Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/Zs3JuiMFYY1_h3vmciveq4BYfGs.roa
File:                     Zs3JuiMFYY1_h3vmciveq4BYfGs.roa (raw, json)
Hash identifier:          xpsBn0WmhC7zTymJgsyKHoxfV1FGZMpYJbH3N1HKlTE=
Subject key identifier:   66:CD:C9:BA:23:05:61:8D:7F:87:7B:E6:72:2B:DE:AB:80:58:7C:6B
Certificate issuer:       /CN=af0f5a9bd2ad1e96865f00d08522b9aad3e91a4d
Certificate serial:       018CC5DBFC2B90FB94EDA721F954F73414E7
Authority key identifier: AF:0F:5A:9B:D2:AD:1E:96:86:5F:00:D0:85:22:B9:AA:D3:E9:1A:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rw9am9KtHpaGXwDQhSK5qtPpGk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/Zs3JuiMFYY1_h3vmciveq4BYfGs.roa
Signing time:             Mon 01 Jan 2024 16:29:37 +0000
ROA not before:           Mon 01 Jan 2024 16:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24940
IP address blocks:        195.60.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/rw9am9KtHpaGXwDQhSK5qtPpGk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/rw9am9KtHpaGXwDQhSK5qtPpGk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rw9am9KtHpaGXwDQhSK5qtPpGk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 07:01:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:fc:2b:90:fb:94:ed:a7:21:f9:54:f7:34:14:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af0f5a9bd2ad1e96865f00d08522b9aad3e91a4d
        Validity
            Not Before: Jan  1 16:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66cdc9ba2305618d7f877be6722bdeab80587c6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:61:34:a4:fe:b8:4d:76:93:ce:0b:4a:57:72:
                    f0:a5:63:75:62:98:5c:60:58:a7:8f:ed:3f:b3:88:
                    b1:a7:d4:42:d8:31:89:12:9b:4e:75:69:28:cb:63:
                    70:cd:ff:3d:5b:a4:e0:e7:02:53:16:60:cd:70:cf:
                    61:6a:a6:dc:b3:8f:65:77:00:58:6b:39:59:01:ae:
                    c1:9e:89:b9:12:94:88:4d:bc:52:4b:0b:8a:e7:12:
                    52:2c:ca:d5:23:9d:fe:41:c3:39:fe:d0:57:55:e8:
                    14:af:7d:42:8f:1c:de:46:92:35:95:4a:2e:80:f7:
                    78:80:d4:e0:aa:bf:71:eb:f5:ec:b4:9a:1f:1b:ba:
                    84:9d:ac:cb:3d:79:4a:87:06:79:0c:da:0a:39:3e:
                    9c:a4:00:6c:4f:e3:94:cb:29:d0:91:8a:67:bf:a8:
                    77:98:91:81:fc:a5:14:2c:9a:51:dc:68:a1:80:46:
                    86:34:f8:37:d4:7f:aa:ef:62:57:9f:5a:43:2c:0b:
                    e5:f8:e8:9e:cb:4b:3f:b6:03:4a:ad:c7:2c:d5:69:
                    5c:4d:71:c8:60:1c:4c:f7:5b:33:be:4c:14:30:33:
                    4f:cf:14:6a:d7:f2:66:66:e0:c9:f9:40:e7:51:53:
                    b3:70:72:c5:5e:69:c5:4a:08:f4:73:8b:7d:fa:9c:
                    40:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:CD:C9:BA:23:05:61:8D:7F:87:7B:E6:72:2B:DE:AB:80:58:7C:6B
            X509v3 Authority Key Identifier:
                keyid:AF:0F:5A:9B:D2:AD:1E:96:86:5F:00:D0:85:22:B9:AA:D3:E9:1A:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rw9am9KtHpaGXwDQhSK5qtPpGk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/Zs3JuiMFYY1_h3vmciveq4BYfGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/6ad9b8-9f0e-4ad0-a220-3ac3b6737042/1/rw9am9KtHpaGXwDQhSK5qtPpGk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:b1:ad:d6:0a:f4:c4:15:e6:e4:74:12:89:ba:4c:b8:d8:d1:
         eb:16:97:9b:79:26:ab:75:c9:55:61:9a:4a:94:99:15:c4:81:
         3b:5d:20:45:78:22:2c:8f:dd:45:b9:6a:38:90:51:fc:22:6b:
         36:51:5c:50:a5:ef:39:a6:91:1c:16:12:d1:e4:38:8e:59:40:
         b4:81:a7:a3:05:33:f7:20:fb:e1:50:d0:f9:f1:9a:d6:53:f8:
         af:f7:1f:95:66:3d:10:9f:31:e9:20:1b:4f:ef:b6:d8:15:81:
         8d:bd:06:c0:1f:c1:95:63:a0:53:5e:d4:44:cb:d4:e5:d8:ba:
         6c:cc:f7:7d:11:ce:a6:66:40:32:18:7d:f1:dd:bb:28:03:28:
         15:ee:2e:4c:5c:3e:ad:b8:4b:4e:45:d0:74:9f:32:b8:04:03:
         53:d7:28:96:a0:39:25:7c:c2:57:25:28:e8:ae:dc:0a:5d:31:
         97:0c:47:93:9b:0c:bb:7a:00:7a:2c:42:d4:96:ab:8f:1c:ae:
         4e:f2:26:cc:e8:fa:a7:6b:ea:cc:83:1b:38:f2:65:d8:0c:5d:
         f5:5b:15:3c:c5:07:19:46:4d:fa:26:76:bf:17:28:fe:7c:c1:
         8b:59:cb:a2:8c:6a:0a:7d:d3:4b:e0:49:79:c9:21:99:61:c2:
         08:26:1a:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/wrkPuU7ach+VT3NBTnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMGY1YTliZDJhZDFlOTY4NjVmMDBkMDg1MjJiOWFhZDNl
OTFhNGQwHhcNMjQwMTAxMTYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmNkYzliYTIzMDU2MThkN2Y4NzdiZTY3MjJiZGVhYjgwNTg3YzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GE0pP64TXaTzgtKV3LwpWN1Yphc
YFinj+0/s4ixp9RC2DGJEptOdWkoy2Nwzf89W6Tg5wJTFmDNcM9haqbcs49ldwBY
azlZAa7Bnom5EpSITbxSSwuK5xJSLMrVI53+QcM5/tBXVegUr31CjxzeRpI1lUou
gPd4gNTgqr9x6/XstJofG7qEnazLPXlKhwZ5DNoKOT6cpABsT+OUyynQkYpnv6h3
mJGB/KUULJpR3GihgEaGNPg31H+q72JXn1pDLAvl+Oiey0s/tgNKrccs1WlcTXHI
YBxM91szvkwUMDNPzxRq1/JmZuDJ+UDnUVOzcHLFXmnFSgj0c4t9+pxABwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbNybojBWGNf4d75nIr3quAWHxrMB8GA1UdIwQY
MBaAFK8PWpvSrR6Whl8A0IUiuarT6RpNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnc5YW05S3RIcGFHWHdEUWhTSzVxdFBwR2swLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS82YWQ5YjgtOWYwZS00YWQwLWEyMjAt
M2FjM2I2NzM3MDQyLzEvWnMzSnVpTUZZWTFfaDN2bWNpdmVxNEJZZkdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS82YWQ5YjgtOWYwZS00YWQwLWEyMjAtM2FjM2I2NzM3MDQy
LzEvcnc5YW05S3RIcGFHWHdEUWhTSzVxdFBwR2swLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzziMA0G
CSqGSIb3DQEBCwUAA4IBAQCRsa3WCvTEFebkdBKJuky42NHrFpebeSardclVYZpK
lJkVxIE7XSBFeCIsj91FuWo4kFH8Ims2UVxQpe85ppEcFhLR5DiOWUC0gaejBTP3
IPvhUND58ZrWU/iv9x+VZj0QnzHpIBtP77bYFYGNvQbAH8GVY6BTXtREy9Tl2Lps
zPd9Ec6mZkAyGH3x3bsoAygV7i5MXD6tuEtORdB0nzK4BANT1yiWoDklfMJXJSjo
rtwKXTGXDEeTmwy7egB6LELUlquPHK5O8ibM6Pqna+rMgxs48mXYDF31WxU8xQcZ
Rk36Jna/Fyj+fMGLWcuijGoKfdNL4El5ySGZYcIIJhr7
-----END CERTIFICATE-----