Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/3b91a2-d2a7-4e69-9c86-bdf3917a9267/1/rz0o4hRJAfpB0f-qQUFhf2WbsU0.roa
File:                     rz0o4hRJAfpB0f-qQUFhf2WbsU0.roa (raw, json)
Hash identifier:          gIlFWk62eQAKNy4JSS9mYRCNUcBcxxH0L2N5JCYRhLs=
Subject key identifier:   AF:3D:28:E2:14:49:01:FA:41:D1:FF:AA:41:41:61:7F:65:9B:B1:4D
Certificate issuer:       /CN=af2bf82fda28e08f6229460ba2e24141464331e5
Certificate serial:       018CC6B92A72268CB45D7A069F17A3FE9D35
Authority key identifier: AF:2B:F8:2F:DA:28:E0:8F:62:29:46:0B:A2:E2:41:41:46:43:31:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ryv4L9oo4I9iKUYLouJBQUZDMeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/3b91a2-d2a7-4e69-9c86-bdf3917a9267/1/rz0o4hRJAfpB0f-qQUFhf2WbsU0.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204943
IP address blocks:        185.235.48.0/22 maxlen: 22
                          2a0d:4b00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/3b91a2-d2a7-4e69-9c86-bdf3917a9267/1/ryv4L9oo4I9iKUYLouJBQUZDMeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/3b91a2-d2a7-4e69-9c86-bdf3917a9267/1/ryv4L9oo4I9iKUYLouJBQUZDMeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ryv4L9oo4I9iKUYLouJBQUZDMeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:2a:72:26:8c:b4:5d:7a:06:9f:17:a3:fe:9d:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2bf82fda28e08f6229460ba2e24141464331e5
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af3d28e2144901fa41d1ffaa4141617f659bb14d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0f:35:f6:f2:d4:2c:3c:ff:07:eb:13:2d:6b:
                    47:7c:d0:da:70:83:c3:11:b4:e3:18:c3:38:37:62:
                    b3:69:a8:3e:b2:38:2c:5e:cd:5e:bf:14:8c:b8:ef:
                    e4:54:73:d1:74:a3:80:5d:e2:98:8e:51:96:27:d5:
                    3b:ab:5e:a7:9e:a7:26:ef:f7:03:15:86:5b:6e:55:
                    2e:84:d3:67:2e:02:27:87:f2:ab:8b:22:cb:08:22:
                    b8:91:27:52:a1:ec:db:db:fc:1d:78:46:3e:0e:9d:
                    5f:6c:df:ba:a3:7a:90:8e:b9:5a:81:0a:b6:9c:1a:
                    9a:73:e8:6b:f8:15:40:9e:5b:ad:76:b0:22:ed:04:
                    35:26:96:5c:0c:95:83:e0:8b:0b:0f:52:d0:a8:fa:
                    f9:74:56:83:e4:e6:d8:e4:71:4c:03:5e:35:43:32:
                    8f:30:09:12:ce:f5:e8:a2:bd:9d:fa:ea:eb:a6:02:
                    da:e5:8e:69:ec:01:f3:bf:8d:54:60:95:29:b6:fd:
                    4a:5f:28:db:9a:24:b7:da:37:c1:fb:3e:d5:61:9f:
                    1e:a2:3c:aa:f2:35:f2:db:dc:06:f6:97:d8:db:94:
                    96:69:7b:05:60:4e:7d:0d:fc:7d:57:6f:0a:55:be:
                    8e:53:1e:7b:eb:c2:20:ca:55:53:9c:9d:ce:42:e4:
                    35:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:3D:28:E2:14:49:01:FA:41:D1:FF:AA:41:41:61:7F:65:9B:B1:4D
            X509v3 Authority Key Identifier:
