Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/a46c86-4b08-482b-92ca-84ee22a3ee5b/1/zwngkprKv9dWhJJtPwhumKEnFlI.roa
File:                     zwngkprKv9dWhJJtPwhumKEnFlI.roa (raw, json)
Hash identifier:          IDNDPK/ym9YiJyYsBdhkd9KNjhkPgqOXskuzDxjjZUo=
Subject key identifier:   CF:09:E0:92:9A:CA:BF:D7:56:84:92:6D:3F:08:6E:98:A1:27:16:52
Certificate issuer:       /CN=fdad61d8e8c1abda8596930e21f18211a517681f
Certificate serial:       018CC80142939F680C4627917F4E2B57EAA3
Authority key identifier: FD:AD:61:D8:E8:C1:AB:DA:85:96:93:0E:21:F1:82:11:A5:17:68:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_a1h2OjBq9qFlpMOIfGCEaUXaB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/a46c86-4b08-482b-92ca-84ee22a3ee5b/1/zwngkprKv9dWhJJtPwhumKEnFlI.roa
Signing time:             Tue 02 Jan 2024 02:29:34 +0000
ROA not before:           Tue 02 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49764
IP address blocks:        185.218.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/a46c86-4b08-482b-92ca-84ee22a3ee5b/1/_a1h2OjBq9qFlpMOIfGCEaUXaB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/a46c86-4b08-482b-92ca-84ee22a3ee5b/1/_a1h2OjBq9qFlpMOIfGCEaUXaB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_a1h2OjBq9qFlpMOIfGCEaUXaB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:42:93:9f:68:0c:46:27:91:7f:4e:2b:57:ea:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdad61d8e8c1abda8596930e21f18211a517681f
        Validity
            Not Before: Jan  2 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf09e0929acabfd75684926d3f086e98a1271652
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:41:e3:61:5a:0b:d7:25:4f:b2:69:25:f4:50:
                    31:b6:fa:a4:3b:61:1c:af:2a:a8:1a:b8:72:66:60:
                    38:54:a5:3e:64:81:42:f7:53:07:b1:a3:fc:4c:85:
                    da:b0:fb:4c:d0:54:3a:3e:6d:77:07:d1:95:bd:87:
                    91:6a:41:ba:1d:67:0e:1e:2f:ca:3d:09:54:f5:1c:
                    43:67:37:aa:db:dc:82:76:0f:48:09:82:bd:77:d2:
                    69:e8:43:fb:b8:61:84:5c:6a:90:a8:e8:7c:bd:f1:
                    60:31:e2:8b:23:e9:5e:22:7b:77:15:4a:af:0a:34:
                    c1:c1:41:cf:c1:b5:55:46:60:5c:31:9d:da:00:ad:
                    24:79:46:90:75:da:41:87:10:59:3d:57:0d:b0:65:
                    20:b7:e2:29:fc:2b:09:20:e0:74:6e:a4:45:68:dc:
                    80:17:fc:00:2a:02:c3:d3:ce:d4:da:93:a5:35:35:
                    b0:aa:c3:f4:70:44:7d:d4:55:f4:f8:e8:fe:26:64:
                    1d:70:dd:fd:0d:fb:48:ac:48:f5:c0:79:7c:05:84:
                    e2:32:aa:ce:82:c9:e5:b4:ff:ef:19:98:9e:19:4e:
                    ed:02:98:c8:2c:6a:d1:86:29:2f:41:d8:07:ca:1a:
                    f8:23:07:d5:5e:11:81:da:dd:3f:c6:9d:14:03:8e:
                    72:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:09:E0:92:9A:CA:BF:D7:56:84:92:6D:3F:08:6E:98:A1:27:16:52
            X509v3 Authority Key Identifier:
