Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/zFZ31_ig_NwoiNvAX_HCKO3AzdY.roa
File:                     zFZ31_ig_NwoiNvAX_HCKO3AzdY.roa (raw, json)
Hash identifier:          wM6Y2pCBbKUYOYpt1nrTBHz83Hfeu25SPkjzTGmyslA=
Subject key identifier:   CC:56:77:D7:F8:A0:FC:DC:28:88:DB:C0:5F:F1:C2:28:ED:C0:CD:D6
Certificate issuer:       /CN=cd5a535935a4bc786c1dd75b7f1087f13f3e0874
Certificate serial:       018E6B646496E2CFAA0FFE551E29123E4817
Authority key identifier: CD:5A:53:59:35:A4:BC:78:6C:1D:D7:5B:7F:10:87:F1:3F:3E:08:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zVpTWTWkvHhsHddbfxCH8T8-CHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/zFZ31_ig_NwoiNvAX_HCKO3AzdY.roa
Signing time:             Sat 23 Mar 2024 12:58:45 +0000
ROA not before:           Sat 23 Mar 2024 12:58:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41752
IP address blocks:        195.20.202.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/zVpTWTWkvHhsHddbfxCH8T8-CHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/zVpTWTWkvHhsHddbfxCH8T8-CHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zVpTWTWkvHhsHddbfxCH8T8-CHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 06:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:6b:64:64:96:e2:cf:aa:0f:fe:55:1e:29:12:3e:48:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5a535935a4bc786c1dd75b7f1087f13f3e0874
        Validity
            Not Before: Mar 23 12:58:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc5677d7f8a0fcdc2888dbc05ff1c228edc0cdd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d6:0d:1d:cd:b5:11:98:e5:6d:ac:c3:5c:4a:
                    40:37:f9:3b:13:44:ba:1b:d2:13:2e:5a:c2:45:45:
                    b2:ce:49:07:a8:8b:8c:11:d9:46:9d:d2:f8:cf:76:
                    82:ab:a2:52:75:7b:5e:58:55:29:e3:73:57:f4:b2:
                    ba:31:a9:f7:a3:99:88:5a:91:2a:74:41:f7:23:34:
                    53:9d:3f:06:41:c7:9f:a7:6e:44:f1:cd:b4:73:b9:
                    0a:f8:89:c3:aa:cc:a2:e2:53:2c:33:7e:a3:48:04:
                    6d:3c:ec:e0:5d:6a:1b:ca:c6:23:c4:42:5a:e0:0e:
                    5b:d2:58:6d:8d:a1:9f:58:32:9e:fa:02:3d:3e:46:
                    02:35:87:30:39:12:13:c7:6e:cb:54:da:a1:aa:a6:
                    e7:62:6c:32:a7:95:b9:c0:93:75:e4:2a:71:90:db:
                    df:e2:4f:0b:e4:92:03:53:64:5c:2c:9e:f3:f1:17:
                    04:a1:5f:72:cb:01:6a:d5:eb:e6:15:0d:51:60:fb:
                    57:2e:85:6f:45:6c:08:10:dc:99:f0:3b:b3:ae:f1:
                    06:eb:54:e0:bf:45:5e:85:32:0b:0d:dc:57:a6:b5:
                    3e:ca:88:c0:7f:25:de:07:eb:d8:44:40:ad:fe:f3:
                    9d:98:e9:e2:71:36:86:67:2f:24:5e:00:cb:ff:ed:
                    12:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:56:77:D7:F8:A0:FC:DC:28:88:DB:C0:5F:F1:C2:28:ED:C0:CD:D6
            X509v3 Authority Key Identifier:
