Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/1e01d2-1a1d-4dc1-a8d5-e45863eac2b4/1/ZZ10ISeIwRdYR32w0JBS7fcMBzU.roa
File:                     ZZ10ISeIwRdYR32w0JBS7fcMBzU.roa (raw, json)
Hash identifier:          apy0L4asx1l1amGe/5syMTiFOiyLktyBT3BMPb2srcE=
Subject key identifier:   65:9D:74:21:27:88:C1:17:58:47:7D:B0:D0:90:52:ED:F7:0C:07:35
Certificate issuer:       /CN=6a0c867c979871c7adb09f7c6219ba5b0645931c
Certificate serial:       018CC9BCE672EB64DEECEC14C32D6C642EFF
Authority key identifier: 6A:0C:86:7C:97:98:71:C7:AD:B0:9F:7C:62:19:BA:5B:06:45:93:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/agyGfJeYccetsJ98Yhm6WwZFkxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/1e01d2-1a1d-4dc1-a8d5-e45863eac2b4/1/ZZ10ISeIwRdYR32w0JBS7fcMBzU.roa
Signing time:             Tue 02 Jan 2024 10:34:09 +0000
ROA not before:           Tue 02 Jan 2024 10:34:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        194.49.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/1e01d2-1a1d-4dc1-a8d5-e45863eac2b4/1/agyGfJeYccetsJ98Yhm6WwZFkxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/1e01d2-1a1d-4dc1-a8d5-e45863eac2b4/1/agyGfJeYccetsJ98Yhm6WwZFkxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/agyGfJeYccetsJ98Yhm6WwZFkxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e6:72:eb:64:de:ec:ec:14:c3:2d:6c:64:2e:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a0c867c979871c7adb09f7c6219ba5b0645931c
        Validity
            Not Before: Jan  2 10:34:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=659d74212788c11758477db0d09052edf70c0735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:19:07:3d:0f:7c:84:9b:56:6f:ed:2a:4b:53:
                    3c:65:fc:92:7e:73:21:13:3f:33:4f:1c:2f:6e:ed:
                    4a:c9:ea:60:84:67:c4:e7:94:b9:05:f4:97:47:5f:
                    47:8e:4e:8c:b1:db:e5:ef:3d:64:a2:ef:cc:c6:9a:
                    be:62:1b:83:bb:39:69:f5:37:2f:08:24:04:50:46:
                    84:5b:6d:5a:27:01:8e:5c:35:cc:03:b2:51:f9:99:
                    b0:ff:af:ce:b5:90:30:38:46:c1:69:b8:6c:6a:c4:
                    4d:25:05:94:f4:a2:ab:b7:5e:c6:a3:ff:0b:b2:5d:
                    ef:56:d6:f5:c5:e5:e9:60:f7:33:51:76:57:03:b7:
                    2f:a3:36:fa:53:bd:6a:14:0a:c7:db:ea:c8:b1:2a:
                    2f:fb:dd:9d:94:33:e6:1f:3b:8e:d5:4e:16:4a:08:
                    d9:5a:05:c8:dc:f6:93:1e:ab:8a:b6:82:3b:70:e9:
                    9c:10:84:02:4e:09:de:99:be:c3:93:75:be:2d:e9:
                    d9:44:c9:3d:33:0b:6a:c1:b1:9a:b3:3b:99:ed:b2:
                    da:ca:48:66:82:33:18:9d:05:4e:e3:34:49:3d:f6:
                    f7:4e:ab:2c:37:fd:ce:40:de:dd:8b:58:92:52:f8:
                    e5:92:5e:4c:76:a5:ef:76:ff:98:f5:77:1a:fb:5a:
                    0e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:9D:74:21:27:88:C1:17:58:47:7D:B0:D0:90:52:ED:F7:0C:07:35
            X509v3 Authority Key Identifier:
