Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/zJGlBXu-kjdHbQhY6cMC2OIODsY.roa
File:                     zJGlBXu-kjdHbQhY6cMC2OIODsY.roa (raw, json)
Hash identifier:          L7bqdYe2k5cRc7c6z8mJHV3wrN9N5B+Dhqw7iAZ8Pmo=
Subject key identifier:   CC:91:A5:05:7B:BE:92:37:47:6D:08:58:E9:C3:02:D8:E2:0E:0E:C6
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019132400F799764C96622DEDF53783C56DD
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/zJGlBXu-kjdHbQhY6cMC2OIODsY.roa
Signing time:             Thu 08 Aug 2024 13:49:04 +0000
ROA not before:           Thu 08 Aug 2024 13:49:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10753
IP address blocks:        82.163.56.0/22 maxlen: 22
                          86.104.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:32:40:0f:79:97:64:c9:66:22:de:df:53:78:3c:56:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Aug  8 13:49:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc91a5057bbe9237476d0858e9c302d8e20e0ec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:9d:7f:ca:32:56:bb:54:22:87:c5:74:09:31:
                    e9:9e:bb:2a:71:00:b0:79:92:f3:8a:f4:0a:ca:b4:
                    3f:ab:cf:b2:a2:0e:fa:3e:db:ad:ca:85:0c:f0:ca:
                    5f:91:53:5c:3d:5f:94:76:32:18:33:5d:5b:9b:1e:
                    c4:6a:7e:57:b4:e0:a9:1d:ff:e2:c1:d5:ca:1f:a0:
                    ad:80:70:42:0c:41:da:d3:6f:da:90:32:b6:be:4f:
                    86:a5:9a:e6:e9:8d:cf:fa:28:dc:df:fe:11:4c:27:
                    a4:25:d6:8a:a6:10:bd:b9:be:ca:49:a1:77:ab:38:
                    e6:a6:3b:ed:04:e4:c0:6d:de:61:00:e8:59:00:03:
                    18:b4:5f:48:9e:03:88:90:b5:45:83:7b:30:e2:69:
                    f3:2b:9e:e7:2a:a4:f4:61:5b:04:5b:cb:f3:90:cb:
                    ca:cf:00:65:a7:da:0f:30:cc:44:16:35:b6:d9:ed:
                    57:15:58:e3:f4:8a:a3:84:6a:f0:8f:7a:8a:6b:d8:
                    6d:54:5e:60:b4:db:c7:11:6c:e5:3d:f2:3c:22:09:
                    b9:ce:8f:55:21:f4:a3:74:1f:9c:35:51:f2:70:49:
                    97:97:03:cc:d2:e0:10:99:50:c6:8d:ca:c0:c5:f4:
                    07:e7:cf:92:6f:ba:67:75:4f:b6:31:92:94:3f:3f:
                    0b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:91:A5:05:7B:BE:92:37:47:6D:08:58:E9:C3:02:D8:E2:0E:0E:C6
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/zJGlBXu-kjdHbQhY6cMC2OIODsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.56.0/22
                  86.104.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:67:e1:cf:cf:f2:52:e5:f1:6f:47:ba:6c:fe:84:27:41:51:
         08:3c:51:02:ff:72:5e:72:e7:6b:ff:49:66:7a:c4:a9:ca:97:
         aa:32:eb:6a:be:c4:1e:d9:83:45:5b:c6:1a:55:cf:2d:88:06:
         96:15:8d:fb:f5:63:4d:99:4a:39:5d:77:d7:8d:80:3c:1a:1b:
         5b:85:16:4c:03:1f:ee:50:ae:a5:1d:1f:92:d1:55:91:8b:2b:
         bf:43:a3:6e:98:02:b7:3b:a9:7f:70:71:1a:45:89:0f:4d:09:
         fc:4b:d6:6a:cf:e2:6a:e9:33:9a:49:60:70:b5:04:e4:4c:31:
         6c:34:82:95:7a:b8:2b:c0:f6:a5:eb:fe:04:cd:2d:bf:eb:3d:
         fc:27:f9:0c:da:e8:8b:84:0c:e1:51:e1:2f:5b:01:4a:12:81:
         c5:b6:d2:18:79:a6:c2:52:3a:30:72:1b:33:0b:4d:d4:64:70:
         ad:b2:e5:56:ed:3d:10:5f:bd:69:a2:a6:5e:b9:08:63:3e:4e:
         bd:d6:3c:9e:c5:06:dc:39:96:78:08:88:88:18:51:31:24:27:
         1b:2e:0c:09:42:65:c5:1f:cf:1e:c3:cb:bb:ca:58:7a:05:16:
         79:d1:e8:3a:ac:7a:64:91:aa:36:3a:93:bb:60:41:80:90:77:
         27:37:5f:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZEyQA95l2TJZiLe31N4PFbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwODA4MTM0OTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzkxYTUwNTdiYmU5MjM3NDc2ZDA4NThlOWMzMDJkOGUyMGUwZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz51/yjJWu1Qih8V0CTHpnrsqcQCw
eZLzivQKyrQ/q8+yog76PtutyoUM8MpfkVNcPV+UdjIYM11bmx7Ean5XtOCpHf/i
wdXKH6CtgHBCDEHa02/akDK2vk+GpZrm6Y3P+ijc3/4RTCekJdaKphC9ub7KSaF3
qzjmpjvtBOTAbd5hAOhZAAMYtF9IngOIkLVFg3sw4mnzK57nKqT0YVsEW8vzkMvK
zwBlp9oPMMxEFjW22e1XFVjj9IqjhGrwj3qKa9htVF5gtNvHEWzlPfI8Igm5zo9V
IfSjdB+cNVHycEmXlwPM0uAQmVDGjcrAxfQH58+Sb7pndU+2MZKUPz8LmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMyRpQV7vpI3R20IWOnDAtjiDg7GMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvekpHbEJYdS1ramRIYlFoWTZjTUMyT0lPRHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUqM4AwQC
VmigMA0GCSqGSIb3DQEBCwUAA4IBAQBaZ+HPz/JS5fFvR7ps/oQnQVEIPFEC/3Je
cudr/0lmesSpypeqMutqvsQe2YNFW8YaVc8tiAaWFY379WNNmUo5XXfXjYA8Ghtb
hRZMAx/uUK6lHR+S0VWRiyu/Q6NumAK3O6l/cHEaRYkPTQn8S9Zqz+Jq6TOaSWBw
tQTkTDFsNIKVergrwPal6/4EzS2/6z38J/kM2uiLhAzhUeEvWwFKEoHFttIYeabC
UjowchszC03UZHCtsuVW7T0QX71poqZeuQhjPk691jyexQbcOZZ4CIiIGFExJCcb
LgwJQmXFH88ew8u7ylh6BRZ50eg6rHpkkao2OpO7YEGAkHcnN18D
-----END CERTIFICATE-----