                keyid:CD:5A:53:59:35:A4:BC:78:6C:1D:D7:5B:7F:10:87:F1:3F:3E:08:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zVpTWTWkvHhsHddbfxCH8T8-CHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/zFZ31_ig_NwoiNvAX_HCKO3AzdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/b9aad5-cfe2-4480-ac5e-05c13f890b9c/1/zVpTWTWkvHhsHddbfxCH8T8-CHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:79:92:0c:b5:23:16:97:f5:8c:53:fc:28:3a:1b:92:28:23:
         05:0e:d1:bb:85:e8:bf:8c:d2:1f:4e:5b:94:c6:ee:b9:f6:06:
         41:86:00:eb:cf:12:a2:2e:b1:08:47:bd:8e:a5:4c:e8:08:d2:
         33:94:bc:13:b6:f2:56:6c:c2:dd:dc:e0:1d:e0:46:59:eb:e2:
         75:ff:bf:d4:1d:49:03:b0:cd:43:c0:0d:41:db:32:b0:4a:e0:
         f9:b5:73:1a:b8:3c:c8:36:64:9b:0f:3f:90:d7:49:cc:1c:59:
         0a:6e:97:38:3b:d3:f8:71:46:00:69:dd:9e:fb:16:7d:22:c5:
         9b:d0:26:d1:23:2d:bb:d6:38:18:4b:d6:c0:bd:3f:c8:2c:94:
         f5:90:52:f9:64:fd:2a:6e:ae:40:91:6e:6e:37:04:0f:66:c1:
         b9:0c:9f:d7:fc:8d:59:1a:a5:b1:de:cb:66:28:f0:83:58:9f:
         9f:1f:e1:d8:93:1a:9d:1d:59:f3:5a:5d:71:79:9b:ca:33:f5:
         ea:79:05:99:bf:bc:a9:5d:ff:9b:1b:65:55:ae:28:5a:cb:e3:
         81:eb:e5:e7:c6:bc:5e:70:51:a0:0b:f7:9e:3d:ca:39:8a:57:
         8a:ac:9b:fd:74:25:2b:c6:da:fc:0a:8e:b3:49:6c:fb:f3:da:
         59:6d:77:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5rZGSW4s+qD/5VHikSPkgXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWE1MzU5MzVhNGJjNzg2YzFkZDc1YjdmMTA4N2YxM2Yz
ZTA4NzQwHhcNMjQwMzIzMTI1ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzU2NzdkN2Y4YTBmY2RjMjg4OGRiYzA1ZmYxYzIyOGVkYzBjZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtYNHc21EZjlbazDXEpAN/k7E0S6
G9ITLlrCRUWyzkkHqIuMEdlGndL4z3aCq6JSdXteWFUp43NX9LK6Man3o5mIWpEq
dEH3IzRTnT8GQcefp25E8c20c7kK+InDqsyi4lMsM36jSARtPOzgXWobysYjxEJa
4A5b0lhtjaGfWDKe+gI9PkYCNYcwORITx27LVNqhqqbnYmwyp5W5wJN15CpxkNvf
4k8L5JIDU2RcLJ7z8RcEoV9yywFq1evmFQ1RYPtXLoVvRWwIENyZ8DuzrvEG61Tg
v0VehTILDdxXprU+yojAfyXeB+vYRECt/vOdmOnicTaGZy8kXgDL/+0SGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxWd9f4oPzcKIjbwF/xwijtwM3WMB8GA1UdIwQY
MBaAFM1aU1k1pLx4bB3XW38Qh/E/Pgh0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelZwVFdUV2t2SGhzSGRkYmZ4Q0g4VDgtQ0hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iOWFhZDUtY2ZlMi00NDgwLWFjNWUt
MDVjMTNmODkwYjljLzEvekZaMzFfaWdfTndvaU52QVhfSENLTzNBemRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iOWFhZDUtY2ZlMi00NDgwLWFjNWUtMDVjMTNmODkwYjlj
LzEvelZwVFdUV2t2SGhzSGRkYmZ4Q0g4VDgtQ0hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwxTKMA0G
CSqGSIb3DQEBCwUAA4IBAQBDeZIMtSMWl/WMU/woOhuSKCMFDtG7hei/jNIfTluU
xu659gZBhgDrzxKiLrEIR72OpUzoCNIzlLwTtvJWbMLd3OAd4EZZ6+J1/7/UHUkD
sM1DwA1B2zKwSuD5tXMauDzINmSbDz+Q10nMHFkKbpc4O9P4cUYAad2e+xZ9IsWb
0CbRIy271jgYS9bAvT/ILJT1kFL5ZP0qbq5AkW5uNwQPZsG5DJ/X/I1ZGqWx3stm
KPCDWJ+fH+HYkxqdHVnzWl1xeZvKM/XqeQWZv7ypXf+bG2VVrihay+OB6+Xnxrxe
cFGgC/eePco5ileKrJv9dCUrxtr8Co6zSWz789pZbXf1
-----END CERTIFICATE-----