c8:a8:05:5f:82:fc:f3:60:de:5e:98:
         63:95:d3:f2:38:14:c0:3e:37:64:d6:3e:56:d6:d2:cb:f8:1c:
         e6:7f:53:96:8f:a7:df:77:2c:90:07:02:16:13:88:b6:89:6d:
         32:2f:80:4b:f0:d8:8d:58:16:32:50:24:8a:34:11:ae:00:cd:
         a1:c3:39:48:d0:e9:fc:fb:e5:1c:03:a7:f8:34:e8:53:37:f7:
         cf:9a:2f:8f:fb:93:32:09:48:94:ad:03:ea:ab:ba:bf:11:10:
         60:b5:95:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzy0ceInfPhCUYo5OT6mp+FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkN2VhNDNhMWM0NzU1Nzg3ZDQ5MWZiYTU2M2I4ODgxMWRj
Y2M1ZjgwHhcNMjQwMTEwMTAwMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2Y5Yzg5MzlkODhlNWVlNTczOTAwYzAzZDZhMmI0ODJiMjFkOWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2IaO5ClyGW4r6lQuMKs754P3vGA
46x+CPbJ9gMZmAWfbnS0la/cumCWKdoHaTDanGL91DjN7BtJC0nusLATFUQE6uFj
k3il5FXLxWBc+Kd6qGVrJFwLn3oZ5BF+TKJiH8VBsPoCTcfd35/hNw4h7WAjuAaI
nvu+MXInL5L7i17kyFs9+yfzncHWs1+7zMAbxS0JkeLwmYlY6JG7bLXPyo00A1TX
52kRh07X4H95pTULMZgtdyU0SEdw/uKSRC0QxX/1pTkpUyHgybNSQ0Yzb4oN3LOe
jOHTfF/qhQxiMOapVUOUeoxPUwOOyE1vZOQqxyWubsLBgFCLBWMSmloTNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMz5yJOdiOXuVzkAwD1qK0grIdmxMB8GA1UdIwQY
MBaAFG1+pDocR1V4fUkfulY7iIEdzMX4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlg2a09oeEhWWGg5U1ItNlZqdUlnUjNNeGZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi81Yzk5OTYtNmY2Yi00YzMxLTg2M2Ut
NTg5ZDMwZmZhYThjLzEvelBuSWs1Mkk1ZTVYT1FEQVBXb3JTQ3NoMmJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi81Yzk5OTYtNmY2Yi00YzMxLTg2M2UtNTg5ZDMwZmZhYThj
LzEvYlg2a09oeEhWWGg5U1ItNlZqdUlnUjNNeGZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8fhAwQB
wxwMMA0GCSqGSIb3DQEBCwUAA4IBAQCQJhlDV0yP3i0FbeX0Eg6FxS1v/be+OkGc
UVdrRN1YSovnnV5JpL0tZpB5Skf2dfZSUPVo3rgjyWXGX+eSonI+eXyLPcDQ6nxv
1ZRSQi6V2XJjDZMVkciJQQ5GZjFThXtIOaeg2kFLiG6yk5/9kzLeqosD35DVdle8
YkVimoQ1hQKQURJcU2/N8E3dsgP3BJRL2HQlXMsTyKgFX4L882DeXphjldPyOBTA
Pjdk1j5W1tLL+Bzmf1OWj6ffdyyQBwIWE4i2iW0yL4BL8NiNWBYyUCSKNBGuAM2h
wzlI0On8++UcA6f4NOhTN/fPmi+P+5MyCUiUrQPqq7q/ERBgtZVB
-----END CERTIFICATE-----