Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/ZC5bLqsmhv3DEYXUHSJYDKTgTys.roa
File:                     ZC5bLqsmhv3DEYXUHSJYDKTgTys.roa (raw, json)
Hash identifier:          w7HA9rpTe/301uSxzInnuHaBqWEagOPkYOP+S9YHUbo=
Subject key identifier:   64:2E:5B:2E:AB:26:86:FD:C3:11:85:D4:1D:22:58:0C:A4:E0:4F:2B
Certificate issuer:       /CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
Certificate serial:       018CC72588A5B89DC9990D9FA5E760F8A826
Authority key identifier: 48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/ZC5bLqsmhv3DEYXUHSJYDKTgTys.roa
Signing time:             Mon 01 Jan 2024 22:29:34 +0000
ROA not before:           Mon 01 Jan 2024 22:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12859
IP address blocks:        195.8.208.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:88:a5:b8:9d:c9:99:0d:9f:a5:e7:60:f8:a8:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=488c65dc359b58ca6ba5d3daeb874f058684e8c6
        Validity
            Not Before: Jan  1 22:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=642e5b2eab2686fdc31185d41d22580ca4e04f2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:89:65:b7:ab:39:8d:af:d8:4f:9f:e8:c5:db:
                    b7:3c:c1:8e:9e:ea:6f:5d:c9:cc:cf:e1:8e:b1:04:
                    99:9e:26:33:2e:0a:67:90:d5:9b:2e:51:30:fb:eb:
                    e0:18:3b:7d:19:f6:8d:89:70:3c:a4:63:3f:6b:e2:
                    21:85:09:c6:be:ec:e1:9c:8d:c5:1e:6e:8c:f3:f5:
                    b4:78:4f:ed:74:19:1b:79:ac:6a:1c:5b:3e:c1:15:
                    ac:ee:a5:64:13:6a:73:6b:c6:7f:fd:a3:6b:0b:6f:
                    ce:29:c1:b6:48:10:f2:fa:1e:c6:40:e0:5f:4d:66:
                    72:ed:33:de:a3:06:ce:8a:da:27:a2:66:51:7b:84:
                    5e:50:f0:29:5f:eb:67:44:6c:35:22:d5:d0:76:b8:
                    45:21:23:b2:a3:ea:25:ab:96:9a:77:cf:64:17:19:
                    ab:b2:06:ec:d0:de:8e:77:07:e6:be:4b:e8:3d:27:
                    a5:e7:d3:51:cf:77:0e:45:d0:b7:e7:84:bd:4e:32:
                    8b:65:c0:a4:51:a7:6c:eb:c2:4f:2d:86:86:ca:ef:
                    3b:39:b2:74:7c:b2:2d:f3:75:3b:43:29:8b:11:ce:
                    fa:6a:18:52:d6:78:89:af:ea:ac:3d:6d:d0:91:6e:
                    cb:96:ad:f0:ae:de:af:a5:cf:1a:28:99:aa:ec:e9:
                    b6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:2E:5B:2E:AB:26:86:FD:C3:11:85:D4:1D:22:58:0C:A4:E0:4F:2B
            X509v3 Authority Key Identifier:
                keyid:48:8C:65:DC:35:9B:58:CA:6B:A5:D3:DA:EB:87:4F:05:86:84:E8:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SIxl3DWbWMprpdPa64dPBYaE6MY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/ZC5bLqsmhv3DEYXUHSJYDKTgTys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c48271-dee5-4841-a7dd-b0d72e910efe/1/SIxl3DWbWMprpdPa64dPBYaE6MY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:4d:ea:80:73:54:76:de:4d:21:60:53:d3:12:c2:09:3a:26:
         d8:97:bd:1d:3a:6d:83:81:f0:2d:f3:33:0f:51:2d:29:2f:5c:
         8a:d8:a5:53:f1:be:ec:14:8c:0b:af:e1:26:1f:fc:43:cb:9f:
         1d:b1:80:84:d8:57:dc:46:fb:81:07:71:51:da:59:20:2d:24:
         98:eb:cb:4e:4c:4b:77:74:91:b7:b1:37:37:4b:97:2f:c8:77:
         f9:5f:fe:e2:85:30:85:01:43:2b:88:5e:eb:d2:4a:5f:2a:5f:
         3a:24:e7:6d:46:93:0f:d3:2c:73:51:75:88:17:88:b4:d7:61:
         83:c3:3c:71:68:ce:83:8a:77:7d:49:7e:e0:05:77:23:c9:41:
         a3:97:41:4a:b8:32:28:1b:35:89:19:89:cc:7a:5f:d6:1b:b9:
         3e:3a:14:ad:4b:cb:49:09:aa:aa:6a:74:04:d7:14:be:fa:9b:
         fa:16:1a:3e:7c:e9:ba:94:0e:c5:eb:5a:81:c4:af:ea:60:b5:
         1f:1e:b0:4f:7d:1d:c5:80:0d:93:96:41:e3:49:97:ca:8c:16:
         40:df:ec:89:e1:12:cf:19:72:70:a6:c6:27:0e:61:28:26:bc:
         f4:e4:de:e0:cd:19:f1:6f:bb:07:67:c9:eb:34:97:ce:fe:d4:
         80:20:18:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJYiluJ3JmQ2fpedg+KgmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4OGM2NWRjMzU5YjU4Y2E2YmE1ZDNkYWViODc0ZjA1ODY4
NGU4YzYwHhcNMjQwMTAxMjIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDJlNWIyZWFiMjY4NmZkYzMxMTg1ZDQxZDIyNTgwY2E0ZTA0ZjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ollt6s5ja/YT5/oxdu3PMGOnupv
XcnMz+GOsQSZniYzLgpnkNWbLlEw++vgGDt9GfaNiXA8pGM/a+IhhQnGvuzhnI3F
Hm6M8/W0eE/tdBkbeaxqHFs+wRWs7qVkE2pza8Z//aNrC2/OKcG2SBDy+h7GQOBf
TWZy7TPeowbOitonomZRe4ReUPApX+tnRGw1ItXQdrhFISOyo+olq5aad89kFxmr
sgbs0N6OdwfmvkvoPSel59NRz3cORdC354S9TjKLZcCkUads68JPLYaGyu87ObJ0
fLIt83U7QymLEc76ahhS1niJr+qsPW3QkW7Llq3wrt6vpc8aKJmq7Om28wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQuWy6rJob9wxGF1B0iWAyk4E8rMB8GA1UdIwQY
MBaAFEiMZdw1m1jKa6XT2uuHTwWGhOjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQt
YjBkNzJlOTEwZWZlLzEvWkM1Ykxxc21odjNERVlYVUhTSllES1RnVHlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNDgyNzEtZGVlNS00ODQxLWE3ZGQtYjBkNzJlOTEwZWZl
LzEvU0l4bDNEV2JXTXBycGRQYTY0ZFBCWWFFNk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwwjQMA0G
CSqGSIb3DQEBCwUAA4IBAQAiTeqAc1R23k0hYFPTEsIJOibYl70dOm2DgfAt8zMP
US0pL1yK2KVT8b7sFIwLr+EmH/xDy58dsYCE2FfcRvuBB3FR2lkgLSSY68tOTEt3
dJG3sTc3S5cvyHf5X/7ihTCFAUMriF7r0kpfKl86JOdtRpMP0yxzUXWIF4i012GD
wzxxaM6Dind9SX7gBXcjyUGjl0FKuDIoGzWJGYnMel/WG7k+OhStS8tJCaqqanQE
1xS++pv6Fho+fOm6lA7F61qBxK/qYLUfHrBPfR3FgA2TlkHjSZfKjBZA3+yJ4RLP
GXJwpsYnDmEoJrz05N7gzRnxb7sHZ8nrNJfO/tSAIBhT
-----END CERTIFICATE-----