Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/pzkjw80sSI5ZSo8mkIVHFGhNG6E.roa
File:                     pzkjw80sSI5ZSo8mkIVHFGhNG6E.roa (raw, json)
Hash identifier:          8kpKl8DIJ78CfwAVXaV/vJg0pOJk6AXkHQ8AqS68MEI=
Subject key identifier:   A7:39:23:C3:CD:2C:48:8E:59:4A:8F:26:90:85:47:14:68:4D:1B:A1
Certificate issuer:       /CN=47aa878f76b50947cbd7deca04ac832e287b514d
Certificate serial:       018CC6B829386B031203675CE5630F312957
Authority key identifier: 47:AA:87:8F:76:B5:09:47:CB:D7:DE:CA:04:AC:83:2E:28:7B:51:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/pzkjw80sSI5ZSo8mkIVHFGhNG6E.roa
Signing time:             Mon 01 Jan 2024 20:30:07 +0000
ROA not before:           Mon 01 Jan 2024 20:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15814
IP address blocks:        194.36.224.0/20 maxlen: 24
                          2a03:98c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:29:38:6b:03:12:03:67:5c:e5:63:0f:31:29:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47aa878f76b50947cbd7deca04ac832e287b514d
        Validity
            Not Before: Jan  1 20:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a73923c3cd2c488e594a8f2690854714684d1ba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f1:3b:5f:82:f0:41:5e:af:d3:e5:45:aa:0b:
                    26:e2:07:0b:0a:26:40:15:3d:bb:3b:49:2e:15:67:
                    34:bb:75:c0:0e:55:13:87:d3:b3:4c:72:d7:72:f1:
                    51:04:fd:97:23:27:7e:45:8e:8f:9b:13:c1:1e:f1:
                    34:90:e6:8c:00:1d:6c:64:43:f1:3f:24:9d:74:5f:
                    b5:1f:81:03:a5:1b:99:40:93:0d:41:65:32:27:57:
                    02:94:ad:f8:3c:e9:f2:8b:c0:14:60:f0:0b:7d:52:
                    fd:47:25:c5:41:2f:06:65:bc:54:c4:ec:8d:0f:eb:
                    5f:45:d2:9f:fb:e1:31:fd:b8:70:9e:29:51:60:da:
                    ff:17:21:4e:4e:5c:28:db:6a:a5:cb:2e:65:f4:b0:
                    73:86:26:83:c3:12:25:22:49:b2:92:5b:53:e9:5b:
                    3b:7c:97:4e:fb:06:dc:5d:a0:72:24:83:77:ab:a1:
                    a8:44:bf:90:f7:f4:fa:2b:5d:10:77:3d:fc:d7:83:
                    bd:56:ff:de:8f:ba:fd:94:f4:b5:dd:10:79:7a:e3:
                    ee:16:37:cb:0a:7c:d2:71:e0:21:55:34:79:6c:12:
                    e8:32:5b:4f:29:7d:1c:4c:fe:b9:45:ec:48:59:10:
                    a3:b0:05:56:5c:0b:b0:03:32:2b:33:f2:a8:69:4d:
                    93:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:39:23:C3:CD:2C:48:8E:59:4A:8F:26:90:85:47:14:68:4D:1B:A1
            X509v3 Authority Key Identifier:
                keyid:47:AA:87:8F:76:B5:09:47:CB:D7:DE:CA:04:AC:83:2E:28:7B:51:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R6qHj3a1CUfL197KBKyDLih7UU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/pzkjw80sSI5ZSo8mkIVHFGhNG6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c1ab26-28b0-4637-b51b-3992c54e187b/1/R6qHj3a1CUfL197KBKyDLih7UU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.224.0/20