                keyid:6A:0C:86:7C:97:98:71:C7:AD:B0:9F:7C:62:19:BA:5B:06:45:93:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/agyGfJeYccetsJ98Yhm6WwZFkxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/1e01d2-1a1d-4dc1-a8d5-e45863eac2b4/1/ZZ10ISeIwRdYR32w0JBS7fcMBzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/1e01d2-1a1d-4dc1-a8d5-e45863eac2b4/1/agyGfJeYccetsJ98Yhm6WwZFkxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:c9:3a:25:05:03:35:38:9f:30:ba:14:2d:10:87:0b:70:15:
         a8:3e:b6:74:2d:e7:78:93:81:fe:12:f4:86:6a:a3:8c:2e:e8:
         0f:5a:3c:7e:68:73:6c:84:5e:37:bf:2b:c1:be:05:73:1d:58:
         ee:20:b6:d2:f0:0a:71:dd:f3:51:e6:ef:e6:6e:47:d3:93:e1:
         dd:36:45:80:71:62:50:b0:a3:be:f3:82:83:32:ac:fb:d9:b9:
         64:08:68:d5:bd:b3:9d:9a:11:4b:d4:91:f4:dc:e0:08:06:7e:
         69:3e:aa:ca:c3:7a:52:7d:db:c4:de:45:04:45:b4:a6:6c:c9:
         6d:37:2e:7f:de:af:88:9e:c7:06:43:86:4d:9f:24:5e:42:eb:
         89:7e:67:83:16:9f:a0:97:cc:a8:6a:1e:d6:c1:e3:90:02:6f:
         c9:75:ad:5b:47:29:4f:bd:cd:45:91:ac:45:b1:b7:26:2d:bf:
         be:dc:5e:e9:94:bf:74:b2:8d:d1:b4:75:65:46:da:3b:b2:5f:
         93:36:9f:88:98:19:18:fc:74:87:4c:42:08:ef:06:a5:42:bd:
         06:24:4a:4e:c1:6f:9b:9f:cc:84:59:f9:b8:c4:cb:aa:5e:8e:
         db:8a:e5:ec:fe:81:17:57:14:a5:99:ba:55:8e:4a:95:08:b0:
         02:82:ad:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvOZy62Te7OwUwy1sZC7/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMGM4NjdjOTc5ODcxYzdhZGIwOWY3YzYyMTliYTViMDY0
NTkzMWMwHhcNMjQwMTAyMTAzNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTlkNzQyMTI3ODhjMTE3NTg0NzdkYjBkMDkwNTJlZGY3MGMwNzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBkHPQ98hJtWb+0qS1M8ZfySfnMh
Ez8zTxwvbu1KyepghGfE55S5BfSXR19Hjk6Msdvl7z1kou/Mxpq+YhuDuzlp9Tcv
CCQEUEaEW21aJwGOXDXMA7JR+Zmw/6/OtZAwOEbBabhsasRNJQWU9KKrt17Go/8L
sl3vVtb1xeXpYPczUXZXA7cvozb6U71qFArH2+rIsSov+92dlDPmHzuO1U4WSgjZ
WgXI3PaTHquKtoI7cOmcEIQCTgnemb7Dk3W+LenZRMk9MwtqwbGaszuZ7bLaykhm
gjMYnQVO4zRJPfb3TqssN/3OQN7di1iSUvjlkl5MdqXvdv+Y9Xca+1oOKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGWddCEniMEXWEd9sNCQUu33DAc1MB8GA1UdIwQY
MBaAFGoMhnyXmHHHrbCffGIZulsGRZMcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWd5R2ZKZVljY2V0c0o5OFlobTZXd1pGa3h3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8xZTAxZDItMWExZC00ZGMxLWE4ZDUt
ZTQ1ODYzZWFjMmI0LzEvWloxMElTZUl3UmRZUjMydzBKQlM3ZmNNQnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8xZTAxZDItMWExZC00ZGMxLWE4ZDUtZTQ1ODYzZWFjMmI0
LzEvYWd5R2ZKZVljY2V0c0o5OFlobTZXd1pGa3h3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjHOMA0G
CSqGSIb3DQEBCwUAA4IBAQAOyTolBQM1OJ8wuhQtEIcLcBWoPrZ0Led4k4H+EvSG
aqOMLugPWjx+aHNshF43vyvBvgVzHVjuILbS8Apx3fNR5u/mbkfTk+HdNkWAcWJQ
sKO+84KDMqz72blkCGjVvbOdmhFL1JH03OAIBn5pPqrKw3pSfdvE3kUERbSmbMlt
Ny5/3q+InscGQ4ZNnyReQuuJfmeDFp+gl8yoah7WweOQAm/Jda1bRylPvc1FkaxF
sbcmLb++3F7plL90so3RtHVlRto7sl+TNp+ImBkY/HSHTEII7walQr0GJEpOwW+b
n8yEWfm4xMuqXo7biuXs/oEXVxSlmbpVjkqVCLACgq3U
-----END CERTIFICATE-----