Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/ZF1jbg9imSE99v9wnjYiFsrSp80.roa
File:                     ZF1jbg9imSE99v9wnjYiFsrSp80.roa (raw, json)
Hash identifier:          LjKPS7P95/sknbOLHMurtzSngc9wq7pxGqEJz4HRz1E=
Subject key identifier:   64:5D:63:6E:0F:62:99:21:3D:F6:FF:70:9E:36:22:16:CA:D2:A7:CD
Certificate issuer:       /CN=3bfa6636fe6440acf293b75705a7a1dcada8420b
Certificate serial:       018CC870965649E9C35083BE8ED781F0C463
Authority key identifier: 3B:FA:66:36:FE:64:40:AC:F2:93:B7:57:05:A7:A1:DC:AD:A8:42:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/ZF1jbg9imSE99v9wnjYiFsrSp80.roa
Signing time:             Tue 02 Jan 2024 04:31:10 +0000
ROA not before:           Tue 02 Jan 2024 04:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208299
IP address blocks:        185.161.218.0/24 maxlen: 24
                          185.161.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 04:02:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:96:56:49:e9:c3:50:83:be:8e:d7:81:f0:c4:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bfa6636fe6440acf293b75705a7a1dcada8420b
        Validity
            Not Before: Jan  2 04:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=645d636e0f6299213df6ff709e362216cad2a7cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a3:f7:b3:9e:bb:a9:bc:3f:fe:b5:c4:42:a3:
                    17:1c:65:79:40:4a:36:92:23:ae:d7:4a:cc:ca:8c:
                    2a:e5:b2:4e:7d:e7:5c:a1:ed:f1:5f:8c:a8:85:0d:
                    fc:e2:36:34:28:8a:b4:33:a4:4a:29:80:07:70:1d:
                    a5:ec:0c:c1:11:aa:ab:90:60:aa:ec:99:a0:38:08:
                    a5:7c:f5:5c:37:57:d9:7b:1f:19:50:c2:95:ba:51:
                    72:53:b7:35:04:98:6a:a6:92:6e:40:de:fd:a6:e8:
                    c0:4a:67:5b:87:d5:5b:88:7b:e9:35:3c:a6:18:a2:
                    7f:cf:43:3f:c0:8c:d8:8e:fe:1f:9b:1b:d4:b8:1b:
                    86:2e:1b:8d:1a:bf:33:cb:2a:26:b4:4d:b7:29:57:
                    ef:69:8f:94:38:b8:5a:aa:63:83:b5:e0:28:33:ad:
                    4f:7b:51:15:76:0d:27:71:54:94:6c:5e:a6:b4:c2:
                    3d:e0:dd:79:22:25:3f:4c:c2:cd:87:fe:79:d5:3e:
                    80:f3:7c:28:05:c4:a0:c4:d0:82:59:0b:d8:e6:90:
                    99:34:12:3d:da:2c:3a:34:7b:f1:79:6b:fc:5b:17:
                    4b:a3:85:5b:c0:d8:66:d9:4f:05:b1:d0:16:76:77:
                    f4:6b:31:36:c0:39:bd:2e:56:ae:37:01:3a:a5:d5:
                    14:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:5D:63:6E:0F:62:99:21:3D:F6:FF:70:9E:36:22:16:CA:D2:A7:CD
            X509v3 Authority Key Identifier:
