Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/21d663-6874-489c-ab9e-d9ca03e66ffb/1/zot3pMK4qLwTibZpPdM7f0BVf_4.roa
File:                     zot3pMK4qLwTibZpPdM7f0BVf_4.roa (raw, json)
Hash identifier:          Z/kVGU+a9of159MB9zLLU/ZgUsubcgdZfgxQTud0ScE=
Subject key identifier:   CE:8B:77:A4:C2:B8:A8:BC:13:89:B6:69:3D:D3:3B:7F:40:55:7F:FE
Certificate issuer:       /CN=ba1cef6f9e9edc45e3cd28ef4025197952d460e9
Certificate serial:       018CC8DF656E8BEC09B854A447166665194B
Authority key identifier: BA:1C:EF:6F:9E:9E:DC:45:E3:CD:28:EF:40:25:19:79:52:D4:60:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uhzvb56e3EXjzSjvQCUZeVLUYOk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/21d663-6874-489c-ab9e-d9ca03e66ffb/1/zot3pMK4qLwTibZpPdM7f0BVf_4.roa
Signing time:             Tue 02 Jan 2024 06:32:12 +0000
ROA not before:           Tue 02 Jan 2024 06:32:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60111
IP address blocks:        185.143.252.0/22 maxlen: 22
                          2a07:39c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/21d663-6874-489c-ab9e-d9ca03e66ffb/1/uhzvb56e3EXjzSjvQCUZeVLUYOk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/21d663-6874-489c-ab9e-d9ca03e66ffb/1/uhzvb56e3EXjzSjvQCUZeVLUYOk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uhzvb56e3EXjzSjvQCUZeVLUYOk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:65:6e:8b:ec:09:b8:54:a4:47:16:66:65:19:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba1cef6f9e9edc45e3cd28ef4025197952d460e9
        Validity
            Not Before: Jan  2 06:32:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce8b77a4c2b8a8bc1389b6693dd33b7f40557ffe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:54:6b:8c:b0:a1:73:1f:a9:55:da:7c:3a:18:
                    a5:e4:36:33:56:e0:9c:0d:10:77:0a:25:d8:e5:7f:
                    60:f5:28:f2:cc:74:eb:2b:1f:1d:73:d5:92:e2:af:
                    d1:f6:2c:11:91:65:3c:bd:f0:1b:b6:98:67:e6:96:
                    04:22:e2:2a:84:bf:82:66:0a:63:a5:1b:d5:d5:c2:
                    1c:d7:89:72:57:bf:ca:7d:cc:22:b3:ca:cf:1b:6d:
                    d5:4a:ae:ee:91:61:0c:37:ed:f2:1a:93:df:7e:13:
                    b1:eb:3c:f8:d6:0a:8f:88:46:86:71:8f:9c:39:44:
                    25:6a:d1:68:3f:8a:0d:33:9d:85:91:1e:ca:e0:f2:
                    d0:7d:bc:2e:b6:b0:e8:6b:41:00:2f:f4:08:15:aa:
                    56:a5:57:ea:16:44:f5:c2:2f:93:c7:f0:29:95:ce:
                    a1:bb:c1:a9:c0:de:17:a0:de:96:a1:1f:67:c7:90:
                    20:21:5b:15:8c:39:d6:f6:03:92:a3:fd:36:48:f6:
                    83:e6:55:0b:48:fd:6d:21:ca:7f:bb:6f:96:3d:81:
                    bb:cb:9a:89:7b:15:8f:2a:67:83:e3:7a:63:8b:44:
                    92:f9:4c:89:37:08:1a:16:b4:d1:f5:38:0c:cb:2d:
                    ce:52:0d:a4:eb:ac:77:36:91:1b:d4:6e:9a:8f:ac:
                    a1:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:8B:77:A4:C2:B8:A8:BC:13:89:B6:69:3D:D3:3B:7F:40:55:7F:FE
            X509v3 Authority Key Identifier:
                keyid:BA:1C:EF:6F:9E:9E:DC:45:E3:CD:28:EF:40:25:19:79:52:D4:60:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uhzvb56e3EXjzSjvQCUZeVLUYOk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/21d663-6874-489c-ab9e-d9ca03e66ffb/1/zot3pMK4qLwTibZpPdM7f0BVf_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/21d663-6874-489c-ab9e-d9ca03e66ffb/1/uhzvb56e3EXjzSjvQCUZeVLUYOk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.252.0/22
                IPv6:
                  2a07:39c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:0a:f7:db:e4:24:5a:1a:85:ab:eb:bc:e0:fd:70:eb:e6:71:
         29:5f:f3:44:41:50:34:d3:1a:41:61:3d:00:91:31:9e:11:06:
         66:8b:93:21:34:54:f2:38:c8:47:98:46:e4:44:ee:7e:ef:0f:
         a1:63:30:e3:ae:77:ce:dc:d4:1d:bb:2f:74:ef:c8:a4:d7:7a:
         94:f5:bd:e5:c4:dd:b4:97:af:50:ed:f0:ca:00:78:c1:7b:c6:
         32:4f:17:7b:93:72:dd:f0:eb:ef:57:93:bb:a8:60:db:d1:52:
         72:a5:6a:97:4c:2d:cf:a7:f5:76:a5:09:c6:72:a1:c6:9d:bc:
         da:53:5b:84:c4:58:f1:24:a1:9b:5f:e1:84:42:ad:eb:cb:e2:
         e0:8e:65:fc:4e:0c:26:c2:67:56:a5:86:a6:f1:62:43:9c:4b:
         8a:6e:bd:68:58:4c:47:75:d4:27:90:c6:e5:9e:16:c2:a9:42:
         b3:0c:ee:d6:c4:0e:c2:06:46:98:91:09:fd:95:20:c6:be:52:
         63:aa:54:1f:b6:fe:ce:06:e5:bc:51:26:2c:9f:27:8c:05:71:
         dd:ba:94:06:f7:59:5a:72:4d:86:d4:44:15:de:b5:05:ef:7d:
         f1:2c:b0:aa:3f:d9:89:36:09:e4:a3:42:ff:06:b2:90:59:7b:
         78:59:9a:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI32Vui+wJuFSkRxZmZRlLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMWNlZjZmOWU5ZWRjNDVlM2NkMjhlZjQwMjUxOTc5NTJk
NDYwZTkwHhcNMjQwMTAyMDYzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZThiNzdhNGMyYjhhOGJjMTM4OWI2NjkzZGQzM2I3ZjQwNTU3ZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VRrjLChcx+pVdp8Ohil5DYzVuCc
DRB3CiXY5X9g9SjyzHTrKx8dc9WS4q/R9iwRkWU8vfAbtphn5pYEIuIqhL+CZgpj
pRvV1cIc14lyV7/Kfcwis8rPG23VSq7ukWEMN+3yGpPffhOx6zz41gqPiEaGcY+c
OUQlatFoP4oNM52FkR7K4PLQfbwutrDoa0EAL/QIFapWpVfqFkT1wi+Tx/Aplc6h
u8GpwN4XoN6WoR9nx5AgIVsVjDnW9gOSo/02SPaD5lULSP1tIcp/u2+WPYG7y5qJ
exWPKmeD43pji0SS+UyJNwgaFrTR9TgMyy3OUg2k66x3NpEb1G6aj6yh4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM6Ld6TCuKi8E4m2aT3TO39AVX/+MB8GA1UdIwQY
MBaAFLoc72+entxF480o70AlGXlS1GDpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWh6dmI1NmUzRVhqelNqdlFDVVplVkxVWU9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8yMWQ2NjMtNjg3NC00ODljLWFiOWUt
ZDljYTAzZTY2ZmZiLzEvem90M3BNSzRxTHdUaWJacFBkTTdmMEJWZl80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8yMWQ2NjMtNjg3NC00ODljLWFiOWUtZDljYTAzZTY2ZmZi
LzEvdWh6dmI1NmUzRVhqelNqdlFDVVplVkxVWU9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY/8MA0E
AgACMAcDBQMqBznAMA0GCSqGSIb3DQEBCwUAA4IBAQBGCvfb5CRaGoWr67zg/XDr
5nEpX/NEQVA00xpBYT0AkTGeEQZmi5MhNFTyOMhHmEbkRO5+7w+hYzDjrnfO3NQd
uy9078ik13qU9b3lxN20l69Q7fDKAHjBe8YyTxd7k3Ld8OvvV5O7qGDb0VJypWqX
TC3Pp/V2pQnGcqHGnbzaU1uExFjxJKGbX+GEQq3ry+LgjmX8TgwmwmdWpYam8WJD
nEuKbr1oWExHddQnkMblnhbCqUKzDO7WxA7CBkaYkQn9lSDGvlJjqlQftv7OBuW8
USYsnyeMBXHdupQG91lack2G1EQV3rUF733xLLCqP9mJNgnko0L/BrKQWXt4WZqV
-----END CERTIFICATE-----