Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/ZzyodQ_t-gkqMp1qIj5zmmtQmNE.roa
File:                     ZzyodQ_t-gkqMp1qIj5zmmtQmNE.roa (raw, json)
Hash identifier:          CLsGQ9lVCDMndJ3ZfQGxegEdUaAwtfvTsDOx1a9Ba+Q=
Subject key identifier:   67:3C:A8:75:0F:ED:FA:09:2A:32:9D:6A:22:3E:73:9A:6B:50:98:D1
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       018CC49380DA3C54927E910C8B90A2F65E9F
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/ZzyodQ_t-gkqMp1qIj5zmmtQmNE.roa
Signing time:             Mon 01 Jan 2024 10:30:50 +0000
ROA not before:           Mon 01 Jan 2024 10:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        94.154.180.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:80:da:3c:54:92:7e:91:0c:8b:90:a2:f6:5e:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  1 10:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=673ca8750fedfa092a329d6a223e739a6b5098d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:03:ec:d6:0b:23:1f:47:f8:fd:dc:73:2c:ea:
                    62:75:c9:a0:d9:08:ca:38:e6:27:cd:5d:e1:74:21:
                    55:70:f1:fe:09:44:7d:9a:38:6f:7f:4f:c0:dd:c1:
                    98:2a:77:08:2c:9c:43:cf:fb:ba:de:27:24:74:a7:
                    79:bf:a2:7c:f8:e9:24:bd:8a:7f:f0:bf:8d:cd:51:
                    bf:94:9b:c5:ce:68:ce:d5:f9:6a:ff:e9:7b:81:cd:
                    42:7f:61:8e:2b:d6:bf:b0:92:3c:cb:87:74:c9:f8:
                    4d:ea:f6:46:42:8a:15:3f:d5:b0:ef:81:48:9e:04:
                    31:89:f7:49:6c:0c:b9:ff:c3:77:f3:5b:f3:43:61:
                    54:a3:aa:41:62:e8:41:17:ac:ad:19:02:78:cb:a8:
                    9e:65:29:2d:09:df:54:dd:70:a1:66:50:b4:f1:9d:
                    d4:fa:b2:3c:24:03:e1:e6:78:23:0d:93:ef:b7:c3:
                    cf:01:70:c7:cf:0d:46:5e:6a:6a:22:6a:9e:2b:03:
                    3d:0a:7b:22:de:92:71:72:00:6b:0d:d6:80:92:82:
                    78:05:2e:97:04:35:88:22:84:3b:11:9c:80:25:4d:
                    93:65:2f:55:83:a3:94:b3:f8:4c:d1:d0:d2:c0:34:
                    99:71:e1:22:9b:76:ba:35:39:1a:7c:d9:a2:0c:b0:
                    06:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:3C:A8:75:0F:ED:FA:09:2A:32:9D:6A:22:3E:73:9A:6B:50:98:D1
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/ZzyodQ_t-gkqMp1qIj5zmmtQmNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:a9:4a:c1:45:64:48:44:e2:e7:3b:d6:7c:82:70:72:6a:a9:
         e6:95:f2:e0:89:7f:ba:a4:a3:d6:71:13:ec:3e:bb:8c:2e:a5:
         08:2d:99:48:53:ca:35:19:fc:a7:59:29:ac:7c:b9:a0:b7:71:
         e6:81:17:f5:5f:f5:e4:7e:6b:38:db:53:d3:48:05:e1:1d:db:
         93:82:3c:2b:61:a1:aa:2f:b9:83:bb:75:a0:91:4a:c7:2f:ec:
         98:65:7e:f2:ff:06:50:76:b6:09:ff:9b:07:15:cf:66:19:75:
         9f:cb:16:8f:6e:57:82:77:12:82:68:43:15:f8:0c:18:d6:b3:
         7d:6e:8b:27:10:bf:d4:9b:bf:45:21:d5:ed:d1:3b:ab:d8:89:
         3d:2d:5e:bd:c4:c4:fb:89:9c:60:f6:b2:ce:0d:c2:b0:da:54:
         7c:bb:e6:e5:8e:1e:21:91:51:4d:dd:08:f7:7b:b6:5f:72:ea:
         bb:cb:ac:fc:8f:11:86:6c:0e:7e:b0:79:52:60:3e:a1:22:4a:
         28:bf:09:2e:69:07:6d:c2:b0:a8:61:c4:9d:a6:b8:aa:41:7f:
         64:3c:c8:dc:65:d4:ad:34:e7:1a:2d:de:09:cf:1c:82:32:48:
         72:09:ff:76:d2:c3:9a:22:c9:51:b9:ef:d9:cd:d8:9b:b7:1f:
         88:46:63:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4DaPFSSfpEMi5Ci9l6fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjQwMTAxMTAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzNjYTg3NTBmZWRmYTA5MmEzMjlkNmEyMjNlNzM5YTZiNTA5OGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAPs1gsjH0f4/dxzLOpidcmg2QjK
OOYnzV3hdCFVcPH+CUR9mjhvf0/A3cGYKncILJxDz/u63ickdKd5v6J8+OkkvYp/
8L+NzVG/lJvFzmjO1flq/+l7gc1Cf2GOK9a/sJI8y4d0yfhN6vZGQooVP9Ww74FI
ngQxifdJbAy5/8N381vzQ2FUo6pBYuhBF6ytGQJ4y6ieZSktCd9U3XChZlC08Z3U
+rI8JAPh5ngjDZPvt8PPAXDHzw1GXmpqImqeKwM9Cnsi3pJxcgBrDdaAkoJ4BS6X
BDWIIoQ7EZyAJU2TZS9Vg6OUs/hM0dDSwDSZceEim3a6NTkafNmiDLAGHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGc8qHUP7foJKjKdaiI+c5prUJjRMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvWnp5b2RRX3QtZ2txTXAxcUlqNXptbXRRbU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXpq0MA0G
CSqGSIb3DQEBCwUAA4IBAQBfqUrBRWRIROLnO9Z8gnByaqnmlfLgiX+6pKPWcRPs
PruMLqUILZlIU8o1GfynWSmsfLmgt3HmgRf1X/Xkfms421PTSAXhHduTgjwrYaGq
L7mDu3WgkUrHL+yYZX7y/wZQdrYJ/5sHFc9mGXWfyxaPbleCdxKCaEMV+AwY1rN9
bosnEL/Um79FIdXt0Tur2Ik9LV69xMT7iZxg9rLODcKw2lR8u+bljh4hkVFN3Qj3
e7Zfcuq7y6z8jxGGbA5+sHlSYD6hIkoovwkuaQdtwrCoYcSdpriqQX9kPMjcZdSt
NOcaLd4JzxyCMkhyCf920sOaIslRue/Zzdibtx+IRmOA
-----END CERTIFICATE-----