                keyid:FD:AD:61:D8:E8:C1:AB:DA:85:96:93:0E:21:F1:82:11:A5:17:68:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_a1h2OjBq9qFlpMOIfGCEaUXaB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/a46c86-4b08-482b-92ca-84ee22a3ee5b/1/zwngkprKv9dWhJJtPwhumKEnFlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/a46c86-4b08-482b-92ca-84ee22a3ee5b/1/_a1h2OjBq9qFlpMOIfGCEaUXaB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:a3:b2:24:57:3c:34:63:1a:06:8f:f3:91:39:9f:26:3e:d6:
         21:12:a5:e1:c4:a1:f5:e2:4e:69:14:f3:b1:a8:92:ca:80:ad:
         e0:21:68:ae:bf:71:64:26:03:7f:d3:f8:56:0c:a8:81:2c:20:
         09:08:f5:56:33:5b:4b:0b:df:a0:7b:2b:c0:40:51:84:0d:7b:
         01:36:8f:40:ae:f6:08:05:57:b6:63:dd:9e:be:b5:39:c9:18:
         1b:e4:97:e4:b4:2f:0e:4b:8a:87:e5:87:f9:eb:13:94:9a:a4:
         7e:1d:bf:bb:75:f1:72:26:57:02:48:e5:23:03:58:fd:64:f0:
         ba:b0:c8:df:1f:fb:0c:30:77:52:56:56:20:f7:43:9b:82:12:
         b6:1b:32:e6:c3:e3:2f:73:42:71:e3:93:2a:7b:20:72:e9:30:
         62:d6:7b:d5:d1:8f:84:c5:8c:07:31:b9:e3:35:f3:15:b7:c6:
         6c:03:bb:9d:bc:0c:8d:80:ca:7d:d0:b0:81:28:10:ce:a9:8c:
         fa:73:1d:c2:d7:e6:30:2b:4c:17:36:73:49:c4:56:01:33:62:
         3e:6e:f0:08:8d:03:06:b1:08:14:51:c3:61:ce:c2:c6:94:15:
         4a:fc:7d:7e:6c:6a:67:43:3c:0a:aa:51:8e:f3:69:0b:3f:df:
         b9:3f:50:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUKTn2gMRieRf04rV+qjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkYWQ2MWQ4ZThjMWFiZGE4NTk2OTMwZTIxZjE4MjExYTUx
NzY4MWYwHhcNMjQwMTAyMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjA5ZTA5MjlhY2FiZmQ3NTY4NDkyNmQzZjA4NmU5OGExMjcxNjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEHjYVoL1yVPsmkl9FAxtvqkO2Ec
ryqoGrhyZmA4VKU+ZIFC91MHsaP8TIXasPtM0FQ6Pm13B9GVvYeRakG6HWcOHi/K
PQlU9RxDZzeq29yCdg9ICYK9d9Jp6EP7uGGEXGqQqOh8vfFgMeKLI+leInt3FUqv
CjTBwUHPwbVVRmBcMZ3aAK0keUaQddpBhxBZPVcNsGUgt+Ip/CsJIOB0bqRFaNyA
F/wAKgLD087U2pOlNTWwqsP0cER91FX0+Oj+JmQdcN39DftIrEj1wHl8BYTiMqrO
gsnltP/vGZieGU7tApjILGrRhikvQdgHyhr4IwfVXhGB2t0/xp0UA45yiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8J4JKayr/XVoSSbT8IbpihJxZSMB8GA1UdIwQY
MBaAFP2tYdjowavahZaTDiHxghGlF2gfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2ExaDJPakJxOXFGbHBNT0lmR0NFYVVYYUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9hNDZjODYtNGIwOC00ODJiLTkyY2Et
ODRlZTIyYTNlZTViLzEvenduZ2twckt2OWRXaEpKdFB3aHVtS0VuRmxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9hNDZjODYtNGIwOC00ODJiLTkyY2EtODRlZTIyYTNlZTVi
LzEvX2ExaDJPakJxOXFGbHBNT0lmR0NFYVVYYUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudpHMA0G
CSqGSIb3DQEBCwUAA4IBAQA+o7IkVzw0YxoGj/OROZ8mPtYhEqXhxKH14k5pFPOx
qJLKgK3gIWiuv3FkJgN/0/hWDKiBLCAJCPVWM1tLC9+geyvAQFGEDXsBNo9ArvYI
BVe2Y92evrU5yRgb5JfktC8OS4qH5Yf56xOUmqR+Hb+7dfFyJlcCSOUjA1j9ZPC6
sMjfH/sMMHdSVlYg90ObghK2GzLmw+Mvc0Jx45MqeyBy6TBi1nvV0Y+ExYwHMbnj
NfMVt8ZsA7udvAyNgMp90LCBKBDOqYz6cx3C1+YwK0wXNnNJxFYBM2I+bvAIjQMG
sQgUUcNhzsLGlBVK/H1+bGpnQzwKqlGO82kLP9+5P1DI
-----END CERTIFICATE-----