Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/zSKDIVAuzqMwusUv9fHehFUJvE8.roa
File:                     zSKDIVAuzqMwusUv9fHehFUJvE8.roa (raw, json)
Hash identifier:          gklnc5aYRpneKApx1UXwNoQ2Js868O+tTqxIcceL6q0=
Subject key identifier:   CD:22:83:21:50:2E:CE:A3:30:BA:C5:2F:F5:F1:DE:84:55:09:BC:4F
Certificate issuer:       /CN=00f4cc412cc30fb2f9f7c37c3e390bec5e6256b0
Certificate serial:       018CC801FADB78412A96E98D0DB76C3602D1
Authority key identifier: 00:F4:CC:41:2C:C3:0F:B2:F9:F7:C3:7C:3E:39:0B:EC:5E:62:56:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APTMQSzDD7L598N8PjkL7F5iVrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/zSKDIVAuzqMwusUv9fHehFUJvE8.roa
Signing time:             Tue 02 Jan 2024 02:30:22 +0000
ROA not before:           Tue 02 Jan 2024 02:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        158.162.192.0/18 maxlen: 18
                          158.162.32.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/APTMQSzDD7L598N8PjkL7F5iVrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/APTMQSzDD7L598N8PjkL7F5iVrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APTMQSzDD7L598N8PjkL7F5iVrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:fa:db:78:41:2a:96:e9:8d:0d:b7:6c:36:02:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f4cc412cc30fb2f9f7c37c3e390bec5e6256b0
        Validity
            Not Before: Jan  2 02:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd228321502ecea330bac52ff5f1de845509bc4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6d:49:3b:77:46:01:6f:a1:ee:b3:64:18:dc:
                    c7:13:18:fe:44:7d:f5:e4:ac:97:a2:50:f5:c8:4a:
                    9f:bb:a4:e0:dd:a9:ab:8e:5a:3a:f1:cf:88:41:dc:
                    e2:92:7f:20:a9:eb:29:e7:5a:a4:6f:29:6c:62:e0:
                    2b:2d:00:2a:1c:e3:de:09:89:1b:49:46:fe:ee:25:
                    d8:59:07:d9:ce:af:32:11:25:97:b5:05:51:f2:99:
                    89:eb:aa:81:15:42:5f:e3:fa:3d:60:b0:42:f4:ab:
                    8a:06:c6:59:89:97:9d:da:86:15:c4:13:fb:b4:c8:
                    dd:d8:b9:c5:53:13:13:1e:8d:db:7c:44:af:3b:ee:
                    33:52:ee:b5:ca:83:f9:6f:7f:eb:84:d2:13:06:73:
                    16:3b:a4:9f:ff:2a:1b:13:cb:cb:f8:59:25:7a:07:
                    5a:63:ed:2d:b9:23:c3:c4:3b:46:14:b1:9a:db:9b:
                    ab:6c:2c:7b:f6:74:98:9e:8c:5d:9f:f3:e0:7d:0c:
                    2b:5e:ef:c8:89:4c:06:ae:81:be:4d:cd:d2:45:ca:
                    09:0e:fd:d6:c3:e7:4a:13:2d:d3:97:34:81:4c:5b:
                    0c:e3:da:bf:f3:ef:da:d0:4a:ea:c6:70:c6:59:ea:
                    f2:9d:00:b4:58:41:01:8a:42:e0:1c:01:f6:1e:62:
                    df:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:22:83:21:50:2E:CE:A3:30:BA:C5:2F:F5:F1:DE:84:55:09:BC:4F
            X509v3 Authority Key Identifier:
                keyid:00:F4:CC:41:2C:C3:0F:B2:F9:F7:C3:7C:3E:39:0B:EC:5E:62:56:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APTMQSzDD7L598N8PjkL7F5iVrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/zSKDIVAuzqMwusUv9fHehFUJvE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/9375a2-3e6f-4577-85d1-5f145cfd2070/1/APTMQSzDD7L598N8PjkL7F5iVrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.162.32.0/19
                  158.162.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         59:49:77:ca:44:8f:69:f3:9a:2d:11:ca:cc:e5:98:bc:c9:b1:
         75:bd:e7:d2:5c:ca:b9:17:c5:76:ef:08:3a:b2:0d:66:d2:76:
         0d:7b:0c:4d:6b:4c:0b:36:a2:30:6a:56:8e:d9:26:a3:9d:74:
         f9:4f:f4:f0:e1:89:c5:cf:cc:ec:89:4f:8b:05:a3:dd:56:59:
         d2:49:36:9d:89:2f:b2:2a:56:b8:64:f8:de:e1:51:4a:cf:cc:
         2d:8d:80:9f:68:ae:ca:0a:34:84:94:57:80:cb:db:17:2a:dd:
         30:f3:b9:ed:bb:ca:e0:8a:f7:4b:fa:e2:6f:36:3a:30:73:e9:
         f7:52:2e:2c:bf:bf:e0:5d:99:62:36:ea:7a:9a:65:eb:2a:a9:
         2c:29:db:34:36:09:3f:b4:36:c2:ef:39:78:6f:9c:11:db:83:
         d7:1a:d0:51:96:ce:b2:48:67:95:ac:e6:21:50:69:c4:92:fd:
         c5:10:6f:18:6f:3c:c1:8d:57:26:8b:e5:5c:6c:48:4e:96:8c:
         50:a0:ba:67:92:c1:4c:d5:0f:4c:23:72:50:33:16:20:c6:92:
         a5:a9:5a:6c:78:3c:35:b5:c9:d4:1c:b5:cc:07:3b:43:e8:05:
         29:b3:d0:05:d0:f3:67:e2:e3:0a:82:67:49:3f:be:f7:e9:64:
         72:86:75:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAfrbeEEqlumNDbdsNgLRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjRjYzQxMmNjMzBmYjJmOWY3YzM3YzNlMzkwYmVjNWU2
MjU2YjAwHhcNMjQwMTAyMDIzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDIyODMyMTUwMmVjZWEzMzBiYWM1MmZmNWYxZGU4NDU1MDliYzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtG1JO3dGAW+h7rNkGNzHExj+RH31
5KyXolD1yEqfu6Tg3amrjlo68c+IQdzikn8gqesp51qkbylsYuArLQAqHOPeCYkb
SUb+7iXYWQfZzq8yESWXtQVR8pmJ66qBFUJf4/o9YLBC9KuKBsZZiZed2oYVxBP7
tMjd2LnFUxMTHo3bfESvO+4zUu61yoP5b3/rhNITBnMWO6Sf/yobE8vL+Fklegda
Y+0tuSPDxDtGFLGa25urbCx79nSYnoxdn/PgfQwrXu/IiUwGroG+Tc3SRcoJDv3W
w+dKEy3TlzSBTFsM49q/8+/a0ErqxnDGWerynQC0WEEBikLgHAH2HmLfaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM0igyFQLs6jMLrFL/Xx3oRVCbxPMB8GA1UdIwQY
MBaAFAD0zEEsww+y+ffDfD45C+xeYlawMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBUTVFTekREN0w1OThOOFBqa0w3RjVpVnJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy85Mzc1YTItM2U2Zi00NTc3LTg1ZDEt
NWYxNDVjZmQyMDcwLzEvelNLRElWQXV6cU13dXNVdjlmSGVoRlVKdkU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy85Mzc1YTItM2U2Zi00NTc3LTg1ZDEtNWYxNDVjZmQyMDcw
LzEvQVBUTVFTekREN0w1OThOOFBqa0w3RjVpVnJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFnqIgAwQG
nqLAMA0GCSqGSIb3DQEBCwUAA4IBAQBZSXfKRI9p85otEcrM5Zi8ybF1vefSXMq5
F8V27wg6sg1m0nYNewxNa0wLNqIwalaO2SajnXT5T/Tw4YnFz8zsiU+LBaPdVlnS
STadiS+yKla4ZPje4VFKz8wtjYCfaK7KCjSElFeAy9sXKt0w87ntu8rgivdL+uJv
Njowc+n3Ui4sv7/gXZliNup6mmXrKqksKds0Ngk/tDbC7zl4b5wR24PXGtBRls6y
SGeVrOYhUGnEkv3FEG8YbzzBjVcmi+VcbEhOloxQoLpnksFM1Q9MI3JQMxYgxpKl
qVpseDw1tcnUHLXMBztD6AUps9AF0PNn4uMKgmdJP7736WRyhnUL
-----END CERTIFICATE-----