Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/ZtgSWNtF9UWTs3TCbvuDnnAl4e4.roa
File:                     ZtgSWNtF9UWTs3TCbvuDnnAl4e4.roa (raw, json)
Hash identifier:          dOTEcO8IXvyMKQQnWPWkuq28624v0SB0tM7d+OQ+Fk4=
Subject key identifier:   66:D8:12:58:DB:45:F5:45:93:B3:74:C2:6E:FB:83:9E:70:25:E1:EE
Certificate issuer:       /CN=bfc470e9b58e557ea8c1dbedaeb9c6a5fc455125
Certificate serial:       018CC6B79B086956AFFF9E1547374335435D
Authority key identifier: BF:C4:70:E9:B5:8E:55:7E:A8:C1:DB:ED:AE:B9:C6:A5:FC:45:51:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/ZtgSWNtF9UWTs3TCbvuDnnAl4e4.roa
Signing time:             Mon 01 Jan 2024 20:29:30 +0000
ROA not before:           Mon 01 Jan 2024 20:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47886
IP address blocks:        185.236.16.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:9b:08:69:56:af:ff:9e:15:47:37:43:35:43:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfc470e9b58e557ea8c1dbedaeb9c6a5fc455125
        Validity
            Not Before: Jan  1 20:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66d81258db45f54593b374c26efb839e7025e1ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:4b:cf:64:aa:c1:59:5d:8d:37:ef:c6:68:57:
                    0f:d5:ca:b5:92:bf:e6:21:4d:5a:03:44:9f:9f:94:
                    44:ea:72:09:69:18:4a:fc:ef:5d:ea:d4:3a:00:9a:
                    32:1a:83:33:c5:d2:e5:16:bd:fb:85:50:be:13:86:
                    07:d9:a1:30:11:f3:d4:7a:13:11:e5:84:6a:fd:58:
                    39:96:92:24:8a:6f:74:b2:98:09:5e:ee:7b:83:b8:
                    2b:b9:0d:8a:c9:5d:06:e2:27:34:a7:4c:d5:f9:e5:
                    9f:9c:81:6d:02:e0:3e:02:a4:ed:63:5f:4a:cc:1a:
                    28:47:52:15:1b:7d:67:a7:b2:34:b3:ee:e4:74:6e:
                    b1:08:bc:0b:f0:d2:e5:49:0c:d2:d9:a2:81:60:65:
                    14:2c:de:66:59:1e:45:4f:51:dc:b9:48:e4:db:cb:
                    3e:a1:4e:e6:be:a3:7c:ff:ab:a4:8b:96:4e:32:e9:
                    d7:1a:36:8c:23:a3:9b:08:2d:7a:e9:86:6a:d5:4c:
                    ff:71:e1:f6:7b:3b:34:99:d3:6a:bc:c1:ab:89:b3:
                    0a:8a:41:21:c7:d3:48:3c:a9:f7:35:9c:7c:19:5f:
                    82:0d:f5:dc:78:b8:10:21:1c:90:4f:8e:f1:f6:23:
                    06:88:84:8d:b4:a6:f8:06:17:20:33:e2:e1:dd:93:
                    bd:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:D8:12:58:DB:45:F5:45:93:B3:74:C2:6E:FB:83:9E:70:25:E1:EE
            X509v3 Authority Key Identifier:
                keyid:BF:C4:70:E9:B5:8E:55:7E:A8:C1:DB:ED:AE:B9:C6:A5:FC:45:51:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v8Rw6bWOVX6owdvtrrnGpfxFUSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/ZtgSWNtF9UWTs3TCbvuDnnAl4e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/27b39b-0449-4c64-ba79-a2aa6540f875/1/v8Rw6bWOVX6owdvtrrnGpfxFUSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:2e:94:26:51:91:32:c1:a6:98:a0:69:97:92:ba:7e:08:26:
         62:bd:df:07:3b:7a:24:22:92:61:da:25:b0:e7:9c:82:2a:2c:
         04:76:a3:d2:49:de:3d:0e:68:55:9d:4f:b5:86:4c:b2:64:1e:
         ff:6b:9d:01:1e:17:45:ef:56:7b:e5:98:e9:24:7b:3b:05:bd:
         5e:93:73:7b:19:6b:73:0b:83:e0:07:01:9a:c7:d8:06:1a:cc:
         12:b9:bc:f8:5a:a6:39:70:4d:87:8e:78:42:36:d6:00:f3:f6:
         ec:80:f7:6e:98:81:6b:bf:26:f6:02:e1:6b:51:41:e3:d6:05:
         a5:57:75:ce:e9:98:80:17:e6:22:bc:64:6c:5b:04:47:db:72:
         a7:83:c4:6a:5d:83:b6:26:7a:da:a3:01:b2:f4:4e:af:a0:13:
         67:7f:44:d7:a1:c0:09:8f:1c:38:4c:43:f8:f8:09:b4:8e:f9:
         96:24:28:41:5c:ab:e0:c5:ee:d8:ab:d1:29:e8:9c:e6:5f:56:
         b6:b8:1e:15:6a:da:a7:28:58:b1:c8:02:24:dd:e1:65:6f:4c:
         bf:68:b7:02:56:07:0b:57:90:87:28:c5:7b:c9:8a:98:0e:ba:
         47:04:c5:af:c5:e0:75:a9:12:12:ce:b0:71:61:94:d0:ed:2a:
         b7:81:ef:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt5sIaVav/54VRzdDNUNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYzQ3MGU5YjU4ZTU1N2VhOGMxZGJlZGFlYjljNmE1ZmM0
NTUxMjUwHhcNMjQwMTAxMjAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmQ4MTI1OGRiNDVmNTQ1OTNiMzc0YzI2ZWZiODM5ZTcwMjVlMWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUvPZKrBWV2NN+/GaFcP1cq1kr/m
IU1aA0Sfn5RE6nIJaRhK/O9d6tQ6AJoyGoMzxdLlFr37hVC+E4YH2aEwEfPUehMR
5YRq/Vg5lpIkim90spgJXu57g7gruQ2KyV0G4ic0p0zV+eWfnIFtAuA+AqTtY19K
zBooR1IVG31np7I0s+7kdG6xCLwL8NLlSQzS2aKBYGUULN5mWR5FT1HcuUjk28s+
oU7mvqN8/6uki5ZOMunXGjaMI6ObCC166YZq1Uz/ceH2ezs0mdNqvMGribMKikEh
x9NIPKn3NZx8GV+CDfXceLgQIRyQT47x9iMGiISNtKb4BhcgM+Lh3ZO9MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbYEljbRfVFk7N0wm77g55wJeHuMB8GA1UdIwQY
MBaAFL/EcOm1jlV+qMHb7a65xqX8RVElMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjhSdzZiV09WWDZvd2R2dHJybkdwZnhGVVNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi8yN2IzOWItMDQ0OS00YzY0LWJhNzkt
YTJhYTY1NDBmODc1LzEvWnRnU1dOdEY5VVdUczNUQ2J2dURubkFsNGU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi8yN2IzOWItMDQ0OS00YzY0LWJhNzktYTJhYTY1NDBmODc1
LzEvdjhSdzZiV09WWDZvd2R2dHJybkdwZnhGVVNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuewQMA0G
CSqGSIb3DQEBCwUAA4IBAQAsLpQmUZEywaaYoGmXkrp+CCZivd8HO3okIpJh2iWw
55yCKiwEdqPSSd49DmhVnU+1hkyyZB7/a50BHhdF71Z75ZjpJHs7Bb1ek3N7GWtz
C4PgBwGax9gGGswSubz4WqY5cE2HjnhCNtYA8/bsgPdumIFrvyb2AuFrUUHj1gWl
V3XO6ZiAF+YivGRsWwRH23Kng8RqXYO2JnraowGy9E6voBNnf0TXocAJjxw4TEP4
+Am0jvmWJChBXKvgxe7Yq9Ep6JzmX1a2uB4VatqnKFixyAIk3eFlb0y/aLcCVgcL
V5CHKMV7yYqYDrpHBMWvxeB1qRISzrBxYZTQ7Sq3ge+T
-----END CERTIFICATE-----