Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/zyHi0nxEeEFPEfplLxaxnuQgGvY.roa
File:                     zyHi0nxEeEFPEfplLxaxnuQgGvY.roa (raw, json)
Hash identifier:          pfrWcWlyklSgPOSS/GcHoxGuA7Ab7TTbdDy4jKiCtf4=
Subject key identifier:   CF:21:E2:D2:7C:44:78:41:4F:11:FA:65:2F:16:B1:9E:E4:20:1A:F6
Certificate issuer:       /CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
Certificate serial:       018CC348F63B101B4DBA780432D83E012991
Authority key identifier: A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/zyHi0nxEeEFPEfplLxaxnuQgGvY.roa
Signing time:             Mon 01 Jan 2024 04:29:47 +0000
ROA not before:           Mon 01 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42360
IP address blocks:        94.16.6.0/24 maxlen: 32
                          94.16.13.0/24 maxlen: 24
                          2a00:11c0:77::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f6:3b:10:1b:4d:ba:78:04:32:d8:3e:01:29:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a539afebace899a8ee0bb4f8bb4475fe247a1528
        Validity
            Not Before: Jan  1 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf21e2d27c4478414f11fa652f16b19ee4201af6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:2d:1f:2a:17:44:bd:c6:23:af:5c:1a:d0:bb:
                    a8:56:36:f0:53:79:43:85:53:1d:6b:8d:1a:15:4e:
                    49:e8:ea:14:df:ad:2a:ef:89:97:99:eb:b6:35:81:
                    6a:c4:49:68:d8:48:63:1c:35:dc:a6:14:be:dd:4e:
                    e3:fb:a3:90:e0:0d:30:3c:15:3b:2f:f2:d5:52:9f:
                    2d:93:32:89:c1:cf:8f:89:4d:81:fd:36:47:2f:f4:
                    a9:23:6e:c0:69:3b:d1:2d:86:4e:2a:8b:6b:21:a4:
                    54:dd:23:16:f0:fa:17:33:10:cd:60:2e:fd:b1:7d:
                    3f:f2:45:da:5f:b5:e1:8f:16:bc:95:f8:f0:94:03:
                    16:c2:e8:08:14:74:0a:38:6d:87:e0:01:95:54:ee:
                    97:ab:a6:3c:1f:ae:d7:7e:c7:8c:2e:30:fc:33:76:
                    6c:4c:b3:f7:14:3b:99:2a:66:f0:88:9d:98:8e:7a:
                    7d:f8:0a:7c:3c:0e:aa:33:cc:af:c3:2d:07:4b:95:
                    bf:9d:f2:8f:81:f2:c1:2a:b6:0e:f3:dd:27:56:39:
                    49:5b:21:5e:af:a1:fe:8b:d5:a2:2c:7e:7f:91:f5:
                    4a:06:a3:9b:80:d7:28:2e:4c:77:d6:ac:d5:c9:52:
                    ce:85:2d:62:1d:17:8f:b1:86:db:a3:c3:9e:1a:e2:
                    16:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:21:E2:D2:7C:44:78:41:4F:11:FA:65:2F:16:B1:9E:E4:20:1A:F6
            X509v3 Authority Key Identifier:
                keyid:A5:39:AF:EB:AC:E8:99:A8:EE:0B:B4:F8:BB:44:75:FE:24:7A:15:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTmv66zomajuC7T4u0R1_iR6FSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/zyHi0nxEeEFPEfplLxaxnuQgGvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/98c4ee-2f59-45a7-adb6-74139591312e/1/pTmv66zomajuC7T4u0R1_iR6FSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.16.6.0/24
