Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/XHjuJ-7n_Sc3eGTcZarSJDHh4dM.roa
File:                     XHjuJ-7n_Sc3eGTcZarSJDHh4dM.roa (raw, json)
Hash identifier:          qUPBYdRW5wkYyNCh3+jvjCc3DFupJgUfzBG20Jywk6Q=
Subject key identifier:   5C:78:EE:27:EE:E7:FD:27:37:78:64:DC:65:AA:D2:24:31:E1:E1:D3
Certificate issuer:       /CN=66e92c341e769443fde1d27566044b4b65159060
Certificate serial:       018CD513B77E847EB41E6F739BE3C100366B
Authority key identifier: 66:E9:2C:34:1E:76:94:43:FD:E1:D2:75:66:04:4B:4B:65:15:90:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/XHjuJ-7n_Sc3eGTcZarSJDHh4dM.roa
Signing time:             Thu 04 Jan 2024 15:24:48 +0000
ROA not before:           Thu 04 Jan 2024 15:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211675
IP address blocks:        104.219.72.0/23 maxlen: 23
                          2a0d:da06::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 20:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d5:13:b7:7e:84:7e:b4:1e:6f:73:9b:e3:c1:00:36:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66e92c341e769443fde1d27566044b4b65159060
        Validity
            Not Before: Jan  4 15:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c78ee27eee7fd27377864dc65aad22431e1e1d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6e:c9:90:fb:71:ec:29:4d:a6:7a:ca:ab:a4:
                    02:e8:7f:ac:08:29:e5:78:40:0c:d5:78:f0:fc:08:
                    04:d1:0f:92:a1:49:77:cc:8e:3a:a4:66:08:f7:fd:
                    39:76:18:ed:d0:f2:e5:c2:52:67:cd:1f:9d:23:85:
                    59:14:4f:dd:b3:18:6d:de:3f:15:d5:f0:8b:6b:18:
                    3a:ef:c8:db:7a:75:af:c2:70:ad:6f:c7:ee:b2:ef:
                    0e:20:8e:cf:a1:90:93:40:f4:ba:c1:3a:95:70:7a:
                    42:92:86:d8:50:26:7b:23:21:fd:5c:1c:49:8b:d8:
                    37:70:85:b6:c6:fd:22:d6:eb:4a:89:60:fc:11:63:
                    f7:2a:9b:68:3b:54:f7:d7:3c:e4:fc:53:c1:2d:3e:
                    d9:37:49:39:f1:35:02:5d:e5:a8:de:aa:ba:90:02:
                    3f:7d:d5:a2:c9:f3:70:4b:88:b5:15:18:01:ca:fd:
                    d6:19:b8:e1:a5:1a:05:50:8a:9a:f7:3e:66:ee:55:
                    4b:52:18:f6:bc:11:5c:2d:db:bd:bf:5b:e7:84:c5:
                    e5:c7:27:7d:95:b3:9c:c5:68:6e:65:08:59:d4:63:
                    2b:5e:30:17:1f:10:78:b9:91:37:79:5e:3e:ec:5d:
                    35:65:78:f7:0c:3e:de:ac:be:a6:dd:8d:c9:39:e4:
                    bc:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:78:EE:27:EE:E7:FD:27:37:78:64:DC:65:AA:D2:24:31:E1:E1:D3
            X509v3 Authority Key Identifier:
                keyid:66:E9:2C:34:1E:76:94:43:FD:E1:D2:75:66:04:4B:4B:65:15:90:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/XHjuJ-7n_Sc3eGTcZarSJDHh4dM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.219.72.0/23
