Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/ZF95itVHinbQgH1ND9H3eLsRN2g.roa
File:                     ZF95itVHinbQgH1ND9H3eLsRN2g.roa (raw, json)
Hash identifier:          sPumUlir/eeeq4ztOX6Eq6H3kjXYrFdgR1LiNlvaMv8=
Subject key identifier:   64:5F:79:8A:D5:47:8A:76:D0:80:7D:4D:0F:D1:F7:78:BB:11:37:68
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       018DAC7F051AEF388936FDF1C28D535B6C39
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/ZF95itVHinbQgH1ND9H3eLsRN2g.roa
Signing time:             Thu 15 Feb 2024 11:20:21 +0000
ROA not before:           Thu 15 Feb 2024 11:20:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62273
IP address blocks:        147.161.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:7f:05:1a:ef:38:89:36:fd:f1:c2:8d:53:5b:6c:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Feb 15 11:20:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=645f798ad5478a76d0807d4d0fd1f778bb113768
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:85:09:34:28:00:ab:94:61:17:18:f5:cd:71:
                    97:82:f1:e1:40:4b:85:da:a5:c0:10:71:62:36:5c:
                    65:88:99:7e:54:aa:e2:94:bb:93:3d:a5:67:99:be:
                    1f:17:4b:4a:a6:4e:8b:44:d9:53:44:af:a8:03:2a:
                    d6:8d:3f:07:33:0b:8d:3b:ca:4e:89:03:e2:09:58:
                    5b:9e:b9:3a:a6:3a:a1:36:c3:0a:83:22:07:cb:c0:
                    62:46:db:39:55:5f:fb:2f:9b:0c:4f:66:14:11:c2:
                    ca:e1:b0:26:da:c5:59:b6:1a:07:c2:26:f7:e4:9c:
                    72:fc:c9:de:9b:95:6f:13:28:7f:b9:2c:e0:a3:ee:
                    fe:3d:ef:cb:30:4b:b6:30:16:69:6a:b1:c8:83:87:
                    63:4a:d5:85:be:9d:fb:76:07:bc:2a:48:dc:b6:f2:
                    0f:ed:97:af:44:e5:9a:8f:c1:81:57:8a:34:34:af:
                    b1:aa:f9:0b:62:ba:8a:41:70:e5:b3:76:78:45:ef:
                    24:1f:4b:75:04:09:42:75:85:1c:85:56:fd:8c:b6:
                    b1:53:7f:2a:07:02:db:95:7e:b5:59:83:92:33:27:
                    c2:95:82:4b:4e:d4:3e:d5:db:f9:cc:25:d0:79:94:
                    3b:17:ec:99:dc:8e:bf:e4:27:fa:a4:82:66:81:8d:
                    4b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:5F:79:8A:D5:47:8A:76:D0:80:7D:4D:0F:D1:F7:78:BB:11:37:68
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/ZF95itVHinbQgH1ND9H3eLsRN2g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.161.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:6c:9d:2a:a9:1f:c4:40:bc:6b:45:4d:83:16:49:44:53:08:
         ef:0e:1f:eb:06:31:fa:51:9c:6a:1d:0e:e3:10:be:d5:8f:25:
         9f:0c:07:35:0e:2f:60:20:39:24:19:9e:00:82:a2:df:68:47:
         a0:a0:50:c0:b9:5c:99:77:53:ee:ae:7a:9e:03:8b:41:76:02:
         30:41:27:37:54:8b:18:a2:65:2a:56:39:c9:1e:15:f8:2a:25:
         ca:b4:a5:73:c2:99:ef:f0:98:f4:42:07:f1:68:59:72:26:f2:
         51:e4:5e:4d:22:67:b4:80:bd:b9:0f:36:b4:b1:3a:42:eb:f6:
         c0:f8:0d:81:ca:bf:2b:80:b9:d2:af:f4:2c:22:d0:67:81:e4:
         bf:b0:67:32:fd:ef:7c:ab:f5:bb:c4:e6:46:d0:d3:ff:39:86:
         4a:b0:98:26:69:fa:b0:70:e1:9b:45:4b:a7:27:36:59:aa:1a:
         c9:92:6f:20:a6:a4:58:b4:76:34:df:95:b2:38:31:76:a5:4c:
         99:e4:d9:4e:20:26:0d:ce:24:27:fd:b2:a8:b4:b4:fa:15:f6:
         1e:b2:33:69:4a:b9:0d:05:82:b5:0c:f6:bb:36:bd:b3:88:5f:
         9c:d7:2d:31:9c:90:cc:e7:9d:8a:ab:51:07:74:dd:3a:3a:7f:
         ae:ce:bf:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2sfwUa7ziJNv3xwo1TW2w5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjQwMjE1MTEyMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDVmNzk4YWQ1NDc4YTc2ZDA4MDdkNGQwZmQxZjc3OGJiMTEzNzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoUJNCgAq5RhFxj1zXGXgvHhQEuF
2qXAEHFiNlxliJl+VKrilLuTPaVnmb4fF0tKpk6LRNlTRK+oAyrWjT8HMwuNO8pO
iQPiCVhbnrk6pjqhNsMKgyIHy8BiRts5VV/7L5sMT2YUEcLK4bAm2sVZthoHwib3
5Jxy/Mnem5VvEyh/uSzgo+7+Pe/LMEu2MBZparHIg4djStWFvp37dge8KkjctvIP
7ZevROWaj8GBV4o0NK+xqvkLYrqKQXDls3Z4Re8kH0t1BAlCdYUchVb9jLaxU38q
BwLblX61WYOSMyfClYJLTtQ+1dv5zCXQeZQ7F+yZ3I6/5Cf6pIJmgY1L0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRfeYrVR4p20IB9TQ/R93i7ETdoMB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvWkY5NWl0VkhpbmJRZ0gxTkQ5SDNlTHNSTjJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk6EDMA0G
CSqGSIb3DQEBCwUAA4IBAQAwbJ0qqR/EQLxrRU2DFklEUwjvDh/rBjH6UZxqHQ7j
EL7VjyWfDAc1Di9gIDkkGZ4AgqLfaEegoFDAuVyZd1PurnqeA4tBdgIwQSc3VIsY
omUqVjnJHhX4KiXKtKVzwpnv8Jj0QgfxaFlyJvJR5F5NIme0gL25Dza0sTpC6/bA
+A2Byr8rgLnSr/QsItBngeS/sGcy/e98q/W7xOZG0NP/OYZKsJgmafqwcOGbRUun
JzZZqhrJkm8gpqRYtHY035WyODF2pUyZ5NlOICYNziQn/bKotLT6FfYesjNpSrkN
BYK1DPa7Nr2ziF+c1y0xnJDM552Kq1EHdN06On+uzr/2
-----END CERTIFICATE-----