Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/zrDsh52OidtHwLdxZNMZ6UZseoI.roa
File:                     zrDsh52OidtHwLdxZNMZ6UZseoI.roa (raw, json)
Hash identifier:          JgsKTvrlIY2NXmFJqvkcjki+dAtf45xC7c7GfusB9AM=
Subject key identifier:   CE:B0:EC:87:9D:8E:89:DB:47:C0:B7:71:64:D3:19:E9:46:6C:7A:82
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E31E7F88EA7C2C89CD7346000AC54
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/zrDsh52OidtHwLdxZNMZ6UZseoI.roa
Signing time:             Tue 02 Jan 2024 08:33:14 +0000
ROA not before:           Tue 02 Jan 2024 08:33:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34936
IP address blocks:        204.11.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:31:e7:f8:8e:a7:c2:c8:9c:d7:34:60:00:ac:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ceb0ec879d8e89db47c0b77164d319e9466c7a82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4a:e6:7e:71:77:56:d4:a8:ab:65:3c:c8:15:
                    b5:27:4b:be:d3:dc:09:da:dc:47:4b:cb:8f:67:f7:
                    4e:44:46:7e:67:74:6e:8f:5a:c7:67:5a:8c:da:90:
                    d4:57:32:89:47:0d:83:91:ac:d2:1f:fc:e6:71:23:
                    6b:f1:7d:b5:7e:6e:a8:2d:94:a4:45:65:34:0f:b2:
                    51:23:88:6d:17:a4:56:6a:09:ed:70:62:93:8c:0a:
                    23:90:26:85:cb:aa:08:91:3f:12:9d:16:4d:9b:cb:
                    78:8a:13:99:48:0c:bc:42:69:04:f3:50:a2:af:a8:
                    05:e4:ea:4d:dd:3a:6d:61:37:76:9d:55:83:f6:fc:
                    25:cd:27:84:64:f8:1c:94:eb:30:fc:4c:6c:cd:92:
                    d6:66:ec:07:fa:76:e9:da:c8:9d:74:ef:c7:dc:df:
                    11:4c:d9:10:4d:e8:e5:a2:04:13:c8:bd:fa:e0:81:
                    cb:7b:ae:a2:4c:fd:e7:c6:78:8e:78:e9:ea:2b:e1:
                    54:44:7f:e5:f8:4f:0e:f0:ea:be:97:c2:a0:46:d3:
                    25:81:0b:bc:a3:92:00:02:64:20:88:e9:a4:9e:1b:
                    02:c4:22:af:d8:a6:00:cf:d4:a6:19:ef:02:0f:e7:
                    b0:3b:23:5c:bc:e2:e7:91:42:87:32:45:cb:fb:03:
                    e5:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B0:EC:87:9D:8E:89:DB:47:C0:B7:71:64:D3:19:E9:46:6C:7A:82
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/zrDsh52OidtHwLdxZNMZ6UZseoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.11.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:b4:44:f2:91:c5:03:df:a5:81:4e:03:cb:87:14:75:5e:a5:
         b7:d6:55:68:36:49:d3:3f:fd:ce:18:21:fc:1a:46:1d:03:70:
         a5:31:85:ee:aa:6c:2e:7e:23:16:f6:3e:17:e9:d6:3a:9c:80:
         4b:ee:73:0a:04:4b:7d:42:a0:b9:8e:a3:ac:91:d8:fc:49:b1:
         87:94:ae:e5:9c:25:f9:e4:2e:13:06:86:c2:7b:3c:3d:1b:73:
         d6:50:23:38:73:8b:48:b2:b3:75:c6:3e:f6:13:47:e7:63:28:
         59:1c:81:05:a3:e7:28:0f:cd:9c:2c:70:e4:ef:6b:4e:e7:fe:
         6e:a3:da:40:e3:01:1b:5f:8a:16:26:19:38:9b:85:db:12:88:
         a5:f4:3a:84:5f:13:74:54:b9:86:75:33:09:50:92:39:93:07:
         13:c3:de:a1:31:f6:ff:5e:18:fb:6d:4f:c3:48:67:87:bf:83:
         9b:7d:7c:96:07:fb:01:14:c0:df:bf:28:5e:ea:f4:b1:1c:ed:
         4f:bf:8b:d1:f5:1c:c1:39:ff:17:43:ee:81:b9:fc:1e:c3:33:
         86:64:89:13:6d:50:b4:0f:6c:60:57:36:7d:4d:6c:d3:aa:40:
         5a:d5:f8:68:5d:e2:32:51:d8:94:17:5e:4b:77:11:40:a2:48:
         d8:56:55:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTjHn+I6nwsic1zRgAKxUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWIwZWM4NzlkOGU4OWRiNDdjMGI3NzE2NGQzMTllOTQ2NmM3YTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUrmfnF3VtSoq2U8yBW1J0u+09wJ
2txHS8uPZ/dOREZ+Z3Ruj1rHZ1qM2pDUVzKJRw2DkazSH/zmcSNr8X21fm6oLZSk
RWU0D7JRI4htF6RWagntcGKTjAojkCaFy6oIkT8SnRZNm8t4ihOZSAy8QmkE81Ci
r6gF5OpN3TptYTd2nVWD9vwlzSeEZPgclOsw/ExszZLWZuwH+nbp2siddO/H3N8R
TNkQTejlogQTyL364IHLe66iTP3nxniOeOnqK+FURH/l+E8O8Oq+l8KgRtMlgQu8
o5IAAmQgiOmknhsCxCKv2KYAz9SmGe8CD+ewOyNcvOLnkUKHMkXL+wPlUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6w7IedjonbR8C3cWTTGelGbHqCMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvenJEc2g1Mk9pZHRId0xkeFpOTVo2VVpzZW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAzAsDMA0G
CSqGSIb3DQEBCwUAA4IBAQAstETykcUD36WBTgPLhxR1XqW31lVoNknTP/3OGCH8
GkYdA3ClMYXuqmwufiMW9j4X6dY6nIBL7nMKBEt9QqC5jqOskdj8SbGHlK7lnCX5
5C4TBobCezw9G3PWUCM4c4tIsrN1xj72E0fnYyhZHIEFo+coD82cLHDk72tO5/5u
o9pA4wEbX4oWJhk4m4XbEoil9DqEXxN0VLmGdTMJUJI5kwcTw96hMfb/Xhj7bU/D
SGeHv4ObfXyWB/sBFMDfvyhe6vSxHO1Pv4vR9RzBOf8XQ+6BufwewzOGZIkTbVC0
D2xgVzZ9TWzTqkBa1fhoXeIyUdiUF15LdxFAokjYVlW/
-----END CERTIFICATE-----