Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/CGfQwaaxlW85b3YqPKM6Z-0E9S4.roa
File:                     CGfQwaaxlW85b3YqPKM6Z-0E9S4.roa (raw, json)
Hash identifier:          0OTUmcvMxxAtafWmL068MbaVl22/5a+5lQwS1qmps1g=
Subject key identifier:   08:67:D0:C1:A6:B1:95:6F:39:6F:76:2A:3C:A3:3A:67:ED:04:F5:2E
Certificate issuer:       /CN=66104e4f7d9f38d8e22a2d32be019031930c1a47
Certificate serial:       018D9E63440AE02D70D38DCCEB925C1731CE
Authority key identifier: 66:10:4E:4F:7D:9F:38:D8:E2:2A:2D:32:BE:01:90:31:93:0C:1A:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/CGfQwaaxlW85b3YqPKM6Z-0E9S4.roa
Signing time:             Mon 12 Feb 2024 17:35:22 +0000
ROA not before:           Mon 12 Feb 2024 17:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15615
IP address blocks:        92.63.87.0/24 maxlen: 24
                          185.129.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9e:63:44:0a:e0:2d:70:d3:8d:cc:eb:92:5c:17:31:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66104e4f7d9f38d8e22a2d32be019031930c1a47
        Validity
            Not Before: Feb 12 17:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0867d0c1a6b1956f396f762a3ca33a67ed04f52e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d3:7c:03:01:08:81:8a:0d:10:90:79:e8:9d:
                    09:7d:b4:b6:92:88:11:2d:1e:26:bf:95:b2:61:45:
                    0b:b5:79:58:8d:39:a0:27:9b:01:28:17:41:ed:8f:
                    fe:76:f7:67:52:a7:79:9c:52:df:d1:11:24:70:a2:
                    8a:fe:70:ab:b7:00:26:4c:06:1d:14:fd:1d:48:7f:
                    76:1a:6f:21:e2:ea:2a:44:9a:b8:f9:0f:10:fb:49:
                    80:bd:31:45:7b:4a:a8:01:ce:ad:02:b4:7c:43:4d:
                    4e:91:40:c3:85:cc:31:d3:8d:cc:f2:84:38:e3:fb:
                    b3:4f:49:74:74:25:3a:a1:ae:12:1a:68:e6:28:ba:
                    f6:ef:93:4d:1d:61:31:7b:fc:f4:c9:ae:7c:0f:2a:
                    21:29:b2:9c:2b:e2:b3:5e:21:10:71:ad:05:4a:c9:
                    91:b2:58:6d:1a:2e:d4:d6:bb:97:83:5a:1e:e4:01:
                    be:ab:da:79:37:7f:49:6e:e7:1e:3c:a4:94:82:76:
                    26:7c:b4:79:2a:27:1f:47:25:81:60:bf:cf:73:83:
                    8d:a0:16:92:3b:d0:c6:57:6e:dd:ac:46:85:8f:cb:
                    b9:cc:bc:e3:11:a2:f6:34:24:01:91:c2:e0:9b:6e:
                    5c:22:22:c4:3a:92:84:19:18:e5:5e:39:16:ae:ee:
                    f0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:67:D0:C1:A6:B1:95:6F:39:6F:76:2A:3C:A3:3A:67:ED:04:F5:2E
            X509v3 Authority Key Identifier:
                keyid:66:10:4E:4F:7D:9F:38:D8:E2:2A:2D:32:BE:01:90:31:93:0C:1A:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/CGfQwaaxlW85b3YqPKM6Z-0E9S4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.87.0/24
