Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/61959a-e18b-4ab0-8caa-87d1de943552/1/Zmm_SLog8zR73-9VuIsr_nCCOXc.roa
File:                     Zmm_SLog8zR73-9VuIsr_nCCOXc.roa (raw, json)
Hash identifier:          atwKRHSDQkZyAT65reD4rHMHIhMVwjCPMAirNxKQ+H4=
Subject key identifier:   66:69:BF:48:BA:20:F3:34:7B:DF:EF:55:B8:8B:2B:FE:70:82:39:77
Certificate issuer:       /CN=e889cbbf69e3a67caa83b54debec2722e5536883
Certificate serial:       0192D934EB51EB700A47DC9BDDF7FFB1F245
Authority key identifier: E8:89:CB:BF:69:E3:A6:7C:AA:83:B5:4D:EB:EC:27:22:E5:53:68:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6InLv2njpnyqg7VN6-wnIuVTaIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/61959a-e18b-4ab0-8caa-87d1de943552/1/Zmm_SLog8zR73-9VuIsr_nCCOXc.roa
Signing time:             Tue 29 Oct 2024 16:56:16 +0000
ROA not before:           Tue 29 Oct 2024 16:56:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202468
IP address blocks:        185.74.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/61959a-e18b-4ab0-8caa-87d1de943552/1/6InLv2njpnyqg7VN6-wnIuVTaIM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/61959a-e18b-4ab0-8caa-87d1de943552/1/6InLv2njpnyqg7VN6-wnIuVTaIM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6InLv2njpnyqg7VN6-wnIuVTaIM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d9:34:eb:51:eb:70:0a:47:dc:9b:dd:f7:ff:b1:f2:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e889cbbf69e3a67caa83b54debec2722e5536883
        Validity
            Not Before: Oct 29 16:56:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6669bf48ba20f3347bdfef55b88b2bfe70823977
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:56:d0:39:12:58:f1:2d:4f:47:37:df:11:ac:
                    bc:b9:7f:2d:2c:29:d5:53:1b:0e:33:b5:87:2c:e5:
                    7d:5b:de:ab:0a:93:ab:16:e8:80:0b:34:a8:e5:a9:
                    c2:c2:3f:87:14:95:22:1e:57:a1:a2:61:ee:20:c0:
                    4c:1d:d8:68:d0:66:88:9d:0f:51:6a:4d:36:b2:89:
                    98:45:59:6a:1d:2c:46:b9:10:30:d9:06:b7:0e:77:
                    27:8a:3a:23:93:9e:d7:7f:54:44:16:ae:1a:b3:b6:
                    16:c6:65:54:bb:96:bf:a3:7c:f4:8a:0a:fe:6d:33:
                    a5:51:33:5c:d2:cc:2b:1c:85:02:51:4d:70:6a:b6:
                    66:6c:81:e8:e3:5c:70:ea:b1:8d:73:d9:f7:c2:1f:
                    65:b4:d7:13:95:f5:a0:8f:1d:cc:b5:3a:e4:33:af:
                    ad:60:4b:2b:cf:dd:81:aa:87:0a:a0:6d:41:77:c4:
                    72:24:70:ec:9a:24:c3:d1:e8:90:7d:84:a0:88:b9:
                    cc:6e:25:32:a4:0d:b9:ec:85:e4:f8:cc:9f:53:1a:
                    ae:ab:79:45:59:80:35:b6:48:84:d8:37:df:44:77:
                    b9:89:d2:73:55:04:5e:8f:69:bb:ed:eb:26:23:fc:
                    07:72:61:e3:e4:27:d1:9d:8d:ba:2c:fa:25:36:e6:
                    73:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:69:BF:48:BA:20:F3:34:7B:DF:EF:55:B8:8B:2B:FE:70:82:39:77
            X509v3 Authority Key Identifier:
                keyid:E8:89:CB:BF:69:E3:A6:7C:AA:83:B5:4D:EB:EC:27:22:E5:53:68:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6InLv2njpnyqg7VN6-wnIuVTaIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/61959a-e18b-4ab0-8caa-87d1de943552/1/Zmm_SLog8zR73-9VuIsr_nCCOXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/61959a-e18b-4ab0-8caa-87d1de943552/1/6InLv2njpnyqg7VN6-wnIuVTaIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:59:af:cb:6b:ee:a5:84:e8:d0:cb:77:34:72:2b:33:69:23:
         fa:12:eb:38:de:76:ae:ea:c7:31:a1:8f:ca:ac:2c:21:c7:95:
         b5:ac:93:a1:ba:af:39:f8:a3:68:56:30:f3:29:c8:14:25:89:
         b7:cd:25:46:b5:c0:ba:e2:d7:73:a7:05:6a:d7:51:34:f3:18:
         b0:0c:5c:51:15:ac:3d:68:03:da:48:53:54:e9:0b:4e:e7:f2:
         70:55:15:19:0d:9c:1d:f1:79:ca:24:3f:10:5c:bf:98:e6:6a:
         29:22:aa:73:0c:b5:71:0e:71:f2:15:25:4f:f8:bd:38:dc:f8:
         57:18:0d:56:02:a6:46:7e:46:d3:dd:20:be:79:f1:f7:b0:e0:
         45:f6:e1:70:bc:d5:70:d5:b2:4c:dc:f8:8c:29:e5:25:68:c8:
         3e:ba:cf:28:1d:e6:67:8d:70:40:31:2a:8f:51:4c:8c:1f:67:
         88:a4:be:78:55:c5:79:fd:a3:50:7d:b8:3e:0b:88:e3:94:59:
         40:e2:3f:d5:2d:f5:85:7b:ce:7e:b9:9b:1b:98:51:1e:d5:7a:
         f3:53:16:44:8d:33:d6:6c:d5:6f:37:c7:48:9d:3d:aa:12:8a:
         62:aa:0c:88:29:ca:db:e1:33:06:99:4f:66:f8:ec:db:4b:7b:
         42:00:cf:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLZNOtR63AKR9yb3ff/sfJFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4ODljYmJmNjllM2E2N2NhYTgzYjU0ZGViZWMyNzIyZTU1
MzY4ODMwHhcNMjQxMDI5MTY1NjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjY5YmY0OGJhMjBmMzM0N2JkZmVmNTViODhiMmJmZTcwODIzOTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4lbQORJY8S1PRzffEay8uX8tLCnV
UxsOM7WHLOV9W96rCpOrFuiACzSo5anCwj+HFJUiHlehomHuIMBMHdho0GaInQ9R
ak02somYRVlqHSxGuRAw2Qa3Dncnijojk57Xf1REFq4as7YWxmVUu5a/o3z0igr+
bTOlUTNc0swrHIUCUU1warZmbIHo41xw6rGNc9n3wh9ltNcTlfWgjx3MtTrkM6+t
YEsrz92BqocKoG1Bd8RyJHDsmiTD0eiQfYSgiLnMbiUypA257IXk+MyfUxquq3lF
WYA1tkiE2DffRHe5idJzVQRej2m77esmI/wHcmHj5CfRnY26LPolNuZzmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZpv0i6IPM0e9/vVbiLK/5wgjl3MB8GA1UdIwQY
MBaAFOiJy79p46Z8qoO1TevsJyLlU2iDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkluTHYybmpwbnlxZzdWTjYtd25JdVZUYUlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My82MTk1OWEtZTE4Yi00YWIwLThjYWEt
ODdkMWRlOTQzNTUyLzEvWm1tX1NMb2c4elI3My05VnVJc3JfbkNDT1hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My82MTk1OWEtZTE4Yi00YWIwLThjYWEtODdkMWRlOTQzNTUy
LzEvNkluTHYybmpwbnlxZzdWTjYtd25JdVZUYUlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUqlMA0G
CSqGSIb3DQEBCwUAA4IBAQAtWa/La+6lhOjQy3c0ciszaSP6Eus43nau6scxoY/K
rCwhx5W1rJOhuq85+KNoVjDzKcgUJYm3zSVGtcC64tdzpwVq11E08xiwDFxRFaw9
aAPaSFNU6QtO5/JwVRUZDZwd8XnKJD8QXL+Y5mopIqpzDLVxDnHyFSVP+L043PhX
GA1WAqZGfkbT3SC+efH3sOBF9uFwvNVw1bJM3PiMKeUlaMg+us8oHeZnjXBAMSqP
UUyMH2eIpL54VcV5/aNQfbg+C4jjlFlA4j/VLfWFe85+uZsbmFEe1XrzUxZEjTPW
bNVvN8dInT2qEopiqgyIKcrb4TMGmU9m+OzbS3tCAM8M
-----END CERTIFICATE-----