Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/253f2c-4ed9-4f1f-a96f-deff71124233/1/oStn8AbcX4K03zpP6oZIJBlg--k.roa
File:                     oStn8AbcX4K03zpP6oZIJBlg--k.roa (raw, json)
Hash identifier:          rdyzA9KJFaNpj/ELIhk5tcSYEcj1yolSVp2XMjKBbl4=
Subject key identifier:   A1:2B:67:F0:06:DC:5F:82:B4:DF:3A:4F:EA:86:48:24:19:60:FB:E9
Certificate issuer:       /CN=64cfba184ff9442a8fe7517b503a9e017fa9f2cb
Certificate serial:       018E5CC78B3F572E73578CDA08319D7288D6
Authority key identifier: 64:CF:BA:18:4F:F9:44:2A:8F:E7:51:7B:50:3A:9E:01:7F:A9:F2:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZM-6GE_5RCqP51F7UDqeAX-p8ss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/253f2c-4ed9-4f1f-a96f-deff71124233/1/oStn8AbcX4K03zpP6oZIJBlg--k.roa
Signing time:             Wed 20 Mar 2024 16:52:44 +0000
ROA not before:           Wed 20 Mar 2024 16:52:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39521
IP address blocks:        185.224.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/253f2c-4ed9-4f1f-a96f-deff71124233/1/ZM-6GE_5RCqP51F7UDqeAX-p8ss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/253f2c-4ed9-4f1f-a96f-deff71124233/1/ZM-6GE_5RCqP51F7UDqeAX-p8ss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZM-6GE_5RCqP51F7UDqeAX-p8ss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5c:c7:8b:3f:57:2e:73:57:8c:da:08:31:9d:72:88:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64cfba184ff9442a8fe7517b503a9e017fa9f2cb
        Validity
            Not Before: Mar 20 16:52:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a12b67f006dc5f82b4df3a4fea8648241960fbe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:83:d0:92:8f:8b:e2:5a:57:c1:82:ad:d5:5f:
                    77:a6:e4:7d:72:91:41:61:fc:79:85:6d:d2:7b:43:
                    a1:79:61:2b:e1:01:d3:8e:a8:43:7d:7b:a0:fa:c5:
                    c5:89:08:57:bc:42:d2:ee:72:f4:80:ff:52:f6:e9:
                    8c:a9:c8:f2:93:20:47:8b:29:97:48:b7:51:0a:58:
                    d6:c3:6d:7b:d1:5f:58:8e:46:5b:a0:ea:f5:72:81:
                    ac:19:5f:4f:3a:9a:40:57:e4:9a:04:fc:ae:99:39:
                    d5:35:d7:3f:75:d5:a7:21:ec:64:15:be:19:4d:e9:
                    d5:ae:6c:fe:85:ea:59:e4:7c:aa:dd:55:fe:c5:84:
                    ed:dc:15:31:fc:2d:45:07:65:dd:22:d7:12:88:b5:
                    7c:ea:c3:c7:69:81:a6:c8:94:b0:66:5e:c4:81:e6:
                    1d:68:0d:2d:ec:c9:eb:8d:2c:a4:1e:cc:0d:8d:8f:
                    51:6c:aa:4a:0c:b6:a3:94:f1:42:b5:e6:82:eb:79:
                    ec:36:cd:1b:26:75:24:eb:c4:51:1e:04:93:a3:6b:
                    e9:2c:a9:7c:1a:0f:98:62:ae:6a:9c:03:08:6f:27:
                    af:d3:91:9b:7b:ca:6d:95:14:9c:2b:73:a6:34:ea:
                    43:2d:23:e9:0a:62:08:5c:d8:14:2e:29:3a:cb:ca:
                    0b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:2B:67:F0:06:DC:5F:82:B4:DF:3A:4F:EA:86:48:24:19:60:FB:E9
            X509v3 Authority Key Identifier:
                keyid:64:CF:BA:18:4F:F9:44:2A:8F:E7:51:7B:50:3A:9E:01:7F:A9:F2:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZM-6GE_5RCqP51F7UDqeAX-p8ss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/253f2c-4ed9-4f1f-a96f-deff71124233/1/oStn8AbcX4K03zpP6oZIJBlg--k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/253f2c-4ed9-4f1f-a96f-deff71124233/1/ZM-6GE_5RCqP51F7UDqeAX-p8ss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:fc:23:5b:c3:7b:8a:f2:88:08:49:ca:af:0a:03:28:bd:80:
         37:05:5a:c9:45:b3:f4:7e:8b:dc:1d:b3:8d:3d:33:d0:c7:06:
         3e:4c:42:70:da:fc:39:f9:e0:b2:e8:3d:20:e5:ea:ab:16:e3:
         eb:2b:e8:d6:7c:6b:33:05:7c:fe:b7:c9:20:f9:20:89:c8:e6:
         fa:0a:23:34:01:4c:26:4f:06:3a:da:0b:4d:66:75:cc:d4:30:
         c2:2a:ea:2b:8d:4d:7f:42:2b:4d:4e:d0:4e:fe:50:46:5d:6f:
         a3:0f:50:50:36:90:10:34:8d:3f:aa:06:e1:27:4a:ef:0d:09:
         6f:24:d9:d2:94:55:06:33:e1:63:61:d7:b7:e4:80:7d:ba:c7:
         36:e0:30:1d:ce:20:78:08:c6:2d:cc:a7:d7:28:49:c4:b0:ff:
         23:92:9f:96:32:ed:29:95:23:91:bb:70:aa:bb:cb:0f:20:a3:
         76:d4:31:23:aa:19:c7:b5:5c:25:03:00:69:2a:7e:f1:50:48:
         c9:d5:a7:05:57:58:ea:c4:cd:34:02:3f:25:ff:67:eb:93:13:
         13:88:44:2d:47:8f:92:d6:c1:c9:54:8b:94:99:18:00:2a:55:
         cd:98:df:81:ee:ed:fd:f4:b6:d5:97:c9:59:98:33:a9:4c:66:
         db:66:07:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5cx4s/Vy5zV4zaCDGdcojWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0Y2ZiYTE4NGZmOTQ0MmE4ZmU3NTE3YjUwM2E5ZTAxN2Zh
OWYyY2IwHhcNMjQwMzIwMTY1MjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTJiNjdmMDA2ZGM1ZjgyYjRkZjNhNGZlYTg2NDgyNDE5NjBmYmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIPQko+L4lpXwYKt1V93puR9cpFB
Yfx5hW3Se0OheWEr4QHTjqhDfXug+sXFiQhXvELS7nL0gP9S9umMqcjykyBHiymX
SLdRCljWw2170V9YjkZboOr1coGsGV9POppAV+SaBPyumTnVNdc/ddWnIexkFb4Z
TenVrmz+hepZ5Hyq3VX+xYTt3BUx/C1FB2XdItcSiLV86sPHaYGmyJSwZl7EgeYd
aA0t7MnrjSykHswNjY9RbKpKDLajlPFCteaC63nsNs0bJnUk68RRHgSTo2vpLKl8
Gg+YYq5qnAMIbyev05Gbe8ptlRScK3OmNOpDLSPpCmIIXNgULik6y8oLMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKErZ/AG3F+CtN86T+qGSCQZYPvpMB8GA1UdIwQY
MBaAFGTPuhhP+UQqj+dRe1A6ngF/qfLLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk0tNkdFXzVSQ3FQNTFGN1VEcWVBWC1wOHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8yNTNmMmMtNGVkOS00ZjFmLWE5NmYt
ZGVmZjcxMTI0MjMzLzEvb1N0bjhBYmNYNEswM3pwUDZvWklKQmxnLS1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8yNTNmMmMtNGVkOS00ZjFmLWE5NmYtZGVmZjcxMTI0MjMz
LzEvWk0tNkdFXzVSQ3FQNTFGN1VEcWVBWC1wOHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueABMA0G
CSqGSIb3DQEBCwUAA4IBAQAP/CNbw3uK8ogIScqvCgMovYA3BVrJRbP0fovcHbON
PTPQxwY+TEJw2vw5+eCy6D0g5eqrFuPrK+jWfGszBXz+t8kg+SCJyOb6CiM0AUwm
TwY62gtNZnXM1DDCKuorjU1/QitNTtBO/lBGXW+jD1BQNpAQNI0/qgbhJ0rvDQlv
JNnSlFUGM+FjYde35IB9usc24DAdziB4CMYtzKfXKEnEsP8jkp+WMu0plSORu3Cq
u8sPIKN21DEjqhnHtVwlAwBpKn7xUEjJ1acFV1jqxM00Aj8l/2frkxMTiEQtR4+S
1sHJVIuUmRgAKlXNmN+B7u399LbVl8lZmDOpTGbbZgf+
-----END CERTIFICATE-----