Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/de9139-a9d0-493a-9260-ed0f256a5fe3/1/zE_hvETmWKaaoyn5TFpnbiLJl78.roa
File:                     zE_hvETmWKaaoyn5TFpnbiLJl78.roa (raw, json)
Hash identifier:          +eT01zzvUeXBzvsgVRzHM5IgwTw5o8bFzRb2DGT8SiY=
Subject key identifier:   CC:4F:E1:BC:44:E6:58:A6:9A:A3:29:F9:4C:5A:67:6E:22:C9:97:BF
Certificate issuer:       /CN=292d120970515846360ea223e9a0e6a3c3896934
Certificate serial:       018D3A8D3EC99E79003DE54C6501FE3DC75B
Authority key identifier: 29:2D:12:09:70:51:58:46:36:0E:A2:23:E9:A0:E6:A3:C3:89:69:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KS0SCXBRWEY2DqIj6aDmo8OJaTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/de9139-a9d0-493a-9260-ed0f256a5fe3/1/zE_hvETmWKaaoyn5TFpnbiLJl78.roa
Signing time:             Wed 24 Jan 2024 08:19:11 +0000
ROA not before:           Wed 24 Jan 2024 08:19:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42658
IP address blocks:        185.196.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/de9139-a9d0-493a-9260-ed0f256a5fe3/1/KS0SCXBRWEY2DqIj6aDmo8OJaTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/de9139-a9d0-493a-9260-ed0f256a5fe3/1/KS0SCXBRWEY2DqIj6aDmo8OJaTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KS0SCXBRWEY2DqIj6aDmo8OJaTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 17:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3a:8d:3e:c9:9e:79:00:3d:e5:4c:65:01:fe:3d:c7:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=292d120970515846360ea223e9a0e6a3c3896934
        Validity
            Not Before: Jan 24 08:19:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc4fe1bc44e658a69aa329f94c5a676e22c997bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6b:3d:8b:7a:66:82:0d:d7:0c:5e:f9:5b:6a:
                    3f:4d:3c:af:af:e9:c5:bf:94:61:e3:10:9e:77:99:
                    14:3e:95:3d:48:9d:72:2c:c9:d4:9a:24:de:c3:05:
                    20:b2:42:17:39:6d:11:c7:26:ef:56:c6:fb:f7:dc:
                    a2:6e:9f:9d:af:06:13:e9:99:0a:4b:a4:7e:bd:ab:
                    e4:45:60:04:2d:b6:ce:40:37:a1:bc:06:dd:a2:9d:
                    cc:1f:12:87:54:54:6f:1d:69:63:ea:16:e2:4f:ea:
                    7c:a4:52:db:2c:4c:cc:a5:15:e8:b9:7b:66:df:49:
                    f7:97:fb:2d:52:78:fa:9a:18:e4:ff:29:a5:70:7f:
                    74:51:65:27:c0:97:7e:9e:6a:56:32:83:2e:c8:ec:
                    f6:3b:69:cf:d8:64:8e:a5:ac:f9:1d:e0:f1:96:c8:
                    f0:0b:08:58:14:cf:5b:d5:2a:22:da:c8:41:9a:9e:
                    0e:44:a7:db:51:83:12:e5:ae:f9:b8:06:11:df:1c:
                    48:76:57:a3:4d:60:85:d4:5a:fb:e2:cd:9e:5e:dd:
                    b2:d7:b6:c1:67:50:96:c7:09:f3:3e:9a:82:24:c9:
                    a3:ed:78:9f:61:05:e4:32:8e:90:b4:52:77:bd:68:
                    ca:d5:34:76:57:79:1a:21:08:a3:64:48:af:d2:d9:
                    27:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:4F:E1:BC:44:E6:58:A6:9A:A3:29:F9:4C:5A:67:6E:22:C9:97:BF
            X509v3 Authority Key Identifier:
