Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/c90ef8-cc7f-45df-8eac-e8604439407f/1/Zx7whMfxAFKB8otpZuhDxzwj8EY.roa
File:                     Zx7whMfxAFKB8otpZuhDxzwj8EY.roa (raw, json)
Hash identifier:          8uhDmEJO68Ua0M1IzL6ONGj0xoatnxLOF2u4S7qR6KY=
Subject key identifier:   67:1E:F0:84:C7:F1:00:52:81:F2:8B:69:66:E8:43:C7:3C:23:F0:46
Certificate issuer:       /CN=99ca313ce344d7a1fde65bc4a43219a0b376120c
Certificate serial:       018CC4254B9DF38497CA1A23B6C475F117B4
Authority key identifier: 99:CA:31:3C:E3:44:D7:A1:FD:E6:5B:C4:A4:32:19:A0:B3:76:12:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mcoxPONE16H95lvEpDIZoLN2Egw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/c90ef8-cc7f-45df-8eac-e8604439407f/1/Zx7whMfxAFKB8otpZuhDxzwj8EY.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57468
IP address blocks:        194.56.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/c90ef8-cc7f-45df-8eac-e8604439407f/1/mcoxPONE16H95lvEpDIZoLN2Egw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/c90ef8-cc7f-45df-8eac-e8604439407f/1/mcoxPONE16H95lvEpDIZoLN2Egw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mcoxPONE16H95lvEpDIZoLN2Egw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4b:9d:f3:84:97:ca:1a:23:b6:c4:75:f1:17:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ca313ce344d7a1fde65bc4a43219a0b376120c
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=671ef084c7f1005281f28b6966e843c73c23f046
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:7d:e8:65:af:cd:2a:2e:02:65:d4:50:4b:ff:
                    0c:88:40:77:4f:d4:04:50:36:0d:61:41:84:ef:6d:
                    70:1b:b9:c9:ad:30:34:3f:07:b7:4b:da:f4:c2:3d:
                    00:08:cb:27:b7:7f:aa:4c:78:86:95:fa:9e:7e:a2:
                    71:8a:d2:65:07:9d:e7:5d:ed:4b:7b:8f:d0:21:e2:
                    f5:2b:8f:4f:be:83:c3:23:61:8d:2e:c5:00:5c:64:
                    c4:2a:c7:b3:e4:b1:da:95:fd:e2:8a:3b:da:2c:df:
                    53:d9:00:3b:fb:df:2b:c2:fb:c5:c1:f6:2c:a7:1e:
                    9d:3b:82:f7:ba:d4:b1:01:3c:e1:7f:f8:00:6b:04:
                    5a:ca:73:98:5c:21:b9:83:eb:8b:93:c5:45:26:56:
                    ce:5c:b9:c7:70:d0:f9:77:c6:85:fc:45:34:f9:af:
                    2b:c5:26:fc:07:c8:e2:90:48:33:92:32:43:1b:a9:
                    38:c6:cd:c6:81:b1:0f:63:05:a0:11:9d:e1:a8:c4:
                    f1:5d:f6:c9:43:b5:79:7a:05:21:a7:94:3e:ec:00:
                    23:1b:03:14:48:f0:70:54:41:16:c2:45:64:51:70:
                    58:fb:0b:6a:5e:6f:a1:ce:25:20:74:d4:f2:30:08:
                    32:fe:fa:f5:1f:96:69:63:f3:5e:39:7e:7c:e6:58:
                    f5:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:1E:F0:84:C7:F1:00:52:81:F2:8B:69:66:E8:43:C7:3C:23:F0:46
            X509v3 Authority Key Identifier:
                keyid:99:CA:31:3C:E3:44:D7:A1:FD:E6:5B:C4:A4:32:19:A0:B3:76:12:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mcoxPONE16H95lvEpDIZoLN2Egw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/c90ef8-cc7f-45df-8eac-e8604439407f/1/Zx7whMfxAFKB8otpZuhDxzwj8EY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/c90ef8-cc7f-45df-8eac-e8604439407f/1/mcoxPONE16H95lvEpDIZoLN2Egw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:6c:22:77:2a:44:b9:37:62:af:d6:34:c4:c1:a8:c7:8c:a1:
         0a:19:af:4b:e1:c5:a2:83:eb:53:bd:d2:de:da:38:4a:59:95:
         a2:44:27:c7:d9:4b:32:98:2b:a8:65:f0:69:15:2d:0c:e3:8a:
         b5:09:8b:38:aa:72:16:23:07:77:31:84:b0:9c:62:d5:b9:ca:
         a7:97:e2:49:0f:2e:61:82:5f:7f:bd:6b:47:d2:c7:4e:db:5a:
         bc:2f:49:56:de:50:ad:f1:a0:c1:dc:2c:a6:bf:5e:66:19:d7:
         24:70:fe:8f:01:0a:c6:c8:f7:9f:88:10:96:71:87:b1:22:5b:
         1b:42:55:c5:27:7c:13:cf:8e:eb:6d:3f:b4:1b:0a:a9:9f:a5:
         83:39:61:1c:d6:e8:da:94:2a:57:60:a1:a8:43:85:80:71:e3:
         7a:35:ad:d9:8d:3d:dc:3d:08:f3:4d:ea:25:91:21:99:bd:42:
         14:d5:c0:f4:f8:07:25:a1:79:e1:29:2b:b6:4c:f7:77:f5:e0:
         f8:8a:c1:fa:39:f4:b5:2f:7b:50:f9:3b:1c:46:bb:5d:2b:ac:
         ed:43:3c:43:18:fd:b6:f0:b6:2d:25:51:c1:9a:0f:b6:68:f8:
         25:70:dc:8b:ef:64:b6:e2:51:97:45:23:f0:c3:7d:1d:78:9d:
         ef:6e:3d:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUud84SXyhojtsR18Re0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2EzMTNjZTM0NGQ3YTFmZGU2NWJjNGE0MzIxOWEwYjM3
NjEyMGMwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzFlZjA4NGM3ZjEwMDUyODFmMjhiNjk2NmU4NDNjNzNjMjNmMDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo33oZa/NKi4CZdRQS/8MiEB3T9QE
UDYNYUGE721wG7nJrTA0Pwe3S9r0wj0ACMsnt3+qTHiGlfqefqJxitJlB53nXe1L
e4/QIeL1K49PvoPDI2GNLsUAXGTEKsez5LHalf3iijvaLN9T2QA7+98rwvvFwfYs
px6dO4L3utSxATzhf/gAawRaynOYXCG5g+uLk8VFJlbOXLnHcND5d8aF/EU0+a8r
xSb8B8jikEgzkjJDG6k4xs3GgbEPYwWgEZ3hqMTxXfbJQ7V5egUhp5Q+7AAjGwMU
SPBwVEEWwkVkUXBY+wtqXm+hziUgdNTyMAgy/vr1H5ZpY/NeOX585lj1rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGce8ITH8QBSgfKLaWboQ8c8I/BGMB8GA1UdIwQY
MBaAFJnKMTzjRNeh/eZbxKQyGaCzdhIMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWNveFBPTkUxNkg5NWx2RXBESVpvTE4yRWd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS9jOTBlZjgtY2M3Zi00NWRmLThlYWMt
ZTg2MDQ0Mzk0MDdmLzEvWng3d2hNZnhBRktCOG90cFp1aER4endqOEVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS9jOTBlZjgtY2M3Zi00NWRmLThlYWMtZTg2MDQ0Mzk0MDdm
LzEvbWNveFBPTkUxNkg5NWx2RXBESVpvTE4yRWd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwji3MA0G
CSqGSIb3DQEBCwUAA4IBAQClbCJ3KkS5N2Kv1jTEwajHjKEKGa9L4cWig+tTvdLe
2jhKWZWiRCfH2UsymCuoZfBpFS0M44q1CYs4qnIWIwd3MYSwnGLVucqnl+JJDy5h
gl9/vWtH0sdO21q8L0lW3lCt8aDB3Cymv15mGdckcP6PAQrGyPefiBCWcYexIlsb
QlXFJ3wTz47rbT+0Gwqpn6WDOWEc1ujalCpXYKGoQ4WAceN6Na3ZjT3cPQjzTeol
kSGZvUIU1cD0+AcloXnhKSu2TPd39eD4isH6OfS1L3tQ+TscRrtdK6ztQzxDGP22
8LYtJVHBmg+2aPglcNyL72S24lGXRSPww30deJ3vbj2v
-----END CERTIFICATE-----