Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/c309ec-3254-4200-9a5e-ab42b4c93ed9/1/zFK0-fY7GzfA8MCCslwsdmvXMHw.roa
File:                     zFK0-fY7GzfA8MCCslwsdmvXMHw.roa (raw, json)
Hash identifier:          86n49pPE0F5Nma+PjZ5U3doDlQlEREtYs32wB+6ybpI=
Subject key identifier:   CC:52:B4:F9:F6:3B:1B:37:C0:F0:C0:82:B2:5C:2C:76:6B:D7:30:7C
Certificate issuer:       /CN=d20542a6135524142194caa708e7db2cca6b4e63
Certificate serial:       018CC8010D9DC863EDFB2F3F45E11F29DC4C
Authority key identifier: D2:05:42:A6:13:55:24:14:21:94:CA:A7:08:E7:DB:2C:CA:6B:4E:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0gVCphNVJBQhlMqnCOfbLMprTmM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/c309ec-3254-4200-9a5e-ab42b4c93ed9/1/zFK0-fY7GzfA8MCCslwsdmvXMHw.roa
Signing time:             Tue 02 Jan 2024 02:29:21 +0000
ROA not before:           Tue 02 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204565
IP address blocks:        185.242.37.0/24 maxlen: 24
                          185.242.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/c309ec-3254-4200-9a5e-ab42b4c93ed9/1/0gVCphNVJBQhlMqnCOfbLMprTmM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/c309ec-3254-4200-9a5e-ab42b4c93ed9/1/0gVCphNVJBQhlMqnCOfbLMprTmM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0gVCphNVJBQhlMqnCOfbLMprTmM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0d:9d:c8:63:ed:fb:2f:3f:45:e1:1f:29:dc:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d20542a6135524142194caa708e7db2cca6b4e63
        Validity
            Not Before: Jan  2 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc52b4f9f63b1b37c0f0c082b25c2c766bd7307c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f7:8c:ab:f7:dc:23:8a:ee:dd:87:21:8a:b6:
                    db:f9:68:fe:e9:08:33:28:a7:0f:ed:b0:39:1a:e9:
                    1a:d0:fa:ff:54:57:d7:99:1c:55:58:f5:c1:13:0d:
                    9c:2e:b3:99:0a:35:e2:03:e4:0d:e8:06:5a:06:9d:
                    2e:08:0b:9f:c3:4e:50:1f:5a:fb:f2:a7:3f:f3:31:
                    97:29:6a:39:ae:ef:52:b3:8f:3b:c5:2f:06:b5:cf:
                    cb:44:65:51:03:40:92:e7:00:2e:90:07:a6:c0:c2:
                    c9:4f:c7:4b:3a:07:37:be:b2:0a:73:f7:33:96:67:
                    f4:96:08:97:5d:cd:2d:6b:56:eb:df:21:f6:ad:5c:
                    7b:94:5f:98:66:8b:11:06:49:d7:5e:a2:37:49:73:
                    8b:5b:cd:08:df:62:40:39:d4:72:67:bc:f8:b6:33:
                    28:e8:d1:c3:40:60:e0:b8:f0:1d:04:66:bb:d0:72:
                    7e:fa:6d:fb:f0:bc:d5:1b:e4:eb:25:39:f3:03:2d:
                    50:00:a1:76:c1:ff:97:d2:d1:75:09:de:11:04:11:
                    b0:de:e1:2f:69:7c:af:f4:e3:5a:46:0e:d2:a9:5b:
                    29:1d:01:bd:ca:c8:c1:48:df:ec:33:a6:df:19:b0:
                    58:51:dc:9b:3a:97:a3:5c:43:38:7c:c2:98:5e:31:
                    bd:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:52:B4:F9:F6:3B:1B:37:C0:F0:C0:82:B2:5C:2C:76:6B:D7:30:7C
            X509v3 Authority Key Identifier:
