Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0b3f1c-bbef-4d35-8146-c48b25f7846f/1/prIJmPixW-aIf10UCscCLDu_QkE.roa
File:                     prIJmPixW-aIf10UCscCLDu_QkE.roa (raw, json)
Hash identifier:          nSPSs+A+gSxYutfpZGW9r6U4HQydHU62MUmBV1OE3fs=
Subject key identifier:   A6:B2:09:98:F8:B1:5B:E6:88:7F:5D:14:0A:C7:02:2C:3B:BF:42:41
Certificate issuer:       /CN=64685a6d73ff5a27e1bc1f9617dfb5508bad293b
Certificate serial:       018CCA2A642989BA956F678EA7CE23F6B2F0
Authority key identifier: 64:68:5A:6D:73:FF:5A:27:E1:BC:1F:96:17:DF:B5:50:8B:AD:29:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZGhabXP_WifhvB-WF9-1UIutKTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0b3f1c-bbef-4d35-8146-c48b25f7846f/1/prIJmPixW-aIf10UCscCLDu_QkE.roa
Signing time:             Tue 02 Jan 2024 12:33:44 +0000
ROA not before:           Tue 02 Jan 2024 12:33:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205000
IP address blocks:        194.30.171.0/24 maxlen: 24
                          5.182.104.0/23 maxlen: 23
                          2a0f:dc80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0b3f1c-bbef-4d35-8146-c48b25f7846f/1/ZGhabXP_WifhvB-WF9-1UIutKTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0b3f1c-bbef-4d35-8146-c48b25f7846f/1/ZGhabXP_WifhvB-WF9-1UIutKTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZGhabXP_WifhvB-WF9-1UIutKTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:64:29:89:ba:95:6f:67:8e:a7:ce:23:f6:b2:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64685a6d73ff5a27e1bc1f9617dfb5508bad293b
        Validity
            Not Before: Jan  2 12:33:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6b20998f8b15be6887f5d140ac7022c3bbf4241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:bd:a8:8a:24:e7:fa:ca:f7:ad:8e:d5:dd:14:
                    99:53:c6:2f:5e:e2:16:b8:4c:12:12:db:6d:44:47:
                    af:35:2e:91:fd:89:f3:71:7e:2a:86:90:94:6b:3a:
                    2b:ad:de:f2:c7:d8:9c:59:ad:25:68:46:ca:cb:e2:
                    bd:f5:76:f8:6f:13:51:bb:4c:e7:f0:6e:d2:59:25:
                    e2:69:41:dc:ce:e7:c7:a4:2c:cc:ca:68:e2:a2:1b:
                    c9:c8:aa:e3:ae:ef:d7:58:ed:8e:7f:c2:a6:fb:f1:
                    ef:73:8d:30:ef:51:20:24:55:02:0e:3b:8a:16:24:
                    d6:3f:f8:3b:16:f8:6c:9c:59:15:af:10:9b:f3:84:
                    e8:4a:ec:d4:d6:bf:dd:d2:a8:37:f6:c6:59:cc:8a:
                    22:91:73:6a:fc:f0:db:4d:38:92:e3:37:20:f9:ee:
                    f6:6d:ef:ac:ba:37:37:11:f1:fd:ea:77:ee:97:c7:
                    e8:8c:6e:76:94:a7:36:24:ea:fb:59:54:64:f5:66:
                    41:8d:7f:f9:fa:7d:2b:0c:95:51:05:c5:fe:9e:c4:
                    68:5e:c7:f1:c2:55:31:b2:4e:38:74:69:fc:ac:dd:
                    1e:6e:10:61:72:b8:76:7c:c3:b5:ee:bb:60:f6:0e:
                    e0:b6:f2:a7:29:d9:50:46:cc:5a:25:1b:98:26:79:
                    7d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B2:09:98:F8:B1:5B:E6:88:7F:5D:14:0A:C7:02:2C:3B:BF:42:41
            X509v3 Authority Key Identifier:
                keyid:64:68:5A:6D:73:FF:5A:27:E1:BC:1F:96:17:DF:B5:50:8B:AD:29:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZGhabXP_WifhvB-WF9-1UIutKTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0b3f1c-bbef-4d35-8146-c48b25f7846f/1/prIJmPixW-aIf10UCscCLDu_QkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0b3f1c-bbef-4d35-8146-c48b25f7846f/1/ZGhabXP_WifhvB-WF9-1UIutKTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.104.0/23
                  194.30.171.0/24
                IPv6:
                  2a0f:dc80::/29

    Signature Algorithm: sha256WithRSAEncryption
         1e:e2:95:c0:46:7e:ec:f5:9f:6b:b5:bf:c4:ab:c7:e9:e2:ea:
         c7:34:f8:5d:77:71:62:d4:0f:09:8a:04:e6:59:12:27:c4:46:
         b3:59:fd:f6:05:fd:19:54:90:d6:fc:1a:49:33:06:43:f5:0c:
         c4:67:0d:21:8b:ee:a3:36:06:c8:e3:bf:0d:0f:87:43:be:ee:
         00:b0:58:92:bd:4a:af:ec:f4:f8:8b:40:14:04:99:d4:90:e0:
         7d:d0:9f:ef:d7:74:a4:43:da:6b:8d:56:3c:e7:22:71:1c:93:
         93:fb:36:74:79:ac:5b:21:a5:34:85:24:a1:29:4e:5e:7b:1f:
         02:f2:cf:b2:69:fe:2a:44:dc:04:5b:39:a8:30:e4:db:3f:77:
         fa:06:4e:cc:c3:20:85:af:c0:b2:07:0d:a9:8a:71:cc:23:95:
         e8:44:57:3d:c6:aa:d3:61:03:55:5d:83:69:29:c9:07:7f:03:
         65:91:35:c6:28:6d:ec:14:46:90:8e:a3:ac:22:b4:81:0f:4a:
         ca:b1:d7:61:f1:e6:44:64:61:59:7c:c4:6f:be:8b:8c:57:b9:
         f3:26:f0:ac:60:2d:39:53:09:d4:31:c9:fc:03:db:db:ce:74:
         62:62:25:68:69:83:4e:b0:fc:42:d0:44:6e:99:dc:96:44:ab:
         a1:a0:36:8a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKKmQpibqVb2eOp84j9rLwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0Njg1YTZkNzNmZjVhMjdlMWJjMWY5NjE3ZGZiNTUwOGJh
ZDI5M2IwHhcNMjQwMTAyMTIzMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmIyMDk5OGY4YjE1YmU2ODg3ZjVkMTQwYWM3MDIyYzNiYmY0MjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhL2oiiTn+sr3rY7V3RSZU8YvXuIW
uEwSEtttREevNS6R/YnzcX4qhpCUazorrd7yx9icWa0laEbKy+K99Xb4bxNRu0zn
8G7SWSXiaUHczufHpCzMymjiohvJyKrjru/XWO2Of8Km+/Hvc40w71EgJFUCDjuK
FiTWP/g7FvhsnFkVrxCb84ToSuzU1r/d0qg39sZZzIoikXNq/PDbTTiS4zcg+e72
be+sujc3EfH96nful8fojG52lKc2JOr7WVRk9WZBjX/5+n0rDJVRBcX+nsRoXsfx
wlUxsk44dGn8rN0ebhBhcrh2fMO17rtg9g7gtvKnKdlQRsxaJRuYJnl9pQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKayCZj4sVvmiH9dFArHAiw7v0JBMB8GA1UdIwQY
MBaAFGRoWm1z/1on4bwflhfftVCLrSk7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkdoYWJYUF9XaWZodkItV0Y5LTFVSXV0S1RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wYjNmMWMtYmJlZi00ZDM1LTgxNDYt
YzQ4YjI1Zjc4NDZmLzEvcHJJSm1QaXhXLWFJZjEwVUNzY0NMRHVfUWtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wYjNmMWMtYmJlZi00ZDM1LTgxNDYtYzQ4YjI1Zjc4NDZm
LzEvWkdoYWJYUF9XaWZodkItV0Y5LTFVSXV0S1RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBBbZoAwQA
wh6rMA0EAgACMAcDBQMqD9yAMA0GCSqGSIb3DQEBCwUAA4IBAQAe4pXARn7s9Z9r
tb/Eq8fp4urHNPhdd3Fi1A8JigTmWRInxEazWf32Bf0ZVJDW/BpJMwZD9QzEZw0h
i+6jNgbI478ND4dDvu4AsFiSvUqv7PT4i0AUBJnUkOB90J/v13SkQ9prjVY85yJx
HJOT+zZ0eaxbIaU0hSShKU5eex8C8s+yaf4qRNwEWzmoMOTbP3f6Bk7MwyCFr8Cy
Bw2pinHMI5XoRFc9xqrTYQNVXYNpKckHfwNlkTXGKG3sFEaQjqOsIrSBD0rKsddh
8eZEZGFZfMRvvouMV7nzJvCsYC05UwnUMcn8A9vbznRiYiVoaYNOsPxC0ERumdyW
RKuhoDaK
-----END CERTIFICATE-----