Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/zvMn_MoRIOvZElLJAQx062Zpauo.roa
File:                     zvMn_MoRIOvZElLJAQx062Zpauo.roa (raw, json)
Hash identifier:          nYZUgLWW0mO4TK5uDNAJoJDpr4LcyRsT2Bh73JvIFQg=
Subject key identifier:   CE:F3:27:FC:CA:11:20:EB:D9:12:52:C9:01:0C:74:EB:66:69:6A:EA
Certificate issuer:       /CN=17672556984415b78e9d15461784c8c4e691d010
Certificate serial:       0190281DB765CC00623BB1C73600BF6CD4E7
Authority key identifier: 17:67:25:56:98:44:15:B7:8E:9D:15:46:17:84:C8:C4:E6:91:D0:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F2clVphEFbeOnRVGF4TIxOaR0BA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/zvMn_MoRIOvZElLJAQx062Zpauo.roa
Signing time:             Mon 17 Jun 2024 21:32:34 +0000
ROA not before:           Mon 17 Jun 2024 21:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12508
IP address blocks:        164.40.168.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/F2clVphEFbeOnRVGF4TIxOaR0BA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/F2clVphEFbeOnRVGF4TIxOaR0BA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F2clVphEFbeOnRVGF4TIxOaR0BA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:28:1d:b7:65:cc:00:62:3b:b1:c7:36:00:bf:6c:d4:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17672556984415b78e9d15461784c8c4e691d010
        Validity
            Not Before: Jun 17 21:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cef327fcca1120ebd91252c9010c74eb66696aea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6a:b1:26:50:a7:95:b2:e1:a3:0f:37:50:1f:
                    2a:bc:77:74:d1:cd:7e:3b:b3:eb:fa:28:c8:30:4f:
                    a4:e0:13:ea:f9:7a:80:d2:3f:f9:18:0a:ea:0f:bc:
                    80:f6:9c:4e:ef:27:77:50:cf:47:74:d6:3c:47:88:
                    37:28:dd:f5:a1:0d:74:22:84:88:e8:18:30:14:1d:
                    30:36:e3:c9:22:e5:fe:2b:fb:ee:81:3b:0d:f1:55:
                    75:af:07:62:74:86:7b:9f:96:2e:af:44:cb:6a:54:
                    db:56:32:a1:1b:17:12:ed:a4:a8:29:2d:e7:0c:ba:
                    cf:fb:b4:02:f8:0c:bf:e1:77:76:2d:20:03:a0:f1:
                    d0:f1:da:f3:93:92:9d:78:b1:b1:90:96:d3:17:3f:
                    3b:2f:c3:fd:15:dd:6f:50:43:63:9d:56:43:f6:99:
                    f0:9c:02:0e:e7:f6:41:c6:2d:47:82:50:73:32:9e:
                    90:31:61:2e:27:b6:60:59:2b:dc:8b:57:c9:8e:32:
                    3d:19:26:b3:70:dc:96:67:15:3f:9c:4a:f5:7a:53:
                    98:a8:1f:7d:47:a9:b3:6a:57:81:49:11:d0:3e:70:
                    cd:01:9e:79:45:52:4c:56:ae:0e:6a:49:5b:0c:8c:
                    6c:c4:2e:fe:70:e0:38:49:33:eb:b6:e4:f6:b0:e7:
                    db:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:F3:27:FC:CA:11:20:EB:D9:12:52:C9:01:0C:74:EB:66:69:6A:EA
            X509v3 Authority Key Identifier:
