Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/3308f5-27e3-4c94-a46b-48e6f260fba5/1/zvdo8v9xyCdy1mKyVrWjfGNxMHM.roa
File:                     zvdo8v9xyCdy1mKyVrWjfGNxMHM.roa (raw, json)
Hash identifier:          Au0agW13xl3mH0Bx/FwdF4hcEhPlEoQV0ckZrM2DC20=
Subject key identifier:   CE:F7:68:F2:FF:71:C8:27:72:D6:62:B2:56:B5:A3:7C:63:71:30:73
Certificate issuer:       /CN=d8ef1290cf38b4f6e0183e7e4bf87ac67a12d7ab
Certificate serial:       018CC94E28AB8CEBDEC663D468D67EE6D5BF
Authority key identifier: D8:EF:12:90:CF:38:B4:F6:E0:18:3E:7E:4B:F8:7A:C6:7A:12:D7:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2O8SkM84tPbgGD5-S_h6xnoS16s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/3308f5-27e3-4c94-a46b-48e6f260fba5/1/zvdo8v9xyCdy1mKyVrWjfGNxMHM.roa
Signing time:             Tue 02 Jan 2024 08:33:11 +0000
ROA not before:           Tue 02 Jan 2024 08:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48067
IP address blocks:        193.84.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/3308f5-27e3-4c94-a46b-48e6f260fba5/1/2O8SkM84tPbgGD5-S_h6xnoS16s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/3308f5-27e3-4c94-a46b-48e6f260fba5/1/2O8SkM84tPbgGD5-S_h6xnoS16s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2O8SkM84tPbgGD5-S_h6xnoS16s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:28:ab:8c:eb:de:c6:63:d4:68:d6:7e:e6:d5:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8ef1290cf38b4f6e0183e7e4bf87ac67a12d7ab
        Validity
            Not Before: Jan  2 08:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cef768f2ff71c82772d662b256b5a37c63713073
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:af:fc:da:f3:fb:fc:de:35:96:8a:87:a6:57:
                    f5:ed:6a:1f:1e:22:fc:7f:03:de:15:7a:1d:41:49:
                    2b:c7:4a:d9:6d:d7:22:b9:ce:fe:e7:18:f0:77:e3:
                    d3:41:e9:66:83:19:f2:aa:f7:d2:a6:e1:84:1c:7c:
                    fc:09:31:15:af:f7:c2:45:c5:83:43:e5:c7:c7:2c:
                    d6:66:d4:cb:c8:f1:f7:c9:c5:1c:46:7f:37:4b:e0:
                    45:61:1c:86:e0:ec:bf:61:e9:56:84:1d:c6:ff:d6:
                    1d:d7:0c:1d:82:51:e7:c2:11:46:d3:63:5b:00:3a:
                    6d:fd:d0:4e:8c:9c:2d:07:1a:ac:78:23:5b:fa:69:
                    35:b9:8e:e2:ec:b9:c8:34:24:7e:83:cb:16:3f:06:
                    38:36:ed:4e:6d:1d:59:a3:63:f5:e6:76:40:cb:3c:
                    7c:aa:30:79:ac:6d:9b:51:db:d1:30:5a:53:d1:2c:
                    ed:3a:f0:a9:4a:89:a2:5c:a0:f5:45:70:52:15:38:
                    21:ef:f1:ff:bd:92:04:3c:1f:90:43:4f:06:cd:26:
                    d0:fe:84:d1:db:73:da:d1:52:6b:7a:f7:be:f1:8d:
                    d5:8e:48:a4:69:91:be:6e:c7:52:cd:60:ba:49:2d:
                    d9:c9:bb:57:7b:c4:29:0d:0b:ff:ad:5e:c8:8d:09:
                    7b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:F7:68:F2:FF:71:C8:27:72:D6:62:B2:56:B5:A3:7C:63:71:30:73
            X509v3 Authority Key Identifier:
                keyid:D8:EF:12:90:CF:38:B4:F6:E0:18:3E:7E:4B:F8:7A:C6:7A:12:D7:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2O8SkM84tPbgGD5-S_h6xnoS16s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/3308f5-27e3-4c94-a46b-48e6f260fba5/1/zvdo8v9xyCdy1mKyVrWjfGNxMHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/3308f5-27e3-4c94-a46b-48e6f260fba5/1/2O8SkM84tPbgGD5-S_h6xnoS16s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:42:f9:62:c1:af:59:67:f5:3c:af:a8:de:0c:34:5d:98:bd:
         d8:ba:e8:37:94:67:37:c7:79:ba:f5:96:9e:f1:1b:64:a1:08:
         2a:c0:1f:2b:fa:ab:f2:2a:37:14:c3:bb:ba:66:39:61:48:76:
         b9:5f:21:8d:6f:d6:39:79:83:2d:dd:53:e9:02:d5:da:a4:14:
         bf:4d:ae:46:7c:e0:12:8e:b3:cc:5d:80:fb:bf:b2:4f:e9:83:
         93:41:57:9a:15:9e:97:33:38:f7:05:32:e6:78:27:2e:ae:fc:
         44:f3:b3:40:05:ea:00:77:77:4c:59:1b:85:f7:79:dd:fa:37:
         64:f1:9a:30:2a:68:8b:12:a3:74:91:8d:3f:75:bc:f9:62:a3:
         a5:76:be:73:d9:1c:99:7d:1a:94:5c:96:d5:31:a7:cd:bd:a2:
         2d:d3:dd:fd:c5:74:b5:22:21:e1:dd:1c:6c:be:92:6a:aa:9a:
         5c:9f:23:f4:d3:d0:51:ef:a5:4e:60:79:2f:74:b6:42:1f:be:
         00:6b:8f:e0:de:d2:10:df:be:3e:24:5c:64:39:82:74:98:f2:
         7b:96:18:40:5f:ee:6f:b8:0e:3f:fb:f0:0a:27:3f:2f:0e:56:
         8f:02:3d:bd:43:9a:72:e0:cf:fd:25:de:2c:a1:4f:c1:74:30:
         66:b0:1b:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTiirjOvexmPUaNZ+5tW/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZWYxMjkwY2YzOGI0ZjZlMDE4M2U3ZTRiZjg3YWM2N2Ex
MmQ3YWIwHhcNMjQwMTAyMDgzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWY3NjhmMmZmNzFjODI3NzJkNjYyYjI1NmI1YTM3YzYzNzEzMDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK/82vP7/N41loqHplf17WofHiL8
fwPeFXodQUkrx0rZbdciuc7+5xjwd+PTQelmgxnyqvfSpuGEHHz8CTEVr/fCRcWD
Q+XHxyzWZtTLyPH3ycUcRn83S+BFYRyG4Oy/YelWhB3G/9Yd1wwdglHnwhFG02Nb
ADpt/dBOjJwtBxqseCNb+mk1uY7i7LnINCR+g8sWPwY4Nu1ObR1Zo2P15nZAyzx8
qjB5rG2bUdvRMFpT0SztOvCpSomiXKD1RXBSFTgh7/H/vZIEPB+QQ08GzSbQ/oTR
23Pa0VJreve+8Y3VjkikaZG+bsdSzWC6SS3ZybtXe8QpDQv/rV7IjQl7gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM73aPL/ccgnctZisla1o3xjcTBzMB8GA1UdIwQY
MBaAFNjvEpDPOLT24Bg+fkv4esZ6EterMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk84U2tNODR0UGJnR0Q1LVNfaDZ4bm9TMTZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8zMzA4ZjUtMjdlMy00Yzk0LWE0NmIt
NDhlNmYyNjBmYmE1LzEvenZkbzh2OXh5Q2R5MW1LeVZyV2pmR054TUhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8zMzA4ZjUtMjdlMy00Yzk0LWE0NmItNDhlNmYyNjBmYmE1
LzEvMk84U2tNODR0UGJnR0Q1LVNfaDZ4bm9TMTZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVRFMA0G
CSqGSIb3DQEBCwUAA4IBAQApQvliwa9ZZ/U8r6jeDDRdmL3Yuug3lGc3x3m69Zae
8RtkoQgqwB8r+qvyKjcUw7u6ZjlhSHa5XyGNb9Y5eYMt3VPpAtXapBS/Ta5GfOAS
jrPMXYD7v7JP6YOTQVeaFZ6XMzj3BTLmeCcurvxE87NABeoAd3dMWRuF93nd+jdk
8ZowKmiLEqN0kY0/dbz5YqOldr5z2RyZfRqUXJbVMafNvaIt0939xXS1IiHh3Rxs
vpJqqppcnyP009BR76VOYHkvdLZCH74Aa4/g3tIQ374+JFxkOYJ0mPJ7lhhAX+5v
uA4/+/AKJz8vDlaPAj29Q5py4M/9Jd4soU/BdDBmsBsi
-----END CERTIFICATE-----