Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1ZMw9Nt21-xqx1E0rZtOgQOBCu0.roa
File:                     1ZMw9Nt21-xqx1E0rZtOgQOBCu0.roa (raw, json)
Hash identifier:          XlB9luy+p/2jPmvmh9Rn6am/tBReSNxkhuklLiiqXes=
Subject key identifier:   D5:93:30:F4:DB:76:D7:EC:6A:C7:51:34:AD:9B:4E:81:03:81:0A:ED
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC79557E4FBEA134AC5F2A38D4EACE854
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1ZMw9Nt21-xqx1E0rZtOgQOBCu0.roa
Signing time:             Tue 02 Jan 2024 00:31:42 +0000
ROA not before:           Tue 02 Jan 2024 00:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56417
IP address blocks:        128.0.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:57:e4:fb:ea:13:4a:c5:f2:a3:8d:4e:ac:e8:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d59330f4db76d7ec6ac75134ad9b4e8103810aed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:bd:2c:80:d6:24:99:88:1f:18:22:79:cf:40:
                    b3:2c:79:9d:0f:e6:70:a4:a0:8a:95:f3:15:18:71:
                    62:ed:8a:95:d3:d3:7f:7d:27:9a:90:92:8c:d1:fd:
                    8d:c5:e3:b9:a0:60:64:be:d2:18:7d:e4:12:48:ed:
                    c8:bd:7c:20:fe:1d:aa:b1:c0:08:66:44:0c:63:de:
                    99:4e:7a:04:00:3e:d8:6b:2f:ee:af:d1:2f:6c:74:
                    e1:c2:b8:78:27:6c:5c:03:ea:95:8d:b9:f9:18:1f:
                    4d:db:3d:e1:86:38:93:93:cf:44:f7:6d:74:67:85:
                    6e:93:81:77:fb:ae:fc:a7:7c:f1:74:9f:a2:be:0b:
                    d0:c9:67:5d:17:83:0e:12:da:44:1e:ce:0e:d6:56:
                    c5:9e:96:d8:f5:e3:88:26:49:a2:47:c4:d3:70:bf:
                    fc:38:d1:6b:92:c1:76:c4:58:34:5c:2e:cb:47:b1:
                    31:1e:8e:56:71:49:84:45:33:fc:b3:f7:f5:c1:25:
                    dd:51:11:e4:f9:d9:25:49:b7:9b:9a:fe:59:71:06:
                    8c:66:9b:ae:0c:bb:70:b3:cd:e3:1a:59:61:cd:68:
                    36:bd:33:59:2a:9b:4e:83:a1:ea:55:ad:a7:30:94:
                    e6:a1:73:0d:08:0b:35:ff:d1:6c:58:47:5e:28:66:
                    cf:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:93:30:F4:DB:76:D7:EC:6A:C7:51:34:AD:9B:4E:81:03:81:0A:ED
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1ZMw9Nt21-xqx1E0rZtOgQOBCu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.0.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:ba:5a:6f:5c:b5:b6:c4:89:b4:b6:94:e7:35:eb:b8:36:2a:
         fd:85:b0:5f:f0:1c:91:e5:4b:48:9c:36:8e:6f:19:7b:13:2c:
         58:96:0f:66:3e:a2:88:fe:e5:e6:30:b7:fd:7a:b9:83:d2:8d:
         52:86:9b:0c:46:2a:70:14:85:d7:a2:94:c7:60:0d:00:3f:17:
         67:4e:be:31:52:1c:00:9b:f9:47:7e:1c:90:e3:bd:64:c2:65:
         a5:64:1e:26:a9:30:c1:50:16:11:2e:c3:87:03:a0:a2:00:66:
         1e:1a:d4:b1:30:6b:4c:0e:66:6c:b1:e9:a0:02:a4:65:c5:20:
         31:68:53:c4:89:0f:1e:e4:cd:14:4e:bf:01:53:2d:cc:48:ac:
         a7:6a:53:15:3a:d3:d0:97:1c:f1:36:85:32:c6:98:c5:32:64:
         30:34:73:7e:c2:91:f7:00:6f:8e:ba:30:9f:11:22:02:ca:89:
         36:cc:a4:75:c6:df:1f:e0:ea:e1:90:4e:f6:50:93:d3:a6:9e:
         29:b9:89:b6:3d:31:1d:b0:a4:81:52:a4:ea:13:d2:29:d6:af:
         d8:e8:6f:01:db:9a:d9:9c:ca:49:af:97:99:9b:38:e2:9a:4b:
         68:fb:bc:c7:3e:37:70:e5:2d:dc:7d:e9:9a:9c:56:6d:84:c5:
         cc:7d:ea:56
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVfk++oTSsXyo41OrOhUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTkzMzBmNGRiNzZkN2VjNmFjNzUxMzRhZDliNGU4MTAzODEwYWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv70sgNYkmYgfGCJ5z0CzLHmdD+Zw
pKCKlfMVGHFi7YqV09N/fSeakJKM0f2NxeO5oGBkvtIYfeQSSO3IvXwg/h2qscAI
ZkQMY96ZTnoEAD7Yay/ur9EvbHThwrh4J2xcA+qVjbn5GB9N2z3hhjiTk89E9210
Z4Vuk4F3+678p3zxdJ+ivgvQyWddF4MOEtpEHs4O1lbFnpbY9eOIJkmiR8TTcL/8
ONFrksF2xFg0XC7LR7ExHo5WcUmERTP8s/f1wSXdURHk+dklSbebmv5ZcQaMZpuu
DLtws83jGllhzWg2vTNZKptOg6HqVa2nMJTmoXMNCAs1/9FsWEdeKGbP/wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNWTMPTbdtfsasdRNK2bToEDgQrtMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xLzFaTXc5TnQyMS14cXgxRTByWnRPZ1FPQkN1MC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACAAAIw
DQYJKoZIhvcNAQELBQADggEBALi6Wm9ctbbEibS2lOc167g2Kv2FsF/wHJHlS0ic
No5vGXsTLFiWD2Y+ooj+5eYwt/16uYPSjVKGmwxGKnAUhdeilMdgDQA/F2dOvjFS
HACb+Ud+HJDjvWTCZaVkHiapMMFQFhEuw4cDoKIAZh4a1LEwa0wOZmyx6aACpGXF
IDFoU8SJDx7kzRROvwFTLcxIrKdqUxU609CXHPE2hTLGmMUyZDA0c37CkfcAb466
MJ8RIgLKiTbMpHXG3x/g6uGQTvZQk9Omnim5ibY9MR2wpIFSpOoT0inWr9jobwHb
mtmcykmvl5mbOOKaS2j7vMc+N3DlLdx96ZqcVm2Excx96lY=
-----END CERTIFICATE-----