Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/fac7ed-9018-45db-8947-fb5c582e4097/1/Z3gifg4d3eU3MS3cwfwMq8wHeJI.roa
File:                     Z3gifg4d3eU3MS3cwfwMq8wHeJI.roa (raw, json)
Hash identifier:          lZ/o2fGstXX3/iulWs2Pl1V0rS9NEhQhjUJIRI+/swo=
Subject key identifier:   67:78:22:7E:0E:1D:DD:E5:37:31:2D:DC:C1:FC:0C:AB:CC:07:78:92
Certificate issuer:       /CN=e230de5fd3c2455173ba696a99441d9620d81d38
Certificate serial:       018CC42510667D3E17567EE02EC3659923D6
Authority key identifier: E2:30:DE:5F:D3:C2:45:51:73:BA:69:6A:99:44:1D:96:20:D8:1D:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4jDeX9PCRVFzumlqmUQdliDYHTg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/fac7ed-9018-45db-8947-fb5c582e4097/1/Z3gifg4d3eU3MS3cwfwMq8wHeJI.roa
Signing time:             Mon 01 Jan 2024 08:30:12 +0000
ROA not before:           Mon 01 Jan 2024 08:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49771
IP address blocks:        194.242.24.0/24 maxlen: 24
                          194.242.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/fac7ed-9018-45db-8947-fb5c582e4097/1/4jDeX9PCRVFzumlqmUQdliDYHTg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/fac7ed-9018-45db-8947-fb5c582e4097/1/4jDeX9PCRVFzumlqmUQdliDYHTg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4jDeX9PCRVFzumlqmUQdliDYHTg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:10:66:7d:3e:17:56:7e:e0:2e:c3:65:99:23:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e230de5fd3c2455173ba696a99441d9620d81d38
        Validity
            Not Before: Jan  1 08:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6778227e0e1ddde537312ddcc1fc0cabcc077892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:26:69:ec:bd:76:a5:13:e8:50:04:16:4c:a3:
                    b0:0d:05:eb:6e:bf:bc:60:f3:e2:84:c5:8a:53:14:
                    8f:c8:8f:bb:45:f2:9e:54:4d:e5:b8:f8:05:30:69:
                    f6:bc:e2:04:a6:89:3f:8a:ac:35:8c:e7:e2:c7:36:
                    b1:5f:1d:e8:e4:cd:0a:8e:98:29:1b:e7:71:dd:b2:
                    f8:cd:7d:75:f7:70:89:3f:3e:86:a4:fa:a8:27:2a:
                    23:8b:53:78:e4:91:40:d1:2d:00:89:b1:38:47:3c:
                    8d:c0:df:0f:f4:ee:8f:e9:9f:e3:bb:2a:ce:a4:8d:
                    df:ba:37:7d:23:b3:01:54:6d:24:e6:38:f3:1b:a6:
                    9d:3f:fb:e0:32:2f:7f:38:0e:27:43:89:e7:a9:c3:
                    85:d1:c1:9e:55:3c:74:cc:9b:5b:e3:cd:c6:26:18:
                    9a:c9:ae:85:2f:17:38:74:09:e4:06:fb:d8:ea:06:
                    9c:57:ee:2a:36:69:c0:e7:2b:c4:8b:fe:5f:7c:df:
                    69:85:61:0c:a6:e4:a6:1e:fb:4d:00:db:57:28:0e:
                    69:31:ed:7d:4b:68:af:2b:ad:2f:61:f1:1a:6a:cc:
                    f3:a4:7e:cd:eb:27:63:20:69:a3:76:58:ba:85:79:
                    e6:9e:55:91:b5:c1:10:0b:f5:68:5a:60:a1:7b:8f:
                    e5:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:78:22:7E:0E:1D:DD:E5:37:31:2D:DC:C1:FC:0C:AB:CC:07:78:92
            X509v3 Authority Key Identifier:
                keyid:E2:30:DE:5F:D3:C2:45:51:73:BA:69:6A:99:44:1D:96:20:D8:1D:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4jDeX9PCRVFzumlqmUQdliDYHTg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/fac7ed-9018-45db-8947-fb5c582e4097/1/Z3gifg4d3eU3MS3cwfwMq8wHeJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/fac7ed-9018-45db-8947-fb5c582e4097/1/4jDeX9PCRVFzumlqmUQdliDYHTg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:02:c5:15:81:81:b2:02:ec:cd:b0:31:8e:77:51:e1:9a:7e:
         1f:4d:ea:27:50:4c:be:74:2d:39:6b:c3:1d:40:07:8d:db:b2:
         4f:cc:dd:19:88:5d:ca:ec:7c:84:0d:c5:5f:99:df:dd:84:e9:
         d6:2b:42:c9:bb:1d:c4:a2:17:6b:54:92:63:a0:0e:9b:74:97:
         2d:ce:49:87:75:44:f8:af:93:d2:5b:12:03:04:29:ca:0b:a5:
         25:7e:0f:a5:13:b9:b9:62:8a:a6:8a:a3:c8:bd:b6:34:47:88:
         9a:04:ea:a4:16:ec:f3:da:9d:db:d1:80:2f:11:a7:0f:3e:e6:
         17:25:44:dd:53:db:53:9f:15:70:1c:eb:2f:06:51:2d:04:8f:
         fb:c8:ea:62:f0:ec:6d:18:bb:84:6f:45:29:34:6d:04:c1:5b:
         7f:3c:ef:e1:b4:f6:cc:9a:a7:f2:d9:c2:5c:a3:93:27:c4:ef:
         1e:61:cd:17:e9:a9:a2:3b:74:b9:60:ab:6d:45:48:ab:a1:8d:
         c6:a6:7f:18:d0:8e:b9:7d:ff:2c:b3:b9:d3:64:22:2b:c0:5f:
         47:7e:c6:5d:00:2e:3d:fe:3c:f8:67:fc:33:33:2e:64:4f:a7:
         7f:ec:50:40:7e:d6:6a:d1:56:b4:6b:aa:d8:43:dd:1b:6e:f4:
         56:53:92:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJRBmfT4XVn7gLsNlmSPWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMzBkZTVmZDNjMjQ1NTE3M2JhNjk2YTk5NDQxZDk2MjBk
ODFkMzgwHhcNMjQwMTAxMDgzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzc4MjI3ZTBlMWRkZGU1MzczMTJkZGNjMWZjMGNhYmNjMDc3ODkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryZp7L12pRPoUAQWTKOwDQXrbr+8
YPPihMWKUxSPyI+7RfKeVE3luPgFMGn2vOIEpok/iqw1jOfixzaxXx3o5M0Kjpgp
G+dx3bL4zX1193CJPz6GpPqoJyoji1N45JFA0S0AibE4RzyNwN8P9O6P6Z/juyrO
pI3fujd9I7MBVG0k5jjzG6adP/vgMi9/OA4nQ4nnqcOF0cGeVTx0zJtb483GJhia
ya6FLxc4dAnkBvvY6gacV+4qNmnA5yvEi/5ffN9phWEMpuSmHvtNANtXKA5pMe19
S2ivK60vYfEaaszzpH7N6ydjIGmjdli6hXnmnlWRtcEQC/VoWmChe4/liwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGd4In4OHd3lNzEt3MH8DKvMB3iSMB8GA1UdIwQY
MBaAFOIw3l/TwkVRc7ppaplEHZYg2B04MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGpEZVg5UENSVkZ6dW1scW1VUWRsaURZSFRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9mYWM3ZWQtOTAxOC00NWRiLTg5NDct
ZmI1YzU4MmU0MDk3LzEvWjNnaWZnNGQzZVUzTVMzY3dmd01xOHdIZUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9mYWM3ZWQtOTAxOC00NWRiLTg5NDctZmI1YzU4MmU0MDk3
LzEvNGpEZVg5UENSVkZ6dW1scW1VUWRsaURZSFRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwvIYMA0G
CSqGSIb3DQEBCwUAA4IBAQAiAsUVgYGyAuzNsDGOd1Hhmn4fTeonUEy+dC05a8Md
QAeN27JPzN0ZiF3K7HyEDcVfmd/dhOnWK0LJux3EohdrVJJjoA6bdJctzkmHdUT4
r5PSWxIDBCnKC6Ulfg+lE7m5YoqmiqPIvbY0R4iaBOqkFuzz2p3b0YAvEacPPuYX
JUTdU9tTnxVwHOsvBlEtBI/7yOpi8OxtGLuEb0UpNG0EwVt/PO/htPbMmqfy2cJc
o5MnxO8eYc0X6amiO3S5YKttRUiroY3Gpn8Y0I65ff8ss7nTZCIrwF9HfsZdAC49
/jz4Z/wzMy5kT6d/7FBAftZq0Va0a6rYQ90bbvRWU5JV
-----END CERTIFICATE-----