Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ZFQ_eGMIO1-6k9P55ULRCtB0euU.roa
File:                     ZFQ_eGMIO1-6k9P55ULRCtB0euU.roa (raw, json)
Hash identifier:          eixCKEcxax0Xx9X8r60K22Gh5a72Bz1VtNNKTZwnTaU=
Subject key identifier:   64:54:3F:78:63:08:3B:5F:BA:93:D3:F9:E5:42:D1:0A:D0:74:7A:E5
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       018CC500C17323C18ACB90A8798A00EC4ACC
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ZFQ_eGMIO1-6k9P55ULRCtB0euU.roa
Signing time:             Mon 01 Jan 2024 12:30:10 +0000
ROA not before:           Mon 01 Jan 2024 12:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200275
IP address blocks:        5.231.127.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c1:73:23:c1:8a:cb:90:a8:79:8a:00:ec:4a:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  1 12:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64543f7863083b5fba93d3f9e542d10ad0747ae5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:08:c5:4c:c0:85:35:9f:f7:84:54:f7:da:da:
                    28:a6:ea:46:78:ea:79:34:0c:4f:a2:4e:02:ac:dc:
                    20:50:6a:3c:7b:04:ab:fe:08:62:e4:d4:ec:b8:f6:
                    cd:36:93:22:f3:89:3b:65:bc:2a:a4:fd:ff:dc:05:
                    82:13:f9:59:d4:a4:dc:fd:b2:02:46:13:e2:a1:a4:
                    bc:3b:9f:fd:7e:ff:44:69:54:ed:ca:e2:88:e2:e8:
                    4d:35:2a:f1:8d:c7:47:2f:df:79:27:b7:b4:40:ca:
                    f9:b5:50:79:2a:ef:f3:d1:5d:aa:7a:99:15:30:d3:
                    61:2f:d0:6f:d8:69:e7:26:b9:c3:4c:eb:d8:34:f5:
                    41:10:b8:29:35:54:3a:c5:01:95:55:d1:e6:d7:64:
                    61:80:60:37:65:79:21:49:c4:e7:2b:9a:b3:03:92:
                    93:65:43:33:94:ee:5f:d3:44:fb:c5:5e:4c:df:80:
                    ff:e7:63:1f:d5:ae:c3:d0:8a:50:3c:ad:6f:3b:a5:
                    b3:45:e4:91:ef:38:82:36:20:93:93:78:12:06:91:
                    f8:58:22:24:5c:e1:68:6e:16:9b:92:72:d5:d3:c9:
                    0e:09:d5:35:e8:f2:00:dc:69:05:99:5d:13:70:27:
                    c2:7f:40:47:fe:8d:7a:91:f2:17:27:b6:d9:27:ce:
                    9a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:54:3F:78:63:08:3B:5F:BA:93:D3:F9:E5:42:D1:0A:D0:74:7A:E5
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/ZFQ_eGMIO1-6k9P55ULRCtB0euU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         dc:3b:14:58:83:85:9e:84:ea:03:f7:ae:73:ad:ef:24:4c:8b:
         a6:f3:33:0e:66:18:f8:0b:5a:83:c7:aa:40:89:60:0c:3e:98:
         f3:b0:d6:56:e8:45:92:e6:20:45:53:83:05:bf:fb:ba:df:a3:
         92:5e:37:b7:b4:b5:5a:89:f8:0d:31:7c:a5:14:34:22:91:45:
         97:d2:35:f9:52:8a:e1:fc:b5:2d:83:f1:7f:6e:78:48:60:b3:
         e2:87:ef:15:36:4f:a3:ba:9a:b4:7d:fd:76:37:b9:8a:93:b4:
         08:1e:28:57:a3:cf:52:96:fa:cf:8f:97:06:9c:c4:c0:ea:53:
         a3:6e:9e:f7:15:14:12:6e:52:03:e2:36:1c:57:46:7c:7e:3e:
         5f:83:22:8f:75:b6:fc:ff:7d:11:c5:b6:b4:f9:92:15:81:de:
         97:9b:42:5c:0b:67:23:e0:4e:3f:c3:23:74:fa:79:91:b1:e4:
         53:73:a6:9f:00:05:8d:66:e3:08:22:80:ab:f0:8a:36:27:0b:
         d9:ea:2c:c4:3a:af:32:29:73:78:7c:e9:ce:cf:ad:df:49:23:
         b5:15:02:c0:c1:b8:d5:f3:9d:7b:21:bf:80:68:26:56:f5:0e:
         b4:bc:bd:e9:47:0c:47:a0:8e:4e:1b:d3:f1:14:b8:1e:3b:a4:
         74:24:f2:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMFzI8GKy5CoeYoA7ErMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwMTAxMTIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDU0M2Y3ODYzMDgzYjVmYmE5M2QzZjllNTQyZDEwYWQwNzQ3YWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwjFTMCFNZ/3hFT32toopupGeOp5
NAxPok4CrNwgUGo8ewSr/ghi5NTsuPbNNpMi84k7ZbwqpP3/3AWCE/lZ1KTc/bIC
RhPioaS8O5/9fv9EaVTtyuKI4uhNNSrxjcdHL995J7e0QMr5tVB5Ku/z0V2qepkV
MNNhL9Bv2GnnJrnDTOvYNPVBELgpNVQ6xQGVVdHm12RhgGA3ZXkhScTnK5qzA5KT
ZUMzlO5f00T7xV5M34D/52Mf1a7D0IpQPK1vO6WzReSR7ziCNiCTk3gSBpH4WCIk
XOFobhabknLV08kOCdU16PIA3GkFmV0TcCfCf0BH/o16kfIXJ7bZJ86awwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRUP3hjCDtfupPT+eVC0QrQdHrlMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvWkZRX2VHTUlPMS02azlQNTVVTFJDdEIwZXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABed/MA0G
CSqGSIb3DQEBCwUAA4IBAQDcOxRYg4WehOoD965zre8kTIum8zMOZhj4C1qDx6pA
iWAMPpjzsNZW6EWS5iBFU4MFv/u636OSXje3tLVaifgNMXylFDQikUWX0jX5Uorh
/LUtg/F/bnhIYLPih+8VNk+jupq0ff12N7mKk7QIHihXo89SlvrPj5cGnMTA6lOj
bp73FRQSblID4jYcV0Z8fj5fgyKPdbb8/30Rxba0+ZIVgd6Xm0JcC2cj4E4/wyN0
+nmRseRTc6afAAWNZuMIIoCr8Io2JwvZ6izEOq8yKXN4fOnOz63fSSO1FQLAwbjV
8517Ib+AaCZW9Q60vL3pRwxHoI5OG9PxFLgeO6R0JPIl
-----END CERTIFICATE-----