                keyid:17:67:25:56:98:44:15:B7:8E:9D:15:46:17:84:C8:C4:E6:91:D0:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F2clVphEFbeOnRVGF4TIxOaR0BA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/zvMn_MoRIOvZElLJAQx062Zpauo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1887fa-43cc-4499-ab74-e28832323f6d/1/F2clVphEFbeOnRVGF4TIxOaR0BA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.40.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:7e:76:0a:34:04:31:73:6f:b3:b6:84:f3:97:45:58:c6:6b:
         06:0e:43:5d:2d:7c:7f:9f:cc:71:34:af:ea:4d:5b:06:72:32:
         52:c3:c7:1c:00:f5:85:ef:42:10:6d:eb:eb:21:85:7e:ff:cc:
         d9:21:a2:7e:a2:69:5c:70:ef:2f:50:34:4b:78:cc:00:80:ce:
         f3:2c:af:bf:77:db:bf:71:cc:61:f8:69:f8:58:24:33:1e:98:
         db:28:f5:7e:d4:a2:51:f1:7e:a7:28:b2:c4:b1:40:c4:0f:90:
         32:90:c9:8c:05:94:39:ca:48:cf:61:92:30:f2:5f:7c:63:dc:
         42:bc:e3:7a:3b:26:76:d7:47:13:ef:07:12:fa:52:aa:7a:de:
         58:13:8d:cc:9c:5e:d4:62:42:8a:0c:7d:3c:5b:6e:0a:e4:7a:
         27:25:bd:34:cc:67:05:d1:36:d8:3c:2a:9c:5c:d3:b5:1c:97:
         19:d6:25:dd:28:40:1d:51:72:f2:5c:09:5c:2f:df:00:38:9b:
         a0:be:ef:cb:e0:ae:1e:9e:8b:dd:bd:02:c6:fe:35:a6:eb:93:
         ae:6a:82:6b:0c:2b:0f:a3:78:cd:06:e6:48:0f:db:1f:5a:e7:
         ca:78:7f:44:3e:ed:71:0f:d2:f9:2b:2b:c1:75:fa:6d:75:4a:
         62:3e:44:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAoHbdlzABiO7HHNgC/bNTnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NjcyNTU2OTg0NDE1Yjc4ZTlkMTU0NjE3ODRjOGM0ZTY5
MWQwMTAwHhcNMjQwNjE3MjEzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWYzMjdmY2NhMTEyMGViZDkxMjUyYzkwMTBjNzRlYjY2Njk2YWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWqxJlCnlbLhow83UB8qvHd00c1+
O7Pr+ijIME+k4BPq+XqA0j/5GArqD7yA9pxO7yd3UM9HdNY8R4g3KN31oQ10IoSI
6BgwFB0wNuPJIuX+K/vugTsN8VV1rwdidIZ7n5Yur0TLalTbVjKhGxcS7aSoKS3n
DLrP+7QC+Ay/4Xd2LSADoPHQ8drzk5KdeLGxkJbTFz87L8P9Fd1vUENjnVZD9pnw
nAIO5/ZBxi1HglBzMp6QMWEuJ7ZgWSvci1fJjjI9GSazcNyWZxU/nEr1elOYqB99
R6mzaleBSRHQPnDNAZ55RVJMVq4OaklbDIxsxC7+cOA4STPrtuT2sOfbAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM7zJ/zKESDr2RJSyQEMdOtmaWrqMB8GA1UdIwQY
MBaAFBdnJVaYRBW3jp0VRheEyMTmkdAQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjJjbFZwaEVGYmVPblJWR0Y0VEl4T2FSMEJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8xODg3ZmEtNDNjYy00NDk5LWFiNzQt
ZTI4ODMyMzIzZjZkLzEvenZNbl9Nb1JJT3ZaRWxMSkFReDA2MlpwYXVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8xODg3ZmEtNDNjYy00NDk5LWFiNzQtZTI4ODMyMzIzZjZk
LzEvRjJjbFZwaEVGYmVPblJWR0Y0VEl4T2FSMEJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBpCioMA0G
CSqGSIb3DQEBCwUAA4IBAQB2fnYKNAQxc2+ztoTzl0VYxmsGDkNdLXx/n8xxNK/q
TVsGcjJSw8ccAPWF70IQbevrIYV+/8zZIaJ+omlccO8vUDRLeMwAgM7zLK+/d9u/
ccxh+Gn4WCQzHpjbKPV+1KJR8X6nKLLEsUDED5AykMmMBZQ5ykjPYZIw8l98Y9xC
vON6OyZ210cT7wcS+lKqet5YE43MnF7UYkKKDH08W24K5HonJb00zGcF0TbYPCqc
XNO1HJcZ1iXdKEAdUXLyXAlcL98AOJugvu/L4K4enovdvQLG/jWm65OuaoJrDCsP
o3jNBuZID9sfWufKeH9EPu1xD9L5KyvBdfptdUpiPkRi
-----END CERTIFICATE-----