Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/ZnjMbzlLbS_C9cHiT4-eQP7SoYg.roa
File:                     ZnjMbzlLbS_C9cHiT4-eQP7SoYg.roa (raw, json)
Hash identifier:          QPgVJPPl56AOhwTBfnQPMy7l104kKbk+pKksp0uYLbk=
Subject key identifier:   66:78:CC:6F:39:4B:6D:2F:C2:F5:C1:E2:4F:8F:9E:40:FE:D2:A1:88
Certificate issuer:       /CN=38a8550659bb68e770d8b0126b7261fb87d8240b
Certificate serial:       018CCA2BD8849139FF6E92340D32AF7D7BD1
Authority key identifier: 38:A8:55:06:59:BB:68:E7:70:D8:B0:12:6B:72:61:FB:87:D8:24:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/ZnjMbzlLbS_C9cHiT4-eQP7SoYg.roa
Signing time:             Tue 02 Jan 2024 12:35:20 +0000
ROA not before:           Tue 02 Jan 2024 12:35:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60078
IP address blocks:        85.204.249.0/24 maxlen: 24
                          85.204.248.0/24 maxlen: 24
                          2a10:52c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:d8:84:91:39:ff:6e:92:34:0d:32:af:7d:7b:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a8550659bb68e770d8b0126b7261fb87d8240b
        Validity
            Not Before: Jan  2 12:35:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6678cc6f394b6d2fc2f5c1e24f8f9e40fed2a188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:35:f6:d3:29:9a:ee:15:1f:5b:36:75:d0:05:
                    a2:0d:07:ff:c4:47:0f:d3:b3:55:f9:bd:a3:2e:1f:
                    e4:34:e3:88:2e:79:3e:f1:46:b8:00:45:59:aa:24:
                    20:2a:6d:ec:a6:7b:d2:57:2b:e0:71:f7:85:bc:20:
                    f6:3d:bf:a7:20:54:d1:52:d1:2b:16:a1:e2:ef:df:
                    18:5a:9b:fc:15:f0:0f:3e:b0:31:0d:18:d3:93:a3:
                    b5:ce:0b:eb:9a:79:f6:fe:a7:9c:fe:1f:17:d2:86:
                    b3:78:fc:23:34:09:f7:30:5c:14:a6:02:63:6b:14:
                    8d:63:96:47:09:b4:9a:aa:16:04:fb:e9:c2:6e:fb:
                    9a:4e:17:85:a7:52:7c:99:57:ab:d1:93:06:99:47:
                    bb:30:4c:82:cd:54:6a:45:27:ed:98:8c:75:85:a1:
                    92:17:00:d8:d3:b4:96:a1:cf:b1:66:9e:68:f5:37:
                    6a:a5:de:ec:83:1e:c3:2a:ff:c3:9c:92:81:bd:61:
                    d0:1a:76:00:09:f2:a8:54:e9:ee:48:b7:4b:1b:cd:
                    86:90:03:d8:1d:2e:01:b0:c2:d4:2a:9b:94:a1:c1:
                    14:19:57:17:bb:54:b1:31:02:96:33:cb:e6:89:68:
                    31:25:1c:9d:07:3d:f6:d4:ef:c2:df:23:26:ec:fe:
                    d4:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:78:CC:6F:39:4B:6D:2F:C2:F5:C1:E2:4F:8F:9E:40:FE:D2:A1:88
            X509v3 Authority Key Identifier:
                keyid:38:A8:55:06:59:BB:68:E7:70:D8:B0:12:6B:72:61:FB:87:D8:24:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/ZnjMbzlLbS_C9cHiT4-eQP7SoYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.248.0/23
