Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dbafcd-a51d-446b-9cd7-44d40d1c46d5/1/ZC13JPNHPLKrT4efyM6vFdErDbs.roa
File:                     ZC13JPNHPLKrT4efyM6vFdErDbs.roa (raw, json)
Hash identifier:          qh0NtMo4ln9FQ2Ghx0EvBigIYwQmlhj0C/zHN0HMrI4=
Subject key identifier:   64:2D:77:24:F3:47:3C:B2:AB:4F:87:9F:C8:CE:AF:15:D1:2B:0D:BB
Certificate issuer:       /CN=d524a83fff2f000e99c1f28ec19648986f8ddc37
Certificate serial:       018CC86FE6320645AC1DD78914ECD7938943
Authority key identifier: D5:24:A8:3F:FF:2F:00:0E:99:C1:F2:8E:C1:96:48:98:6F:8D:DC:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1SSoP_8vAA6ZwfKOwZZImG-N3Dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dbafcd-a51d-446b-9cd7-44d40d1c46d5/1/ZC13JPNHPLKrT4efyM6vFdErDbs.roa
Signing time:             Tue 02 Jan 2024 04:30:25 +0000
ROA not before:           Tue 02 Jan 2024 04:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42763
IP address blocks:        91.193.120.0/22 maxlen: 24
                          77.87.0.0/21 maxlen: 24
                          193.33.174.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dbafcd-a51d-446b-9cd7-44d40d1c46d5/1/1SSoP_8vAA6ZwfKOwZZImG-N3Dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dbafcd-a51d-446b-9cd7-44d40d1c46d5/1/1SSoP_8vAA6ZwfKOwZZImG-N3Dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1SSoP_8vAA6ZwfKOwZZImG-N3Dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:e6:32:06:45:ac:1d:d7:89:14:ec:d7:93:89:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d524a83fff2f000e99c1f28ec19648986f8ddc37
        Validity
            Not Before: Jan  2 04:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=642d7724f3473cb2ab4f879fc8ceaf15d12b0dbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:be:13:7f:c1:a0:d3:39:fe:45:bf:a7:c8:1a:
                    48:35:36:a1:11:b4:18:3c:03:a6:05:23:be:12:88:
                    5b:47:6a:c7:42:d3:8c:b7:8a:bf:7b:42:43:93:83:
                    28:e7:a8:85:60:64:de:de:b3:b3:a3:c8:ec:a2:74:
                    da:0b:b9:7c:b0:41:75:f9:17:96:ca:9d:b9:f1:91:
                    bb:fc:d7:32:a5:14:9f:87:94:ab:88:bb:3e:c8:a3:
                    31:34:9f:94:eb:18:e7:80:9b:57:8e:55:21:4a:62:
                    f4:d2:2b:79:09:de:df:57:c0:fa:bc:c8:13:a3:a1:
                    8e:31:91:17:c9:58:b2:ca:33:23:40:d9:0c:31:11:
                    a3:29:bc:f3:a0:18:b0:4d:ee:29:b3:ba:f2:2b:a8:
                    d1:6e:de:ab:73:22:50:6f:50:8d:5c:0a:a1:fe:f0:
                    ca:73:bb:df:5a:93:29:58:0c:49:d0:03:db:45:3c:
                    31:f3:00:1b:17:11:d4:3e:f1:80:c9:75:74:d6:57:
                    e7:a6:f6:3f:84:09:8c:53:e8:0a:85:4d:ca:e6:af:
                    29:26:cc:f7:b2:f5:24:6c:52:61:05:37:48:e5:0d:
                    8c:b9:ae:ac:90:4c:8f:97:fd:5a:ac:f9:17:4a:a4:
                    9a:e9:d6:be:c9:02:ea:df:82:34:3c:79:58:30:65:
                    17:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:2D:77:24:F3:47:3C:B2:AB:4F:87:9F:C8:CE:AF:15:D1:2B:0D:BB
            X509v3 Authority Key Identifier:
                keyid:D5:24:A8:3F:FF:2F:00:0E:99:C1:F2:8E:C1:96:48:98:6F:8D:DC:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1SSoP_8vAA6ZwfKOwZZImG-N3Dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dbafcd-a51d-446b-9cd7-44d40d1c46d5/1/ZC13JPNHPLKrT4efyM6vFdErDbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dbafcd-a51d-446b-9cd7-44d40d1c46d5/1/1SSoP_8vAA6ZwfKOwZZImG-N3Dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.0.0/21
                  91.193.120.0/22
                  193.33.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a9:47:a6:ae:36:1c:4a:b0:6c:0d:a4:e4:48:3e:da:d3:4c:57:
         7b:95:c7:11:72:6a:af:65:01:30:48:d1:d8:90:57:21:79:ea:
         1a:a7:a0:a6:5d:64:2c:51:0d:30:c9:3d:9a:77:59:e7:c2:5e:
         fc:62:a4:99:cd:8a:ea:a6:16:12:65:6d:57:1e:c8:f4:63:7c:
         c0:70:4f:b6:4d:2f:c7:db:75:c2:f0:60:f3:9b:00:4a:ff:cb:
         4e:d8:cc:5a:64:6c:fe:54:70:d5:68:41:e9:44:8b:42:ab:05:
         69:97:eb:0c:8d:46:87:f0:59:16:f7:3d:e9:1b:90:88:2c:19:
         c9:a0:db:6d:51:a6:82:c5:cd:fe:21:c0:2d:60:42:96:c0:34:
         db:5e:50:81:cc:04:73:3e:ba:6c:a1:12:40:4c:f0:d9:9b:90:
         96:0b:b7:6c:9b:98:d2:b7:8a:f1:9d:f4:8c:52:71:0d:23:4a:
         aa:e4:60:30:a4:c3:f6:41:6f:4a:16:ac:e8:66:9e:f3:b1:bf:
         d6:06:dc:5a:99:21:d3:94:37:bf:de:7c:ae:e6:12:a9:9b:9e:
         11:8f:a1:fb:a6:80:1b:7e:64:69:b7:60:c2:5b:b3:45:63:bf:
         62:e0:f0:27:82:90:19:e3:a3:c1:9b:78:9a:ee:27:b4:25:7e:
         45:08:1a:4b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIb+YyBkWsHdeJFOzXk4lDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MjRhODNmZmYyZjAwMGU5OWMxZjI4ZWMxOTY0ODk4NmY4
ZGRjMzcwHhcNMjQwMTAyMDQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDJkNzcyNGYzNDczY2IyYWI0Zjg3OWZjOGNlYWYxNWQxMmIwZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgr4Tf8Gg0zn+Rb+nyBpINTahEbQY
PAOmBSO+EohbR2rHQtOMt4q/e0JDk4Mo56iFYGTe3rOzo8jsonTaC7l8sEF1+ReW
yp258ZG7/NcypRSfh5SriLs+yKMxNJ+U6xjngJtXjlUhSmL00it5Cd7fV8D6vMgT
o6GOMZEXyViyyjMjQNkMMRGjKbzzoBiwTe4ps7ryK6jRbt6rcyJQb1CNXAqh/vDK
c7vfWpMpWAxJ0APbRTwx8wAbFxHUPvGAyXV01lfnpvY/hAmMU+gKhU3K5q8pJsz3
svUkbFJhBTdI5Q2Mua6skEyPl/1arPkXSqSa6da+yQLq34I0PHlYMGUX7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGQtdyTzRzyyq0+Hn8jOrxXRKw27MB8GA1UdIwQY
MBaAFNUkqD//LwAOmcHyjsGWSJhvjdw3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVNTb1BfOHZBQTZad2ZLT3daWkltRy1OM0RjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kYmFmY2QtYTUxZC00NDZiLTljZDct
NDRkNDBkMWM0NmQ1LzEvWkMxM0pQTkhQTEtyVDRlZnlNNnZGZEVyRGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kYmFmY2QtYTUxZC00NDZiLTljZDctNDRkNDBkMWM0NmQ1
LzEvMVNTb1BfOHZBQTZad2ZLT3daWkltRy1OM0RjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDTVcAAwQC
W8F4AwQBwSGuMA0GCSqGSIb3DQEBCwUAA4IBAQCpR6auNhxKsGwNpORIPtrTTFd7
lccRcmqvZQEwSNHYkFcheeoap6CmXWQsUQ0wyT2ad1nnwl78YqSZzYrqphYSZW1X
Hsj0Y3zAcE+2TS/H23XC8GDzmwBK/8tO2MxaZGz+VHDVaEHpRItCqwVpl+sMjUaH
8FkW9z3pG5CILBnJoNttUaaCxc3+IcAtYEKWwDTbXlCBzARzPrpsoRJATPDZm5CW
C7dsm5jSt4rxnfSMUnENI0qq5GAwpMP2QW9KFqzoZp7zsb/WBtxamSHTlDe/3nyu
5hKpm54Rj6H7poAbfmRpt2DCW7NFY79i4PAngpAZ46PBm3ia7ie0JX5FCBpL
-----END CERTIFICATE-----