                keyid:AF:2B:F8:2F:DA:28:E0:8F:62:29:46:0B:A2:E2:41:41:46:43:31:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ryv4L9oo4I9iKUYLouJBQUZDMeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/3b91a2-d2a7-4e69-9c86-bdf3917a9267/1/rz0o4hRJAfpB0f-qQUFhf2WbsU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/3b91a2-d2a7-4e69-9c86-bdf3917a9267/1/ryv4L9oo4I9iKUYLouJBQUZDMeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.48.0/22
                IPv6:
                  2a0d:4b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         03:2e:f4:11:00:ab:fb:3d:1f:4e:9e:ee:3f:8a:88:1b:66:b2:
         de:fa:e7:bd:ee:31:71:4e:ab:e2:5a:74:f3:59:e3:ac:f4:b3:
         99:38:f6:3f:76:ea:19:cc:8c:a9:69:d5:e4:23:de:fa:8d:c5:
         29:72:cf:5b:27:01:ba:ff:4f:8e:64:d3:db:7f:8e:3f:23:0f:
         6b:12:e1:9c:51:74:4c:31:41:a6:15:05:76:97:c5:11:53:28:
         18:a4:55:29:e2:d3:c7:ce:16:00:aa:a5:45:59:c2:0b:29:16:
         f2:4a:b3:56:f2:0f:76:b2:cf:bb:de:75:6e:f8:ef:1b:2c:48:
         73:a2:74:5c:6b:c7:76:01:30:f5:e2:b1:95:39:6e:e7:b1:0b:
         b8:36:cd:0c:a2:a9:73:c6:20:32:bc:7f:8f:64:05:58:cf:51:
         63:b5:bd:bd:74:fa:f6:b4:b5:f6:0b:bd:83:90:c5:fb:1a:48:
         05:c7:1f:29:80:36:37:e1:92:3d:07:ac:de:91:af:a9:19:4e:
         1e:a8:48:df:91:6f:47:a6:52:a1:96:b5:7a:9c:90:2b:cc:68:
         10:dd:e7:92:94:83:0f:dd:53:65:09:56:8c:e7:cf:ec:f3:89:
         e3:f3:30:37:9b:b9:8c:bf:30:5d:3c:8d:0d:23:ce:78:f6:4a:
         df:9c:e9:c4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuSpyJoy0XXoGnxej/p01MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmJmODJmZGEyOGUwOGY2MjI5NDYwYmEyZTI0MTQxNDY0
MzMxZTUwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjNkMjhlMjE0NDkwMWZhNDFkMWZmYWE0MTQxNjE3ZjY1OWJiMTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQ819vLULDz/B+sTLWtHfNDacIPD
EbTjGMM4N2Kzaag+sjgsXs1evxSMuO/kVHPRdKOAXeKYjlGWJ9U7q16nnqcm7/cD
FYZbblUuhNNnLgInh/KriyLLCCK4kSdSoezb2/wdeEY+Dp1fbN+6o3qQjrlagQq2
nBqac+hr+BVAnlutdrAi7QQ1JpZcDJWD4IsLD1LQqPr5dFaD5ObY5HFMA141QzKP
MAkSzvXoor2d+urrpgLa5Y5p7AHzv41UYJUptv1KXyjbmiS32jfB+z7VYZ8eojyq
8jXy29wG9pfY25SWaXsFYE59Dfx9V28KVb6OUx5768IgylVTnJ3OQuQ1ZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK89KOIUSQH6QdH/qkFBYX9lm7FNMB8GA1UdIwQY
MBaAFK8r+C/aKOCPYilGC6LiQUFGQzHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnl2NEw5b280STlpS1VZTG91SkJRVVpETWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8zYjkxYTItZDJhNy00ZTY5LTljODYt
YmRmMzkxN2E5MjY3LzEvcnowbzRoUkpBZnBCMGYtcVFVRmhmMldic1UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8zYjkxYTItZDJhNy00ZTY5LTljODYtYmRmMzkxN2E5MjY3
LzEvcnl2NEw5b280STlpS1VZTG91SkJRVVpETWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueswMA0E
AgACMAcDBQMqDUsAMA0GCSqGSIb3DQEBCwUAA4IBAQADLvQRAKv7PR9Onu4/iogb
ZrLe+ue97jFxTqviWnTzWeOs9LOZOPY/duoZzIypadXkI976jcUpcs9bJwG6/0+O
ZNPbf44/Iw9rEuGcUXRMMUGmFQV2l8URUygYpFUp4tPHzhYAqqVFWcILKRbySrNW
8g92ss+73nVu+O8bLEhzonRca8d2ATD14rGVOW7nsQu4Ns0MoqlzxiAyvH+PZAVY
z1Fjtb29dPr2tLX2C72DkMX7GkgFxx8pgDY34ZI9B6zeka+pGU4eqEjfkW9HplKh
lrV6nJArzGgQ3eeSlIMP3VNlCVaM58/s84nj8zA3m7mMvzBdPI0NI8549krfnOnE
-----END CERTIFICATE-----