Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b5ff66-807d-4bf1-abe9-a3b4c900241f/1/zd3AhiDSh5aJzWgbpvG_Uw14Ky4.roa
File:                     zd3AhiDSh5aJzWgbpvG_Uw14Ky4.roa (raw, json)
Hash identifier:          inTEy/soO0tC6bIVIFMVZHBfgsJJwjmIMa+M+9rr0Os=
Subject key identifier:   CD:DD:C0:86:20:D2:87:96:89:CD:68:1B:A6:F1:BF:53:0D:78:2B:2E
Certificate issuer:       /CN=80c028ad0e60d7ea8914b13c3a53d8f089160315
Certificate serial:       018CC795363C48CCF7AF3B50D07FB849DDF9
Authority key identifier: 80:C0:28:AD:0E:60:D7:EA:89:14:B1:3C:3A:53:D8:F0:89:16:03:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gMAorQ5g1-qJFLE8OlPY8IkWAxU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b5ff66-807d-4bf1-abe9-a3b4c900241f/1/zd3AhiDSh5aJzWgbpvG_Uw14Ky4.roa
Signing time:             Tue 02 Jan 2024 00:31:33 +0000
ROA not before:           Tue 02 Jan 2024 00:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39745
IP address blocks:        195.60.78.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/b5ff66-807d-4bf1-abe9-a3b4c900241f/1/gMAorQ5g1-qJFLE8OlPY8IkWAxU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/b5ff66-807d-4bf1-abe9-a3b4c900241f/1/gMAorQ5g1-qJFLE8OlPY8IkWAxU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gMAorQ5g1-qJFLE8OlPY8IkWAxU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:36:3c:48:cc:f7:af:3b:50:d0:7f:b8:49:dd:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80c028ad0e60d7ea8914b13c3a53d8f089160315
        Validity
            Not Before: Jan  2 00:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdddc08620d2879689cd681ba6f1bf530d782b2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:b3:87:10:74:df:56:aa:b1:31:30:b0:3e:56:
                    f5:6c:ad:eb:f1:80:64:53:60:23:76:8e:90:81:98:
                    d5:90:4a:8f:88:b7:38:66:d1:10:50:e1:df:ba:bd:
                    d4:86:21:27:94:9b:a0:b2:84:c7:35:e8:7b:41:d7:
                    51:73:d9:77:ef:9d:28:13:7e:2b:60:86:43:74:cf:
                    03:84:05:12:c3:96:97:c0:39:fb:7d:a9:bf:5e:14:
                    7f:06:c5:f3:93:68:69:7b:2e:3f:6d:b5:46:7f:d2:
                    1d:4b:ec:6d:94:33:59:10:43:a3:e2:59:b0:53:f5:
                    b2:24:b8:70:cc:59:07:e2:4a:84:d0:5a:0f:ca:66:
                    d6:d5:66:6f:5e:a3:c7:66:7e:5c:dc:07:35:86:d7:
                    b1:d7:0d:b9:4a:86:4f:38:aa:d7:f4:0b:b0:b4:42:
                    b9:1f:86:21:b5:14:02:bc:dd:f5:13:d6:69:8e:ae:
                    45:af:b3:e1:dc:58:be:63:12:b6:82:40:a5:c8:de:
                    ee:c5:01:c2:81:71:7a:b6:86:bc:13:46:3c:4e:6c:
                    35:56:2f:d0:41:3d:c4:39:cb:e6:ba:b6:32:03:69:
                    b3:bd:b1:4b:7f:b7:1a:f7:77:b9:a5:f4:e3:40:2d:
                    02:85:5d:67:0b:b6:b6:89:1a:8d:5e:85:38:87:fc:
                    d9:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:DD:C0:86:20:D2:87:96:89:CD:68:1B:A6:F1:BF:53:0D:78:2B:2E
            X509v3 Authority Key Identifier:
                keyid:80:C0:28:AD:0E:60:D7:EA:89:14:B1:3C:3A:53:D8:F0:89:16:03:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gMAorQ5g1-qJFLE8OlPY8IkWAxU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b5ff66-807d-4bf1-abe9-a3b4c900241f/1/zd3AhiDSh5aJzWgbpvG_Uw14Ky4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b5ff66-807d-4bf1-abe9-a3b4c900241f/1/gMAorQ5g1-qJFLE8OlPY8IkWAxU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:7b:df:fa:99:27:3d:c4:a0:d4:c8:33:d8:11:7a:4f:d8:f7:
         a7:db:b2:30:43:f4:39:3c:7b:d4:ac:fe:9c:a1:a3:30:24:4e:
         8f:c8:20:02:9d:79:0e:f4:69:b8:32:d5:7c:9d:8d:46:aa:c1:
         0d:25:0b:98:f0:86:4d:1f:b3:a2:e2:9f:ea:11:56:65:4c:fc:
         2a:79:05:42:33:8d:e5:be:1f:bc:ed:87:38:32:9f:38:7a:1c:
         b3:08:83:59:57:aa:00:a1:90:a4:7a:ff:48:b9:f6:70:6e:8a:
         92:a0:28:62:e4:9b:85:7e:04:fc:78:46:3c:c4:75:ea:b2:7b:
         e1:db:70:46:40:8f:e2:e9:5b:36:12:06:87:7a:f8:ab:95:8a:
         e1:44:b5:30:50:15:e0:bf:2d:36:28:23:91:cd:2e:da:96:5e:
         b6:f5:19:da:24:c6:e4:fa:ba:9a:78:33:0e:d4:a2:3a:c7:68:
         20:a5:c9:64:bc:ef:e8:c3:e0:01:2d:90:1c:50:d0:9d:5a:ee:
         76:bd:e3:8d:ba:7a:14:b6:da:2d:0f:01:db:d4:e4:00:09:42:
         0c:4b:8a:cb:8f:a8:be:34:de:a9:bc:c8:95:c6:c5:44:3f:bb:
         2e:ad:2a:72:15:5e:0e:f4:9c:e8:b7:62:69:ca:ae:ab:ed:0f:
         36:8e:54:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlTY8SMz3rztQ0H+4Sd35MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYzAyOGFkMGU2MGQ3ZWE4OTE0YjEzYzNhNTNkOGYwODkx
NjAzMTUwHhcNMjQwMTAyMDAzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGRkYzA4NjIwZDI4Nzk2ODljZDY4MWJhNmYxYmY1MzBkNzgyYjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9bOHEHTfVqqxMTCwPlb1bK3r8YBk
U2Ajdo6QgZjVkEqPiLc4ZtEQUOHfur3UhiEnlJugsoTHNeh7QddRc9l3750oE34r
YIZDdM8DhAUSw5aXwDn7fam/XhR/BsXzk2hpey4/bbVGf9IdS+xtlDNZEEOj4lmw
U/WyJLhwzFkH4kqE0FoPymbW1WZvXqPHZn5c3Ac1htex1w25SoZPOKrX9AuwtEK5
H4YhtRQCvN31E9Zpjq5Fr7Ph3Fi+YxK2gkClyN7uxQHCgXF6toa8E0Y8Tmw1Vi/Q
QT3EOcvmurYyA2mzvbFLf7ca93e5pfTjQC0ChV1nC7a2iRqNXoU4h/zZ7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3dwIYg0oeWic1oG6bxv1MNeCsuMB8GA1UdIwQY
MBaAFIDAKK0OYNfqiRSxPDpT2PCJFgMVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ01Bb3JRNWcxLXFKRkxFOE9sUFk4SWtXQXhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iNWZmNjYtODA3ZC00YmYxLWFiZTkt
YTNiNGM5MDAyNDFmLzEvemQzQWhpRFNoNWFKeldnYnB2R19VdzE0S3k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iNWZmNjYtODA3ZC00YmYxLWFiZTktYTNiNGM5MDAyNDFm
LzEvZ01Bb3JRNWcxLXFKRkxFOE9sUFk4SWtXQXhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzxOMA0G
CSqGSIb3DQEBCwUAA4IBAQA4e9/6mSc9xKDUyDPYEXpP2Pen27IwQ/Q5PHvUrP6c
oaMwJE6PyCACnXkO9Gm4MtV8nY1GqsENJQuY8IZNH7Oi4p/qEVZlTPwqeQVCM43l
vh+87Yc4Mp84ehyzCINZV6oAoZCkev9IufZwboqSoChi5JuFfgT8eEY8xHXqsnvh
23BGQI/i6Vs2EgaHevirlYrhRLUwUBXgvy02KCORzS7all629RnaJMbk+rqaeDMO
1KI6x2ggpclkvO/ow+ABLZAcUNCdWu52veONunoUttotDwHb1OQACUIMS4rLj6i+
NN6pvMiVxsVEP7surSpyFV4O9Jzot2Jpyq6r7Q82jlQD
-----END CERTIFICATE-----