Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/6b850a-4f12-4206-a50f-5d58711f3662/1/Z_KzXqjb2x_3qLvorWU0lShr5C4.roa
File:                     Z_KzXqjb2x_3qLvorWU0lShr5C4.roa (raw, json)
Hash identifier:          6uaWXq1hgIJtOWTGQlgCG5yztokl8jfnAwBAZVFzrmo=
Subject key identifier:   67:F2:B3:5E:A8:DB:DB:1F:F7:A8:BB:E8:AD:65:34:95:28:6B:E4:2E
Certificate issuer:       /CN=d3e8d4cb8e442ec38a6bc3fa400a2a517cee0d1e
Certificate serial:       018CC4247EF4E0D30383D1E7704C88A006E0
Authority key identifier: D3:E8:D4:CB:8E:44:2E:C3:8A:6B:C3:FA:40:0A:2A:51:7C:EE:0D:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0-jUy45ELsOKa8P6QAoqUXzuDR4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/6b850a-4f12-4206-a50f-5d58711f3662/1/Z_KzXqjb2x_3qLvorWU0lShr5C4.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60563
IP address blocks:        185.29.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/6b850a-4f12-4206-a50f-5d58711f3662/1/0-jUy45ELsOKa8P6QAoqUXzuDR4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/6b850a-4f12-4206-a50f-5d58711f3662/1/0-jUy45ELsOKa8P6QAoqUXzuDR4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0-jUy45ELsOKa8P6QAoqUXzuDR4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7e:f4:e0:d3:03:83:d1:e7:70:4c:88:a0:06:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3e8d4cb8e442ec38a6bc3fa400a2a517cee0d1e
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67f2b35ea8dbdb1ff7a8bbe8ad653495286be42e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:53:8e:93:49:2f:38:4d:82:b2:9b:ee:b0:e8:
                    71:79:97:7a:ac:6c:fe:3f:5e:02:99:f1:ed:2f:24:
                    54:08:6e:f5:89:2e:c8:49:37:e4:00:79:77:bb:13:
                    63:8b:16:e7:21:c8:cc:31:bd:7b:2e:ae:42:8c:98:
                    4f:8d:80:10:19:7c:47:26:91:e2:b6:37:da:bd:e4:
                    26:90:c5:dc:ad:a9:bf:76:0e:11:63:f4:05:9c:67:
                    12:3e:5c:2c:16:39:6d:52:7d:f6:9e:fd:8c:46:f8:
                    5f:49:fe:a1:e2:99:22:4e:8f:7d:1a:95:8b:ca:02:
                    7f:67:1f:86:77:18:fb:dd:f6:0b:99:06:7b:27:a7:
                    70:37:a7:db:60:0f:57:24:ce:63:97:c9:41:24:a2:
                    aa:28:fc:a9:ba:31:ff:be:a2:0a:d2:85:c5:4f:87:
                    83:5e:19:32:3f:c3:4c:64:17:65:28:93:ba:4e:d0:
                    c2:1a:65:53:ea:c2:55:7e:09:70:9e:5f:8d:d1:96:
                    0c:20:8d:75:9e:1c:d4:5b:8e:d4:ec:96:1d:33:c5:
                    c3:31:78:5b:2c:14:90:57:98:39:68:8f:4a:d8:7e:
                    de:e5:6a:f0:cb:9b:c7:e1:d2:61:b1:17:96:cb:8d:
                    2b:10:2e:85:77:f0:e8:1a:df:97:a1:c3:05:96:44:
                    dc:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:F2:B3:5E:A8:DB:DB:1F:F7:A8:BB:E8:AD:65:34:95:28:6B:E4:2E
            X509v3 Authority Key Identifier:
                keyid:D3:E8:D4:CB:8E:44:2E:C3:8A:6B:C3:FA:40:0A:2A:51:7C:EE:0D:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0-jUy45ELsOKa8P6QAoqUXzuDR4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/6b850a-4f12-4206-a50f-5d58711f3662/1/Z_KzXqjb2x_3qLvorWU0lShr5C4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/6b850a-4f12-4206-a50f-5d58711f3662/1/0-jUy45ELsOKa8P6QAoqUXzuDR4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:a7:23:26:04:8b:5e:79:70:f5:0c:bc:77:53:3c:03:5e:89:
         5a:cf:be:11:40:99:48:d2:25:04:2f:48:d6:15:fa:02:8a:ea:
         9e:d5:80:ac:22:59:82:c0:a9:5f:81:0d:59:e7:86:d7:2f:f1:
         17:3d:45:bd:1b:8c:35:eb:86:68:ac:e7:4a:d8:22:bb:1c:d4:
         aa:3d:55:f1:69:35:77:86:4c:55:53:05:41:fd:52:97:74:e2:
         07:f8:24:eb:31:22:70:18:3d:08:e8:60:d7:5c:cc:7f:e2:91:
         58:43:91:a6:8c:5f:d4:10:fa:be:e6:68:38:d1:c1:00:1e:95:
         f7:64:c5:ae:95:f0:c8:b1:4b:51:84:94:8c:8e:3c:e9:83:48:
         31:c7:f5:a1:bb:a5:3c:0f:ce:a0:fa:99:83:85:af:38:ae:12:
         1c:4d:dd:be:20:a4:24:3a:7e:6e:bb:d3:fe:67:da:e9:58:c4:
         c6:ad:bf:c4:bb:6c:c4:86:57:67:46:ec:31:c8:90:b5:cc:05:
         20:54:3c:ae:85:bb:55:4e:d4:f2:be:fc:d1:75:3a:e5:61:26:
         a6:7f:a0:ea:38:0a:d9:c2:e1:e0:ee:25:ed:bf:65:f7:3f:ed:
         92:49:61:c0:7e:0d:75:d4:8f:f9:06:bf:f1:e3:63:0c:a3:8a:
         24:1f:65:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJH704NMDg9HncEyIoAbgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZThkNGNiOGU0NDJlYzM4YTZiYzNmYTQwMGEyYTUxN2Nl
ZTBkMWUwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2YyYjM1ZWE4ZGJkYjFmZjdhOGJiZThhZDY1MzQ5NTI4NmJlNDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFOOk0kvOE2CspvusOhxeZd6rGz+
P14CmfHtLyRUCG71iS7ISTfkAHl3uxNjixbnIcjMMb17Lq5CjJhPjYAQGXxHJpHi
tjfaveQmkMXcram/dg4RY/QFnGcSPlwsFjltUn32nv2MRvhfSf6h4pkiTo99GpWL
ygJ/Zx+Gdxj73fYLmQZ7J6dwN6fbYA9XJM5jl8lBJKKqKPypujH/vqIK0oXFT4eD
XhkyP8NMZBdlKJO6TtDCGmVT6sJVfglwnl+N0ZYMII11nhzUW47U7JYdM8XDMXhb
LBSQV5g5aI9K2H7e5Wrwy5vH4dJhsReWy40rEC6Fd/DoGt+XocMFlkTc/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfys16o29sf96i76K1lNJUoa+QuMB8GA1UdIwQY
MBaAFNPo1MuORC7DimvD+kAKKlF87g0eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMC1qVXk0NUVMc09LYThQNlFBb3FVWHp1RFI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi82Yjg1MGEtNGYxMi00MjA2LWE1MGYt
NWQ1ODcxMWYzNjYyLzEvWl9LelhxamIyeF8zcUx2b3JXVTBsU2hyNUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi82Yjg1MGEtNGYxMi00MjA2LWE1MGYtNWQ1ODcxMWYzNjYy
LzEvMC1qVXk0NUVMc09LYThQNlFBb3FVWHp1RFI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR1UMA0G
CSqGSIb3DQEBCwUAA4IBAQBKpyMmBIteeXD1DLx3UzwDXolaz74RQJlI0iUEL0jW
FfoCiuqe1YCsIlmCwKlfgQ1Z54bXL/EXPUW9G4w164ZorOdK2CK7HNSqPVXxaTV3
hkxVUwVB/VKXdOIH+CTrMSJwGD0I6GDXXMx/4pFYQ5GmjF/UEPq+5mg40cEAHpX3
ZMWulfDIsUtRhJSMjjzpg0gxx/Whu6U8D86g+pmDha84rhIcTd2+IKQkOn5uu9P+
Z9rpWMTGrb/Eu2zEhldnRuwxyJC1zAUgVDyuhbtVTtTyvvzRdTrlYSamf6DqOArZ
wuHg7iXtv2X3P+2SSWHAfg111I/5Br/x42MMo4okH2UI
-----END CERTIFICATE-----