                IPv6:
                  2a0d:da06::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:bf:b5:32:30:4a:81:71:a3:00:40:3e:9b:99:50:b7:2f:91:
         54:61:ff:2c:d5:6f:af:3b:fb:1b:77:49:e3:d7:38:1e:14:f6:
         86:b8:b1:1b:0a:e2:50:6c:13:31:af:96:83:18:b7:63:3d:e3:
         d3:83:02:6b:f8:c2:16:b7:d3:3a:3d:b4:50:63:75:75:25:8f:
         2e:8c:1b:d3:fb:db:36:02:d1:18:53:57:74:6f:91:9e:91:51:
         e1:fa:cf:e0:bc:27:7e:65:cb:c5:60:e7:60:e8:9a:3d:53:3d:
         dc:10:37:9f:b4:90:39:38:09:57:83:2c:e8:f1:87:ea:ef:ad:
         64:1f:b2:02:ef:fb:8b:5a:ab:ba:7c:7f:e3:df:5e:2c:0f:e6:
         76:2b:a3:6d:cd:d5:5a:4b:7e:fc:5c:f4:77:0e:d4:07:7a:e4:
         34:51:34:bd:4d:84:b2:83:91:13:f1:12:ac:a6:9c:86:00:43:
         9d:e6:06:6f:58:10:45:10:e1:a1:97:bb:18:ed:dd:35:07:d7:
         74:a5:c5:bb:9f:61:01:48:d1:6d:06:43:3b:1f:31:63:8a:4c:
         a0:0c:ff:21:48:1e:58:b2:43:d1:28:42:44:e2:ee:ca:5d:b2:
         61:0b:29:41:ce:56:aa:31:a1:db:6b:f1:41:92:22:7c:af:4b:
         9a:23:c9:ac
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzVE7d+hH60Hm9zm+PBADZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZTkyYzM0MWU3Njk0NDNmZGUxZDI3NTY2MDQ0YjRiNjUx
NTkwNjAwHhcNMjQwMTA0MTUyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzc4ZWUyN2VlZTdmZDI3Mzc3ODY0ZGM2NWFhZDIyNDMxZTFlMWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxG7JkPtx7ClNpnrKq6QC6H+sCCnl
eEAM1Xjw/AgE0Q+SoUl3zI46pGYI9/05dhjt0PLlwlJnzR+dI4VZFE/dsxht3j8V
1fCLaxg678jbenWvwnCtb8fusu8OII7PoZCTQPS6wTqVcHpCkobYUCZ7IyH9XBxJ
i9g3cIW2xv0i1utKiWD8EWP3KptoO1T31zzk/FPBLT7ZN0k58TUCXeWo3qq6kAI/
fdWiyfNwS4i1FRgByv3WGbjhpRoFUIqa9z5m7lVLUhj2vBFcLdu9v1vnhMXlxyd9
lbOcxWhuZQhZ1GMrXjAXHxB4uZE3eV4+7F01ZXj3DD7erL6m3Y3JOeS8jwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFx47ifu5/0nN3hk3GWq0iQx4eHTMB8GA1UdIwQY
MBaAFGbpLDQedpRD/eHSdWYES0tlFZBgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnVrc05CNTJsRVA5NGRKMVpnUkxTMlVWa0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS84ZjE5NjgtYTc5YS00YTA3LWFjZTYt
YzFkMjk2ZjhmZDA3LzEvWEhqdUotN25fU2MzZUdUY1phclNKREhoNGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS84ZjE5NjgtYTc5YS00YTA3LWFjZTYtYzFkMjk2ZjhmZDA3
LzEvWnVrc05CNTJsRVA5NGRKMVpnUkxTMlVWa0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBaNtIMA0E
AgACMAcDBQAqDdoGMA0GCSqGSIb3DQEBCwUAA4IBAQCbv7UyMEqBcaMAQD6bmVC3
L5FUYf8s1W+vO/sbd0nj1zgeFPaGuLEbCuJQbBMxr5aDGLdjPePTgwJr+MIWt9M6
PbRQY3V1JY8ujBvT+9s2AtEYU1d0b5GekVHh+s/gvCd+ZcvFYOdg6Jo9Uz3cEDef
tJA5OAlXgyzo8Yfq761kH7IC7/uLWqu6fH/j314sD+Z2K6NtzdVaS378XPR3DtQH
euQ0UTS9TYSyg5ET8RKsppyGAEOd5gZvWBBFEOGhl7sY7d01B9d0pcW7n2EBSNFt
BkM7HzFjikygDP8hSB5YskPRKEJE4u7KXbJhCylBzlaqMaHba/FBkiJ8r0uaI8ms
-----END CERTIFICATE-----