Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/e59302-16c7-4927-bca8-c04be02037e8/1/zO_UDxdd4onsakhed3cUzRP98oc.roa
File:                     zO_UDxdd4onsakhed3cUzRP98oc.roa (raw, json)
Hash identifier:          M26c/Ljzv38wpoHR8kbmB1xtyFLThWviw9kdZU6Jvtw=
Subject key identifier:   CC:EF:D4:0F:17:5D:E2:89:EC:6A:48:5E:77:77:14:CD:13:FD:F2:87
Certificate issuer:       /CN=087f59c36e22d1f90384f41da60705ac74d779ce
Certificate serial:       018CC5000F538110794E67F6F0A3D6886C0B
Authority key identifier: 08:7F:59:C3:6E:22:D1:F9:03:84:F4:1D:A6:07:05:AC:74:D7:79:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CH9Zw24i0fkDhPQdpgcFrHTXec4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/e59302-16c7-4927-bca8-c04be02037e8/1/zO_UDxdd4onsakhed3cUzRP98oc.roa
Signing time:             Mon 01 Jan 2024 12:29:24 +0000
ROA not before:           Mon 01 Jan 2024 12:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42171
IP address blocks:        194.0.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/e59302-16c7-4927-bca8-c04be02037e8/1/CH9Zw24i0fkDhPQdpgcFrHTXec4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/e59302-16c7-4927-bca8-c04be02037e8/1/CH9Zw24i0fkDhPQdpgcFrHTXec4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CH9Zw24i0fkDhPQdpgcFrHTXec4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0f:53:81:10:79:4e:67:f6:f0:a3:d6:88:6c:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=087f59c36e22d1f90384f41da60705ac74d779ce
        Validity
            Not Before: Jan  1 12:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccefd40f175de289ec6a485e777714cd13fdf287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:cd:50:59:20:5a:96:5c:25:b1:e8:6f:a6:a2:
                    12:0a:2c:40:14:e8:94:81:bb:05:24:8a:03:e7:e9:
                    8b:27:94:d6:96:be:92:60:3d:04:4a:c4:70:e4:8d:
                    12:1b:ef:c2:09:3f:7a:19:d9:7e:62:63:4f:1b:ce:
                    6b:85:e7:7c:79:c7:4f:ed:f7:23:d5:f4:a4:93:c3:
                    b6:a6:54:f3:09:20:eb:27:90:e0:d3:ee:a1:90:83:
                    45:75:a5:b7:11:18:86:2c:67:2a:24:45:cd:90:a8:
                    62:10:57:04:1d:91:15:a6:64:be:61:cf:8c:c9:c2:
                    3c:49:44:08:f3:8f:e9:52:e0:33:75:2a:a5:cb:5d:
                    2b:f6:17:f0:da:82:c4:e2:0d:71:ee:17:cc:95:cc:
                    ae:24:6b:6b:db:17:87:e2:de:d6:37:e5:9f:3a:30:
                    ac:71:24:bd:0f:6d:11:1c:ee:69:05:37:94:07:8d:
                    89:0c:36:d4:e9:a7:5a:50:10:92:65:4a:cf:b8:3d:
                    28:a5:6d:ab:eb:27:51:28:eb:33:48:7e:2e:84:2f:
                    7e:60:f2:29:c8:7a:75:0b:85:65:56:6d:b1:85:a7:
                    6d:37:0d:28:e7:b8:d7:ff:11:cc:42:29:74:8d:38:
                    2c:0f:1a:54:04:01:a0:38:4d:1a:0f:2d:9e:3a:8b:
                    db:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:EF:D4:0F:17:5D:E2:89:EC:6A:48:5E:77:77:14:CD:13:FD:F2:87
            X509v3 Authority Key Identifier:
                keyid:08:7F:59:C3:6E:22:D1:F9:03:84:F4:1D:A6:07:05:AC:74:D7:79:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CH9Zw24i0fkDhPQdpgcFrHTXec4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e59302-16c7-4927-bca8-c04be02037e8/1/zO_UDxdd4onsakhed3cUzRP98oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/e59302-16c7-4927-bca8-c04be02037e8/1/CH9Zw24i0fkDhPQdpgcFrHTXec4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:e7:de:93:75:f0:bf:b1:7f:44:8f:82:98:b2:f5:6d:e5:e3:
         9f:db:3d:b4:97:f1:41:80:04:bc:c3:de:55:c7:2c:d3:89:b2:
         88:cd:15:3a:e5:19:36:07:da:9d:fb:0d:df:ef:86:98:da:11:
         a2:69:1b:bc:b0:a9:61:40:34:03:72:f0:1d:51:a8:0a:36:67:
         d6:17:9e:27:bc:20:95:f4:a6:26:70:bc:68:60:06:8d:91:b3:
         31:78:0e:79:81:bf:2d:50:0d:d2:8d:90:87:0d:ee:74:4f:e5:
         0c:b3:04:79:66:e0:66:0f:c1:ea:ba:23:aa:bf:5e:e5:ed:a0:
         10:d0:41:ce:d4:ef:d9:21:f3:c1:31:84:c8:b8:0e:e3:dc:35:
         3e:d4:42:7c:ce:96:26:3d:c9:be:ed:73:79:34:2d:2d:a3:9a:
         99:78:ba:f3:b4:79:73:ac:20:7b:58:cf:82:ee:9b:22:da:fd:
         7d:90:7f:c4:22:cd:1c:37:08:b0:87:20:11:75:45:7e:23:f3:
         ec:9f:0a:d5:39:f1:70:3e:0f:30:4e:4c:da:40:ad:37:06:59:
         4c:48:2f:98:07:26:40:6a:69:b5:5f:26:cd:45:8b:c3:78:37:
         35:a0:fc:03:8c:07:b1:1d:ed:b0:ff:a7:9b:09:4a:7d:a5:24:
         40:c7:53:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAA9TgRB5Tmf28KPWiGwLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4N2Y1OWMzNmUyMmQxZjkwMzg0ZjQxZGE2MDcwNWFjNzRk
Nzc5Y2UwHhcNMjQwMTAxMTIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2VmZDQwZjE3NWRlMjg5ZWM2YTQ4NWU3Nzc3MTRjZDEzZmRmMjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp81QWSBallwlsehvpqISCixAFOiU
gbsFJIoD5+mLJ5TWlr6SYD0ESsRw5I0SG+/CCT96Gdl+YmNPG85rhed8ecdP7fcj
1fSkk8O2plTzCSDrJ5Dg0+6hkINFdaW3ERiGLGcqJEXNkKhiEFcEHZEVpmS+Yc+M
ycI8SUQI84/pUuAzdSqly10r9hfw2oLE4g1x7hfMlcyuJGtr2xeH4t7WN+WfOjCs
cSS9D20RHO5pBTeUB42JDDbU6adaUBCSZUrPuD0opW2r6ydRKOszSH4uhC9+YPIp
yHp1C4VlVm2xhadtNw0o57jX/xHMQil0jTgsDxpUBAGgOE0aDy2eOovbXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzv1A8XXeKJ7GpIXnd3FM0T/fKHMB8GA1UdIwQY
MBaAFAh/WcNuItH5A4T0HaYHBax013nOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0g5WncyNGkwZmtEaFBRZHBnY0ZySFRYZWM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lNTkzMDItMTZjNy00OTI3LWJjYTgt
YzA0YmUwMjAzN2U4LzEvek9fVUR4ZGQ0b25zYWtoZWQzY1V6UlA5OG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lNTkzMDItMTZjNy00OTI3LWJjYTgtYzA0YmUwMjAzN2U4
LzEvQ0g5WncyNGkwZmtEaFBRZHBnY0ZySFRYZWM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgCAMA0G
CSqGSIb3DQEBCwUAA4IBAQBp596TdfC/sX9Ej4KYsvVt5eOf2z20l/FBgAS8w95V
xyzTibKIzRU65Rk2B9qd+w3f74aY2hGiaRu8sKlhQDQDcvAdUagKNmfWF54nvCCV
9KYmcLxoYAaNkbMxeA55gb8tUA3SjZCHDe50T+UMswR5ZuBmD8HquiOqv17l7aAQ
0EHO1O/ZIfPBMYTIuA7j3DU+1EJ8zpYmPcm+7XN5NC0to5qZeLrztHlzrCB7WM+C
7psi2v19kH/EIs0cNwiwhyARdUV+I/PsnwrVOfFwPg8wTkzaQK03BllMSC+YByZA
amm1XybNRYvDeDc1oPwDjAexHe2w/6ebCUp9pSRAx1Pu
-----END CERTIFICATE-----