Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/965826-eb93-470e-b67a-64e52b9dd8d1/1/Zo8ERzX9y6TGIwHrGRkqQZa2jKg.roa
File:                     Zo8ERzX9y6TGIwHrGRkqQZa2jKg.roa (raw, json)
Hash identifier:          dIqMv5ttUNk3zenowgSDrnwSOYxqrsH2GGyNYGLHYh0=
Subject key identifier:   66:8F:04:47:35:FD:CB:A4:C6:23:01:EB:19:19:2A:41:96:B6:8C:A8
Certificate issuer:       /CN=854bb7aa3908c998de3c42f7e1849538b0592617
Certificate serial:       018CC2DAEA55F3DDD71C64E768CCE0F82299
Authority key identifier: 85:4B:B7:AA:39:08:C9:98:DE:3C:42:F7:E1:84:95:38:B0:59:26:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hUu3qjkIyZjePEL34YSVOLBZJhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/965826-eb93-470e-b67a-64e52b9dd8d1/1/Zo8ERzX9y6TGIwHrGRkqQZa2jKg.roa
Signing time:             Mon 01 Jan 2024 02:29:35 +0000
ROA not before:           Mon 01 Jan 2024 02:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39522
IP address blocks:        193.36.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/965826-eb93-470e-b67a-64e52b9dd8d1/1/hUu3qjkIyZjePEL34YSVOLBZJhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/965826-eb93-470e-b67a-64e52b9dd8d1/1/hUu3qjkIyZjePEL34YSVOLBZJhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hUu3qjkIyZjePEL34YSVOLBZJhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ea:55:f3:dd:d7:1c:64:e7:68:cc:e0:f8:22:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=854bb7aa3908c998de3c42f7e1849538b0592617
        Validity
            Not Before: Jan  1 02:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=668f044735fdcba4c62301eb19192a4196b68ca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:db:83:57:40:bf:be:cb:69:db:98:f3:4d:44:
                    24:f3:9e:82:fd:fd:b3:44:42:00:31:05:68:26:81:
                    2a:fa:82:ca:36:97:b2:e6:cd:b6:ca:ff:2b:b8:87:
                    fc:3f:67:24:c3:da:a4:06:61:aa:6f:57:86:c7:ba:
                    72:c2:30:78:ef:ad:9e:27:75:76:21:cd:b1:25:76:
                    fc:aa:42:d3:2e:10:9b:d3:5b:ce:4d:67:d7:59:1b:
                    53:44:39:c5:79:16:da:84:38:50:da:a7:27:79:da:
                    44:fd:a3:35:29:4f:5f:d4:15:a1:b2:d4:f2:c5:a1:
                    eb:e1:d6:45:6e:20:b8:c8:a1:53:30:f6:29:79:c8:
                    69:ad:32:c3:e3:a5:fc:71:a4:3a:d1:d5:33:ae:f7:
                    99:0f:68:77:17:10:e1:06:6a:9c:fc:6f:8e:29:8d:
                    3c:7e:93:79:f8:ce:18:41:59:1e:4e:e8:b3:23:cc:
                    3d:a6:28:d1:4b:8e:6f:ac:9d:6f:d0:e3:87:f6:7e:
                    bc:72:6d:36:15:b1:06:38:f8:1c:61:ee:e0:c4:55:
                    03:20:fb:a1:5c:54:69:b4:35:19:e8:11:38:8a:39:
                    81:91:39:2c:09:43:32:03:df:8c:08:50:62:4f:45:
                    6e:0f:16:ea:24:15:d6:ec:e6:c5:7f:8a:e1:36:f5:
                    0b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:8F:04:47:35:FD:CB:A4:C6:23:01:EB:19:19:2A:41:96:B6:8C:A8
            X509v3 Authority Key Identifier:
                keyid:85:4B:B7:AA:39:08:C9:98:DE:3C:42:F7:E1:84:95:38:B0:59:26:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hUu3qjkIyZjePEL34YSVOLBZJhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/965826-eb93-470e-b67a-64e52b9dd8d1/1/Zo8ERzX9y6TGIwHrGRkqQZa2jKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/965826-eb93-470e-b67a-64e52b9dd8d1/1/hUu3qjkIyZjePEL34YSVOLBZJhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:88:64:91:af:6f:e1:73:9a:f1:5e:07:41:00:e0:14:13:16:
         a5:a6:4c:30:be:69:a3:95:02:a8:a5:f9:a7:80:11:32:e4:6e:
         ce:ee:33:4f:2b:0d:82:d3:34:0b:73:65:8d:71:b2:e2:9e:93:
         61:1c:d1:94:8d:f8:f3:d8:31:c2:a5:26:fa:66:54:ab:71:76:
         8a:e4:13:f9:ec:a0:b5:98:ae:43:dd:ae:d6:f2:d7:8a:3c:8b:
         dc:e0:07:b2:81:d6:b9:ca:23:47:a0:af:ed:c0:c2:4f:f6:51:
         ed:71:f2:32:be:23:6b:08:bc:79:e8:cc:77:8e:e2:00:f1:a0:
         c7:24:81:c9:88:26:c9:55:f0:9f:3d:db:fb:64:31:69:2e:9b:
         3c:87:06:33:41:29:2d:4e:d3:24:2e:48:1f:97:71:5c:a2:f8:
         ad:d8:bd:0a:0d:3d:54:cb:05:a4:59:0f:55:2e:20:64:97:4c:
         43:b0:fa:5b:8a:64:c1:d0:30:50:5c:a9:0d:95:ef:f9:4d:c7:
         bb:58:e7:48:79:c6:59:69:be:a7:63:e6:63:9e:dd:36:bb:f1:
         cb:c6:7b:83:46:a7:01:df:06:41:a5:b7:44:25:3d:c6:2f:28:
         ed:3a:a0:87:4a:5a:ff:ea:9d:b4:42:cc:fa:33:da:46:82:5b:
         c3:7b:ca:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2upV893XHGTnaMzg+CKZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NGJiN2FhMzkwOGM5OThkZTNjNDJmN2UxODQ5NTM4YjA1
OTI2MTcwHhcNMjQwMTAxMDIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjhmMDQ0NzM1ZmRjYmE0YzYyMzAxZWIxOTE5MmE0MTk2YjY4Y2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzduDV0C/vstp25jzTUQk856C/f2z
REIAMQVoJoEq+oLKNpey5s22yv8ruIf8P2ckw9qkBmGqb1eGx7pywjB4762eJ3V2
Ic2xJXb8qkLTLhCb01vOTWfXWRtTRDnFeRbahDhQ2qcnedpE/aM1KU9f1BWhstTy
xaHr4dZFbiC4yKFTMPYpechprTLD46X8caQ60dUzrveZD2h3FxDhBmqc/G+OKY08
fpN5+M4YQVkeTuizI8w9pijRS45vrJ1v0OOH9n68cm02FbEGOPgcYe7gxFUDIPuh
XFRptDUZ6BE4ijmBkTksCUMyA9+MCFBiT0VuDxbqJBXW7ObFf4rhNvUL1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGaPBEc1/cukxiMB6xkZKkGWtoyoMB8GA1UdIwQY
MBaAFIVLt6o5CMmY3jxC9+GElTiwWSYXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFV1M3Fqa0l5WmplUEVMMzRZU1ZPTEJaSmhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85NjU4MjYtZWI5My00NzBlLWI2N2Et
NjRlNTJiOWRkOGQxLzEvWm84RVJ6WDl5NlRHSXdIckdSa3FRWmEyaktnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85NjU4MjYtZWI5My00NzBlLWI2N2EtNjRlNTJiOWRkOGQx
LzEvaFV1M3Fqa0l5WmplUEVMMzRZU1ZPTEJaSmhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSQhMA0G
CSqGSIb3DQEBCwUAA4IBAQAuiGSRr2/hc5rxXgdBAOAUExalpkwwvmmjlQKopfmn
gBEy5G7O7jNPKw2C0zQLc2WNcbLinpNhHNGUjfjz2DHCpSb6ZlSrcXaK5BP57KC1
mK5D3a7W8teKPIvc4Aeygda5yiNHoK/twMJP9lHtcfIyviNrCLx56Mx3juIA8aDH
JIHJiCbJVfCfPdv7ZDFpLps8hwYzQSktTtMkLkgfl3Fcovit2L0KDT1UywWkWQ9V
LiBkl0xDsPpbimTB0DBQXKkNle/5Tce7WOdIecZZab6nY+Zjnt02u/HLxnuDRqcB
3wZBpbdEJT3GLyjtOqCHSlr/6p20Qsz6M9pGglvDe8p1
-----END CERTIFICATE-----