Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/ZwWG8igq90Qo0km0QE7O_XzNNL0.roa
File:                     ZwWG8igq90Qo0km0QE7O_XzNNL0.roa (raw, json)
Hash identifier:          4OvDCxhmZH8CqTC5kQE0O3LblZXDsYNysCP16YcOEdA=
Subject key identifier:   67:05:86:F2:28:2A:F7:44:28:D2:49:B4:40:4E:CE:FD:7C:CD:34:BD
Certificate issuer:       /CN=8ef66691ad3a41652f5bd8596230b3ac743d2a2c
Certificate serial:       018F142D5B751F6246BA6A25629D96CD5D3C
Authority key identifier: 8E:F6:66:91:AD:3A:41:65:2F:5B:D8:59:62:30:B3:AC:74:3D:2A:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jvZmka06QWUvW9hZYjCzrHQ9Kiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/ZwWG8igq90Qo0km0QE7O_XzNNL0.roa
Signing time:             Thu 25 Apr 2024 07:34:27 +0000
ROA not before:           Thu 25 Apr 2024 07:34:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213354
IP address blocks:        194.79.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/jvZmka06QWUvW9hZYjCzrHQ9Kiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/jvZmka06QWUvW9hZYjCzrHQ9Kiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jvZmka06QWUvW9hZYjCzrHQ9Kiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:14:2d:5b:75:1f:62:46:ba:6a:25:62:9d:96:cd:5d:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ef66691ad3a41652f5bd8596230b3ac743d2a2c
        Validity
            Not Before: Apr 25 07:34:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=670586f2282af74428d249b4404ecefd7ccd34bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:e3:ce:32:bd:c9:7c:a5:7b:90:83:0f:57:d6:
                    4c:cf:47:6d:7e:40:1e:70:81:59:75:31:77:d6:aa:
                    65:b5:89:e9:3c:bb:99:8a:42:18:fd:68:5e:13:69:
                    07:82:36:ca:4e:01:69:53:e8:15:64:87:96:5b:ae:
                    32:a6:91:58:7b:89:15:b7:e9:d1:b9:d9:e4:a9:a2:
                    d6:d1:df:63:ec:d4:17:df:8b:55:2b:74:b3:76:e5:
                    ec:bd:a0:7b:11:47:90:65:be:b5:85:9e:56:5f:68:
                    d0:81:1c:53:af:38:8b:73:53:1f:04:a2:b2:38:5a:
                    1b:f8:32:35:13:e5:7e:a9:0e:6b:48:ca:fa:b5:38:
                    a6:a2:ff:43:43:6b:8c:bf:79:78:4f:b8:08:36:40:
                    1d:3c:d1:95:77:6e:3e:73:fe:fd:bc:3f:f3:66:8a:
                    43:63:fc:c6:26:2d:fb:f8:5c:a1:bf:29:fb:1f:03:
                    ea:43:27:31:e4:03:4e:da:a5:d4:1a:da:22:50:50:
                    4e:89:f2:31:0f:70:0f:3d:bb:ad:c7:ba:50:58:09:
                    37:02:83:e0:5e:58:0b:d7:69:3a:28:11:32:66:41:
                    26:c8:ae:f4:40:93:23:fe:d7:ab:c2:5a:b0:a7:5f:
                    9b:23:23:f1:05:bf:37:4c:ae:1d:fa:de:89:ea:d2:
                    06:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:05:86:F2:28:2A:F7:44:28:D2:49:B4:40:4E:CE:FD:7C:CD:34:BD
            X509v3 Authority Key Identifier:
                keyid:8E:F6:66:91:AD:3A:41:65:2F:5B:D8:59:62:30:B3:AC:74:3D:2A:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jvZmka06QWUvW9hZYjCzrHQ9Kiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/ZwWG8igq90Qo0km0QE7O_XzNNL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/fc87fa-cbfa-4f3c-88d3-ba922bb1ebb4/1/jvZmka06QWUvW9hZYjCzrHQ9Kiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.79.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:d8:4f:ef:a4:3e:63:b3:87:c7:63:25:4c:f3:80:4d:e3:91:
         c0:fd:e6:53:ec:6f:7a:af:c1:8e:4e:38:70:16:4e:0c:53:65:
         03:1a:05:c6:b0:53:f9:32:43:af:a6:ab:90:a7:49:fe:69:ee:
         57:2f:ce:83:a5:3a:1f:c8:67:e6:7b:e4:1d:8f:81:5a:6c:c3:
         36:b8:84:a5:df:65:70:14:b4:91:65:a8:c0:6d:68:93:29:73:
         61:5b:82:75:b9:66:53:b9:6c:32:66:cb:81:4f:eb:84:3a:2d:
         41:f2:01:8b:3b:4f:e5:cb:8d:c4:38:d2:3e:43:a2:b5:44:3b:
         29:ec:93:0c:83:f2:ff:ce:37:c0:cb:c3:87:d5:df:63:bf:8b:
         a0:a4:0f:de:4a:f2:bd:6a:c3:1b:d0:99:d9:1b:52:0c:6f:11:
         76:9e:db:41:36:3c:5d:96:56:60:a3:74:41:e7:b1:c9:4a:ba:
         a2:8f:a8:d9:a8:1b:8c:94:1d:68:8a:ae:d1:7d:3d:0b:84:34:
         e9:2e:26:43:e4:0c:24:28:b7:21:80:a1:2d:d1:1f:dd:19:e7:
         b8:b4:c2:f6:25:c3:35:10:17:4e:b7:09:71:32:0d:1a:ea:79:
         6e:0c:83:ff:cc:14:78:c7:17:f2:7b:06:e0:e3:90:65:69:1c:
         f1:c8:da:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8ULVt1H2JGumolYp2WzV08MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZjY2NjkxYWQzYTQxNjUyZjViZDg1OTYyMzBiM2FjNzQz
ZDJhMmMwHhcNMjQwNDI1MDczNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzA1ODZmMjI4MmFmNzQ0MjhkMjQ5YjQ0MDRlY2VmZDdjY2QzNGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8OPOMr3JfKV7kIMPV9ZMz0dtfkAe
cIFZdTF31qpltYnpPLuZikIY/WheE2kHgjbKTgFpU+gVZIeWW64yppFYe4kVt+nR
udnkqaLW0d9j7NQX34tVK3SzduXsvaB7EUeQZb61hZ5WX2jQgRxTrziLc1MfBKKy
OFob+DI1E+V+qQ5rSMr6tTimov9DQ2uMv3l4T7gINkAdPNGVd24+c/79vD/zZopD
Y/zGJi37+Fyhvyn7HwPqQycx5ANO2qXUGtoiUFBOifIxD3APPbutx7pQWAk3AoPg
XlgL12k6KBEyZkEmyK70QJMj/terwlqwp1+bIyPxBb83TK4d+t6J6tIGyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcFhvIoKvdEKNJJtEBOzv18zTS9MB8GA1UdIwQY
MBaAFI72ZpGtOkFlL1vYWWIws6x0PSosMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanZabWthMDZRV1V2VzloWllqQ3pySFE5S2l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9mYzg3ZmEtY2JmYS00ZjNjLTg4ZDMt
YmE5MjJiYjFlYmI0LzEvWndXRzhpZ3E5MFFvMGttMFFFN09fWHpOTkwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9mYzg3ZmEtY2JmYS00ZjNjLTg4ZDMtYmE5MjJiYjFlYmI0
LzEvanZabWthMDZRV1V2VzloWllqQ3pySFE5S2l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwk8IMA0G
CSqGSIb3DQEBCwUAA4IBAQAw2E/vpD5js4fHYyVM84BN45HA/eZT7G96r8GOTjhw
Fk4MU2UDGgXGsFP5MkOvpquQp0n+ae5XL86DpTofyGfme+Qdj4FabMM2uISl32Vw
FLSRZajAbWiTKXNhW4J1uWZTuWwyZsuBT+uEOi1B8gGLO0/ly43EONI+Q6K1RDsp
7JMMg/L/zjfAy8OH1d9jv4ugpA/eSvK9asMb0JnZG1IMbxF2nttBNjxdllZgo3RB
57HJSrqij6jZqBuMlB1oiq7RfT0LhDTpLiZD5AwkKLchgKEt0R/dGee4tML2JcM1
EBdOtwlxMg0a6nluDIP/zBR4xxfyewbg45BlaRzxyNpI
-----END CERTIFICATE-----