                IPv6:
                  2a03:98c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:17:65:cd:50:0d:c6:35:5c:3e:19:e7:ef:e2:e1:87:d1:6b:
         ba:e3:88:d2:e8:fa:4f:9f:53:5d:94:c7:f8:2d:0f:8f:bd:81:
         67:f9:4d:d9:8a:ef:6f:25:c8:59:1d:ca:e4:27:6f:13:c7:fc:
         14:33:79:d6:26:cf:f6:d5:b5:61:7f:34:a2:f8:c4:70:a9:ee:
         39:0c:82:da:7c:0d:81:5c:38:81:02:77:76:96:30:00:f0:c1:
         30:e9:ee:9f:3d:2f:8b:c8:0f:66:bd:9d:1b:73:34:27:46:ab:
         14:ee:ef:f8:93:f9:8d:28:64:c4:2b:1a:96:06:23:e8:2d:b1:
         83:15:ee:88:25:ee:db:07:8f:b6:5e:7e:6d:25:1f:94:58:54:
         b9:8c:a9:0d:84:8f:3b:03:35:a3:aa:03:08:c0:65:40:3c:ea:
         d5:c5:e2:1e:c1:53:28:7a:e0:a9:0c:c0:6e:74:b7:b0:10:c4:
         c5:be:61:96:cb:d8:97:3c:70:b8:fd:d2:e1:cf:50:07:28:71:
         8a:c0:ce:2e:75:35:38:3e:70:b6:a2:0d:b0:a7:aa:7c:b8:07:
         f5:d1:4c:f7:62:36:7e:ad:40:b6:a3:e5:84:85:22:4d:98:3e:
         8a:f5:9d:93:e0:74:5e:14:6c:c2:44:ea:a9:26:1d:be:e3:32:
         b0:3e:b1:66
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuCk4awMSA2dc5WMPMSlXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YWE4NzhmNzZiNTA5NDdjYmQ3ZGVjYTA0YWM4MzJlMjg3
YjUxNGQwHhcNMjQwMTAxMjAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzM5MjNjM2NkMmM0ODhlNTk0YThmMjY5MDg1NDcxNDY4NGQxYmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPE7X4LwQV6v0+VFqgsm4gcLCiZA
FT27O0kuFWc0u3XADlUTh9OzTHLXcvFRBP2XIyd+RY6PmxPBHvE0kOaMAB1sZEPx
PySddF+1H4EDpRuZQJMNQWUyJ1cClK34POnyi8AUYPALfVL9RyXFQS8GZbxUxOyN
D+tfRdKf++Ex/bhwnilRYNr/FyFOTlwo22qlyy5l9LBzhiaDwxIlIkmykltT6Vs7
fJdO+wbcXaByJIN3q6GoRL+Q9/T6K10Qdz3814O9Vv/ej7r9lPS13RB5euPuFjfL
CnzSceAhVTR5bBLoMltPKX0cTP65RexIWRCjsAVWXAuwAzIrM/KoaU2T3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKc5I8PNLEiOWUqPJpCFRxRoTRuhMB8GA1UdIwQY
MBaAFEeqh492tQlHy9feygSsgy4oe1FNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjZxSGozYTFDVWZMMTk3S0JLeURMaWg3VVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jMWFiMjYtMjhiMC00NjM3LWI1MWIt
Mzk5MmM1NGUxODdiLzEvcHpranc4MHNTSTVaU284bWtJVkhGR2hORzZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jMWFiMjYtMjhiMC00NjM3LWI1MWItMzk5MmM1NGUxODdi
LzEvUjZxSGozYTFDVWZMMTk3S0JLeURMaWg3VVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEwiTgMA0E
AgACMAcDBQAqA5jAMA0GCSqGSIb3DQEBCwUAA4IBAQBEF2XNUA3GNVw+Gefv4uGH
0Wu644jS6PpPn1NdlMf4LQ+PvYFn+U3Ziu9vJchZHcrkJ28Tx/wUM3nWJs/21bVh
fzSi+MRwqe45DILafA2BXDiBAnd2ljAA8MEw6e6fPS+LyA9mvZ0bczQnRqsU7u/4
k/mNKGTEKxqWBiPoLbGDFe6IJe7bB4+2Xn5tJR+UWFS5jKkNhI87AzWjqgMIwGVA
POrVxeIewVMoeuCpDMBudLewEMTFvmGWy9iXPHC4/dLhz1AHKHGKwM4udTU4PnC2
og2wp6p8uAf10Uz3YjZ+rUC2o+WEhSJNmD6K9Z2T4HReFGzCROqpJh2+4zKwPrFm
-----END CERTIFICATE-----