Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/57f512-a29f-44ed-a7a1-0e7cbbcc62d0/1/ZkXS4s3tHUd88k9ErmreVogE2qo.roa
File:                     ZkXS4s3tHUd88k9ErmreVogE2qo.roa (raw, json)
Hash identifier:          A+M0Pbk7hqYX1QMdfLwZgkp3HnTrkHBAA3aum5q5Yj0=
Subject key identifier:   66:45:D2:E2:CD:ED:1D:47:7C:F2:4F:44:AE:6A:DE:56:88:04:DA:AA
Certificate issuer:       /CN=647530b4fa8899a30bb2e65b93f0119fda9bc05d
Certificate serial:       018CC3B72EDD2ED0EB2B02B1010B6B09B146
Authority key identifier: 64:75:30:B4:FA:88:99:A3:0B:B2:E6:5B:93:F0:11:9F:DA:9B:C0:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZHUwtPqImaMLsuZbk_ARn9qbwF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/57f512-a29f-44ed-a7a1-0e7cbbcc62d0/1/ZkXS4s3tHUd88k9ErmreVogE2qo.roa
Signing time:             Mon 01 Jan 2024 06:30:11 +0000
ROA not before:           Mon 01 Jan 2024 06:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207294
IP address blocks:        188.190.124.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/57f512-a29f-44ed-a7a1-0e7cbbcc62d0/1/ZHUwtPqImaMLsuZbk_ARn9qbwF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/57f512-a29f-44ed-a7a1-0e7cbbcc62d0/1/ZHUwtPqImaMLsuZbk_ARn9qbwF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZHUwtPqImaMLsuZbk_ARn9qbwF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2e:dd:2e:d0:eb:2b:02:b1:01:0b:6b:09:b1:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=647530b4fa8899a30bb2e65b93f0119fda9bc05d
        Validity
            Not Before: Jan  1 06:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6645d2e2cded1d477cf24f44ae6ade568804daaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:0e:84:01:f9:cf:3e:dc:91:a1:48:48:45:91:
                    f6:49:ed:2d:b4:0a:f7:7d:42:0b:5b:fb:1c:3d:da:
                    c8:c0:b5:90:15:ad:1c:14:cd:12:51:68:b1:23:83:
                    1e:fd:1b:c0:43:ff:ba:11:82:c8:e1:95:58:bf:1d:
                    67:ae:9d:02:0e:c7:1b:e1:5b:52:bc:9b:f6:c6:df:
                    20:d1:bf:47:91:a9:9c:02:f4:1b:7c:5d:7c:0a:6a:
                    91:b5:8d:67:d2:67:d8:56:76:33:69:7e:ef:e4:e2:
                    54:25:52:d0:9a:81:ea:00:de:5e:bc:9c:14:13:66:
                    b1:69:b0:85:d3:2c:e3:c5:20:72:34:86:52:7c:b9:
                    9a:a6:78:c8:a5:1f:bd:ae:65:39:eb:b2:7e:ef:70:
                    94:6e:7a:f8:f0:78:cb:c8:cf:9b:0e:8d:5f:f6:10:
                    b3:66:4f:95:28:10:7c:3c:f0:4e:2a:34:6c:ac:b7:
                    32:ef:5f:cb:75:3e:b3:3a:4d:f3:d1:c7:0c:51:12:
                    9b:30:6d:ea:86:68:03:af:9b:df:55:47:d7:6e:dc:
                    69:47:7c:c6:fa:5f:d0:cd:50:fd:46:d8:7a:18:46:
                    aa:ed:e7:3f:2e:8b:6c:82:07:b2:02:61:a3:63:0e:
                    5e:2d:ad:b8:3b:a1:af:13:34:c9:ea:1b:84:73:7b:
                    22:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:45:D2:E2:CD:ED:1D:47:7C:F2:4F:44:AE:6A:DE:56:88:04:DA:AA
            X509v3 Authority Key Identifier:
                keyid:64:75:30:B4:FA:88:99:A3:0B:B2:E6:5B:93:F0:11:9F:DA:9B:C0:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZHUwtPqImaMLsuZbk_ARn9qbwF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/57f512-a29f-44ed-a7a1-0e7cbbcc62d0/1/ZkXS4s3tHUd88k9ErmreVogE2qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/57f512-a29f-44ed-a7a1-0e7cbbcc62d0/1/ZHUwtPqImaMLsuZbk_ARn9qbwF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.190.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:66:27:3e:f0:75:cf:50:ec:da:65:13:65:d6:95:e6:dd:9e:
         6e:a1:48:f8:ac:95:ba:2e:39:ad:90:08:c4:f9:0f:2d:fb:1f:
         1c:37:d3:4f:9c:28:31:8a:60:ab:d5:c7:2a:50:80:b2:ea:98:
         78:b6:90:c0:11:a1:83:83:aa:79:7f:83:9f:54:d6:69:79:44:
         ea:83:dc:95:6a:32:39:4d:3c:40:13:32:75:82:98:a8:1e:1d:
         3a:e8:cd:90:de:2b:97:de:a4:1f:39:60:59:25:60:38:0f:f5:
         75:d5:91:fc:c4:bb:33:e3:97:3a:88:35:87:7d:d3:c9:92:d2:
         d5:09:05:23:db:92:b9:e1:39:d7:52:8a:d3:1e:86:95:6d:a6:
         63:59:42:f5:77:f3:ac:41:e8:05:4e:c1:99:be:71:51:33:70:
         77:9e:16:a9:3e:90:64:53:a7:7b:76:d6:77:04:f4:3c:fe:6e:
         b2:58:36:ec:90:db:29:1a:be:16:5b:72:ec:3b:76:e9:b7:d5:
         fb:57:91:fa:c6:81:f0:72:fe:42:ab:1a:45:0b:01:d0:1c:a0:
         9f:43:9f:6a:d1:64:f5:94:e7:0f:40:39:33:fb:0e:c6:a9:6c:
         16:ae:87:66:a6:4e:35:61:bd:fd:41:73:c2:3d:18:e2:59:b2:
         d2:ca:ff:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDty7dLtDrKwKxAQtrCbFGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NzUzMGI0ZmE4ODk5YTMwYmIyZTY1YjkzZjAxMTlmZGE5
YmMwNWQwHhcNMjQwMTAxMDYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjQ1ZDJlMmNkZWQxZDQ3N2NmMjRmNDRhZTZhZGU1Njg4MDRkYWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQ6EAfnPPtyRoUhIRZH2Se0ttAr3
fUILW/scPdrIwLWQFa0cFM0SUWixI4Me/RvAQ/+6EYLI4ZVYvx1nrp0CDscb4VtS
vJv2xt8g0b9HkamcAvQbfF18CmqRtY1n0mfYVnYzaX7v5OJUJVLQmoHqAN5evJwU
E2axabCF0yzjxSByNIZSfLmapnjIpR+9rmU567J+73CUbnr48HjLyM+bDo1f9hCz
Zk+VKBB8PPBOKjRsrLcy71/LdT6zOk3z0ccMURKbMG3qhmgDr5vfVUfXbtxpR3zG
+l/QzVD9Rth6GEaq7ec/LotsggeyAmGjYw5eLa24O6GvEzTJ6huEc3siFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZF0uLN7R1HfPJPRK5q3laIBNqqMB8GA1UdIwQY
MBaAFGR1MLT6iJmjC7LmW5PwEZ/am8BdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkhVd3RQcUltYU1Mc3VaYmtfQVJuOXFid0YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS81N2Y1MTItYTI5Zi00NGVkLWE3YTEt
MGU3Y2JiY2M2MmQwLzEvWmtYUzRzM3RIVWQ4OGs5RXJtcmVWb2dFMnFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS81N2Y1MTItYTI5Zi00NGVkLWE3YTEtMGU3Y2JiY2M2MmQw
LzEvWkhVd3RQcUltYU1Mc3VaYmtfQVJuOXFid0YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvL58MA0G
CSqGSIb3DQEBCwUAA4IBAQBTZic+8HXPUOzaZRNl1pXm3Z5uoUj4rJW6LjmtkAjE
+Q8t+x8cN9NPnCgximCr1ccqUICy6ph4tpDAEaGDg6p5f4OfVNZpeUTqg9yVajI5
TTxAEzJ1gpioHh066M2Q3iuX3qQfOWBZJWA4D/V11ZH8xLsz45c6iDWHfdPJktLV
CQUj25K54TnXUorTHoaVbaZjWUL1d/OsQegFTsGZvnFRM3B3nhapPpBkU6d7dtZ3
BPQ8/m6yWDbskNspGr4WW3LsO3bpt9X7V5H6xoHwcv5CqxpFCwHQHKCfQ59q0WT1
lOcPQDkz+w7GqWwWrodmpk41Yb39QXPCPRjiWbLSyv/2
-----END CERTIFICATE-----