                keyid:29:2D:12:09:70:51:58:46:36:0E:A2:23:E9:A0:E6:A3:C3:89:69:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KS0SCXBRWEY2DqIj6aDmo8OJaTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/de9139-a9d0-493a-9260-ed0f256a5fe3/1/zE_hvETmWKaaoyn5TFpnbiLJl78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/de9139-a9d0-493a-9260-ed0f256a5fe3/1/KS0SCXBRWEY2DqIj6aDmo8OJaTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:ee:1f:12:51:2a:04:8b:2f:bc:c8:4e:5d:09:0a:ee:97:14:
         d5:1a:b0:cd:e2:fa:7b:8e:24:35:5f:b4:f6:70:02:a5:f6:8c:
         1e:95:b7:2b:e9:90:2b:f7:a2:0d:52:9d:91:f5:8a:4c:1a:7e:
         ff:39:02:fa:bc:7a:a5:de:ff:43:29:4a:57:0c:db:65:a8:c5:
         9f:57:86:02:4c:77:d0:fb:68:c3:5f:19:d6:9f:87:1e:04:bb:
         28:53:0a:27:20:15:81:91:20:d8:54:c2:96:d6:02:10:84:42:
         b3:fd:53:34:d4:c2:13:72:da:6a:f3:5f:8e:d0:bc:e5:3a:0a:
         32:8c:53:31:28:bf:0f:67:b8:03:56:de:cc:b2:ba:60:fc:f3:
         d8:e6:18:cc:83:ec:44:a9:14:e8:35:80:44:98:74:df:5f:ce:
         72:c1:21:6b:2b:5d:2b:dc:a4:fa:56:ad:bc:d1:ea:4b:da:4b:
         75:4a:b7:0b:2a:fe:33:08:7f:b6:27:4e:0e:6a:6c:43:87:0f:
         03:57:f2:8c:ed:80:38:38:96:86:87:cd:c0:37:0e:21:c4:53:
         36:11:f1:d5:1b:64:0f:19:b7:87:ce:18:ca:b3:d1:28:6d:f7:
         b3:a7:a9:07:18:c6:39:73:49:34:7f:14:8f:c5:4d:e4:60:f9:
         c0:7e:79:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY06jT7JnnkAPeVMZQH+PcdbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MmQxMjA5NzA1MTU4NDYzNjBlYTIyM2U5YTBlNmEzYzM4
OTY5MzQwHhcNMjQwMTI0MDgxOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzRmZTFiYzQ0ZTY1OGE2OWFhMzI5Zjk0YzVhNjc2ZTIyYzk5N2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAims9i3pmgg3XDF75W2o/TTyvr+nF
v5Rh4xCed5kUPpU9SJ1yLMnUmiTewwUgskIXOW0RxybvVsb799yibp+drwYT6ZkK
S6R+vavkRWAELbbOQDehvAbdop3MHxKHVFRvHWlj6hbiT+p8pFLbLEzMpRXouXtm
30n3l/stUnj6mhjk/ymlcH90UWUnwJd+nmpWMoMuyOz2O2nP2GSOpaz5HeDxlsjw
CwhYFM9b1Soi2shBmp4ORKfbUYMS5a75uAYR3xxIdlejTWCF1Fr74s2eXt2y17bB
Z1CWxwnzPpqCJMmj7XifYQXkMo6QtFJ3vWjK1TR2V3kaIQijZEiv0tknOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxP4bxE5limmqMp+UxaZ24iyZe/MB8GA1UdIwQY
MBaAFCktEglwUVhGNg6iI+mg5qPDiWk0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1MwU0NYQlJXRVkyRHFJajZhRG1vOE9KYVRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9kZTkxMzktYTlkMC00OTNhLTkyNjAt
ZWQwZjI1NmE1ZmUzLzEvekVfaHZFVG1XS2Fhb3luNVRGcG5iaUxKbDc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9kZTkxMzktYTlkMC00OTNhLTkyNjAtZWQwZjI1NmE1ZmUz
LzEvS1MwU0NYQlJXRVkyRHFJajZhRG1vOE9KYVRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucQwMA0G
CSqGSIb3DQEBCwUAA4IBAQAF7h8SUSoEiy+8yE5dCQrulxTVGrDN4vp7jiQ1X7T2
cAKl9owelbcr6ZAr96INUp2R9YpMGn7/OQL6vHql3v9DKUpXDNtlqMWfV4YCTHfQ
+2jDXxnWn4ceBLsoUwonIBWBkSDYVMKW1gIQhEKz/VM01MITctpq81+O0LzlOgoy
jFMxKL8PZ7gDVt7Msrpg/PPY5hjMg+xEqRToNYBEmHTfX85ywSFrK10r3KT6Vq28
0epL2kt1SrcLKv4zCH+2J04OamxDhw8DV/KM7YA4OJaGh83ANw4hxFM2EfHVG2QP
GbeHzhjKs9Eobfezp6kHGMY5c0k0fxSPxU3kYPnAfnmF
-----END CERTIFICATE-----