Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/Zdb3i__ReBUE17G6UPOUrNOZrVU.roa
File:                     Zdb3i__ReBUE17G6UPOUrNOZrVU.roa (raw, json)
Hash identifier:          aDq7l1//cBdS7k4hio2Xn3FgaWhJW9A3osBnLx6Wg8E=
Subject key identifier:   65:D6:F7:8B:FF:D1:78:15:04:D7:B1:BA:50:F3:94:AC:D3:99:AD:55
Certificate issuer:       /CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
Certificate serial:       018CC94CA19DF3C4CD1963C46962A26E5150
Authority key identifier: AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/Zdb3i__ReBUE17G6UPOUrNOZrVU.roa
Signing time:             Tue 02 Jan 2024 08:31:31 +0000
ROA not before:           Tue 02 Jan 2024 08:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207050
IP address blocks:        213.162.222.0/24 maxlen: 24
                          213.162.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:a1:9d:f3:c4:cd:19:63:c4:69:62:a2:6e:51:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab54fe831b6a719f42e6c8486fd03b550be761fb
        Validity
            Not Before: Jan  2 08:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65d6f78bffd1781504d7b1ba50f394acd399ad55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:62:3a:02:74:39:c1:86:e6:84:27:8a:59:b5:
                    30:c5:01:10:3d:e3:4a:5c:f7:ce:8d:e1:30:9d:69:
                    b4:ab:40:86:56:b0:b9:12:e4:76:68:70:d1:cb:89:
                    66:d4:da:98:6e:88:99:2d:7d:ea:2e:c6:d1:4b:cf:
                    d3:73:0a:e7:6c:7c:ae:ec:a1:70:af:26:88:cb:52:
                    55:e0:fc:83:88:f5:ff:88:e7:ab:f7:91:9c:d1:c1:
                    71:28:99:ec:e0:f9:61:1b:a6:5a:68:24:cc:cd:a0:
                    4a:a6:48:04:05:8d:d6:b8:d1:35:c0:15:9e:ee:69:
                    6c:63:01:74:b7:5e:1d:ac:74:ea:e1:61:d0:7f:d6:
                    24:f0:d8:fd:ee:51:be:4d:cc:58:d6:e0:91:55:f5:
                    c8:1d:19:21:c9:d1:33:dd:ad:0b:15:d9:6d:ae:31:
                    b4:16:8e:b5:77:42:35:61:ed:a6:d2:76:49:75:b7:
                    4a:e2:14:a0:0a:66:9f:79:fb:c1:63:ea:e2:93:01:
                    b4:b3:69:b1:72:b3:c4:5a:d6:3d:8f:95:0d:0f:99:
                    ac:3d:10:a4:0b:0a:6f:9f:48:db:49:d3:e0:39:74:
                    3e:51:76:18:56:13:d0:ed:69:45:3e:95:98:74:d1:
                    b7:a1:55:f3:35:5d:bc:f4:b3:1e:d9:45:b6:32:33:
                    a6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:D6:F7:8B:FF:D1:78:15:04:D7:B1:BA:50:F3:94:AC:D3:99:AD:55
            X509v3 Authority Key Identifier:
                keyid:AB:54:FE:83:1B:6A:71:9F:42:E6:C8:48:6F:D0:3B:55:0B:E7:61:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q1T-gxtqcZ9C5shIb9A7VQvnYfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/Zdb3i__ReBUE17G6UPOUrNOZrVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5eaaa7-3107-4268-aad6-6fd9789205ba/1/q1T-gxtqcZ9C5shIb9A7VQvnYfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.162.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:39:9f:04:30:52:31:26:3b:4b:a2:19:92:a7:3b:75:22:b0:
         72:ca:ea:28:d1:7b:4a:e2:fa:41:9c:76:9e:ca:e8:2e:25:a0:
         58:50:7f:a0:00:67:e5:65:88:a7:28:e1:54:36:82:a1:77:0b:
         a6:39:6e:77:09:39:55:f1:e9:ed:56:5e:14:58:ed:39:58:1c:
         1f:bb:3e:83:ba:99:b4:37:5f:14:8b:5d:f5:20:94:b1:d4:d4:
         47:a6:75:62:7a:c8:cc:2e:7c:c0:ec:d8:3a:c5:3d:66:2b:db:
         18:e5:b1:b2:d6:5f:1a:34:78:7a:c7:df:7e:26:be:4c:d5:66:
         5f:c2:46:ba:37:62:c9:cd:dc:91:72:35:ff:52:8d:d0:f7:e4:
         0a:e2:7c:91:c5:94:78:46:c0:69:91:f8:ae:ad:cc:37:3b:36:
         b4:aa:db:c2:6e:7c:aa:4d:29:dd:2c:26:66:8c:48:da:99:0e:
         3a:bd:0b:cf:c5:f4:b1:3e:14:96:fc:67:1a:26:5d:27:d3:ad:
         97:30:b6:1c:3c:cc:83:bb:13:8e:c3:b9:c0:52:48:95:95:7f:
         d8:f9:87:fd:59:10:62:66:dc:2d:5b:c3:7e:39:0f:ca:0d:71:
         84:80:5d:0d:64:5f:2e:ca:19:ed:ad:74:10:7b:52:48:ae:e2:
         a2:87:cd:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTKGd88TNGWPEaWKiblFQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNTRmZTgzMWI2YTcxOWY0MmU2Yzg0ODZmZDAzYjU1MGJl
NzYxZmIwHhcNMjQwMTAyMDgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWQ2Zjc4YmZmZDE3ODE1MDRkN2IxYmE1MGYzOTRhY2QzOTlhZDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmI6AnQ5wYbmhCeKWbUwxQEQPeNK
XPfOjeEwnWm0q0CGVrC5EuR2aHDRy4lm1NqYboiZLX3qLsbRS8/TcwrnbHyu7KFw
ryaIy1JV4PyDiPX/iOer95Gc0cFxKJns4PlhG6ZaaCTMzaBKpkgEBY3WuNE1wBWe
7mlsYwF0t14drHTq4WHQf9Yk8Nj97lG+TcxY1uCRVfXIHRkhydEz3a0LFdltrjG0
Fo61d0I1Ye2m0nZJdbdK4hSgCmafefvBY+rikwG0s2mxcrPEWtY9j5UND5msPRCk
Cwpvn0jbSdPgOXQ+UXYYVhPQ7WlFPpWYdNG3oVXzNV289LMe2UW2MjOmsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXW94v/0XgVBNexulDzlKzTma1VMB8GA1UdIwQY
MBaAFKtU/oMbanGfQubISG/QO1UL52H7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYt
NmZkOTc4OTIwNWJhLzEvWmRiM2lfX1JlQlVFMTdHNlVQT1VyTk9aclZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81ZWFhYTctMzEwNy00MjY4LWFhZDYtNmZkOTc4OTIwNWJh
LzEvcTFULWd4dHFjWjlDNXNoSWI5QTdWUXZuWWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1aLeMA0G
CSqGSIb3DQEBCwUAA4IBAQCmOZ8EMFIxJjtLohmSpzt1IrByyuoo0XtK4vpBnHae
yuguJaBYUH+gAGflZYinKOFUNoKhdwumOW53CTlV8entVl4UWO05WBwfuz6Dupm0
N18Ui131IJSx1NRHpnViesjMLnzA7Ng6xT1mK9sY5bGy1l8aNHh6x99+Jr5M1WZf
wka6N2LJzdyRcjX/Uo3Q9+QK4nyRxZR4RsBpkfiurcw3Oza0qtvCbnyqTSndLCZm
jEjamQ46vQvPxfSxPhSW/GcaJl0n062XMLYcPMyDuxOOw7nAUkiVlX/Y+Yf9WRBi
ZtwtW8N+OQ/KDXGEgF0NZF8uyhntrXQQe1JIruKih81p
-----END CERTIFICATE-----