                keyid:D2:05:42:A6:13:55:24:14:21:94:CA:A7:08:E7:DB:2C:CA:6B:4E:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0gVCphNVJBQhlMqnCOfbLMprTmM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/c309ec-3254-4200-9a5e-ab42b4c93ed9/1/zFK0-fY7GzfA8MCCslwsdmvXMHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/c309ec-3254-4200-9a5e-ab42b4c93ed9/1/0gVCphNVJBQhlMqnCOfbLMprTmM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:39:05:31:25:42:79:54:e1:8b:24:74:2c:b1:7a:06:d2:8d:
         f2:51:d2:ff:33:fa:37:97:1c:21:33:e8:08:d1:7c:95:8e:c1:
         72:18:96:fb:73:3a:21:8b:fb:cc:24:f3:30:85:02:9e:89:f5:
         64:4e:a0:c9:9a:5a:dc:88:08:f4:34:53:c4:dc:a8:b9:c2:c6:
         97:4b:45:b8:53:2b:ed:e5:65:0e:1c:c2:53:83:ac:38:9a:fc:
         14:20:fe:7a:8a:10:f2:83:66:f4:c0:f4:d0:e6:12:79:8c:b8:
         0a:a8:b8:de:8b:96:6d:a3:b0:ef:e3:e9:fc:5f:1b:92:3a:93:
         fd:eb:a7:86:57:43:41:c4:c5:26:06:ff:5b:e0:cf:4b:97:03:
         10:ff:93:53:c7:05:3e:04:49:88:ec:b8:78:e3:80:69:e4:b0:
         2b:b7:8a:d7:69:1d:a8:49:a8:23:09:52:7c:a2:a5:ce:74:3b:
         cc:54:2e:86:5e:dc:e7:26:fc:4c:1e:54:bc:a3:30:39:b4:c0:
         2e:07:68:74:cb:33:bc:47:20:48:78:3b:7b:11:f1:39:ca:c2:
         b7:f1:66:b3:d8:10:3c:0c:cf:4c:89:06:f3:3e:cc:77:39:1d:
         6e:06:aa:db:91:58:2a:56:ce:45:0d:fc:0b:53:80:a8:9d:f0:
         54:7e:15:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAQ2dyGPt+y8/ReEfKdxMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMDU0MmE2MTM1NTI0MTQyMTk0Y2FhNzA4ZTdkYjJjY2E2
YjRlNjMwHhcNMjQwMTAyMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzUyYjRmOWY2M2IxYjM3YzBmMGMwODJiMjVjMmM3NjZiZDczMDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPeMq/fcI4ru3Ychirbb+Wj+6Qgz
KKcP7bA5Guka0Pr/VFfXmRxVWPXBEw2cLrOZCjXiA+QN6AZaBp0uCAufw05QH1r7
8qc/8zGXKWo5ru9Ss487xS8Gtc/LRGVRA0CS5wAukAemwMLJT8dLOgc3vrIKc/cz
lmf0lgiXXc0ta1br3yH2rVx7lF+YZosRBknXXqI3SXOLW80I32JAOdRyZ7z4tjMo
6NHDQGDguPAdBGa70HJ++m378LzVG+TrJTnzAy1QAKF2wf+X0tF1Cd4RBBGw3uEv
aXyv9ONaRg7SqVspHQG9ysjBSN/sM6bfGbBYUdybOpejXEM4fMKYXjG9qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxStPn2Oxs3wPDAgrJcLHZr1zB8MB8GA1UdIwQY
MBaAFNIFQqYTVSQUIZTKpwjn2yzKa05jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGdWQ3BoTlZKQlFobE1xbkNPZmJMTXByVG1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9jMzA5ZWMtMzI1NC00MjAwLTlhNWUt
YWI0MmI0YzkzZWQ5LzEvekZLMC1mWTdHemZBOE1DQ3Nsd3NkbXZYTUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9jMzA5ZWMtMzI1NC00MjAwLTlhNWUtYWI0MmI0YzkzZWQ5
LzEvMGdWQ3BoTlZKQlFobE1xbkNPZmJMTXByVG1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufIkMA0G
CSqGSIb3DQEBCwUAA4IBAQCiOQUxJUJ5VOGLJHQssXoG0o3yUdL/M/o3lxwhM+gI
0XyVjsFyGJb7czohi/vMJPMwhQKeifVkTqDJmlrciAj0NFPE3Ki5wsaXS0W4Uyvt
5WUOHMJTg6w4mvwUIP56ihDyg2b0wPTQ5hJ5jLgKqLjei5Zto7Dv4+n8XxuSOpP9
66eGV0NBxMUmBv9b4M9LlwMQ/5NTxwU+BEmI7Lh444Bp5LArt4rXaR2oSagjCVJ8
oqXOdDvMVC6GXtznJvxMHlS8ozA5tMAuB2h0yzO8RyBIeDt7EfE5ysK38Waz2BA8
DM9MiQbzPsx3OR1uBqrbkVgqVs5FDfwLU4ConfBUfhXV
-----END CERTIFICATE-----