Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/Z4VaaAH-F3FA138AMhi6Q04plKs.roa
File:                     Z4VaaAH-F3FA138AMhi6Q04plKs.roa (raw, json)
Hash identifier:          QbNMMh9KVkUyXd8R/Oo37DpQ3jqDM9A6owodc6GElgU=
Subject key identifier:   67:85:5A:68:01:FE:17:71:40:D7:7F:00:32:18:BA:43:4E:29:94:AB
Certificate issuer:       /CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
Certificate serial:       018CC26D73A14E623C81775E93FD056D90DC
Authority key identifier: A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/Z4VaaAH-F3FA138AMhi6Q04plKs.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41969
IP address blocks:        192.108.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:73:a1:4e:62:3c:81:77:5e:93:fd:05:6d:90:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a499903dab85f6a59772b3edfd4bf0e491af57c4
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67855a6801fe177140d77f003218ba434e2994ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ba:4b:f6:0b:b7:49:ed:ef:33:66:88:33:d1:
                    66:78:e3:16:82:75:43:08:38:8e:77:23:ce:76:8e:
                    26:a4:0e:2d:b5:89:e2:22:97:16:b3:77:65:1f:9d:
                    32:fa:d3:22:7f:b6:b6:52:61:d2:c7:b7:25:4b:1d:
                    37:22:3d:ae:bc:c0:b3:f4:bf:e7:c9:a1:0e:dc:c8:
                    1b:50:53:ba:fe:88:c4:cf:cd:f3:7e:fb:33:66:d4:
                    91:89:27:1b:48:44:65:9e:2f:bb:f1:a2:46:a6:07:
                    21:6c:b0:28:1e:71:c8:ab:16:d8:60:be:50:47:97:
                    13:02:05:72:14:9c:62:60:81:c4:32:df:06:56:1d:
                    cc:79:41:fb:ab:58:b6:3f:90:dc:c5:9f:48:e9:a4:
                    be:81:4a:84:f8:15:ff:dd:59:06:c5:10:e5:8b:65:
                    1b:cc:13:fc:09:e1:12:e4:83:66:b2:76:ef:ba:78:
                    a3:60:5f:40:e4:43:38:45:77:2c:4a:81:fa:f0:17:
                    96:3d:54:c0:0c:22:51:c1:19:2b:a2:5e:00:0e:19:
                    cb:e0:83:98:46:40:e4:78:e7:c1:9c:59:e8:eb:6b:
                    4a:01:e7:28:00:49:94:d3:b1:20:16:c0:e7:b2:c1:
                    46:18:9a:81:bf:e4:de:4c:67:90:b6:16:88:49:0e:
                    ee:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:85:5A:68:01:FE:17:71:40:D7:7F:00:32:18:BA:43:4E:29:94:AB
            X509v3 Authority Key Identifier:
                keyid:A4:99:90:3D:AB:85:F6:A5:97:72:B3:ED:FD:4B:F0:E4:91:AF:57:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/Z4VaaAH-F3FA138AMhi6Q04plKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/8eda9a-d13c-4430-8cf4-57ec12e8641e/1/pJmQPauF9qWXcrPt_Uvw5JGvV8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.108.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:69:69:bd:95:56:de:d9:56:a0:64:b8:55:cc:75:e4:ed:65:
         db:17:48:30:4d:2b:27:b9:e5:69:3b:a9:63:cd:4e:8e:45:6f:
         9c:8f:ba:89:54:97:4e:0f:08:fa:85:36:57:67:0a:ae:11:88:
         8f:5d:1a:de:f7:0b:35:2d:5e:91:35:ed:96:1a:3b:51:ae:0e:
         bd:8b:19:94:ad:c1:5c:5a:9a:ee:48:8a:4e:ca:68:7b:1f:40:
         0d:ed:b4:90:44:6e:f4:db:ed:57:79:f1:1c:a6:9b:6c:01:f4:
         7d:a3:29:5f:d0:87:0b:89:a0:6c:0d:81:37:ba:bc:d6:2d:99:
         ba:7d:56:1a:af:dd:82:d3:2a:7f:72:0e:8b:5f:11:93:1c:81:
         4c:38:dd:33:c2:3c:de:5b:54:1e:12:9a:31:b4:79:93:b9:38:
         29:0d:f0:cf:c4:ab:98:f4:5a:70:d3:e4:0c:4e:c8:a3:80:b9:
         20:3f:bf:02:3f:8c:91:b1:22:17:b9:ec:05:f8:bc:b2:89:19:
         dd:2e:fb:93:37:33:04:ea:e6:34:89:25:ab:72:df:30:57:ac:
         6a:04:06:e9:5a:7b:f1:05:b9:75:e6:74:75:ab:7c:12:f5:63:
         90:21:99:91:d4:91:15:59:b2:7a:68:91:b6:a8:19:51:56:df:
         dd:c0:21:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXOhTmI8gXdek/0FbZDcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0OTk5MDNkYWI4NWY2YTU5NzcyYjNlZGZkNGJmMGU0OTFh
ZjU3YzQwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzg1NWE2ODAxZmUxNzcxNDBkNzdmMDAzMjE4YmE0MzRlMjk5NGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrpL9gu3Se3vM2aIM9FmeOMWgnVD
CDiOdyPOdo4mpA4ttYniIpcWs3dlH50y+tMif7a2UmHSx7clSx03Ij2uvMCz9L/n
yaEO3MgbUFO6/ojEz83zfvszZtSRiScbSERlni+78aJGpgchbLAoHnHIqxbYYL5Q
R5cTAgVyFJxiYIHEMt8GVh3MeUH7q1i2P5DcxZ9I6aS+gUqE+BX/3VkGxRDli2Ub
zBP8CeES5INmsnbvunijYF9A5EM4RXcsSoH68BeWPVTADCJRwRkrol4ADhnL4IOY
RkDkeOfBnFno62tKAecoAEmU07EgFsDnssFGGJqBv+TeTGeQthaISQ7uwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGeFWmgB/hdxQNd/ADIYukNOKZSrMB8GA1UdIwQY
MBaAFKSZkD2rhfall3Kz7f1L8OSRr1fEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQt
NTdlYzEyZTg2NDFlLzEvWjRWYWFBSC1GM0ZBMTM4QU1oaTZRMDRwbEtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC84ZWRhOWEtZDEzYy00NDMwLThjZjQtNTdlYzEyZTg2NDFl
LzEvcEptUVBhdUY5cVdYY3JQdF9Vdnc1Skd2VjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwGxIMA0G
CSqGSIb3DQEBCwUAA4IBAQCLaWm9lVbe2VagZLhVzHXk7WXbF0gwTSsnueVpO6lj
zU6ORW+cj7qJVJdODwj6hTZXZwquEYiPXRre9ws1LV6RNe2WGjtRrg69ixmUrcFc
WpruSIpOymh7H0AN7bSQRG702+1XefEcpptsAfR9oylf0IcLiaBsDYE3urzWLZm6
fVYar92C0yp/cg6LXxGTHIFMON0zwjzeW1QeEpoxtHmTuTgpDfDPxKuY9Fpw0+QM
TsijgLkgP78CP4yRsSIXuewF+LyyiRndLvuTNzME6uY0iSWrct8wV6xqBAbpWnvx
Bbl15nR1q3wS9WOQIZmR1JEVWbJ6aJG2qBlRVt/dwCHE
-----END CERTIFICATE-----