Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZRLRlNx5jzM9A3XbyiB-8iL6TNg.roa
File:                     ZRLRlNx5jzM9A3XbyiB-8iL6TNg.roa (raw, json)
Hash identifier:          WRSLBZSG7WVMNW4xeXBXCsiFh1aN7CbWd0PK9WWl7gE=
Subject key identifier:   65:12:D1:94:DC:79:8F:33:3D:03:75:DB:CA:20:7E:F2:22:FA:4C:D8
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018F57C36F6CE0388CB7565BE0907417BDB3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZRLRlNx5jzM9A3XbyiB-8iL6TNg.roa
Signing time:             Wed 08 May 2024 10:32:56 +0000
ROA not before:           Wed 08 May 2024 10:32:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151872
IP address blocks:        109.176.22.0/24 maxlen: 24
                          194.105.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:57:c3:6f:6c:e0:38:8c:b7:56:5b:e0:90:74:17:bd:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: May  8 10:32:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6512d194dc798f333d0375dbca207ef222fa4cd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:86:c5:5f:5c:c3:d8:1a:84:81:ec:c7:e4:5b:
                    0a:2f:01:6c:aa:c1:c7:5e:a4:92:c1:23:77:e5:3d:
                    22:42:93:94:0d:bc:8d:60:d3:dd:3d:21:1b:6b:05:
                    e1:0b:b4:50:7d:c6:f5:2f:99:85:72:66:af:d4:1a:
                    ee:7c:35:c6:49:dc:e8:db:28:70:df:91:af:8b:a0:
                    a7:70:ca:e6:c0:86:ef:57:66:99:d1:81:38:7b:8a:
                    89:58:dc:f0:b1:48:94:3e:a5:cc:9f:db:2e:83:3a:
                    47:39:bc:fb:ed:4e:c1:ed:8d:79:15:ea:ac:d5:6e:
                    e3:81:33:8d:22:81:d8:45:e1:32:6b:f7:fc:91:59:
                    2c:d6:25:f7:c1:6e:0b:a1:77:d2:db:ed:1d:23:7b:
                    f1:2f:e4:3f:32:d7:81:a0:b5:3b:9d:39:ff:46:07:
                    f3:c6:58:f6:0c:c8:33:09:76:4e:c2:09:96:04:76:
                    9c:fa:51:4e:17:fd:ec:8c:2c:9c:c1:4b:47:84:20:
                    36:cb:ce:5f:2c:ed:7e:65:d0:b6:2c:cc:57:16:15:
                    98:d0:f4:5c:e6:23:24:ba:98:cc:8b:b8:6a:19:dc:
                    90:f1:e0:70:e2:aa:eb:57:16:37:0f:c3:f7:fe:6c:
                    2f:5b:89:6b:35:de:33:b8:ba:b6:ff:ad:d9:0d:12:
                    df:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:12:D1:94:DC:79:8F:33:3D:03:75:DB:CA:20:7E:F2:22:FA:4C:D8
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ZRLRlNx5jzM9A3XbyiB-8iL6TNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.22.0/24
                  194.105.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:7d:4c:1e:8f:e4:6d:fa:17:b0:1b:23:59:ae:27:c4:ca:9d:
         7d:86:de:88:c3:0e:06:bd:21:ac:df:81:d1:bb:1e:3f:71:6d:
         7f:a1:0d:90:eb:57:7c:c7:65:63:ca:d9:ba:ac:93:9c:b4:63:
         69:0d:e7:74:99:37:71:c6:48:57:7d:f6:76:e4:c6:ba:c9:e6:
         e9:a0:0f:13:06:bb:40:c2:82:f8:84:cc:f5:ec:6e:e2:98:0d:
         69:02:47:c0:a0:8d:9c:70:f4:48:87:20:69:b4:5f:f1:f7:cf:
         4b:d8:59:b1:72:2b:1e:81:a8:e3:dd:67:a8:15:11:d7:ea:d8:
         2d:66:da:09:a8:16:c6:89:e4:db:2e:f5:5b:47:94:f6:8d:db:
         f3:d4:c1:9c:1e:50:0c:19:66:b3:fd:df:30:f3:d4:a2:76:df:
         f0:4c:cf:a5:d2:0b:5c:60:48:d8:7a:ca:c2:7c:14:fa:f9:60:
         27:fa:f6:79:e4:60:2a:2e:58:62:87:61:74:ba:64:9c:11:58:
         23:c0:9a:8e:0f:bd:6d:a6:b2:1d:02:97:a2:92:32:d0:0e:77:
         77:8e:c3:7f:a8:f4:10:07:f8:bc:4e:44:6c:ea:aa:a0:46:3e:
         80:71:73:c1:b1:ed:88:28:db:b7:4e:d0:36:62:1b:78:60:23:
         84:3f:cb:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9Xw29s4DiMt1Zb4JB0F72zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTA4MTAzMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTEyZDE5NGRjNzk4ZjMzM2QwMzc1ZGJjYTIwN2VmMjIyZmE0Y2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYbFX1zD2BqEgezH5FsKLwFsqsHH
XqSSwSN35T0iQpOUDbyNYNPdPSEbawXhC7RQfcb1L5mFcmav1BrufDXGSdzo2yhw
35Gvi6CncMrmwIbvV2aZ0YE4e4qJWNzwsUiUPqXMn9sugzpHObz77U7B7Y15Feqs
1W7jgTONIoHYReEya/f8kVks1iX3wW4LoXfS2+0dI3vxL+Q/MteBoLU7nTn/Rgfz
xlj2DMgzCXZOwgmWBHac+lFOF/3sjCycwUtHhCA2y85fLO1+ZdC2LMxXFhWY0PRc
5iMkupjMi7hqGdyQ8eBw4qrrVxY3D8P3/mwvW4lrNd4zuLq2/63ZDRLfbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGUS0ZTceY8zPQN128ogfvIi+kzYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWlJMUmxOeDVqek05QTNYYnlpQi04aUw2VE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbbAWAwQA
wmlYMA0GCSqGSIb3DQEBCwUAA4IBAQB6fUwej+Rt+hewGyNZrifEyp19ht6Iww4G
vSGs34HRux4/cW1/oQ2Q61d8x2Vjytm6rJOctGNpDed0mTdxxkhXffZ25Ma6yebp
oA8TBrtAwoL4hMz17G7imA1pAkfAoI2ccPRIhyBptF/x989L2Fmxcisegajj3Weo
FRHX6tgtZtoJqBbGieTbLvVbR5T2jdvz1MGcHlAMGWaz/d8w89Sidt/wTM+l0gtc
YEjYesrCfBT6+WAn+vZ55GAqLlhih2F0umScEVgjwJqOD71tprIdApeikjLQDnd3
jsN/qPQQB/i8TkRs6qqgRj6AcXPBse2IKNu3TtA2Yht4YCOEP8vk
-----END CERTIFICATE-----