Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/0683c3-61f9-4db8-94a8-5bdf61551a06/1/ZxZmylmgr70ikLsaLCL-y5se2ko.roa
File:                     ZxZmylmgr70ikLsaLCL-y5se2ko.roa (raw, json)
Hash identifier:          BjYX1zdgsHxyvYn2GWvSLuGpF1uaMvdoto+Hpgj4AXI=
Subject key identifier:   67:16:66:CA:59:A0:AF:BD:22:90:BB:1A:2C:22:FE:CB:9B:1E:DA:4A
Certificate issuer:       /CN=ccf292d82c0a2252dd3285a287331f4450ed359a
Certificate serial:       018CC3B7127EEF1C2C6A94C6E64778FBED39
Authority key identifier: CC:F2:92:D8:2C:0A:22:52:DD:32:85:A2:87:33:1F:44:50:ED:35:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zPKS2CwKIlLdMoWihzMfRFDtNZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/0683c3-61f9-4db8-94a8-5bdf61551a06/1/ZxZmylmgr70ikLsaLCL-y5se2ko.roa
Signing time:             Mon 01 Jan 2024 06:30:04 +0000
ROA not before:           Mon 01 Jan 2024 06:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2027
IP address blocks:        195.20.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/0683c3-61f9-4db8-94a8-5bdf61551a06/1/zPKS2CwKIlLdMoWihzMfRFDtNZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/0683c3-61f9-4db8-94a8-5bdf61551a06/1/zPKS2CwKIlLdMoWihzMfRFDtNZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zPKS2CwKIlLdMoWihzMfRFDtNZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:12:7e:ef:1c:2c:6a:94:c6:e6:47:78:fb:ed:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccf292d82c0a2252dd3285a287331f4450ed359a
        Validity
            Not Before: Jan  1 06:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=671666ca59a0afbd2290bb1a2c22fecb9b1eda4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e8:1e:fa:ee:fb:81:52:8a:15:1b:2a:a3:f5:
                    0e:ab:4d:63:85:c3:dd:cc:cb:a7:04:6e:cd:7a:ff:
                    2b:ea:42:c8:d6:6f:ea:e7:7f:28:12:fa:20:27:96:
                    ab:8c:52:5c:b3:27:4d:65:b0:7d:dc:c4:fb:d0:6f:
                    c3:0a:4f:bf:75:4a:0c:d5:8d:8d:e9:0e:15:7f:20:
                    6f:4a:ad:79:3d:25:ff:2f:07:60:11:e7:1d:27:23:
                    b8:01:05:61:a9:c0:e2:3d:4f:11:59:6e:f4:06:dd:
                    f4:8e:22:6f:2d:61:e3:5d:b3:92:95:ff:3a:c7:a2:
                    b0:9f:10:af:c8:50:55:10:bc:c2:f1:8f:4d:34:c9:
                    a3:d2:d3:f6:07:e7:0e:13:07:74:6f:c2:67:f3:7d:
                    02:34:57:e1:aa:bd:6c:6b:d3:b1:0f:c3:f1:03:c5:
                    8b:18:6e:b1:d0:88:4d:a8:e6:53:af:43:ce:c2:80:
                    b0:42:f0:b4:7c:47:40:25:3c:6e:4f:00:61:3e:7b:
                    83:7d:11:2b:ad:41:db:a6:03:87:a0:cd:6a:4b:7d:
                    b2:ec:70:34:fe:9f:17:42:e6:fb:d2:66:4a:48:d5:
                    e0:3f:76:87:8d:fc:e4:25:d6:75:40:40:53:8d:4d:
                    43:2d:06:20:17:b8:b2:fe:84:87:77:1a:06:b9:83:
                    52:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:16:66:CA:59:A0:AF:BD:22:90:BB:1A:2C:22:FE:CB:9B:1E:DA:4A
            X509v3 Authority Key Identifier:
                keyid:CC:F2:92:D8:2C:0A:22:52:DD:32:85:A2:87:33:1F:44:50:ED:35:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zPKS2CwKIlLdMoWihzMfRFDtNZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/0683c3-61f9-4db8-94a8-5bdf61551a06/1/ZxZmylmgr70ikLsaLCL-y5se2ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/0683c3-61f9-4db8-94a8-5bdf61551a06/1/zPKS2CwKIlLdMoWihzMfRFDtNZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:42:9f:30:68:ab:25:ad:6f:2a:7e:9f:0c:40:c6:8c:31:47:
         ed:29:dd:27:6a:dc:ee:f0:ec:a1:35:3d:c2:c9:f9:e7:33:7b:
         02:6e:80:e2:60:fc:30:3b:bc:37:1d:55:44:f6:5d:fc:c4:bc:
         6e:72:3f:e8:3a:31:18:7d:26:95:f1:18:f4:c3:69:ae:d8:57:
         0f:4d:62:4d:89:1c:18:4c:89:8a:9f:b7:bf:ce:2d:04:f2:90:
         4d:f9:f1:0f:8c:13:97:c8:e6:24:cb:68:18:8e:c6:84:49:72:
         f3:9f:c5:e0:4a:da:38:d7:30:7b:a2:ad:bf:e4:f4:86:67:19:
         dc:d6:e6:c1:9f:a6:fd:48:71:8f:d8:f9:4e:98:20:f1:cb:5f:
         64:45:ee:8f:2c:e4:fa:fd:1e:b8:89:3e:05:74:ba:df:b5:6e:
         7f:70:4d:b2:1d:b4:47:dd:26:3a:ec:f7:b1:ad:6e:7f:3e:52:
         43:8b:cf:52:c0:5c:4c:b9:9c:14:a1:ae:9c:d4:55:83:47:15:
         6a:87:3f:20:31:af:78:b4:d6:a9:b8:d1:32:ec:fb:81:bf:a1:
         4d:1f:60:73:c2:40:19:31:2c:1d:c0:45:13:b3:b7:ff:bf:55:
         fe:1d:ed:c9:d0:eb:6e:6c:e3:13:58:33:8b:b5:03:ed:03:5b:
         a7:06:25:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtxJ+7xwsapTG5kd4++05MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZjI5MmQ4MmMwYTIyNTJkZDMyODVhMjg3MzMxZjQ0NTBl
ZDM1OWEwHhcNMjQwMTAxMDYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzE2NjZjYTU5YTBhZmJkMjI5MGJiMWEyYzIyZmVjYjliMWVkYTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsege+u77gVKKFRsqo/UOq01jhcPd
zMunBG7Nev8r6kLI1m/q538oEvogJ5arjFJcsydNZbB93MT70G/DCk+/dUoM1Y2N
6Q4VfyBvSq15PSX/LwdgEecdJyO4AQVhqcDiPU8RWW70Bt30jiJvLWHjXbOSlf86
x6KwnxCvyFBVELzC8Y9NNMmj0tP2B+cOEwd0b8Jn830CNFfhqr1sa9OxD8PxA8WL
GG6x0IhNqOZTr0POwoCwQvC0fEdAJTxuTwBhPnuDfRErrUHbpgOHoM1qS32y7HA0
/p8XQub70mZKSNXgP3aHjfzkJdZ1QEBTjU1DLQYgF7iy/oSHdxoGuYNSUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcWZspZoK+9IpC7Giwi/subHtpKMB8GA1UdIwQY
MBaAFMzyktgsCiJS3TKFooczH0RQ7TWaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelBLUzJDd0tJbExkTW9XaWh6TWZSRkR0TlpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8wNjgzYzMtNjFmOS00ZGI4LTk0YTgt
NWJkZjYxNTUxYTA2LzEvWnhabXlsbWdyNzBpa0xzYUxDTC15NXNlMmtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8wNjgzYzMtNjFmOS00ZGI4LTk0YTgtNWJkZjYxNTUxYTA2
LzEvelBLUzJDd0tJbExkTW9XaWh6TWZSRkR0TlpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxTRMA0G
CSqGSIb3DQEBCwUAA4IBAQBsQp8waKslrW8qfp8MQMaMMUftKd0natzu8OyhNT3C
yfnnM3sCboDiYPwwO7w3HVVE9l38xLxucj/oOjEYfSaV8Rj0w2mu2FcPTWJNiRwY
TImKn7e/zi0E8pBN+fEPjBOXyOYky2gYjsaESXLzn8XgSto41zB7oq2/5PSGZxnc
1ubBn6b9SHGP2PlOmCDxy19kRe6PLOT6/R64iT4FdLrftW5/cE2yHbRH3SY67Pex
rW5/PlJDi89SwFxMuZwUoa6c1FWDRxVqhz8gMa94tNapuNEy7PuBv6FNH2BzwkAZ
MSwdwEUTs7f/v1X+He3J0OtubOMTWDOLtQPtA1unBiUZ
-----END CERTIFICATE-----