Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/37aedf-5bc0-40d5-84cc-00b0137f29ff/1/zPeth8kr-6sq0cvod7M8JqkXh4E.roa
File:                     zPeth8kr-6sq0cvod7M8JqkXh4E.roa (raw, json)
Hash identifier:          FRt03JJvJvJT7oigfkRucxUNcwt/8YQ440/MEF3u7/c=
Subject key identifier:   CC:F7:AD:87:C9:2B:FB:AB:2A:D1:CB:E8:77:B3:3C:26:A9:17:87:81
Certificate issuer:       /CN=1a7d610942d4d9f96d5731b9538fd4c78ba0f20d
Certificate serial:       018CC5004175D9C0CE07177B3ED04D0D4A67
Authority key identifier: 1A:7D:61:09:42:D4:D9:F9:6D:57:31:B9:53:8F:D4:C7:8B:A0:F2:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn1hCULU2fltVzG5U4_Ux4ug8g0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/37aedf-5bc0-40d5-84cc-00b0137f29ff/1/zPeth8kr-6sq0cvod7M8JqkXh4E.roa
Signing time:             Mon 01 Jan 2024 12:29:37 +0000
ROA not before:           Mon 01 Jan 2024 12:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203520
IP address blocks:        185.16.196.0/22 maxlen: 24
                          2a03:dfc0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/37aedf-5bc0-40d5-84cc-00b0137f29ff/1/Gn1hCULU2fltVzG5U4_Ux4ug8g0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/37aedf-5bc0-40d5-84cc-00b0137f29ff/1/Gn1hCULU2fltVzG5U4_Ux4ug8g0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn1hCULU2fltVzG5U4_Ux4ug8g0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:41:75:d9:c0:ce:07:17:7b:3e:d0:4d:0d:4a:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7d610942d4d9f96d5731b9538fd4c78ba0f20d
        Validity
            Not Before: Jan  1 12:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccf7ad87c92bfbab2ad1cbe877b33c26a9178781
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:47:18:2c:a3:5a:19:2f:54:19:4a:7a:ed:3c:
                    30:cd:0e:73:20:9b:a9:51:5b:6e:f5:b0:d1:c9:27:
                    d3:4e:d7:c6:24:dc:2c:28:03:41:88:5b:be:a3:be:
                    07:5a:3c:7c:1f:a3:81:a4:ff:62:ea:95:70:93:48:
                    cd:1a:30:93:e5:f3:52:b0:e6:2e:59:a2:fe:c4:94:
                    42:d6:48:31:f9:60:5a:ca:d7:c9:9f:32:06:58:8e:
                    ea:65:fc:b4:81:47:77:9e:d8:ba:34:ae:46:ff:69:
                    f5:40:f7:68:b8:06:fd:9d:0f:e6:d2:ba:6f:1b:b9:
                    6f:ac:65:5c:ed:61:c6:95:f9:18:12:b0:88:47:96:
                    fc:40:7f:3e:b1:68:02:75:c9:e0:d4:6d:0a:71:78:
                    c4:80:01:0f:db:d7:6c:91:86:fd:66:bd:8c:5d:91:
                    7c:11:7e:c0:5f:6c:3e:56:0d:c0:73:98:51:91:c4:
                    e3:0a:be:98:91:e5:91:f6:ea:66:23:f6:b2:f2:f6:
                    cb:7b:99:40:5c:58:12:70:b6:93:40:52:dd:08:90:
                    49:25:95:df:23:93:eb:d0:a0:e2:4f:06:c7:dd:d2:
                    54:5e:32:93:80:af:eb:85:a1:eb:5f:22:fd:c3:12:
                    d4:e5:52:74:b6:6d:f3:44:dc:12:ce:26:5a:1a:f0:
                    7f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:F7:AD:87:C9:2B:FB:AB:2A:D1:CB:E8:77:B3:3C:26:A9:17:87:81
            X509v3 Authority Key Identifier:
                keyid:1A:7D:61:09:42:D4:D9:F9:6D:57:31:B9:53:8F:D4:C7:8B:A0:F2:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn1hCULU2fltVzG5U4_Ux4ug8g0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/37aedf-5bc0-40d5-84cc-00b0137f29ff/1/zPeth8kr-6sq0cvod7M8JqkXh4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/37aedf-5bc0-40d5-84cc-00b0137f29ff/1/Gn1hCULU2fltVzG5U4_Ux4ug8g0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.196.0/22
                IPv6:
                  2a03:dfc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         04:34:1f:e7:97:f3:e3:3b:68:ae:8c:ef:f6:e1:3e:38:ff:53:
         33:0f:92:df:94:e6:60:53:68:d7:55:c4:a5:fe:24:a3:37:31:
         b0:87:39:39:45:80:0a:35:ce:96:19:3d:83:f2:e3:c1:0c:5f:
         bf:8f:a5:b0:84:7f:97:12:4b:8c:c2:f4:18:55:e4:fe:3e:d4:
         7d:15:8a:2b:a4:df:a4:8f:46:3a:73:d8:df:cd:1c:b0:57:7b:
         3e:d3:00:86:c1:e3:7b:ac:12:43:25:7f:09:60:98:db:5d:41:
         01:b8:07:e7:00:cd:19:60:3d:82:6c:79:48:b7:3a:bb:be:7c:
         60:ea:e8:13:dd:d5:bc:e2:07:df:cd:ba:f2:1e:45:ed:95:c9:
         eb:b5:2f:4a:35:7e:1b:b2:f8:49:5d:1a:a2:e2:28:17:76:2a:
         8c:36:3d:84:6b:42:00:6c:67:de:fc:84:ac:c2:28:9f:c3:41:
         71:d2:9c:03:cb:55:e1:a5:a7:43:ba:7a:8c:1f:1b:0c:d2:64:
         9c:05:08:e9:64:8a:28:ab:05:ae:0b:22:10:69:ff:06:23:60:
         1e:23:24:19:4d:43:83:fb:91:d3:d8:46:cc:a9:39:49:7a:e1:
         04:e2:ff:c5:ca:e0:92:e1:6e:58:75:99:99:ae:07:3f:3e:07:
         8b:85:e0:32
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAEF12cDOBxd7PtBNDUpnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2Q2MTA5NDJkNGQ5Zjk2ZDU3MzFiOTUzOGZkNGM3OGJh
MGYyMGQwHhcNMjQwMTAxMTIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2Y3YWQ4N2M5MmJmYmFiMmFkMWNiZTg3N2IzM2MyNmE5MTc4NzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUcYLKNaGS9UGUp67TwwzQ5zIJup
UVtu9bDRySfTTtfGJNwsKANBiFu+o74HWjx8H6OBpP9i6pVwk0jNGjCT5fNSsOYu
WaL+xJRC1kgx+WBaytfJnzIGWI7qZfy0gUd3nti6NK5G/2n1QPdouAb9nQ/m0rpv
G7lvrGVc7WHGlfkYErCIR5b8QH8+sWgCdcng1G0KcXjEgAEP29dskYb9Zr2MXZF8
EX7AX2w+Vg3Ac5hRkcTjCr6YkeWR9upmI/ay8vbLe5lAXFgScLaTQFLdCJBJJZXf
I5Pr0KDiTwbH3dJUXjKTgK/rhaHrXyL9wxLU5VJ0tm3zRNwSziZaGvB/AQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMz3rYfJK/urKtHL6HezPCapF4eBMB8GA1UdIwQY
MBaAFBp9YQlC1Nn5bVcxuVOP1MeLoPINMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR24xaENVTFUyZmx0VnpHNVU0X1V4NHVnOGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zN2FlZGYtNWJjMC00MGQ1LTg0Y2Mt
MDBiMDEzN2YyOWZmLzEvelBldGg4a3ItNnNxMGN2b2Q3TThKcWtYaDRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zN2FlZGYtNWJjMC00MGQ1LTg0Y2MtMDBiMDEzN2YyOWZm
LzEvR24xaENVTFUyZmx0VnpHNVU0X1V4NHVnOGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRDEMA0E
AgACMAcDBQAqA9/AMA0GCSqGSIb3DQEBCwUAA4IBAQAENB/nl/PjO2iujO/24T44
/1MzD5LflOZgU2jXVcSl/iSjNzGwhzk5RYAKNc6WGT2D8uPBDF+/j6WwhH+XEkuM
wvQYVeT+PtR9FYorpN+kj0Y6c9jfzRywV3s+0wCGweN7rBJDJX8JYJjbXUEBuAfn
AM0ZYD2CbHlItzq7vnxg6ugT3dW84gffzbryHkXtlcnrtS9KNX4bsvhJXRqi4igX
diqMNj2Ea0IAbGfe/ISswiifw0Fx0pwDy1XhpadDunqMHxsM0mScBQjpZIooqwWu
CyIQaf8GI2AeIyQZTUOD+5HT2EbMqTlJeuEE4v/FyuCS4W5YdZmZrgc/PgeLheAy
-----END CERTIFICATE-----