                  94.16.13.0/24
                IPv6:
                  2a00:11c0:77::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:e0:a8:38:e6:2e:9f:e8:c7:dd:90:68:3d:ff:8c:18:66:cc:
         69:04:08:6f:61:b3:2d:a6:81:86:e9:bb:4c:82:36:03:dd:32:
         5e:b3:93:00:60:da:12:c9:fa:c0:45:a4:6c:95:60:70:a1:61:
         1b:da:eb:3f:80:e0:5e:27:8c:17:1c:0c:bc:5b:7f:14:8b:47:
         30:bb:a6:6f:e7:bb:e2:17:d6:1d:ae:53:5c:c4:31:4c:ba:a8:
         6b:c0:78:13:9f:38:54:95:6c:ca:bf:a3:c8:ad:dc:34:df:6d:
         99:bb:a4:18:a8:9b:63:5d:92:bb:e5:07:fc:6c:23:da:a6:34:
         2a:d8:3d:8b:8d:a0:18:32:62:56:60:9e:e9:21:c6:7a:3c:44:
         e7:cb:7a:f1:ed:5f:d2:b4:2b:d6:25:06:c1:b5:b2:c1:e2:e0:
         d6:9f:cc:e0:b4:c2:2d:87:5d:57:67:2a:aa:ce:44:8f:cc:82:
         1d:a0:15:07:2e:3e:a0:58:d7:c9:58:e8:a3:44:7e:0f:a1:0f:
         78:f8:74:29:ff:24:4a:64:8f:51:65:39:d4:ac:8c:7d:03:de:
         62:dd:a3:cf:b4:d5:fe:f5:61:11:c7:4d:9b:5a:a4:5c:b0:ee:
         37:70:17:49:7d:ee:72:d0:57:e9:22:8e:0a:4d:ed:f2:e3:6e:
         ea:33:11:a2
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzDSPY7EBtNungEMtg+ASmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzlhZmViYWNlODk5YThlZTBiYjRmOGJiNDQ3NWZlMjQ3
YTE1MjgwHhcNMjQwMTAxMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjIxZTJkMjdjNDQ3ODQxNGYxMWZhNjUyZjE2YjE5ZWU0MjAxYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyy0fKhdEvcYjr1wa0LuoVjbwU3lD
hVMda40aFU5J6OoU360q74mXmeu2NYFqxElo2EhjHDXcphS+3U7j+6OQ4A0wPBU7
L/LVUp8tkzKJwc+PiU2B/TZHL/SpI27AaTvRLYZOKotrIaRU3SMW8PoXMxDNYC79
sX0/8kXaX7Xhjxa8lfjwlAMWwugIFHQKOG2H4AGVVO6Xq6Y8H67XfseMLjD8M3Zs
TLP3FDuZKmbwiJ2Yjnp9+Ap8PA6qM8yvwy0HS5W/nfKPgfLBKrYO890nVjlJWyFe
r6H+i9WiLH5/kfVKBqObgNcoLkx31qzVyVLOhS1iHRePsYbbo8OeGuIW7QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFM8h4tJ8RHhBTxH6ZS8WsZ7kIBr2MB8GA1UdIwQY
MBaAFKU5r+us6Jmo7gu0+LtEdf4kehUoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYt
NzQxMzk1OTEzMTJlLzEvenlIaTBueEVlRUZQRWZwbEx4YXhudVFnR3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85OGM0ZWUtMmY1OS00NWE3LWFkYjYtNzQxMzk1OTEzMTJl
LzEvcFRtdjY2em9tYWp1QzdUNHUwUjFfaVI2RlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAXhAGAwQA
XhANMA8EAgACMAkDBwAqABHAAHcwDQYJKoZIhvcNAQELBQADggEBAE7gqDjmLp/o
x92QaD3/jBhmzGkECG9hsy2mgYbpu0yCNgPdMl6zkwBg2hLJ+sBFpGyVYHChYRva
6z+A4F4njBccDLxbfxSLRzC7pm/nu+IX1h2uU1zEMUy6qGvAeBOfOFSVbMq/o8it
3DTfbZm7pBiom2NdkrvlB/xsI9qmNCrYPYuNoBgyYlZgnukhxno8ROfLevHtX9K0
K9YlBsG1ssHi4NafzOC0wi2HXVdnKqrORI/Mgh2gFQcuPqBY18lY6KNEfg+hD3j4
dCn/JEpkj1FlOdSsjH0D3mLdo8+01f71YRHHTZtapFyw7jdwF0l97nLQV+kijgpN
7fLjbuozEaI=
-----END CERTIFICATE-----