Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/CZyIBB_sMdRtdDbsy4-MvLAw1OE.roa
File:                     CZyIBB_sMdRtdDbsy4-MvLAw1OE.roa (raw, json)
Hash identifier:          tDBMPImX9KcWuPG7MObee5DVuOvuiQWeAn/bqOSe6As=
Subject key identifier:   09:9C:88:04:1F:EC:31:D4:6D:74:36:EC:CB:8F:8C:BC:B0:30:D4:E1
Certificate issuer:       /CN=53c912a0411bb0174507092d0ca35a91ad79905c
Certificate serial:       018CC49364E55ADB81F43CBD2C31463BA47E
Authority key identifier: 53:C9:12:A0:41:1B:B0:17:45:07:09:2D:0C:A3:5A:91:AD:79:90:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U8kSoEEbsBdFBwktDKNaka15kFw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/CZyIBB_sMdRtdDbsy4-MvLAw1OE.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49685
IP address blocks:        194.59.136.0/24 maxlen: 24
                          194.59.138.0/24 maxlen: 24
                          2a07:cb80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/U8kSoEEbsBdFBwktDKNaka15kFw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/U8kSoEEbsBdFBwktDKNaka15kFw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U8kSoEEbsBdFBwktDKNaka15kFw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:64:e5:5a:db:81:f4:3c:bd:2c:31:46:3b:a4:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53c912a0411bb0174507092d0ca35a91ad79905c
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=099c88041fec31d46d7436eccb8f8cbcb030d4e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:31:81:b2:e1:ea:08:8d:a1:a5:2a:7d:ff:1e:
                    b4:75:c7:c7:73:08:b2:06:8d:41:ef:18:3b:19:31:
                    ef:c2:37:b4:63:25:c4:df:5d:8f:0c:2b:e1:92:8d:
                    7a:81:f0:4f:57:ef:93:35:16:2e:3f:ee:e5:d5:1a:
                    aa:14:d3:26:b3:b0:23:6b:5b:1f:b2:cb:bf:69:20:
                    ed:fc:e8:89:9d:6a:64:5c:1b:ba:91:14:ee:fc:be:
                    79:86:cd:26:bc:51:d6:7f:72:1c:5d:ff:95:13:2f:
                    ec:0d:54:72:04:fa:fb:40:8b:dd:1d:d8:09:4e:b6:
                    e6:76:c9:fd:27:bd:55:ca:82:ed:df:b0:5d:c1:db:
                    89:58:47:2b:b4:ec:26:a5:1b:06:5b:70:f6:03:ac:
                    5c:23:d3:c2:00:cf:be:0b:6c:ca:8c:77:b1:73:a2:
                    b6:f6:7c:86:b4:2d:2b:7f:6f:22:35:20:c2:70:80:
                    50:b8:82:5a:0f:26:b1:a4:39:11:60:b3:d6:eb:a3:
                    64:28:1d:16:dc:c9:33:a4:07:87:fd:84:03:b0:c9:
                    5b:24:7d:5e:04:c8:09:d7:08:04:0f:f9:f3:60:6a:
                    cf:f9:03:08:89:98:18:8e:a4:c9:f7:c7:86:94:98:
                    d2:3b:15:28:97:ca:0a:5c:1f:c4:4c:31:0d:8d:9b:
                    a7:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:9C:88:04:1F:EC:31:D4:6D:74:36:EC:CB:8F:8C:BC:B0:30:D4:E1
            X509v3 Authority Key Identifier:
                keyid:53:C9:12:A0:41:1B:B0:17:45:07:09:2D:0C:A3:5A:91:AD:79:90:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U8kSoEEbsBdFBwktDKNaka15kFw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/CZyIBB_sMdRtdDbsy4-MvLAw1OE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/d77e60-8916-4f96-8ed0-e21c436b62ef/1/U8kSoEEbsBdFBwktDKNaka15kFw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.136.0/24
                  194.59.138.0/24
                IPv6:
                  2a07:cb80::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:7f:d4:a1:23:04:7e:1e:e7:a4:a2:af:e6:a4:c6:7e:43:60:
         51:f0:e1:3c:38:28:a9:55:6d:ca:2f:e7:ec:e6:db:12:3b:1a:
         cf:24:94:25:6a:0c:36:dd:c3:c6:be:5e:ec:01:1c:64:f7:7a:
         13:d5:c1:98:c1:95:b7:d2:6d:98:0f:06:8a:b0:60:c4:6d:49:
         6b:34:2e:3b:9d:72:ad:d8:c4:90:53:11:3d:b8:af:ab:2d:79:
         8c:8b:e7:0e:4e:ed:78:d1:68:c7:58:51:c5:68:00:79:ab:ad:
         14:11:61:5f:08:5b:e6:0c:81:61:c1:ee:e4:3e:ec:d4:8b:92:
         fe:0f:1e:da:4a:6f:57:c5:6f:eb:0b:65:5c:fa:ad:5b:91:c5:
         36:ab:8b:60:74:75:49:65:e0:58:7b:af:7b:51:1d:7e:05:12:
         30:8e:6f:38:76:17:4e:be:ee:e1:6e:aa:93:e4:c8:72:dd:73:
         92:11:81:0c:88:a3:2a:ae:3f:7a:44:cd:3f:a6:40:eb:e7:7c:
         50:2d:97:1e:4e:71:31:21:3c:75:d3:c7:0f:a5:ee:35:22:47:
         f4:90:a1:01:08:34:6a:fe:ef:cf:64:0a:9e:4f:81:da:d3:c9:
         dc:2f:2a:9e:c9:cb:83:d6:38:95:01:99:ae:3e:f1:9d:42:3f:
         37:05:03:3e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEk2TlWtuB9Dy9LDFGO6R+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYzkxMmEwNDExYmIwMTc0NTA3MDkyZDBjYTM1YTkxYWQ3
OTkwNWMwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTljODgwNDFmZWMzMWQ0NmQ3NDM2ZWNjYjhmOGNiY2IwMzBkNGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DGBsuHqCI2hpSp9/x60dcfHcwiy
Bo1B7xg7GTHvwje0YyXE312PDCvhko16gfBPV++TNRYuP+7l1RqqFNMms7Aja1sf
ssu/aSDt/OiJnWpkXBu6kRTu/L55hs0mvFHWf3IcXf+VEy/sDVRyBPr7QIvdHdgJ
Trbmdsn9J71VyoLt37BdwduJWEcrtOwmpRsGW3D2A6xcI9PCAM++C2zKjHexc6K2
9nyGtC0rf28iNSDCcIBQuIJaDyaxpDkRYLPW66NkKB0W3MkzpAeH/YQDsMlbJH1e
BMgJ1wgED/nzYGrP+QMIiZgYjqTJ98eGlJjSOxUol8oKXB/ETDENjZunwQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAmciAQf7DHUbXQ27MuPjLywMNThMB8GA1UdIwQY
MBaAFFPJEqBBG7AXRQcJLQyjWpGteZBcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVThrU29FRWJzQmRGQndrdERLTmFrYTE1a0Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9kNzdlNjAtODkxNi00Zjk2LThlZDAt
ZTIxYzQzNmI2MmVmLzEvQ1p5SUJCX3NNZFJ0ZERic3k0LU12TEF3MU9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9kNzdlNjAtODkxNi00Zjk2LThlZDAtZTIxYzQzNmI2MmVm
LzEvVThrU29FRWJzQmRGQndrdERLTmFrYTE1a0Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwjuIAwQA
wjuKMA0EAgACMAcDBQAqB8uAMA0GCSqGSIb3DQEBCwUAA4IBAQB3f9ShIwR+Huek
oq/mpMZ+Q2BR8OE8OCipVW3KL+fs5tsSOxrPJJQlagw23cPGvl7sARxk93oT1cGY
wZW30m2YDwaKsGDEbUlrNC47nXKt2MSQUxE9uK+rLXmMi+cOTu140WjHWFHFaAB5
q60UEWFfCFvmDIFhwe7kPuzUi5L+Dx7aSm9XxW/rC2Vc+q1bkcU2q4tgdHVJZeBY
e697UR1+BRIwjm84dhdOvu7hbqqT5Mhy3XOSEYEMiKMqrj96RM0/pkDr53xQLZce
TnExITx108cPpe41Ikf0kKEBCDRq/u/PZAqeT4Ha08ncLyqeycuD1jiVAZmuPvGd
Qj83BQM+
-----END CERTIFICATE-----