Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/Zbo58G9mKmdMCdnY0Gt0h8oH4WQ.roa
File:                     Zbo58G9mKmdMCdnY0Gt0h8oH4WQ.roa (raw, json)
Hash identifier:          80Ritc9Ka/JpikzYP/h2a9At4CQZFsz4lKCIezlse4I=
Subject key identifier:   65:BA:39:F0:6F:66:2A:67:4C:09:D9:D8:D0:6B:74:87:CA:07:E1:64
Certificate issuer:       /CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
Certificate serial:       018CC26D1AD6C149949D06DEE2453A2E5185
Authority key identifier: EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/Zbo58G9mKmdMCdnY0Gt0h8oH4WQ.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52016
IP address blocks:        2001:6d0:4001::/48 maxlen: 48
                          2001:6d0:4002::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1a:d6:c1:49:94:9d:06:de:e2:45:3a:2e:51:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef1c665b038692b93bdf5d1d8f3cea3e98697a03
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65ba39f06f662a674c09d9d8d06b7487ca07e164
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:5b:12:48:68:44:e4:6a:98:45:98:ea:9d:06:
                    bb:07:1b:f5:a5:22:97:19:82:26:7e:47:d5:55:a2:
                    7d:b0:29:41:d6:f2:63:68:70:07:e3:7f:9e:78:27:
                    39:6e:f0:7a:9f:53:f2:43:cc:aa:c5:05:2a:d4:10:
                    42:36:da:cf:a2:5f:f2:b3:8f:2d:f3:ad:1f:14:fb:
                    58:96:83:dc:06:ee:1d:84:2e:d0:fc:44:7a:be:b6:
                    b6:48:f8:2a:fa:bd:e3:00:84:ca:7c:32:fb:e0:98:
                    aa:92:d0:da:88:4c:a7:d6:e7:fc:8f:87:ab:29:f7:
                    27:2c:69:64:67:2e:8c:05:06:f9:15:f0:ad:ed:03:
                    72:7b:d3:c8:fd:87:21:77:1e:a6:86:a6:d0:17:ac:
                    e1:30:b2:91:f5:33:d0:d4:71:23:b4:10:16:21:f8:
                    5f:3e:de:b1:5f:4e:3e:92:2f:70:7e:12:22:8a:73:
                    9c:40:94:9b:79:1f:8a:59:2c:aa:bb:80:06:a1:73:
                    a4:30:ed:bf:00:5b:c3:6e:68:1e:11:6f:fc:6e:65:
                    5d:2e:70:56:af:d5:e5:bd:b3:33:58:00:35:23:3c:
                    ed:1d:70:a8:8f:b1:e2:05:20:97:53:a7:61:39:ca:
                    26:1e:ac:64:ad:ba:c9:f4:ca:92:9d:e3:39:6b:de:
                    2f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:BA:39:F0:6F:66:2A:67:4C:09:D9:D8:D0:6B:74:87:CA:07:E1:64
            X509v3 Authority Key Identifier:
                keyid:EF:1C:66:5B:03:86:92:B9:3B:DF:5D:1D:8F:3C:EA:3E:98:69:7A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7xxmWwOGkrk7310djzzqPphpegM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/Zbo58G9mKmdMCdnY0Gt0h8oH4WQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/2925a3-871b-4676-ae10-688d333ed9d5/1/7xxmWwOGkrk7310djzzqPphpegM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:6d0:4001::-2001:6d0:4002:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         63:de:46:ed:b8:47:6c:42:d2:57:7d:99:93:fe:bb:d1:99:88:
         2f:bb:6c:23:7d:8a:ec:91:fc:55:2f:c1:2a:0d:08:e8:71:6b:
         95:54:71:38:61:5e:f3:d3:2f:97:98:7c:1f:31:b2:63:51:17:
         58:18:63:39:42:8c:03:1d:e4:3e:8d:33:aa:31:30:78:70:7d:
         ec:06:0b:05:71:34:ee:71:8d:c5:17:dc:1c:a2:4b:d0:09:81:
         5c:b6:dc:11:83:f4:38:44:85:a0:45:f3:f0:b3:0f:dc:00:a6:
         4e:20:44:c4:c0:66:27:c6:18:85:f6:54:1e:df:b6:aa:6c:c4:
         3b:06:c3:05:94:75:23:c3:b7:3e:be:30:2a:b0:3a:64:fc:cb:
         ee:3b:e5:4c:e2:ec:d8:a0:59:d3:93:c1:85:9f:77:07:c0:aa:
         a2:43:dd:80:65:99:c4:d1:4d:f5:96:4b:f3:8c:f7:06:14:33:
         ed:f5:73:32:6f:c8:7f:75:4e:65:1b:6e:a8:b3:30:d1:6b:70:
         46:25:20:58:53:b1:34:57:bf:68:ff:92:8f:db:19:8b:3b:10:
         e0:09:12:dc:f2:09:a9:75:95:f7:7a:c8:15:2a:dc:9d:b6:7b:
         ee:3f:39:89:89:47:4a:91:0d:40:29:bd:fa:50:7a:f2:56:1f:
         d0:f9:6d:7f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzCbRrWwUmUnQbe4kU6LlGFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmMWM2NjViMDM4NjkyYjkzYmRmNWQxZDhmM2NlYTNlOTg2
OTdhMDMwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWJhMzlmMDZmNjYyYTY3NGMwOWQ5ZDhkMDZiNzQ4N2NhMDdlMTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllsSSGhE5GqYRZjqnQa7Bxv1pSKX
GYImfkfVVaJ9sClB1vJjaHAH43+eeCc5bvB6n1PyQ8yqxQUq1BBCNtrPol/ys48t
860fFPtYloPcBu4dhC7Q/ER6vra2SPgq+r3jAITKfDL74JiqktDaiEyn1uf8j4er
KfcnLGlkZy6MBQb5FfCt7QNye9PI/Ychdx6mhqbQF6zhMLKR9TPQ1HEjtBAWIfhf
Pt6xX04+ki9wfhIiinOcQJSbeR+KWSyqu4AGoXOkMO2/AFvDbmgeEW/8bmVdLnBW
r9XlvbMzWAA1IzztHXCoj7HiBSCXU6dhOcomHqxkrbrJ9MqSneM5a94vmwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGW6OfBvZipnTAnZ2NBrdIfKB+FkMB8GA1UdIwQY
MBaAFO8cZlsDhpK5O99dHY886j6YaXoDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAt
Njg4ZDMzM2VkOWQ1LzEvWmJvNThHOW1LbWRNQ2RuWTBHdDBoOG9INFdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC8yOTI1YTMtODcxYi00Njc2LWFlMTAtNjg4ZDMzM2VkOWQ1
LzEvN3h4bVd3T0drcms3MzEwZGp6enFQcGhwZWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAgAQbQ
QAEDBwAgAQbQQAIwDQYJKoZIhvcNAQELBQADggEBAGPeRu24R2xC0ld9mZP+u9GZ
iC+7bCN9iuyR/FUvwSoNCOhxa5VUcThhXvPTL5eYfB8xsmNRF1gYYzlCjAMd5D6N
M6oxMHhwfewGCwVxNO5xjcUX3ByiS9AJgVy23BGD9DhEhaBF8/CzD9wApk4gRMTA
ZifGGIX2VB7ftqpsxDsGwwWUdSPDtz6+MCqwOmT8y+475Uzi7NigWdOTwYWfdwfA
qqJD3YBlmcTRTfWWS/OM9wYUM+31czJvyH91TmUbbqizMNFrcEYlIFhTsTRXv2j/
ko/bGYs7EOAJEtzyCal1lfd6yBUq3J22e+4/OYmJR0qRDUApvfpQevJWH9D5bX8=
-----END CERTIFICATE-----