Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/a8bb57-c181-4695-9be7-57554058620b/1/zBO8UNxBRpYP65fMiJQ8GglXJSM.roa
File:                     zBO8UNxBRpYP65fMiJQ8GglXJSM.roa (raw, json)
Hash identifier:          EY8s+PVllcBgQ1PMVMiAg4sS1zEPzff/8YkL4EDL7OI=
Subject key identifier:   CC:13:BC:50:DC:41:46:96:0F:EB:97:CC:88:94:3C:1A:09:57:25:23
Certificate issuer:       /CN=e2a10de6ffae590427244a03343db66ac564275a
Certificate serial:       018CC64B5BA0F125D9669731DD2FB14BBFA5
Authority key identifier: E2:A1:0D:E6:FF:AE:59:04:27:24:4A:03:34:3D:B6:6A:C5:64:27:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4qEN5v-uWQQnJEoDND22asVkJ1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/a8bb57-c181-4695-9be7-57554058620b/1/zBO8UNxBRpYP65fMiJQ8GglXJSM.roa
Signing time:             Mon 01 Jan 2024 18:31:16 +0000
ROA not before:           Mon 01 Jan 2024 18:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212498
IP address blocks:        83.97.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/a8bb57-c181-4695-9be7-57554058620b/1/4qEN5v-uWQQnJEoDND22asVkJ1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/a8bb57-c181-4695-9be7-57554058620b/1/4qEN5v-uWQQnJEoDND22asVkJ1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4qEN5v-uWQQnJEoDND22asVkJ1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:5b:a0:f1:25:d9:66:97:31:dd:2f:b1:4b:bf:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2a10de6ffae590427244a03343db66ac564275a
        Validity
            Not Before: Jan  1 18:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc13bc50dc4146960feb97cc88943c1a09572523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:26:9f:12:83:3a:5a:41:5f:4b:0e:ab:94:66:
                    bc:fe:38:ad:11:7c:6f:5c:f0:8f:1b:8a:fb:cf:6b:
                    38:cc:87:57:90:c4:bb:e1:ae:f9:70:c3:3a:3d:26:
                    8c:c6:e3:72:65:8e:6c:b2:6f:82:49:5c:42:43:ba:
                    52:52:d0:8d:6e:8b:15:f1:b6:71:66:75:c7:49:cd:
                    ac:25:43:ea:a2:73:f9:08:5d:13:86:be:f6:30:13:
                    40:7f:96:6e:bc:1f:b2:d3:1c:30:14:d7:f0:c5:30:
                    ec:7a:13:37:f2:61:ad:36:3d:91:05:34:a5:ac:b9:
                    92:a9:68:6f:2b:b8:ad:19:48:47:f8:1b:d0:0f:1a:
                    b5:10:b8:5d:16:38:fc:e8:c4:21:2c:7f:97:5c:e8:
                    77:26:fa:84:52:37:f4:c7:5a:0c:06:b5:5e:a5:54:
                    e9:e0:31:39:d8:1c:87:62:b0:57:99:f1:46:ce:35:
                    e1:c3:ea:85:dd:ea:87:87:b0:af:64:a9:7a:e7:a0:
                    84:4d:94:cc:db:c4:93:fb:01:2d:a8:bd:17:34:37:
                    b8:27:a5:60:9b:0f:2b:a8:38:c9:f7:83:dc:d0:de:
                    b8:98:da:14:47:1f:96:7a:50:3e:ae:2b:ce:09:e3:
                    8c:06:79:13:8c:d5:74:21:64:20:68:b1:ed:d6:bc:
                    e0:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:13:BC:50:DC:41:46:96:0F:EB:97:CC:88:94:3C:1A:09:57:25:23
            X509v3 Authority Key Identifier:
                keyid:E2:A1:0D:E6:FF:AE:59:04:27:24:4A:03:34:3D:B6:6A:C5:64:27:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4qEN5v-uWQQnJEoDND22asVkJ1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/a8bb57-c181-4695-9be7-57554058620b/1/zBO8UNxBRpYP65fMiJQ8GglXJSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/a8bb57-c181-4695-9be7-57554058620b/1/4qEN5v-uWQQnJEoDND22asVkJ1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:b0:1e:bd:d4:92:45:0f:18:93:3f:2a:98:fd:e4:3a:68:ed:
         92:1f:e1:84:38:82:d2:c5:f2:f7:e2:9a:93:bd:9a:54:8f:07:
         0f:d0:36:2b:67:40:6a:88:a2:39:19:5f:76:f3:2f:bd:23:ae:
         18:e1:dc:a5:08:de:8c:a0:42:7b:f6:e7:c6:c1:46:e9:22:37:
         2b:1e:bb:60:bf:19:ba:1b:17:19:09:3c:cf:37:08:5b:3b:6c:
         2e:4a:e0:c1:49:fa:78:92:49:8e:94:a3:e4:e6:60:df:4a:4e:
         c4:30:76:e6:33:c2:d7:d8:c7:67:79:ec:a9:5f:b3:ea:14:ed:
         56:7b:2a:4b:53:79:c0:f2:8b:92:0a:20:23:29:b0:36:66:fd:
         23:d6:21:e3:fb:25:89:a8:9e:8a:52:eb:b5:7d:91:9d:0e:6d:
         59:f0:06:f2:99:f4:d2:86:ef:64:4f:0d:36:fa:8e:c2:e6:79:
         be:81:f8:77:f9:fe:4f:c8:a2:e4:96:31:98:ee:30:aa:58:d7:
         db:74:3b:18:8a:9d:c2:85:5e:d2:27:1d:da:71:7c:b0:d4:89:
         7d:9b:dc:20:2d:fb:08:ec:41:2f:76:79:a4:09:58:04:82:96:
         88:31:cd:d8:31:a6:76:1d:d6:85:79:fc:22:73:33:96:4e:99:
         49:05:fc:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS1ug8SXZZpcx3S+xS7+lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYTEwZGU2ZmZhZTU5MDQyNzI0NGEwMzM0M2RiNjZhYzU2
NDI3NWEwHhcNMjQwMTAxMTgzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzEzYmM1MGRjNDE0Njk2MGZlYjk3Y2M4ODk0M2MxYTA5NTcyNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCafEoM6WkFfSw6rlGa8/jitEXxv
XPCPG4r7z2s4zIdXkMS74a75cMM6PSaMxuNyZY5ssm+CSVxCQ7pSUtCNbosV8bZx
ZnXHSc2sJUPqonP5CF0Thr72MBNAf5ZuvB+y0xwwFNfwxTDsehM38mGtNj2RBTSl
rLmSqWhvK7itGUhH+BvQDxq1ELhdFjj86MQhLH+XXOh3JvqEUjf0x1oMBrVepVTp
4DE52ByHYrBXmfFGzjXhw+qF3eqHh7CvZKl656CETZTM28ST+wEtqL0XNDe4J6Vg
mw8rqDjJ94Pc0N64mNoURx+WelA+rivOCeOMBnkTjNV0IWQgaLHt1rzgRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwTvFDcQUaWD+uXzIiUPBoJVyUjMB8GA1UdIwQY
MBaAFOKhDeb/rlkEJyRKAzQ9tmrFZCdaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHFFTjV2LXVXUVFuSkVvRE5EMjJhc1ZrSjFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9hOGJiNTctYzE4MS00Njk1LTliZTct
NTc1NTQwNTg2MjBiLzEvekJPOFVOeEJScFlQNjVmTWlKUThHZ2xYSlNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9hOGJiNTctYzE4MS00Njk1LTliZTctNTc1NTQwNTg2MjBi
LzEvNHFFTjV2LXVXUVFuSkVvRE5EMjJhc1ZrSjFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU2ElMA0G
CSqGSIb3DQEBCwUAA4IBAQC3sB691JJFDxiTPyqY/eQ6aO2SH+GEOILSxfL34pqT
vZpUjwcP0DYrZ0BqiKI5GV928y+9I64Y4dylCN6MoEJ79ufGwUbpIjcrHrtgvxm6
GxcZCTzPNwhbO2wuSuDBSfp4kkmOlKPk5mDfSk7EMHbmM8LX2MdneeypX7PqFO1W
eypLU3nA8ouSCiAjKbA2Zv0j1iHj+yWJqJ6KUuu1fZGdDm1Z8AbymfTShu9kTw02
+o7C5nm+gfh3+f5PyKLkljGY7jCqWNfbdDsYip3ChV7SJx3acXyw1Il9m9wgLfsI
7EEvdnmkCVgEgpaIMc3YMaZ2HdaFefwiczOWTplJBfxR
-----END CERTIFICATE-----