Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/fb7e67-5425-4c4f-b46a-8243aef6fe5a/1/zLmRneftg7EdpYYdYq2fKxs_q8E.roa
File:                     zLmRneftg7EdpYYdYq2fKxs_q8E.roa (raw, json)
Hash identifier:          gNTa92St/389DotHM7vQx6e7pbDOYfgFoE5QgBsQX9k=
Subject key identifier:   CC:B9:91:9D:E7:ED:83:B1:1D:A5:86:1D:62:AD:9F:2B:1B:3F:AB:C1
Certificate issuer:       /CN=aa70110d30d52e8a6969588b3f621416bcdf644b
Certificate serial:       018CC9BBA91369A4C565D7F909BDB0DDBFCF
Authority key identifier: AA:70:11:0D:30:D5:2E:8A:69:69:58:8B:3F:62:14:16:BC:DF:64:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qnARDTDVLoppaViLP2IUFrzfZEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/fb7e67-5425-4c4f-b46a-8243aef6fe5a/1/zLmRneftg7EdpYYdYq2fKxs_q8E.roa
Signing time:             Tue 02 Jan 2024 10:32:48 +0000
ROA not before:           Tue 02 Jan 2024 10:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47895
IP address blocks:        185.59.244.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/fb7e67-5425-4c4f-b46a-8243aef6fe5a/1/qnARDTDVLoppaViLP2IUFrzfZEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/fb7e67-5425-4c4f-b46a-8243aef6fe5a/1/qnARDTDVLoppaViLP2IUFrzfZEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qnARDTDVLoppaViLP2IUFrzfZEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:a9:13:69:a4:c5:65:d7:f9:09:bd:b0:dd:bf:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa70110d30d52e8a6969588b3f621416bcdf644b
        Validity
            Not Before: Jan  2 10:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccb9919de7ed83b11da5861d62ad9f2b1b3fabc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ce:e6:91:e7:15:9e:03:16:ec:7f:40:9f:f3:
                    ca:92:24:d8:a3:66:c0:b9:21:8a:b7:3e:00:46:5d:
                    5e:02:09:69:80:33:f7:4b:51:6a:22:f8:00:e3:da:
                    d2:21:42:ce:5e:8b:68:a7:7f:ec:44:1e:eb:1c:79:
                    ae:fb:a5:0f:fc:b3:34:e4:c3:9c:d2:3b:8b:29:f4:
                    c7:99:8d:5f:1e:0c:08:61:3f:d7:6f:32:16:b5:a6:
                    de:3f:4f:12:dd:77:0b:16:7c:8c:52:12:21:04:12:
                    5c:8a:60:75:10:3b:37:ec:0a:ed:ad:cf:9f:aa:4f:
                    32:d2:05:a9:c7:b4:d2:27:9e:43:b3:10:37:d3:54:
                    6f:e1:9c:28:aa:51:03:ca:08:7e:f0:c1:7e:de:67:
                    1c:d1:96:60:0a:f3:97:cb:d9:3a:4e:b4:e2:57:ba:
                    2a:2f:8f:91:4a:65:f6:fb:9e:0e:eb:88:c5:2a:3d:
                    5e:cf:62:b5:90:2c:5c:96:46:0f:5b:8e:a4:2f:bb:
                    62:e4:d7:66:81:6d:90:d2:0d:d4:6c:0a:c0:f3:dc:
                    dc:1f:55:b8:44:c5:f9:8c:ef:1b:53:67:11:fb:05:
                    a2:61:49:f7:06:55:11:d6:ff:67:8e:45:42:92:b8:
                    36:93:ba:be:87:c8:d4:b5:95:3b:ed:0d:33:5b:a2:
                    14:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:B9:91:9D:E7:ED:83:B1:1D:A5:86:1D:62:AD:9F:2B:1B:3F:AB:C1
            X509v3 Authority Key Identifier:
                keyid:AA:70:11:0D:30:D5:2E:8A:69:69:58:8B:3F:62:14:16:BC:DF:64:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qnARDTDVLoppaViLP2IUFrzfZEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/fb7e67-5425-4c4f-b46a-8243aef6fe5a/1/zLmRneftg7EdpYYdYq2fKxs_q8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/fb7e67-5425-4c4f-b46a-8243aef6fe5a/1/qnARDTDVLoppaViLP2IUFrzfZEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:c7:61:2b:69:9e:a6:c1:bf:66:9f:1e:c5:ec:c0:1e:d1:95:
         ac:73:1d:1b:3d:3a:a5:d5:d1:f9:08:0f:19:e1:7a:a6:e8:77:
         c7:7c:8d:e5:55:88:fa:db:6d:08:8d:c1:71:32:5e:3c:0a:7f:
         f9:21:36:04:72:0e:fc:88:97:f9:77:08:b2:07:3e:7f:18:6b:
         3c:c4:ae:c0:ea:4e:ed:d5:41:fd:00:1f:4e:6c:45:1f:06:fb:
         f3:c4:53:d1:6e:de:04:15:cb:c4:c9:0b:05:e5:0d:87:76:23:
         86:90:5d:9a:99:a7:e4:9c:23:13:be:8e:e1:d4:ad:fb:2a:37:
         ad:48:2b:67:e6:4b:ef:6f:27:5d:81:b9:82:e5:f4:1b:7d:63:
         06:86:b1:50:26:d5:b9:a4:fe:9b:a6:6d:4d:86:ca:fe:79:fe:
         55:e6:50:00:82:28:d9:d8:42:44:89:8c:70:6f:67:72:3f:91:
         5c:c3:c0:e8:da:01:a3:db:fa:f0:0a:94:ba:5e:69:d7:4b:7b:
         50:2a:78:df:43:cc:4e:2a:f1:ff:77:9c:21:c5:bc:bc:3f:5c:
         3a:e6:42:9a:7a:0c:50:69:38:06:42:f8:e2:0d:b5:81:ca:9c:
         08:e2:ce:e0:aa:83:b5:a8:08:3b:75:7d:7e:c2:e0:d8:d0:d9:
         24:03:32:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu6kTaaTFZdf5Cb2w3b/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNzAxMTBkMzBkNTJlOGE2OTY5NTg4YjNmNjIxNDE2YmNk
ZjY0NGIwHhcNMjQwMTAyMTAzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2I5OTE5ZGU3ZWQ4M2IxMWRhNTg2MWQ2MmFkOWYyYjFiM2ZhYmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnM7mkecVngMW7H9An/PKkiTYo2bA
uSGKtz4ARl1eAglpgDP3S1FqIvgA49rSIULOXotop3/sRB7rHHmu+6UP/LM05MOc
0juLKfTHmY1fHgwIYT/XbzIWtabeP08S3XcLFnyMUhIhBBJcimB1EDs37Artrc+f
qk8y0gWpx7TSJ55DsxA301Rv4ZwoqlEDygh+8MF+3mcc0ZZgCvOXy9k6TrTiV7oq
L4+RSmX2+54O64jFKj1ez2K1kCxclkYPW46kL7ti5NdmgW2Q0g3UbArA89zcH1W4
RMX5jO8bU2cR+wWiYUn3BlUR1v9njkVCkrg2k7q+h8jUtZU77Q0zW6IUswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMy5kZ3n7YOxHaWGHWKtnysbP6vBMB8GA1UdIwQY
MBaAFKpwEQ0w1S6KaWlYiz9iFBa832RLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW5BUkRURFZMb3BwYVZpTFAySVVGcnpmWkVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9mYjdlNjctNTQyNS00YzRmLWI0NmEt
ODI0M2FlZjZmZTVhLzEvekxtUm5lZnRnN0VkcFlZZFlxMmZLeHNfcThFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9mYjdlNjctNTQyNS00YzRmLWI0NmEtODI0M2FlZjZmZTVh
LzEvcW5BUkRURFZMb3BwYVZpTFAySVVGcnpmWkVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTv0MA0G
CSqGSIb3DQEBCwUAA4IBAQCbx2EraZ6mwb9mnx7F7MAe0ZWscx0bPTql1dH5CA8Z
4Xqm6HfHfI3lVYj6220IjcFxMl48Cn/5ITYEcg78iJf5dwiyBz5/GGs8xK7A6k7t
1UH9AB9ObEUfBvvzxFPRbt4EFcvEyQsF5Q2HdiOGkF2amafknCMTvo7h1K37Kjet
SCtn5kvvbyddgbmC5fQbfWMGhrFQJtW5pP6bpm1Nhsr+ef5V5lAAgijZ2EJEiYxw
b2dyP5Fcw8Do2gGj2/rwCpS6XmnXS3tQKnjfQ8xOKvH/d5whxby8P1w65kKaegxQ
aTgGQvjiDbWBypwI4s7gqoO1qAg7dX1+wuDY0NkkAzKo
-----END CERTIFICATE-----