Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/z2h_xUv7X21EFJQzGT0DMqCj_uU.roa
File:                     z2h_xUv7X21EFJQzGT0DMqCj_uU.roa (raw, json)
Hash identifier:          YUceNqk64qXqqPLBTgGrmC/ofdYXeVJvNuH+WVg9QmI=
Subject key identifier:   CF:68:7F:C5:4B:FB:5F:6D:44:14:94:33:19:3D:03:32:A0:A3:FE:E5
Certificate issuer:       /CN=0246e8a76d30c7c0495bc5ce8ee5110feab286e6
Certificate serial:       018CC348C5D188BDD49C44B795D4B1ABF816
Authority key identifier: 02:46:E8:A7:6D:30:C7:C0:49:5B:C5:CE:8E:E5:11:0F:EA:B2:86:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Akbop20wx8BJW8XOjuURD-qyhuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/z2h_xUv7X21EFJQzGT0DMqCj_uU.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49937
IP address blocks:        193.31.214.0/24 maxlen: 24
                          193.31.215.0/24 maxlen: 24
                          185.28.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/Akbop20wx8BJW8XOjuURD-qyhuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/Akbop20wx8BJW8XOjuURD-qyhuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Akbop20wx8BJW8XOjuURD-qyhuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c5:d1:88:bd:d4:9c:44:b7:95:d4:b1:ab:f8:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0246e8a76d30c7c0495bc5ce8ee5110feab286e6
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf687fc54bfb5f6d44149433193d0332a0a3fee5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:16:12:88:05:34:0c:90:25:13:0a:bc:79:88:
                    f8:15:06:b4:31:11:6c:f1:0a:c7:46:e6:5b:8c:56:
                    f5:5a:91:28:f3:53:1f:69:9e:b8:84:75:5b:64:c9:
                    cc:3e:85:96:d3:6e:73:28:35:60:f0:b0:08:e9:7b:
                    f9:22:1c:e4:e5:f0:2a:fd:b4:12:0c:37:8c:66:73:
                    18:04:63:e5:dd:ed:05:e4:de:1e:7d:c8:20:42:0d:
                    32:58:0c:56:d0:0e:6b:68:a4:3f:9c:5b:ee:c7:1a:
                    86:8f:8b:92:88:0f:fd:ad:00:1b:7d:97:5e:d5:3b:
                    0b:5c:a5:fa:e0:52:a3:b2:2d:93:f3:3f:82:94:ef:
                    62:59:c7:76:da:a8:ae:a4:b8:8f:ba:0f:8b:77:32:
                    66:d3:4f:89:00:42:1b:37:52:a9:84:e4:f7:7c:f7:
                    46:c9:2e:d3:bc:11:56:e2:6b:3e:86:21:90:0c:25:
                    46:fc:77:0f:de:34:d5:3a:c6:9e:61:ce:fa:d9:97:
                    ca:df:ba:1a:24:db:ac:1c:86:79:c0:e9:7b:f5:a8:
                    cb:bf:8c:f1:bb:61:ee:f5:88:0c:b8:14:b7:17:f6:
                    54:98:a3:44:5f:a9:b5:a2:c1:f9:1e:3d:b7:97:a9:
                    78:6f:b8:1c:ef:ac:47:5f:1c:5d:91:1a:81:82:59:
                    2a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:68:7F:C5:4B:FB:5F:6D:44:14:94:33:19:3D:03:32:A0:A3:FE:E5
            X509v3 Authority Key Identifier:
                keyid:02:46:E8:A7:6D:30:C7:C0:49:5B:C5:CE:8E:E5:11:0F:EA:B2:86:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Akbop20wx8BJW8XOjuURD-qyhuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/z2h_xUv7X21EFJQzGT0DMqCj_uU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/c0a576-a220-4de0-aac1-7b96a9997718/1/Akbop20wx8BJW8XOjuURD-qyhuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.72.0/24
                  193.31.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:ed:3f:6d:49:60:07:0e:9d:dd:b0:3d:c1:08:d2:dc:30:a4:
         4f:20:66:7c:5a:2c:86:b4:1d:d3:2a:dc:51:8c:05:cc:8f:83:
         ef:71:51:01:fe:db:00:80:1a:a9:5f:a7:92:e5:22:27:b7:f6:
         1f:39:0b:3f:b7:6f:c9:e0:5b:67:dc:05:77:7c:c8:a4:5b:e5:
         27:e8:82:13:0a:3f:2d:f8:1d:0e:f8:07:c6:30:d7:71:bf:0b:
         67:7d:e7:c6:de:a7:7a:e6:75:01:16:5b:11:76:70:b7:83:f9:
         9c:91:ae:00:e3:e1:c5:28:64:43:01:7c:3b:ef:23:a3:43:9e:
         d9:9e:2a:20:ac:0a:ca:dc:f8:1b:8c:d5:9e:7e:6a:7f:1a:22:
         c9:99:66:1b:88:7b:ff:50:9a:22:3b:50:6c:41:a5:a5:a0:d2:
         6a:81:c0:ed:bd:d6:39:eb:47:8e:17:be:3f:77:bb:0a:8e:8e:
         35:77:8a:59:a0:34:c8:a5:bd:3e:58:a8:9e:75:90:f5:23:fe:
         06:b4:ab:ea:cc:04:2f:b1:7b:6b:5c:08:82:d7:af:8d:6f:12:
         00:37:ca:87:40:11:f3:af:85:ab:c9:a1:60:6d:7f:f0:44:80:
         d3:1e:9c:e7:aa:80:53:b5:1e:42:1e:66:39:2d:84:1e:76:a3:
         28:4c:b3:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSMXRiL3UnES3ldSxq/gWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNDZlOGE3NmQzMGM3YzA0OTViYzVjZThlZTUxMTBmZWFi
Mjg2ZTYwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjY4N2ZjNTRiZmI1ZjZkNDQxNDk0MzMxOTNkMDMzMmEwYTNmZWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxYSiAU0DJAlEwq8eYj4FQa0MRFs
8QrHRuZbjFb1WpEo81MfaZ64hHVbZMnMPoWW025zKDVg8LAI6Xv5Ihzk5fAq/bQS
DDeMZnMYBGPl3e0F5N4efcggQg0yWAxW0A5raKQ/nFvuxxqGj4uSiA/9rQAbfZde
1TsLXKX64FKjsi2T8z+ClO9iWcd22qiupLiPug+LdzJm00+JAEIbN1KphOT3fPdG
yS7TvBFW4ms+hiGQDCVG/HcP3jTVOsaeYc762ZfK37oaJNusHIZ5wOl79ajLv4zx
u2Hu9YgMuBS3F/ZUmKNEX6m1osH5Hj23l6l4b7gc76xHXxxdkRqBglkqrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM9of8VL+19tRBSUMxk9AzKgo/7lMB8GA1UdIwQY
MBaAFAJG6KdtMMfASVvFzo7lEQ/qsobmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWtib3AyMHd4OEJKVzhYT2p1VVJELXF5aHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jMGE1NzYtYTIyMC00ZGUwLWFhYzEt
N2I5NmE5OTk3NzE4LzEvejJoX3hVdjdYMjFFRkpRekdUMERNcUNqX3VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9jMGE1NzYtYTIyMC00ZGUwLWFhYzEtN2I5NmE5OTk3NzE4
LzEvQWtib3AyMHd4OEJKVzhYT2p1VVJELXF5aHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRxIAwQB
wR/WMA0GCSqGSIb3DQEBCwUAA4IBAQAz7T9tSWAHDp3dsD3BCNLcMKRPIGZ8WiyG
tB3TKtxRjAXMj4PvcVEB/tsAgBqpX6eS5SInt/YfOQs/t2/J4Ftn3AV3fMikW+Un
6IITCj8t+B0O+AfGMNdxvwtnfefG3qd65nUBFlsRdnC3g/mcka4A4+HFKGRDAXw7
7yOjQ57ZniogrArK3PgbjNWefmp/GiLJmWYbiHv/UJoiO1BsQaWloNJqgcDtvdY5
60eOF74/d7sKjo41d4pZoDTIpb0+WKiedZD1I/4GtKvqzAQvsXtrXAiC16+NbxIA
N8qHQBHzr4WryaFgbX/wRIDTHpznqoBTtR5CHmY5LYQedqMoTLM7
-----END CERTIFICATE-----