Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/cZzc2Z__Re4X2PwfaRDNP2W5TLg.roa
File:                     cZzc2Z__Re4X2PwfaRDNP2W5TLg.roa (raw, json)
Hash identifier:          U7W2Ef4qwiHgzJintDR+uocKr8YQVN/+/mus3dS24vA=
Subject key identifier:   71:9C:DC:D9:9F:FF:45:EE:17:D8:FC:1F:69:10:CD:3F:65:B9:4C:B8
Certificate issuer:       /CN=17672556984415b78e9d15461784c8c4e691d010
Certificate serial:       0190281DB7C5DA1F8A7BF7F5DAA97FCBD036
Authority key identifier: 17:67:25:56:98:44:15:B7:8E:9D:15:46:17:84:C8:C4:E6:91:D0:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F2clVphEFbeOnRVGF4TIxOaR0BA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/cZzc2Z__Re4X2PwfaRDNP2W5TLg.roa
Signing time:             Mon 17 Jun 2024 21:32:34 +0000
ROA not before:           Mon 17 Jun 2024 21:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200860
IP address blocks:        164.40.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/F2clVphEFbeOnRVGF4TIxOaR0BA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/F2clVphEFbeOnRVGF4TIxOaR0BA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F2clVphEFbeOnRVGF4TIxOaR0BA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:28:1d:b7:c5:da:1f:8a:7b:f7:f5:da:a9:7f:cb:d0:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17672556984415b78e9d15461784c8c4e691d010
        Validity
            Not Before: Jun 17 21:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=719cdcd99fff45ee17d8fc1f6910cd3f65b94cb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:7e:c0:af:f7:ea:1f:70:db:29:f9:e6:24:10:
                    de:d4:54:8f:8b:4e:4f:14:c1:09:37:86:c7:1c:25:
                    34:55:80:4e:01:ba:f6:7c:6e:09:06:43:88:5f:ba:
                    f2:35:24:52:20:ef:07:26:3f:f5:53:a1:d6:eb:1f:
                    37:3a:40:b8:4b:c5:81:3e:ac:d1:b3:89:db:a1:22:
                    13:8d:b1:3b:8f:0e:ce:0d:7a:ec:ec:c9:83:6f:b2:
                    b6:59:56:aa:74:28:18:d0:c0:2b:0b:35:b4:35:13:
                    32:cb:ac:4b:82:cd:aa:40:0b:69:c2:04:e1:e8:2a:
                    e0:3b:82:c6:95:ba:4e:f8:0c:27:a6:d0:af:d3:9b:
                    9e:62:26:c7:11:bc:0a:f8:a7:e5:24:35:b5:2e:9d:
                    b7:dc:5b:8a:a6:7a:28:a2:ca:77:49:a9:1c:fc:e3:
                    69:e5:ad:d5:d5:9e:b5:d8:c7:e4:72:33:fc:a7:2b:
                    a3:ce:db:c3:36:9c:ef:7c:75:cd:e8:9b:b8:da:55:
                    52:5c:b8:f2:22:93:f1:ee:f0:d9:1e:3d:5a:b7:be:
                    42:25:49:3c:3c:b8:af:bd:dc:2a:62:e9:dd:2c:b8:
                    ce:3b:b7:2d:6a:6f:10:38:f8:46:3e:d7:fd:62:b9:
                    79:c7:7f:c0:92:38:92:5d:6f:46:59:c5:12:9f:de:
                    03:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9C:DC:D9:9F:FF:45:EE:17:D8:FC:1F:69:10:CD:3F:65:B9:4C:B8
            X509v3 Authority Key Identifier:
