Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/zkHcpexq8pqh8LM73A0MXSw-egc.roa
File:                     zkHcpexq8pqh8LM73A0MXSw-egc.roa (raw, json)
Hash identifier:          acV2GmkcPEXPdkcJHovlD/AGpXNbAcEQbm3oTNjfNDw=
Subject key identifier:   CE:41:DC:A5:EC:6A:F2:9A:A1:F0:B3:3B:DC:0D:0C:5D:2C:3E:7A:07
Certificate issuer:       /CN=2c96946c501ddf48696da2cf110fdceb286fac98
Certificate serial:       018CC86F3062CF72E4612484EA88326EBDCC
Authority key identifier: 2C:96:94:6C:50:1D:DF:48:69:6D:A2:CF:11:0F:DC:EB:28:6F:AC:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/zkHcpexq8pqh8LM73A0MXSw-egc.roa
Signing time:             Tue 02 Jan 2024 04:29:39 +0000
ROA not before:           Tue 02 Jan 2024 04:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208728
IP address blocks:        89.255.207.0/24 maxlen: 24
                          185.223.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/LJaUbFAd30hpbaLPEQ_c6yhvrJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/LJaUbFAd30hpbaLPEQ_c6yhvrJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:30:62:cf:72:e4:61:24:84:ea:88:32:6e:bd:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c96946c501ddf48696da2cf110fdceb286fac98
        Validity
            Not Before: Jan  2 04:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce41dca5ec6af29aa1f0b33bdc0d0c5d2c3e7a07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:82:26:ee:ee:d5:44:0c:c2:e9:7e:02:67:8e:
                    96:1b:d3:31:e1:41:49:86:1f:6d:40:8c:fa:07:82:
                    14:7c:11:1a:a5:fc:6c:3e:1d:fe:22:c8:ea:28:f8:
                    5a:8f:f8:93:92:01:2f:0b:e5:e3:de:d5:88:ab:d9:
                    01:a8:a9:85:e7:8c:66:f6:c5:69:9d:98:c3:37:fb:
                    3f:79:9c:96:ad:9c:4f:31:a8:0c:87:73:fe:62:f3:
                    80:76:48:dc:cf:14:30:86:92:16:d4:e1:8d:61:ba:
                    d9:df:db:a6:b5:63:e6:34:a5:6b:af:68:8d:3f:e0:
                    e1:59:8e:c7:21:c5:a0:5c:71:db:41:9e:7e:27:5c:
                    a7:05:c5:4f:fd:fb:e6:29:eb:d9:58:6c:32:c1:35:
                    48:0f:39:3f:e2:e5:a8:12:1c:7b:d7:0f:cb:0c:8b:
                    8b:ce:8f:b6:c8:cb:86:b8:04:4f:02:21:23:ec:2c:
                    4b:22:9e:3c:24:74:1f:bd:a2:ba:1d:51:1d:b1:fe:
                    99:ca:c8:ab:d5:bc:09:a6:24:ca:d2:c6:22:22:da:
                    ba:39:3e:69:29:de:26:52:c8:8f:d8:90:f0:88:58:
                    3e:c9:c1:97:f9:95:6b:a4:12:f6:52:4d:e2:95:40:
                    ab:d4:34:59:17:15:35:1d:ff:41:53:9b:91:a5:4b:
                    68:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:41:DC:A5:EC:6A:F2:9A:A1:F0:B3:3B:DC:0D:0C:5D:2C:3E:7A:07
            X509v3 Authority Key Identifier:
                keyid:2C:96:94:6C:50:1D:DF:48:69:6D:A2:CF:11:0F:DC:EB:28:6F:AC:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/zkHcpexq8pqh8LM73A0MXSw-egc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/LJaUbFAd30hpbaLPEQ_c6yhvrJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.255.207.0/24
                  185.223.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:31:06:e0:0d:bc:d7:60:49:7e:62:89:2c:5c:00:3c:c7:c5:
         d4:74:cd:7b:80:e2:30:56:b5:fc:87:22:91:57:b3:c7:c2:c6:
         db:ca:77:4c:e5:88:1d:07:ba:21:75:ad:21:9b:89:7a:9c:cc:
         ff:ae:f6:c5:f9:fa:9d:fc:81:73:1f:2a:42:e1:7f:61:31:d8:
         72:8a:49:05:a9:45:bb:9d:c1:79:cf:b7:e3:30:cf:da:f6:89:
         d8:f8:60:09:e5:d8:65:54:1d:bb:d3:73:91:12:24:ee:ed:6a:
         2c:4d:f2:53:f8:e5:23:1f:c5:ef:52:c1:db:a3:57:2e:06:fb:
         aa:29:86:3b:e1:b5:86:5f:d2:ce:f2:3b:c1:ff:26:10:c4:78:
         0d:25:69:dd:9f:08:82:7f:a0:78:60:a7:55:94:c9:61:8b:66:
         18:12:da:4a:6f:bc:5f:b6:ca:e9:9e:3f:73:68:4e:a9:84:f6:
         ff:94:79:8f:b6:5e:0b:a0:de:df:db:33:82:bf:e0:a4:fb:1f:
         a1:85:36:10:98:4c:ce:9b:d3:27:60:23:27:a9:ce:2e:89:3d:
         41:23:b8:d6:ac:80:3b:d8:8a:42:9c:f0:c4:13:52:4b:24:23:
         78:8b:30:7f:21:30:f3:17:e8:a5:9a:06:cd:cd:e3:93:82:ab:
         9b:19:e0:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIbzBiz3LkYSSE6ogybr3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOTY5NDZjNTAxZGRmNDg2OTZkYTJjZjExMGZkY2ViMjg2
ZmFjOTgwHhcNMjQwMTAyMDQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTQxZGNhNWVjNmFmMjlhYTFmMGIzM2JkYzBkMGM1ZDJjM2U3YTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYIm7u7VRAzC6X4CZ46WG9Mx4UFJ
hh9tQIz6B4IUfBEapfxsPh3+IsjqKPhaj/iTkgEvC+Xj3tWIq9kBqKmF54xm9sVp
nZjDN/s/eZyWrZxPMagMh3P+YvOAdkjczxQwhpIW1OGNYbrZ39umtWPmNKVrr2iN
P+DhWY7HIcWgXHHbQZ5+J1ynBcVP/fvmKevZWGwywTVIDzk/4uWoEhx71w/LDIuL
zo+2yMuGuARPAiEj7CxLIp48JHQfvaK6HVEdsf6Zysir1bwJpiTK0sYiItq6OT5p
Kd4mUsiP2JDwiFg+ycGX+ZVrpBL2Uk3ilUCr1DRZFxU1Hf9BU5uRpUtolQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM5B3KXsavKaofCzO9wNDF0sPnoHMB8GA1UdIwQY
MBaAFCyWlGxQHd9IaW2izxEP3Osob6yYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEphVWJGQWQzMGhwYmFMUEVRX2M2eWh2ckpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wNGZlZjgtZDJkZi00ZjdhLTkyYjQt
N2Y5NzBhM2FmOWNkLzEvemtIY3BleHE4cHFoOExNNzNBME1YU3ctZWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wNGZlZjgtZDJkZi00ZjdhLTkyYjQtN2Y5NzBhM2FmOWNk
LzEvTEphVWJGQWQzMGhwYmFMUEVRX2M2eWh2ckpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWf/PAwQA
ud9VMA0GCSqGSIb3DQEBCwUAA4IBAQBdMQbgDbzXYEl+YoksXAA8x8XUdM17gOIw
VrX8hyKRV7PHwsbbyndM5YgdB7ohda0hm4l6nMz/rvbF+fqd/IFzHypC4X9hMdhy
ikkFqUW7ncF5z7fjMM/a9onY+GAJ5dhlVB2703OREiTu7WosTfJT+OUjH8XvUsHb
o1cuBvuqKYY74bWGX9LO8jvB/yYQxHgNJWndnwiCf6B4YKdVlMlhi2YYEtpKb7xf
tsrpnj9zaE6phPb/lHmPtl4LoN7f2zOCv+Ck+x+hhTYQmEzOm9MnYCMnqc4uiT1B
I7jWrIA72IpCnPDEE1JLJCN4izB/ITDzF+ilmgbNzeOTgqubGeC1
-----END CERTIFICATE-----