Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/08a9de-c88d-4a45-958e-a277898293b9/1/zaSKpF2sXN10hG7kkAflZzJv_DM.roa
File:                     zaSKpF2sXN10hG7kkAflZzJv_DM.roa (raw, json)
Hash identifier:          A/vtZtbag9cSGoLxmWXAvZrP/K9FMWhUP3VJQ078BTo=
Subject key identifier:   CD:A4:8A:A4:5D:AC:5C:DD:74:84:6E:E4:90:07:E5:67:32:6F:FC:33
Certificate issuer:       /CN=0fe732e6b249093e79a1a507cbcd8196f01817fa
Certificate serial:       018CC94BF656ECCE64D021F6ED219903C73D
Authority key identifier: 0F:E7:32:E6:B2:49:09:3E:79:A1:A5:07:CB:CD:81:96:F0:18:17:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D-cy5rJJCT55oaUHy82BlvAYF_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/08a9de-c88d-4a45-958e-a277898293b9/1/zaSKpF2sXN10hG7kkAflZzJv_DM.roa
Signing time:             Tue 02 Jan 2024 08:30:47 +0000
ROA not before:           Tue 02 Jan 2024 08:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        157.239.128.0/24 maxlen: 24
                          157.239.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/08a9de-c88d-4a45-958e-a277898293b9/1/D-cy5rJJCT55oaUHy82BlvAYF_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/08a9de-c88d-4a45-958e-a277898293b9/1/D-cy5rJJCT55oaUHy82BlvAYF_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D-cy5rJJCT55oaUHy82BlvAYF_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:f6:56:ec:ce:64:d0:21:f6:ed:21:99:03:c7:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0fe732e6b249093e79a1a507cbcd8196f01817fa
        Validity
            Not Before: Jan  2 08:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cda48aa45dac5cdd74846ee49007e567326ffc33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:62:c6:a6:c3:4b:d7:05:ff:51:0e:12:1d:40:
                    ba:ff:d2:5c:27:70:2b:0c:d6:52:57:72:23:d1:2a:
                    84:92:30:c1:9a:78:de:66:80:2e:09:25:89:0d:82:
                    2c:43:a3:b5:38:53:1c:b3:39:9b:e5:bc:c9:ed:cb:
                    63:d9:00:6b:52:d6:a2:c1:f6:3f:ce:4f:01:08:86:
                    1f:a9:b7:50:ca:52:b6:e3:c9:6f:18:8f:16:80:af:
                    a5:43:93:16:fc:82:e4:15:5c:06:9b:87:6d:cd:fb:
                    3c:06:7e:f6:a3:f5:27:a7:36:d2:51:6f:7c:51:6f:
                    05:9b:1e:e4:7e:38:93:bf:37:88:d4:d7:ca:32:84:
                    e4:11:ae:06:b5:40:01:80:ff:60:b9:51:eb:ec:0b:
                    72:00:da:e4:d5:5c:1f:89:89:a2:9e:1f:97:a2:ca:
                    64:ac:e7:a0:e0:9b:df:31:cd:05:53:e1:a8:e6:60:
                    a4:d6:e0:b6:c9:d9:90:5d:43:3d:57:e4:85:6d:bf:
                    68:35:5b:88:92:4e:a0:86:22:fa:be:63:c0:43:70:
                    d4:4a:5c:1c:bb:43:57:e5:63:07:8f:5a:06:15:44:
                    9a:f2:8f:5a:90:da:91:1a:72:93:31:25:83:26:f2:
                    01:12:f1:20:ae:2d:4c:a1:21:3e:3c:cb:3f:bc:41:
                    ce:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:A4:8A:A4:5D:AC:5C:DD:74:84:6E:E4:90:07:E5:67:32:6F:FC:33
            X509v3 Authority Key Identifier:
                keyid:0F:E7:32:E6:B2:49:09:3E:79:A1:A5:07:CB:CD:81:96:F0:18:17:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-cy5rJJCT55oaUHy82BlvAYF_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/08a9de-c88d-4a45-958e-a277898293b9/1/zaSKpF2sXN10hG7kkAflZzJv_DM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/08a9de-c88d-4a45-958e-a277898293b9/1/D-cy5rJJCT55oaUHy82BlvAYF_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.239.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:05:d1:9f:c9:c2:95:97:4d:9d:74:22:67:92:d8:31:8c:fc:
         06:0e:fb:a1:42:09:29:f8:d5:df:55:2e:7f:8a:0e:23:89:af:
         1a:8c:1a:94:01:60:b6:2e:af:1b:d4:42:7a:4a:d7:6c:f0:73:
         b5:c1:fd:ce:c1:71:40:3f:07:a3:f2:c5:45:ce:bd:8a:f6:8e:
         04:9c:4d:bd:97:5b:36:77:dc:f2:21:88:7e:3f:c1:13:0b:8a:
         65:b4:0c:f3:82:95:87:a0:b6:ab:2a:4c:eb:e6:43:ff:cb:48:
         db:5f:ff:e5:1d:dc:b6:2b:f5:4e:a4:c5:af:07:d7:8e:dc:fc:
         11:cc:26:e5:41:ba:6a:42:e3:66:dc:9e:38:c6:14:b1:a6:95:
         62:a5:4f:f3:b2:6a:1d:52:bd:7c:01:2b:e1:18:39:ac:53:3c:
         f3:2f:1e:ae:4e:ad:67:f1:1e:7a:61:c7:53:46:16:b4:be:a1:
         c4:55:43:7d:05:f9:96:fe:af:b1:4f:a1:d6:23:94:dd:78:0d:
         be:2d:be:4a:6d:b3:4d:24:a9:9b:6e:ef:82:24:c0:fa:da:26:
         e9:64:63:96:9a:3d:98:d0:39:f2:54:7b:37:ac:a2:93:88:32:
         a3:b2:f5:ca:64:7c:44:38:c7:40:4a:7e:94:e5:36:5d:38:3f:
         62:e7:00:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJS/ZW7M5k0CH27SGZA8c9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZTczMmU2YjI0OTA5M2U3OWExYTUwN2NiY2Q4MTk2ZjAx
ODE3ZmEwHhcNMjQwMTAyMDgzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGE0OGFhNDVkYWM1Y2RkNzQ4NDZlZTQ5MDA3ZTU2NzMyNmZmYzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2LGpsNL1wX/UQ4SHUC6/9JcJ3Ar
DNZSV3Ij0SqEkjDBmnjeZoAuCSWJDYIsQ6O1OFMcszmb5bzJ7ctj2QBrUtaiwfY/
zk8BCIYfqbdQylK248lvGI8WgK+lQ5MW/ILkFVwGm4dtzfs8Bn72o/UnpzbSUW98
UW8Fmx7kfjiTvzeI1NfKMoTkEa4GtUABgP9guVHr7AtyANrk1VwfiYminh+Xospk
rOeg4JvfMc0FU+Go5mCk1uC2ydmQXUM9V+SFbb9oNVuIkk6ghiL6vmPAQ3DUSlwc
u0NX5WMHj1oGFUSa8o9akNqRGnKTMSWDJvIBEvEgri1MoSE+PMs/vEHOmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2kiqRdrFzddIRu5JAH5Wcyb/wzMB8GA1UdIwQY
MBaAFA/nMuaySQk+eaGlB8vNgZbwGBf6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC1jeTVySkpDVDU1b2FVSHk4MkJsdkFZRl9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wOGE5ZGUtYzg4ZC00YTQ1LTk1OGUt
YTI3Nzg5ODI5M2I5LzEvemFTS3BGMnNYTjEwaEc3a2tBZmxaekp2X0RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wOGE5ZGUtYzg4ZC00YTQ1LTk1OGUtYTI3Nzg5ODI5M2I5
LzEvRC1jeTVySkpDVDU1b2FVSHk4MkJsdkFZRl9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBne+AMA0G
CSqGSIb3DQEBCwUAA4IBAQAdBdGfycKVl02ddCJnktgxjPwGDvuhQgkp+NXfVS5/
ig4jia8ajBqUAWC2Lq8b1EJ6Stds8HO1wf3OwXFAPwej8sVFzr2K9o4EnE29l1s2
d9zyIYh+P8ETC4pltAzzgpWHoLarKkzr5kP/y0jbX//lHdy2K/VOpMWvB9eO3PwR
zCblQbpqQuNm3J44xhSxppVipU/zsmodUr18ASvhGDmsUzzzLx6uTq1n8R56YcdT
Rha0vqHEVUN9BfmW/q+xT6HWI5TdeA2+Lb5KbbNNJKmbbu+CJMD62ibpZGOWmj2Y
0DnyVHs3rKKTiDKjsvXKZHxEOMdASn6U5TZdOD9i5wAs
-----END CERTIFICATE-----