Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/ZaopL2C3OzYYo2pf5sUL9ClL2qA.roa
File:                     ZaopL2C3OzYYo2pf5sUL9ClL2qA.roa (raw, json)
Hash identifier:          pJMn7f45dvXjf92/8Qt/egXmI118oiUMuNdtB0GoC1M=
Subject key identifier:   65:AA:29:2F:60:B7:3B:36:18:A3:6A:5F:E6:C5:0B:F4:29:4B:DA:A0
Certificate issuer:       /CN=8ecf78ba0275d1d3b6492a8e9d610613c0306a17
Certificate serial:       018CC425335F32D1612436A4D10C3B7DE36C
Authority key identifier: 8E:CF:78:BA:02:75:D1:D3:B6:49:2A:8E:9D:61:06:13:C0:30:6A:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/js94ugJ10dO2SSqOnWEGE8Awahc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/ZaopL2C3OzYYo2pf5sUL9ClL2qA.roa
Signing time:             Mon 01 Jan 2024 08:30:21 +0000
ROA not before:           Mon 01 Jan 2024 08:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.34.191.0/24 maxlen: 24
                          185.34.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/js94ugJ10dO2SSqOnWEGE8Awahc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/js94ugJ10dO2SSqOnWEGE8Awahc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/js94ugJ10dO2SSqOnWEGE8Awahc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:03:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:33:5f:32:d1:61:24:36:a4:d1:0c:3b:7d:e3:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ecf78ba0275d1d3b6492a8e9d610613c0306a17
        Validity
            Not Before: Jan  1 08:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65aa292f60b73b3618a36a5fe6c50bf4294bdaa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:37:ce:81:2b:da:04:d2:34:5e:c8:06:6b:35:
                    ca:94:0e:30:5c:2a:54:d0:7e:9b:cb:cf:10:85:6b:
                    54:09:df:fe:64:51:67:53:2d:84:28:24:42:74:21:
                    e4:a8:41:7c:d1:ec:a1:9c:25:74:2e:69:78:03:4a:
                    53:bd:1e:5b:5c:d7:56:fb:61:95:72:02:65:fe:82:
                    88:ea:3a:f0:bc:07:78:06:3c:dc:02:0e:53:26:53:
                    43:04:d7:5c:5b:68:34:87:4e:e3:ea:d6:af:3f:88:
                    64:45:e3:8d:93:35:1e:37:2d:fc:67:8b:ce:05:25:
                    5b:2a:59:f6:82:e5:42:ee:42:ad:ea:5f:4d:78:d2:
                    14:d0:3a:68:2a:3d:03:78:ed:1a:99:e0:1d:26:27:
                    89:79:a5:78:1b:4d:ab:80:2a:fa:d5:50:9a:96:dd:
                    26:7c:70:75:f8:78:65:4d:4a:71:37:64:4e:76:3f:
                    a8:23:2c:be:fc:0d:a3:37:4d:76:54:24:64:03:63:
                    c9:76:2e:b7:75:13:1a:b1:71:83:9b:b0:39:ea:5e:
                    3c:3c:a1:ed:14:5f:a4:c3:c5:92:3c:51:b4:28:d9:
                    35:0a:1e:bc:ad:ed:09:c4:7d:81:18:65:e6:c2:aa:
                    14:c1:ec:34:1c:93:40:6f:0d:eb:82:03:68:ea:51:
                    57:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:AA:29:2F:60:B7:3B:36:18:A3:6A:5F:E6:C5:0B:F4:29:4B:DA:A0
            X509v3 Authority Key Identifier:
                keyid:8E:CF:78:BA:02:75:D1:D3:B6:49:2A:8E:9D:61:06:13:C0:30:6A:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/js94ugJ10dO2SSqOnWEGE8Awahc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/ZaopL2C3OzYYo2pf5sUL9ClL2qA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/js94ugJ10dO2SSqOnWEGE8Awahc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.188.0/24
                  185.34.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:d4:d7:63:40:29:64:e2:78:3d:52:7a:52:26:88:c5:ad:b2:
         a1:79:50:e0:1d:2b:70:0f:1d:9e:e5:14:7e:c5:27:35:80:a2:
         83:81:fa:a4:3b:64:ee:cd:2a:98:ab:2a:12:4d:cc:78:c2:dc:
         91:07:a7:fe:4c:ce:19:33:94:b9:bc:0e:4b:02:02:89:a0:2e:
         68:ab:df:b7:19:25:56:44:14:4f:f4:d9:68:64:9c:7a:29:ee:
         97:24:e4:61:e4:10:3c:3f:3d:71:af:c4:9a:e9:1f:d7:5e:00:
         1c:ee:a4:81:e0:da:62:48:67:9b:c3:71:51:1d:62:35:41:ba:
         f3:da:de:0f:79:38:14:4d:0a:19:de:bc:51:a7:8f:d4:da:8f:
         4d:b7:a3:fa:f9:90:49:7e:b2:a2:7a:56:e7:76:92:85:26:57:
         39:42:8a:21:45:db:d9:61:07:58:a7:a5:2e:78:a0:90:82:df:
         1b:be:33:b7:8b:4d:90:ed:62:e2:50:d7:2c:f1:b0:10:df:97:
         65:24:54:99:b1:6b:3f:2d:32:c9:3f:50:f3:9c:91:ce:32:50:
         ab:a4:5b:f8:60:bd:dc:74:eb:b6:5c:8d:59:1e:52:f6:47:e5:
         fc:4f:b2:c9:a8:64:e8:1f:13:a2:2f:0d:f8:e5:cb:7a:13:54:
         be:7e:ad:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJTNfMtFhJDak0Qw7feNsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlY2Y3OGJhMDI3NWQxZDNiNjQ5MmE4ZTlkNjEwNjEzYzAz
MDZhMTcwHhcNMjQwMTAxMDgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWFhMjkyZjYwYjczYjM2MThhMzZhNWZlNmM1MGJmNDI5NGJkYWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzfOgSvaBNI0XsgGazXKlA4wXCpU
0H6by88QhWtUCd/+ZFFnUy2EKCRCdCHkqEF80eyhnCV0Lml4A0pTvR5bXNdW+2GV
cgJl/oKI6jrwvAd4BjzcAg5TJlNDBNdcW2g0h07j6tavP4hkReONkzUeNy38Z4vO
BSVbKln2guVC7kKt6l9NeNIU0DpoKj0DeO0ameAdJieJeaV4G02rgCr61VCalt0m
fHB1+HhlTUpxN2ROdj+oIyy+/A2jN012VCRkA2PJdi63dRMasXGDm7A56l48PKHt
FF+kw8WSPFG0KNk1Ch68re0JxH2BGGXmwqoUwew0HJNAbw3rggNo6lFX/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGWqKS9gtzs2GKNqX+bFC/QpS9qgMB8GA1UdIwQY
MBaAFI7PeLoCddHTtkkqjp1hBhPAMGoXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanM5NHVnSjEwZE8yU1NxT25XRUdFOEF3YWhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iMmEyZGMtYzA3Ni00NWUxLWJlYzQt
MmJiZjhmYWEwMGNhLzEvWmFvcEwyQzNPellZbzJwZjVzVUw5Q2xMMnFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iMmEyZGMtYzA3Ni00NWUxLWJlYzQtMmJiZjhmYWEwMGNh
LzEvanM5NHVnSjEwZE8yU1NxT25XRUdFOEF3YWhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuSK8AwQA
uSK/MA0GCSqGSIb3DQEBCwUAA4IBAQAF1NdjQClk4ng9UnpSJojFrbKheVDgHStw
Dx2e5RR+xSc1gKKDgfqkO2TuzSqYqyoSTcx4wtyRB6f+TM4ZM5S5vA5LAgKJoC5o
q9+3GSVWRBRP9NloZJx6Ke6XJORh5BA8Pz1xr8Sa6R/XXgAc7qSB4NpiSGebw3FR
HWI1Qbrz2t4PeTgUTQoZ3rxRp4/U2o9Nt6P6+ZBJfrKielbndpKFJlc5QoohRdvZ
YQdYp6UueKCQgt8bvjO3i02Q7WLiUNcs8bAQ35dlJFSZsWs/LTLJP1DznJHOMlCr
pFv4YL3cdOu2XI1ZHlL2R+X8T7LJqGToHxOiLw345ct6E1S+fq2r
-----END CERTIFICATE-----