                keyid:3B:FA:66:36:FE:64:40:AC:F2:93:B7:57:05:A7:A1:DC:AD:A8:42:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/ZF1jbg9imSE99v9wnjYiFsrSp80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:0d:f5:60:e8:9b:98:6d:33:74:2d:30:75:b3:0a:eb:a2:e2:
         52:66:9e:6b:85:9a:3e:d0:8d:49:cb:a8:fb:b4:80:4d:52:21:
         70:e5:6b:54:36:3e:2f:18:73:e1:52:73:ef:b0:d5:3f:cf:ea:
         7e:ef:14:8d:08:f7:b9:86:df:21:f6:a4:f1:23:7a:49:9d:da:
         3b:00:46:ed:93:e8:35:f0:dc:0e:ee:dd:45:f1:f4:3b:05:1f:
         ec:86:52:55:d9:c5:65:d0:8d:9d:07:c9:cf:80:21:b5:e9:45:
         7f:ef:be:7c:36:03:f9:e2:79:f2:40:0a:be:5c:83:70:4b:85:
         30:b5:7d:cf:b4:d3:9e:71:1d:22:36:90:7e:d0:61:8a:4f:95:
         9e:d0:0f:09:3f:d8:53:5c:39:82:d3:f5:e6:c3:41:db:9f:3f:
         cf:96:f0:9c:22:a8:6f:fb:ed:7c:59:ca:6b:b3:8e:15:9f:e3:
         e9:b4:fa:35:81:83:ef:4a:01:5d:c8:3a:df:ed:0f:f9:9c:49:
         40:2b:a5:9d:c2:45:3e:93:36:da:38:8a:d7:63:93:11:5d:9b:
         14:13:55:32:8b:4d:ef:aa:74:17:40:ac:ed:b7:01:a1:82:66:
         ef:fd:85:af:4f:cd:cf:d2:a5:92:84:5d:d8:bd:b4:2c:2b:2d:
         7b:9e:55:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcJZWSenDUIO+jteB8MRjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZmE2NjM2ZmU2NDQwYWNmMjkzYjc1NzA1YTdhMWRjYWRh
ODQyMGIwHhcNMjQwMTAyMDQzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDVkNjM2ZTBmNjI5OTIxM2RmNmZmNzA5ZTM2MjIxNmNhZDJhN2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2aP3s567qbw//rXEQqMXHGV5QEo2
kiOu10rMyowq5bJOfedcoe3xX4yohQ384jY0KIq0M6RKKYAHcB2l7AzBEaqrkGCq
7JmgOAilfPVcN1fZex8ZUMKVulFyU7c1BJhqppJuQN79pujASmdbh9VbiHvpNTym
GKJ/z0M/wIzYjv4fmxvUuBuGLhuNGr8zyyomtE23KVfvaY+UOLhaqmODteAoM61P
e1EVdg0ncVSUbF6mtMI94N15IiU/TMLNh/551T6A83woBcSgxNCCWQvY5pCZNBI9
2iw6NHvxeWv8WxdLo4VbwNhm2U8FsdAWdnf0azE2wDm9LlauNwE6pdUUywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRdY24PYpkhPfb/cJ42IhbK0qfNMB8GA1UdIwQY
MBaAFDv6Zjb+ZECs8pO3VwWnodytqEILMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT19wbU52NWtRS3p5azdkWEJhZWgzSzJvUWdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hNDdjZGYtZDIxYi00ZjFkLTg5MDEt
OTJlYzUxNWM1OTVhLzEvWkYxamJnOWltU0U5OXY5d25qWWlGc3JTcDgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hNDdjZGYtZDIxYi00ZjFkLTg5MDEtOTJlYzUxNWM1OTVh
LzEvT19wbU52NWtRS3p5azdkWEJhZWgzSzJvUWdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaHaMA0G
CSqGSIb3DQEBCwUAA4IBAQCxDfVg6JuYbTN0LTB1swrrouJSZp5rhZo+0I1Jy6j7
tIBNUiFw5WtUNj4vGHPhUnPvsNU/z+p+7xSNCPe5ht8h9qTxI3pJndo7AEbtk+g1
8NwO7t1F8fQ7BR/shlJV2cVl0I2dB8nPgCG16UV/7758NgP54nnyQAq+XINwS4Uw
tX3PtNOecR0iNpB+0GGKT5We0A8JP9hTXDmC0/Xmw0Hbnz/PlvCcIqhv++18Wcpr
s44Vn+PptPo1gYPvSgFdyDrf7Q/5nElAK6WdwkU+kzbaOIrXY5MRXZsUE1Uyi03v
qnQXQKzttwGhgmbv/YWvT83P0qWShF3YvbQsKy17nlWs
-----END CERTIFICATE-----