Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zapwyEBCDnDvwP7wfl_j9oDy1kQ.roa
File:                     zapwyEBCDnDvwP7wfl_j9oDy1kQ.roa (raw, json)
Hash identifier:          WDypu7DesP+yQboActa25ZBTCbBhh/NUoiYLooWePOQ=
Subject key identifier:   CD:AA:70:C8:40:42:0E:70:EF:C0:FE:F0:7E:5F:E3:F6:80:F2:D6:44
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC50130A3C839894C0E49CCD65FB77B0A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zapwyEBCDnDvwP7wfl_j9oDy1kQ.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     263824
IP address blocks:        178.238.12.0/22 maxlen: 24
                          80.67.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:30:a3:c8:39:89:4c:0e:49:cc:d6:5f:b7:7b:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdaa70c840420e70efc0fef07e5fe3f680f2d644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:47:d5:c0:42:c2:14:13:a0:51:c5:24:63:cf:
                    78:24:66:b8:5a:c0:70:d0:14:ce:97:80:62:36:4e:
                    39:64:79:d0:ea:39:0b:02:fb:4b:4e:c9:6a:db:b4:
                    8b:7c:0a:8d:22:ec:f1:7b:f1:54:3f:0d:d2:70:98:
                    ce:94:a7:5b:46:a9:19:fd:43:d3:d0:b5:6f:b8:62:
                    89:76:0e:f2:65:34:94:d4:21:0a:c8:be:a4:f3:6f:
                    f0:81:53:11:07:02:25:98:ff:28:34:8e:d3:17:9f:
                    49:8f:7c:0f:6e:1c:53:c7:5e:f8:51:87:80:eb:87:
                    21:77:97:22:f2:d9:c6:e2:d9:bc:80:4a:ed:66:fd:
                    3b:05:32:f3:13:11:f6:85:40:82:fc:07:2b:03:94:
                    03:3e:33:dc:74:e5:55:e8:75:6e:a1:07:28:c6:f3:
                    f2:f3:d2:1c:c0:ee:b4:54:9e:e7:ca:24:bc:9a:db:
                    4a:28:c4:1d:8b:a3:ea:c3:ba:47:76:d7:17:9c:94:
                    4e:ba:7e:b0:fa:77:c9:d1:a4:b4:a2:67:a9:0f:9c:
                    6a:5e:6d:cc:fa:18:0c:ce:13:d1:fa:57:94:d5:b3:
                    51:e9:e9:42:16:71:04:9e:3c:5e:f4:fb:d6:b6:6d:
                    18:34:dd:e5:d7:ec:42:b2:e3:1e:10:0c:56:af:87:
                    8a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:AA:70:C8:40:42:0E:70:EF:C0:FE:F0:7E:5F:E3:F6:80:F2:D6:44
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zapwyEBCDnDvwP7wfl_j9oDy1kQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.67.32.0/22
                  178.238.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:52:77:fe:ce:31:79:51:cd:ab:83:24:a8:ba:0a:33:70:c4:
         ea:c8:d8:ca:8c:d9:cd:ce:80:55:80:5b:9a:ae:d9:1e:6a:1a:
         1f:2d:2a:5c:59:10:79:43:e1:49:01:4d:0e:d7:4b:51:5e:8f:
         31:d3:5b:47:3d:ef:c9:1a:8d:8a:b9:9d:03:eb:a3:02:01:37:
         2c:b6:07:e3:a0:6c:08:73:25:e0:dc:36:ab:94:f6:16:64:9a:
         d0:c5:9c:e1:0b:9d:56:7f:ee:3b:26:e5:e0:e4:ed:ff:b5:f1:
         6e:cd:d4:e3:84:f7:de:92:14:ad:ee:e9:0d:90:a6:68:52:a1:
         3f:59:38:9d:73:8d:5a:e9:64:c5:b7:44:37:5a:91:01:8a:6e:
         b1:2c:0e:50:45:2a:6a:42:c2:32:99:a6:b6:03:86:24:5a:59:
         1c:67:83:05:51:10:93:ac:dc:8e:b9:a8:d5:10:b2:c4:a0:cd:
         46:7f:b1:c0:31:cc:d0:19:c2:aa:19:00:49:2b:95:3e:0f:64:
         c6:06:ba:c6:4f:8f:a2:b0:16:58:7d:7e:a7:5d:af:2b:6b:99:
         db:eb:94:f0:60:50:80:35:ea:2c:47:a2:03:96:bb:fa:8f:30:
         8e:0c:23:f6:85:4d:76:a3:64:f6:3f:fc:1a:23:48:b3:10:d9:
         b3:40:2b:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFATCjyDmJTA5JzNZft3sKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGFhNzBjODQwNDIwZTcwZWZjMGZlZjA3ZTVmZTNmNjgwZjJkNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEfVwELCFBOgUcUkY894JGa4WsBw
0BTOl4BiNk45ZHnQ6jkLAvtLTslq27SLfAqNIuzxe/FUPw3ScJjOlKdbRqkZ/UPT
0LVvuGKJdg7yZTSU1CEKyL6k82/wgVMRBwIlmP8oNI7TF59Jj3wPbhxTx174UYeA
64chd5ci8tnG4tm8gErtZv07BTLzExH2hUCC/AcrA5QDPjPcdOVV6HVuoQcoxvPy
89IcwO60VJ7nyiS8mttKKMQdi6Pqw7pHdtcXnJROun6w+nfJ0aS0omepD5xqXm3M
+hgMzhPR+leU1bNR6elCFnEEnjxe9PvWtm0YNN3l1+xCsuMeEAxWr4eKgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM2qcMhAQg5w78D+8H5f4/aA8tZEMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvemFwd3lFQkNEbkR2d1A3d2ZsX2o5b0R5MWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCUEMgAwQC
su4MMA0GCSqGSIb3DQEBCwUAA4IBAQCUUnf+zjF5Uc2rgySougozcMTqyNjKjNnN
zoBVgFuartkeahofLSpcWRB5Q+FJAU0O10tRXo8x01tHPe/JGo2KuZ0D66MCATcs
tgfjoGwIcyXg3DarlPYWZJrQxZzhC51Wf+47JuXg5O3/tfFuzdTjhPfekhSt7ukN
kKZoUqE/WTidc41a6WTFt0Q3WpEBim6xLA5QRSpqQsIymaa2A4YkWlkcZ4MFURCT
rNyOuajVELLEoM1Gf7HAMczQGcKqGQBJK5U+D2TGBrrGT4+isBZYfX6nXa8ra5nb
65TwYFCANeosR6IDlrv6jzCODCP2hU12o2T2P/waI0izENmzQCtZ
-----END CERTIFICATE-----