Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/2a57be-be77-4428-8e93-ba5201ea5f83/1/zYVcoSi0KPrpC_fScpva_OHHCoY.roa
File:                     zYVcoSi0KPrpC_fScpva_OHHCoY.roa (raw, json)
Hash identifier:          DwzglM9mjd5HXYkobafebk967LgiB38beOmX7kmHwvs=
Subject key identifier:   CD:85:5C:A1:28:B4:28:FA:E9:0B:F7:D2:72:9B:DA:FC:E1:C7:0A:86
Certificate issuer:       /CN=a4b65da1753fb4eeedb86fda87dd3afa69d862d0
Certificate serial:       018CC2DAECF145360E10615C235082D29B5F
Authority key identifier: A4:B6:5D:A1:75:3F:B4:EE:ED:B8:6F:DA:87:DD:3A:FA:69:D8:62:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLZdoXU_tO7tuG_ah906-mnYYtA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/2a57be-be77-4428-8e93-ba5201ea5f83/1/zYVcoSi0KPrpC_fScpva_OHHCoY.roa
Signing time:             Mon 01 Jan 2024 02:29:36 +0000
ROA not before:           Mon 01 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44544
IP address blocks:        195.216.223.0/24 maxlen: 24
                          195.216.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/2a57be-be77-4428-8e93-ba5201ea5f83/1/pLZdoXU_tO7tuG_ah906-mnYYtA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/2a57be-be77-4428-8e93-ba5201ea5f83/1/pLZdoXU_tO7tuG_ah906-mnYYtA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLZdoXU_tO7tuG_ah906-mnYYtA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ec:f1:45:36:0e:10:61:5c:23:50:82:d2:9b:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4b65da1753fb4eeedb86fda87dd3afa69d862d0
        Validity
            Not Before: Jan  1 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd855ca128b428fae90bf7d2729bdafce1c70a86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3b:0b:4d:0d:3d:e5:34:ae:01:37:af:50:9c:
                    05:6b:01:28:d2:97:40:12:a7:fd:56:be:01:b7:6f:
                    a7:aa:56:b4:fd:77:00:09:c0:e4:e1:71:6c:85:bb:
                    40:dd:52:10:fa:d9:c9:04:45:f0:41:fe:c6:fe:a2:
                    1e:ea:fe:96:f3:f3:d9:17:aa:11:e3:ab:de:4d:1b:
                    5e:80:c4:33:75:f6:ba:fc:56:2c:1e:ac:40:5e:1c:
                    03:00:56:12:e6:3b:c7:09:a4:e1:6a:80:d9:7e:80:
                    59:3a:3f:6c:a9:6c:cc:18:3e:59:97:68:af:9e:54:
                    19:96:ab:a0:86:7f:9f:9f:5d:ac:2f:ff:63:ae:21:
                    d2:00:44:be:9d:e1:f6:0c:16:87:97:29:a1:fc:c1:
                    a6:f7:29:1f:be:b3:86:9f:ea:35:b6:55:69:d8:31:
                    e1:4e:0c:19:7a:26:51:8f:8a:83:24:77:68:93:78:
                    be:f1:cf:1f:80:04:c0:ba:70:40:fa:25:40:b6:2a:
                    a7:71:80:26:ff:92:ab:6b:ea:91:c5:db:53:a6:3b:
                    4d:f6:48:40:fd:02:b5:21:72:b0:0d:b3:36:c4:0e:
                    85:11:79:cd:35:19:11:be:3d:4c:f8:93:49:a9:52:
                    3d:fe:85:e4:55:45:05:82:8d:5f:fc:c6:c6:16:f7:
                    36:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:85:5C:A1:28:B4:28:FA:E9:0B:F7:D2:72:9B:DA:FC:E1:C7:0A:86
            X509v3 Authority Key Identifier:
                keyid:A4:B6:5D:A1:75:3F:B4:EE:ED:B8:6F:DA:87:DD:3A:FA:69:D8:62:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLZdoXU_tO7tuG_ah906-mnYYtA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2a57be-be77-4428-8e93-ba5201ea5f83/1/zYVcoSi0KPrpC_fScpva_OHHCoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/2a57be-be77-4428-8e93-ba5201ea5f83/1/pLZdoXU_tO7tuG_ah906-mnYYtA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:cc:c8:65:90:11:49:aa:09:28:2e:65:2f:64:bd:a1:f4:58:
         2c:c2:c1:bf:eb:14:37:62:84:c8:ec:84:42:d9:ac:1f:26:52:
         7a:ff:30:d6:86:d6:c9:65:7a:42:03:66:11:77:d6:15:46:4c:
         15:5f:14:e6:c6:a5:64:cb:5e:27:b7:a9:6b:15:d0:87:f0:0a:
         78:56:a6:e2:16:be:5a:99:56:29:c2:f6:a5:2b:3a:0d:38:0e:
         c4:07:80:d6:d2:d2:eb:ca:40:c4:4c:7d:21:00:b5:39:c6:3f:
         f8:6a:93:14:ba:89:55:7d:e8:0e:f9:fc:c5:9c:61:e5:00:4e:
         27:73:6b:d4:26:c8:7b:8c:6e:e9:51:c2:71:3d:27:37:00:63:
         1d:59:ac:50:a0:8e:87:22:3e:fd:06:53:28:79:0e:d7:08:0f:
         3b:cb:2a:8e:e0:37:17:50:f4:97:be:c4:25:59:92:25:03:cc:
         5e:7f:fc:40:9e:19:f4:85:37:91:e3:da:43:c2:94:27:6d:9b:
         ba:09:3d:1c:fa:fb:db:9b:34:a4:c6:ca:1b:88:1f:69:d7:20:
         8c:b1:49:43:2b:98:58:20:a4:72:fc:d9:44:51:5a:0d:97:5d:
         75:82:4d:22:a6:5e:8c:ef:f2:f4:8c:10:cb:a6:eb:99:95:c7:
         4f:f4:3e:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uzxRTYOEGFcI1CC0ptfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YjY1ZGExNzUzZmI0ZWVlZGI4NmZkYTg3ZGQzYWZhNjlk
ODYyZDAwHhcNMjQwMTAxMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDg1NWNhMTI4YjQyOGZhZTkwYmY3ZDI3MjliZGFmY2UxYzcwYTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDsLTQ095TSuATevUJwFawEo0pdA
Eqf9Vr4Bt2+nqla0/XcACcDk4XFshbtA3VIQ+tnJBEXwQf7G/qIe6v6W8/PZF6oR
46veTRtegMQzdfa6/FYsHqxAXhwDAFYS5jvHCaThaoDZfoBZOj9sqWzMGD5Zl2iv
nlQZlqughn+fn12sL/9jriHSAES+neH2DBaHlymh/MGm9ykfvrOGn+o1tlVp2DHh
TgwZeiZRj4qDJHdok3i+8c8fgATAunBA+iVAtiqncYAm/5Kra+qRxdtTpjtN9khA
/QK1IXKwDbM2xA6FEXnNNRkRvj1M+JNJqVI9/oXkVUUFgo1f/MbGFvc2AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2FXKEotCj66Qv30nKb2vzhxwqGMB8GA1UdIwQY
MBaAFKS2XaF1P7Tu7bhv2ofdOvpp2GLQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcExaZG9YVV90Tzd0dUdfYWg5MDYtbW5ZWXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8yYTU3YmUtYmU3Ny00NDI4LThlOTMt
YmE1MjAxZWE1ZjgzLzEvellWY29TaTBLUHJwQ19mU2NwdmFfT0hIQ29ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8yYTU3YmUtYmU3Ny00NDI4LThlOTMtYmE1MjAxZWE1Zjgz
LzEvcExaZG9YVV90Tzd0dUdfYWg5MDYtbW5ZWXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw9jeMA0G
CSqGSIb3DQEBCwUAA4IBAQAfzMhlkBFJqgkoLmUvZL2h9FgswsG/6xQ3YoTI7IRC
2awfJlJ6/zDWhtbJZXpCA2YRd9YVRkwVXxTmxqVky14nt6lrFdCH8Ap4VqbiFr5a
mVYpwvalKzoNOA7EB4DW0tLrykDETH0hALU5xj/4apMUuolVfegO+fzFnGHlAE4n
c2vUJsh7jG7pUcJxPSc3AGMdWaxQoI6HIj79BlMoeQ7XCA87yyqO4DcXUPSXvsQl
WZIlA8xef/xAnhn0hTeR49pDwpQnbZu6CT0c+vvbmzSkxsobiB9p1yCMsUlDK5hY
IKRy/NlEUVoNl111gk0ipl6M7/L0jBDLpuuZlcdP9D56
-----END CERTIFICATE-----