Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/ZqB00BJh1bL0az3KA6LZS1ukKYY.roa
File:                     ZqB00BJh1bL0az3KA6LZS1ukKYY.roa (raw, json)
Hash identifier:          oQve/lHQi97wxeVWOHPyWJe+6JbnB6sE1Yb/2lWCU6I=
Subject key identifier:   66:A0:74:D0:12:61:D5:B2:F4:6B:3D:CA:03:A2:D9:4B:5B:A4:29:86
Certificate issuer:       /CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Certificate serial:       018CC79534EC6C5D65ECC0B75602AB5F25E9
Authority key identifier: 22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/ZqB00BJh1bL0az3KA6LZS1ukKYY.roa
Signing time:             Tue 02 Jan 2024 00:31:33 +0000
ROA not before:           Tue 02 Jan 2024 00:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205993
IP address blocks:        85.255.120.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 03:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:34:ec:6c:5d:65:ec:c0:b7:56:02:ab:5f:25:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
        Validity
            Not Before: Jan  2 00:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66a074d01261d5b2f46b3dca03a2d94b5ba42986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:35:bc:f9:b9:9e:22:a2:72:e8:ef:d7:4f:c1:
                    26:bb:29:9e:d3:ea:36:4b:e3:ea:de:ee:f2:ce:91:
                    2b:87:ad:7e:5c:00:b9:10:f9:9d:e4:ea:cc:3f:28:
                    ae:93:f3:e3:a2:33:91:5b:7a:12:e5:32:f7:67:9a:
                    b6:d1:ac:6f:c4:69:c4:e7:b8:cc:20:08:d2:7a:ca:
                    d0:00:dd:4a:37:a0:ef:14:4d:11:3e:8d:3b:58:3a:
                    c3:76:a6:b7:71:cd:a0:57:1a:db:71:2c:ba:92:8d:
                    9d:e0:4e:23:1b:d3:50:0d:63:ca:b6:90:e5:fb:91:
                    a1:ae:93:63:05:4e:a1:1b:b7:87:12:0f:fb:b2:5a:
                    f4:31:f0:20:a1:8f:a2:3d:05:bd:a9:10:5e:fa:49:
                    16:13:66:87:c5:1b:29:5e:3b:b8:59:8d:7b:be:e4:
                    b0:0c:21:7f:37:c5:4d:2f:0a:c6:21:04:4f:fc:3f:
                    c3:83:e2:d7:d0:25:5d:3d:93:3a:5f:12:88:ce:08:
                    3a:33:91:10:67:11:3a:c5:2b:a6:e0:e5:d6:64:7b:
                    ac:df:51:1d:75:dc:7d:d1:99:a6:67:74:00:3f:b2:
                    fd:0f:8c:fe:44:d9:e9:80:b3:75:c4:4a:bf:a8:66:
                    88:69:fc:a3:a6:1d:09:a9:4f:f3:5d:94:d1:66:f5:
                    a2:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:A0:74:D0:12:61:D5:B2:F4:6B:3D:CA:03:A2:D9:4B:5B:A4:29:86
            X509v3 Authority Key Identifier:
                keyid:22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/ZqB00BJh1bL0az3KA6LZS1ukKYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.255.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         56:34:3a:ad:10:58:f5:e4:84:e4:d4:f3:db:82:a7:8a:b7:15:
         69:7d:ec:d7:aa:7a:11:60:d2:c8:15:72:7f:fd:33:7c:32:47:
         0b:85:fc:13:7f:57:9b:54:95:dd:87:a5:cb:77:a0:70:ce:31:
         16:6e:a3:8d:25:30:27:d6:64:bb:26:8c:03:be:07:74:e3:1c:
         5e:a0:a5:b2:21:d8:6c:37:02:f5:25:b2:28:73:a0:ce:a2:da:
         80:7c:6d:a4:a9:cb:7f:93:cb:c1:84:5c:ca:7c:06:ca:4c:09:
         66:27:cc:be:a7:3c:64:c7:e4:1a:1f:f3:fc:e9:94:a3:13:b3:
         f1:1f:33:b6:66:8f:5a:5b:8c:d3:65:d2:b9:6d:4d:32:09:08:
         94:f9:ff:7d:47:f3:52:cf:88:13:21:41:82:ea:90:f6:89:77:
         7b:5a:ca:b1:31:ee:e7:10:b0:15:0d:1f:d2:fb:ee:51:da:41:
         d0:e9:08:e0:52:22:7c:20:2b:f3:7d:3b:bb:eb:ab:9a:c8:18:
         93:fa:c6:f0:15:3e:96:3c:6b:1f:aa:ad:76:aa:b1:9d:8a:18:
         df:f1:20:6f:d0:13:23:ce:7a:e0:ca:ef:3e:d1:5a:07:bf:f4:
         a4:2e:e3:38:d7:a7:55:1a:04:92:13:5d:dc:a2:8b:34:70:57:
         ff:81:bf:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlTTsbF1l7MC3VgKrXyXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjJjMmU3YmMxZGE1NGQ5MTljYTViNTk0MWQzNzg4OTJi
MmNjYjIwHhcNMjQwMTAyMDAzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmEwNzRkMDEyNjFkNWIyZjQ2YjNkY2EwM2EyZDk0YjViYTQyOTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDW8+bmeIqJy6O/XT8Emuyme0+o2
S+Pq3u7yzpErh61+XAC5EPmd5OrMPyiuk/PjojORW3oS5TL3Z5q20axvxGnE57jM
IAjSesrQAN1KN6DvFE0RPo07WDrDdqa3cc2gVxrbcSy6ko2d4E4jG9NQDWPKtpDl
+5GhrpNjBU6hG7eHEg/7slr0MfAgoY+iPQW9qRBe+kkWE2aHxRspXju4WY17vuSw
DCF/N8VNLwrGIQRP/D/Dg+LX0CVdPZM6XxKIzgg6M5EQZxE6xSum4OXWZHus31Ed
ddx90ZmmZ3QAP7L9D4z+RNnpgLN1xEq/qGaIafyjph0JqU/zXZTRZvWiHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGagdNASYdWy9Gs9ygOi2UtbpCmGMB8GA1UdIwQY
MBaAFCLywue8HaVNkZyltZQdN4iSssyyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUt
MDJkZWY2ZTg0YzkxLzEvWnFCMDBCSmgxYkwwYXozS0E2TFpTMXVrS1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUtMDJkZWY2ZTg0Yzkx
LzEvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVf94MA0G
CSqGSIb3DQEBCwUAA4IBAQBWNDqtEFj15ITk1PPbgqeKtxVpfezXqnoRYNLIFXJ/
/TN8MkcLhfwTf1ebVJXdh6XLd6BwzjEWbqONJTAn1mS7JowDvgd04xxeoKWyIdhs
NwL1JbIoc6DOotqAfG2kqct/k8vBhFzKfAbKTAlmJ8y+pzxkx+QaH/P86ZSjE7Px
HzO2Zo9aW4zTZdK5bU0yCQiU+f99R/NSz4gTIUGC6pD2iXd7WsqxMe7nELAVDR/S
++5R2kHQ6QjgUiJ8ICvzfTu766uayBiT+sbwFT6WPGsfqq12qrGdihjf8SBv0BMj
znrgyu8+0VoHv/SkLuM416dVGgSSE13coos0cFf/gb8S
-----END CERTIFICATE-----