Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/Zo_z3E5mYuiPV4o5dZUUOtR-09E.roa
File:                     Zo_z3E5mYuiPV4o5dZUUOtR-09E.roa (raw, json)
Hash identifier:          POwbMhrfhlI3dT4zEKLOs85qRO1qUBMK+lqj0QEtDpM=
Subject key identifier:   66:8F:F3:DC:4E:66:62:E8:8F:57:8A:39:75:95:14:3A:D4:7E:D3:D1
Certificate issuer:       /CN=5906325e34418a57ce566efc0c3e8b38a0efa5db
Certificate serial:       0192476BEF44ADC17617565A6DCBE156A8B1
Authority key identifier: 59:06:32:5E:34:41:8A:57:CE:56:6E:FC:0C:3E:8B:38:A0:EF:A5:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WQYyXjRBilfOVm78DD6LOKDvpds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/Zo_z3E5mYuiPV4o5dZUUOtR-09E.roa
Signing time:             Tue 01 Oct 2024 09:31:48 +0000
ROA not before:           Tue 01 Oct 2024 09:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        155.55.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/WQYyXjRBilfOVm78DD6LOKDvpds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/WQYyXjRBilfOVm78DD6LOKDvpds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WQYyXjRBilfOVm78DD6LOKDvpds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:47:6b:ef:44:ad:c1:76:17:56:5a:6d:cb:e1:56:a8:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5906325e34418a57ce566efc0c3e8b38a0efa5db
        Validity
            Not Before: Oct  1 09:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=668ff3dc4e6662e88f578a397595143ad47ed3d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b5:aa:3d:f8:82:d6:28:d9:06:18:f8:58:97:
                    22:3c:6e:a5:db:16:8e:e2:5b:f2:8a:5a:1a:5a:32:
                    8f:1d:d7:e0:8f:55:ef:23:1e:e3:1b:a4:1d:88:96:
                    2e:3c:db:e3:c9:e1:83:26:23:bf:56:37:15:e4:8c:
                    ff:55:19:ce:17:29:45:04:93:28:4c:07:99:3e:a8:
                    92:05:fc:50:9d:72:e8:28:77:9e:b5:ef:2a:d0:ac:
                    09:22:a4:af:c2:d0:68:e1:45:4a:73:0c:d3:e9:ef:
                    07:6c:a0:96:cd:fa:87:25:9e:8a:e9:a4:b7:88:c1:
                    27:c0:10:83:5a:d0:5f:05:d5:cb:be:9d:7e:2a:c8:
                    7c:a2:d0:1e:68:86:44:f3:bc:32:f0:7c:7b:0b:43:
                    a3:3a:8b:64:d8:51:67:83:c5:71:54:c9:ad:f6:b1:
                    9c:62:9f:4e:73:ee:9f:0d:c1:e8:5b:bb:29:d3:12:
                    62:dc:56:d3:35:61:f2:87:3e:aa:aa:8c:c1:29:19:
                    2e:22:30:8d:72:c7:c5:da:84:3d:45:16:12:99:df:
                    d9:7a:6b:90:3d:6d:04:76:92:89:33:61:78:a6:95:
                    e1:5d:8c:93:78:59:55:a0:3e:4c:28:db:43:3b:fb:
                    32:81:f0:28:9b:8b:0d:62:5a:60:42:8c:76:60:b2:
                    8b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:8F:F3:DC:4E:66:62:E8:8F:57:8A:39:75:95:14:3A:D4:7E:D3:D1
            X509v3 Authority Key Identifier:
                keyid:59:06:32:5E:34:41:8A:57:CE:56:6E:FC:0C:3E:8B:38:A0:EF:A5:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WQYyXjRBilfOVm78DD6LOKDvpds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/Zo_z3E5mYuiPV4o5dZUUOtR-09E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/WQYyXjRBilfOVm78DD6LOKDvpds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.55.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:f6:57:a8:d6:d1:03:b4:05:53:e7:a0:49:bc:74:e9:a6:cd:
         49:bd:23:63:13:c5:48:48:4c:e7:2d:2d:d0:f7:cb:0e:b1:1b:
         d1:8f:28:4a:a4:a4:71:e5:9d:f9:88:b0:f2:bc:45:73:54:3d:
         84:a4:71:38:50:61:5c:89:e7:74:db:56:4f:d8:73:96:83:96:
         02:28:ff:91:97:f2:81:bb:70:6c:5c:18:c8:77:33:ec:31:a2:
         5c:c5:74:27:14:fc:4b:d8:6d:5f:ff:1d:35:7c:c1:d9:83:bf:
         4c:25:2e:d3:59:06:ec:d2:64:b6:38:36:c9:f1:40:fe:5e:b9:
         08:40:90:ae:31:fa:1d:f3:c6:46:57:73:97:5e:16:88:d7:d6:
         cf:f7:95:7e:b1:44:f8:0b:f4:21:1c:5e:47:71:0e:79:78:a7:
         31:74:b4:47:1a:e7:b9:4c:18:1d:17:7c:db:82:35:d3:87:0a:
         21:35:e5:ed:8b:75:05:c3:f4:db:34:77:83:13:4f:e0:37:3c:
         03:c2:73:75:8c:ab:82:d0:89:8d:f8:8b:e9:32:a4:d0:ee:9e:
         e6:d9:17:c3:19:6d:e3:46:33:03:17:b3:af:d5:c5:44:0c:41:
         82:33:92:5d:d7:88:f8:98:34:21:0b:78:d8:57:8f:62:6b:1f:
         b5:44:75:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJHa+9ErcF2F1ZabcvhVqixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MDYzMjVlMzQ0MThhNTdjZTU2NmVmYzBjM2U4YjM4YTBl
ZmE1ZGIwHhcNMjQxMDAxMDkzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjhmZjNkYzRlNjY2MmU4OGY1NzhhMzk3NTk1MTQzYWQ0N2VkM2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLWqPfiC1ijZBhj4WJciPG6l2xaO
4lvyiloaWjKPHdfgj1XvIx7jG6QdiJYuPNvjyeGDJiO/VjcV5Iz/VRnOFylFBJMo
TAeZPqiSBfxQnXLoKHeete8q0KwJIqSvwtBo4UVKcwzT6e8HbKCWzfqHJZ6K6aS3
iMEnwBCDWtBfBdXLvp1+Ksh8otAeaIZE87wy8Hx7C0OjOotk2FFng8VxVMmt9rGc
Yp9Oc+6fDcHoW7sp0xJi3FbTNWHyhz6qqozBKRkuIjCNcsfF2oQ9RRYSmd/ZemuQ
PW0EdpKJM2F4ppXhXYyTeFlVoD5MKNtDO/sygfAom4sNYlpgQox2YLKLrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGaP89xOZmLoj1eKOXWVFDrUftPRMB8GA1UdIwQY
MBaAFFkGMl40QYpXzlZu/Aw+izig76XbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1FZeVhqUkJpbGZPVm03OERENkxPS0R2cGRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9hNDYzNDktMWJjMC00YTBiLWI2N2Yt
YjIxN2E2OGNlYWY0LzEvWm9fejNFNW1ZdWlQVjRvNWRaVVVPdFItMDlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9hNDYzNDktMWJjMC00YTBiLWI2N2YtYjIxN2E2OGNlYWY0
LzEvV1FZeVhqUkJpbGZPVm03OERENkxPS0R2cGRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmzfAMA0G
CSqGSIb3DQEBCwUAA4IBAQB79leo1tEDtAVT56BJvHTpps1JvSNjE8VISEznLS3Q
98sOsRvRjyhKpKRx5Z35iLDyvEVzVD2EpHE4UGFcied021ZP2HOWg5YCKP+Rl/KB
u3BsXBjIdzPsMaJcxXQnFPxL2G1f/x01fMHZg79MJS7TWQbs0mS2ODbJ8UD+XrkI
QJCuMfod88ZGV3OXXhaI19bP95V+sUT4C/QhHF5HcQ55eKcxdLRHGue5TBgdF3zb
gjXThwohNeXti3UFw/TbNHeDE0/gNzwDwnN1jKuC0ImN+IvpMqTQ7p7m2RfDGW3j
RjMDF7Ov1cVEDEGCM5Jd14j4mDQhC3jYV49iax+1RHVg
-----END CERTIFICATE-----