Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/ZZHTrcZtMyPT5Zn8uRN-UvF2pl8.roa
File:                     ZZHTrcZtMyPT5Zn8uRN-UvF2pl8.roa (raw, json)
Hash identifier:          IVW9PIGkrTyLPNC5ByOXCkOGUUEYZpsuzzpmGF46dlk=
Subject key identifier:   65:91:D3:AD:C6:6D:33:23:D3:E5:99:FC:B9:13:7E:52:F1:76:A6:5F
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       018CC79400A9DCB756A295C8E1DDC7BB3EA7
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/ZZHTrcZtMyPT5Zn8uRN-UvF2pl8.roa
Signing time:             Tue 02 Jan 2024 00:30:14 +0000
ROA not before:           Tue 02 Jan 2024 00:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215976
IP address blocks:        217.147.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 05:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:00:a9:dc:b7:56:a2:95:c8:e1:dd:c7:bb:3e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Jan  2 00:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6591d3adc66d3323d3e599fcb9137e52f176a65f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c6:19:92:54:62:c8:57:4f:1f:a2:34:aa:52:
                    be:72:7a:b7:81:18:b0:39:be:57:04:4b:cd:e5:f2:
                    67:00:97:11:21:b8:65:b7:fe:d0:a9:ab:6a:59:de:
                    c7:44:ac:be:b0:fa:90:e0:39:63:d2:b2:62:e6:24:
                    75:69:e5:51:de:ef:97:3d:12:92:3d:41:a6:d6:35:
                    b5:83:4f:26:63:5c:c9:af:b3:4e:4d:e6:76:da:d7:
                    62:50:c9:ab:4f:6c:cf:71:3e:73:f5:8e:ee:15:af:
                    47:ac:ce:84:e6:70:d4:21:fe:6e:ce:c4:fb:98:9b:
                    e2:31:26:a4:bd:94:24:83:5a:f4:0c:d9:e6:42:d4:
                    bc:e2:c5:1e:fc:60:70:1b:77:4c:40:0d:62:72:cd:
                    d2:d4:05:28:58:76:2a:e2:4e:0f:8b:07:de:6e:7f:
                    a5:6c:80:52:ae:67:df:46:0e:ba:0b:e5:77:47:a1:
                    14:33:f6:2e:65:b0:13:fa:47:b6:e3:c3:2f:3d:f3:
                    ee:f3:1b:19:ec:c3:e9:35:b7:d7:f8:80:9c:39:ba:
                    03:8c:52:49:81:4c:8b:12:63:5d:8d:f5:7b:da:83:
                    08:36:c6:f0:11:42:39:b7:31:db:2f:8b:72:07:af:
                    51:f4:26:6d:54:74:00:bb:c8:52:61:a4:15:29:e8:
                    44:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:91:D3:AD:C6:6D:33:23:D3:E5:99:FC:B9:13:7E:52:F1:76:A6:5F
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/ZZHTrcZtMyPT5Zn8uRN-UvF2pl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:bf:22:68:a5:b0:fe:f0:5b:ab:f4:bd:f8:01:cc:fa:d2:24:
         32:81:28:12:c9:29:ac:07:ca:10:d4:1b:84:23:96:7f:d1:e7:
         5b:20:1b:31:46:84:8a:f5:1a:e9:13:0c:a8:98:8a:2d:20:55:
         2d:2c:15:95:96:b5:a8:86:9e:4f:04:44:23:b8:21:08:94:6d:
         41:8a:c9:10:d6:b1:e9:7f:f4:cb:79:c2:d0:ac:47:b3:83:a3:
         8a:5d:c4:7b:d5:fc:a2:2d:d7:33:00:21:21:fa:d4:2b:86:e3:
         97:16:8e:09:42:83:7e:1c:7f:c7:34:8a:20:fd:38:ad:28:a6:
         56:c7:fd:b1:60:ed:c6:ae:4f:d1:33:c3:f6:3a:0d:22:13:be:
         a0:b9:77:3e:f7:17:85:b9:a0:b4:47:92:9e:e8:bd:eb:22:17:
         d3:7b:01:61:c3:94:3e:8b:5c:ee:2c:ac:26:b0:f8:c0:97:65:
         01:d0:ce:5c:be:7a:31:94:f8:73:7b:98:50:53:86:5d:e9:34:
         aa:b2:7b:76:c5:1f:af:ed:8a:4a:c4:af:6c:63:38:a9:2c:38:
         7a:d7:01:fd:e9:74:ba:38:80:b2:03:ed:55:8f:9e:46:13:58:
         29:54:83:50:42:25:05:02:11:f3:66:ba:eb:cc:74:7d:cb:01:
         27:1f:5f:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlACp3LdWopXI4d3Huz6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjQwMTAyMDAzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTkxZDNhZGM2NmQzMzIzZDNlNTk5ZmNiOTEzN2U1MmYxNzZhNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMYZklRiyFdPH6I0qlK+cnq3gRiw
Ob5XBEvN5fJnAJcRIbhlt/7QqatqWd7HRKy+sPqQ4Dlj0rJi5iR1aeVR3u+XPRKS
PUGm1jW1g08mY1zJr7NOTeZ22tdiUMmrT2zPcT5z9Y7uFa9HrM6E5nDUIf5uzsT7
mJviMSakvZQkg1r0DNnmQtS84sUe/GBwG3dMQA1ics3S1AUoWHYq4k4Piwfebn+l
bIBSrmffRg66C+V3R6EUM/YuZbAT+ke248MvPfPu8xsZ7MPpNbfX+ICcOboDjFJJ
gUyLEmNdjfV72oMINsbwEUI5tzHbL4tyB69R9CZtVHQAu8hSYaQVKehE4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGWR063GbTMj0+WZ/LkTflLxdqZfMB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvWlpIVHJjWnRNeVBUNVpuOHVSTi1VdkYycGw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOpMA0G
CSqGSIb3DQEBCwUAA4IBAQBBvyJopbD+8Fur9L34Acz60iQygSgSySmsB8oQ1BuE
I5Z/0edbIBsxRoSK9RrpEwyomIotIFUtLBWVlrWohp5PBEQjuCEIlG1BiskQ1rHp
f/TLecLQrEezg6OKXcR71fyiLdczACEh+tQrhuOXFo4JQoN+HH/HNIog/TitKKZW
x/2xYO3Grk/RM8P2Og0iE76guXc+9xeFuaC0R5Ke6L3rIhfTewFhw5Q+i1zuLKwm
sPjAl2UB0M5cvnoxlPhze5hQU4Zd6TSqsnt2xR+v7YpKxK9sYzipLDh61wH96XS6
OICyA+1Vj55GE1gpVINQQiUFAhHzZrrrzHR9ywEnH19E
-----END CERTIFICATE-----