                  185.129.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:bb:55:15:ac:fd:0d:66:87:f2:5f:c7:ef:26:7f:c6:98:cb:
         e4:24:e9:a6:c3:e1:9f:28:0e:b0:9a:29:79:59:15:02:4e:18:
         1a:80:33:a8:a7:cf:c9:3a:00:60:b2:fc:0f:2c:a4:fd:d6:61:
         ad:f9:e3:54:f1:f7:3e:04:ef:b6:77:16:57:c1:8e:d5:e5:7e:
         44:3b:e2:b8:d9:1d:63:94:c1:63:6b:72:6b:c6:8b:46:69:66:
         c7:e1:9e:1a:0f:55:cd:74:d8:f9:ad:9c:8d:9b:8a:1a:a7:9f:
         e8:43:85:d4:f7:6d:6a:3e:5a:1d:51:a5:46:eb:53:3a:ab:03:
         ed:71:00:5c:24:69:f3:76:4c:31:53:a9:a3:dd:6f:b8:d8:66:
         c4:bd:d6:04:e5:7a:6e:b1:41:21:79:ed:fb:34:c5:29:fe:2a:
         d2:32:a9:1b:4e:da:4c:7b:75:0f:aa:89:50:bf:47:d3:4d:8a:
         19:ee:23:22:ef:20:50:f6:1e:11:f1:98:96:30:c8:a5:00:c7:
         ad:6b:b5:e5:07:a0:07:09:9e:2c:66:a2:c8:14:d0:26:d0:e5:
         5b:01:dd:5b:79:ea:dd:8d:9c:21:54:11:23:5d:05:73:31:81:
         73:0b:57:ed:6d:f0:1c:ac:8e:a9:27:5f:70:54:a5:8c:bd:e3:
         6a:a5:4c:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2eY0QK4C1w043M65JcFzHOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MTA0ZTRmN2Q5ZjM4ZDhlMjJhMmQzMmJlMDE5MDMxOTMw
YzFhNDcwHhcNMjQwMjEyMTczNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODY3ZDBjMWE2YjE5NTZmMzk2Zjc2MmEzY2EzM2E2N2VkMDRmNTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptN8AwEIgYoNEJB56J0JfbS2kogR
LR4mv5WyYUULtXlYjTmgJ5sBKBdB7Y/+dvdnUqd5nFLf0REkcKKK/nCrtwAmTAYd
FP0dSH92Gm8h4uoqRJq4+Q8Q+0mAvTFFe0qoAc6tArR8Q01OkUDDhcwx043M8oQ4
4/uzT0l0dCU6oa4SGmjmKLr275NNHWExe/z0ya58DyohKbKcK+KzXiEQca0FSsmR
slhtGi7U1ruXg1oe5AG+q9p5N39JbucePKSUgnYmfLR5KicfRyWBYL/Pc4ONoBaS
O9DGV27drEaFj8u5zLzjEaL2NCQBkcLgm25cIiLEOpKEGRjlXjkWru7wiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAhn0MGmsZVvOW92KjyjOmftBPUuMB8GA1UdIwQY
MBaAFGYQTk99nzjY4iotMr4BkDGTDBpHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmhCT1QzMmZPTmppS2kweXZnR1FNWk1NR2tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS84MmQyMjItMjIwMi00NWYyLWI5MDQt
NDc0NzJlZDNiZWNiLzEvQ0dmUXdhYXhsVzg1YjNZcVBLTTZaLTBFOVM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS84MmQyMjItMjIwMi00NWYyLWI5MDQtNDc0NzJlZDNiZWNi
LzEvWmhCT1QzMmZPTmppS2kweXZnR1FNWk1NR2tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXD9XAwQA
uYGUMA0GCSqGSIb3DQEBCwUAA4IBAQAMu1UVrP0NZofyX8fvJn/GmMvkJOmmw+Gf
KA6wmil5WRUCThgagDOop8/JOgBgsvwPLKT91mGt+eNU8fc+BO+2dxZXwY7V5X5E
O+K42R1jlMFja3JrxotGaWbH4Z4aD1XNdNj5rZyNm4oap5/oQ4XU921qPlodUaVG
61M6qwPtcQBcJGnzdkwxU6mj3W+42GbEvdYE5XpusUEhee37NMUp/irSMqkbTtpM
e3UPqolQv0fTTYoZ7iMi7yBQ9h4R8ZiWMMilAMeta7XlB6AHCZ4sZqLIFNAm0OVb
Ad1beerdjZwhVBEjXQVzMYFzC1ftbfAcrI6pJ19wVKWMveNqpUzQ
-----END CERTIFICATE-----