                keyid:17:67:25:56:98:44:15:B7:8E:9D:15:46:17:84:C8:C4:E6:91:D0:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F2clVphEFbeOnRVGF4TIxOaR0BA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/cZzc2Z__Re4X2PwfaRDNP2W5TLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/F2clVphEFbeOnRVGF4TIxOaR0BA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.40.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:95:10:1d:89:09:fa:52:ce:ca:6e:5c:b2:a0:59:7e:a9:e4:
         30:6c:10:de:43:bb:20:bb:f5:93:66:94:52:d7:b3:3b:5e:64:
         aa:b3:55:4e:4f:ec:00:b4:71:0c:53:dd:3b:b6:c2:60:5a:dc:
         71:32:82:01:5f:74:29:61:14:88:09:3d:59:72:03:9c:af:70:
         bb:af:f5:0d:98:02:70:16:f8:2c:85:22:5c:68:52:05:6b:ce:
         5a:c2:75:3e:69:d4:33:e7:db:b6:28:4c:ca:d4:e3:0c:b3:85:
         45:e0:3a:a1:99:e4:13:a7:17:3c:57:a4:41:3d:07:36:16:41:
         a3:41:79:2d:76:2a:d9:fa:49:b5:8f:e6:3b:a0:8f:4a:c1:0d:
         4d:ca:48:32:4b:a4:1b:00:b9:40:9b:a3:e7:e7:39:43:d2:04:
         ec:75:9e:b6:c8:cd:95:22:b0:12:63:9b:49:0f:86:51:8e:f6:
         ec:7e:0a:cb:4a:f5:2c:c1:a6:56:34:4d:f2:28:34:8d:37:c2:
         f4:73:12:8d:b6:c5:b3:7e:02:68:cc:d5:03:0e:a3:bb:53:78:
         56:34:ec:3e:52:21:28:28:25:9b:09:2c:ae:74:bb:70:42:1a:
         a6:90:a4:c6:b1:cf:23:d5:d1:ae:ec:ac:a8:6b:63:37:df:d2:
         43:68:8f:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAoHbfF2h+Ke/f12ql/y9A2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NjcyNTU2OTg0NDE1Yjc4ZTlkMTU0NjE3ODRjOGM0ZTY5
MWQwMTAwHhcNMjQwNjE3MjEzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTljZGNkOTlmZmY0NWVlMTdkOGZjMWY2OTEwY2QzZjY1Yjk0Y2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo37Ar/fqH3DbKfnmJBDe1FSPi05P
FMEJN4bHHCU0VYBOAbr2fG4JBkOIX7ryNSRSIO8HJj/1U6HW6x83OkC4S8WBPqzR
s4nboSITjbE7jw7ODXrs7MmDb7K2WVaqdCgY0MArCzW0NRMyy6xLgs2qQAtpwgTh
6CrgO4LGlbpO+AwnptCv05ueYibHEbwK+KflJDW1Lp233FuKpnooosp3Sakc/ONp
5a3V1Z612MfkcjP8pyujztvDNpzvfHXN6Ju42lVSXLjyIpPx7vDZHj1at75CJUk8
PLivvdwqYundLLjOO7ctam8QOPhGPtf9Yrl5x3/AkjiSXW9GWcUSn94D8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGc3Nmf/0XuF9j8H2kQzT9luUy4MB8GA1UdIwQY
MBaAFBdnJVaYRBW3jp0VRheEyMTmkdAQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjJjbFZwaEVGYmVPblJWR0Y0VEl4T2FSMEJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8xODg3ZmEtNDNjYy00NDk5LWFiNzQt
ZTI4ODMyMzIzZjZkLzEvY1p6YzJaX19SZTRYMlB3ZmFSRE5QMlc1VExnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8xODg3ZmEtNDNjYy00NDk5LWFiNzQtZTI4ODMyMzIzZjZk
LzEvRjJjbFZwaEVGYmVPblJWR0Y0VEl4T2FSMEJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQApCiqMA0G
CSqGSIb3DQEBCwUAA4IBAQANlRAdiQn6Us7KblyyoFl+qeQwbBDeQ7sgu/WTZpRS
17M7XmSqs1VOT+wAtHEMU907tsJgWtxxMoIBX3QpYRSICT1ZcgOcr3C7r/UNmAJw
FvgshSJcaFIFa85awnU+adQz59u2KEzK1OMMs4VF4DqhmeQTpxc8V6RBPQc2FkGj
QXktdirZ+km1j+Y7oI9KwQ1NykgyS6QbALlAm6Pn5zlD0gTsdZ62yM2VIrASY5tJ
D4ZRjvbsfgrLSvUswaZWNE3yKDSNN8L0cxKNtsWzfgJozNUDDqO7U3hWNOw+UiEo
KCWbCSyudLtwQhqmkKTGsc8j1dGu7Kyoa2M339JDaI8t
-----END CERTIFICATE-----