                IPv6:
                  2a10:52c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:4c:4c:a1:28:bd:2e:1a:47:82:19:28:6a:a6:2c:e5:13:e3:
         bb:a0:9c:94:e3:d7:1e:6c:63:8c:69:07:c5:46:06:95:1b:b2:
         c7:6b:cc:78:ef:b5:28:96:fd:ef:f7:ca:ff:87:10:1e:4e:a7:
         2c:33:5c:50:72:32:02:d3:63:0b:a0:0d:6d:a9:e6:38:b2:85:
         a5:90:8a:83:a1:9f:90:13:31:ba:b9:fc:51:8e:e6:89:d7:60:
         c7:0f:1f:35:fa:90:7f:ed:e2:60:32:9a:6d:d0:b5:34:68:71:
         41:05:4c:f9:5e:04:d6:13:89:61:f5:3f:8c:0b:c8:1e:f2:5b:
         ff:b1:17:2d:f6:7e:92:45:3f:a8:6f:a4:01:5e:a6:7b:43:d1:
         db:ee:60:6b:6c:6f:3a:6a:fa:ee:a4:61:ee:b7:23:ae:48:e2:
         5b:d5:e1:64:9e:a5:f2:df:c1:20:f4:a1:85:53:f7:61:f3:5f:
         7f:5e:d4:f9:d4:f1:d3:dd:97:b8:b2:6d:ed:f3:37:93:7b:03:
         a2:ac:ae:e3:e5:ee:12:3d:02:b0:73:f1:32:c2:e2:ad:94:21:
         d1:f2:bb:68:06:22:ea:b1:13:3e:64:0a:c3:de:1c:12:29:62:
         42:c8:51:e9:fd:9e:cd:f8:dd:75:e8:4f:58:db:3c:e2:1c:7a:
         8f:85:5b:b6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKK9iEkTn/bpI0DTKvfXvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YTg1NTA2NTliYjY4ZTc3MGQ4YjAxMjZiNzI2MWZiODdk
ODI0MGIwHhcNMjQwMTAyMTIzNTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Njc4Y2M2ZjM5NGI2ZDJmYzJmNWMxZTI0ZjhmOWU0MGZlZDJhMTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDX20yma7hUfWzZ10AWiDQf/xEcP
07NV+b2jLh/kNOOILnk+8Ua4AEVZqiQgKm3spnvSVyvgcfeFvCD2Pb+nIFTRUtEr
FqHi798YWpv8FfAPPrAxDRjTk6O1zgvrmnn2/qec/h8X0oazePwjNAn3MFwUpgJj
axSNY5ZHCbSaqhYE++nCbvuaTheFp1J8mVer0ZMGmUe7MEyCzVRqRSftmIx1haGS
FwDY07SWoc+xZp5o9Tdqpd7sgx7DKv/DnJKBvWHQGnYACfKoVOnuSLdLG82GkAPY
HS4BsMLUKpuUocEUGVcXu1SxMQKWM8vmiWgxJRydBz321O/C3yMm7P7UjwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGZ4zG85S20vwvXB4k+PnkD+0qGIMB8GA1UdIwQY
MBaAFDioVQZZu2jncNiwEmtyYfuH2CQLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0toVkJsbTdhT2R3MkxBU2EzSmgtNGZZSkFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi83ZGNlNzMtYzRkZi00MzMzLThlODEt
MWQ3MDNiNDk2NjM0LzEvWm5qTWJ6bExiU19DOWNIaVQ0LWVRUDdTb1lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi83ZGNlNzMtYzRkZi00MzMzLThlODEtMWQ3MDNiNDk2NjM0
LzEvT0toVkJsbTdhT2R3MkxBU2EzSmgtNGZZSkFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBVcz4MA8E
AgACMAkDBwAqEFLAAAAwDQYJKoZIhvcNAQELBQADggEBALFMTKEovS4aR4IZKGqm
LOUT47ugnJTj1x5sY4xpB8VGBpUbssdrzHjvtSiW/e/3yv+HEB5OpywzXFByMgLT
YwugDW2p5jiyhaWQioOhn5ATMbq5/FGO5onXYMcPHzX6kH/t4mAymm3QtTRocUEF
TPleBNYTiWH1P4wLyB7yW/+xFy32fpJFP6hvpAFepntD0dvuYGtsbzpq+u6kYe63
I65I4lvV4WSepfLfwSD0oYVT92HzX39e1PnU8dPdl7iybe3zN5N7A6KsruPl7hI9
ArBz8TLC4q2UIdHyu2gGIuqxEz5kCsPeHBIpYkLIUen9ns343XXoT1jbPOIceo+F
W7Y=
-----END CERTIFICATE-----