Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/zD4OUFxVrWWz4QPX_tmPsOqHRtw.roa
File:                     zD4OUFxVrWWz4QPX_tmPsOqHRtw.roa (raw, json)
Hash identifier:          aYemidJ+1EzI2KQRuvRwJ683s++tloIVr+6IhwnVtHM=
Subject key identifier:   CC:3E:0E:50:5C:55:AD:65:B3:E1:03:D7:FE:D9:8F:B0:EA:87:46:DC
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018E1A0DE208447B9E899BD9E073B1D37F70
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/zD4OUFxVrWWz4QPX_tmPsOqHRtw.roa
Signing time:             Thu 07 Mar 2024 17:55:01 +0000
ROA not before:           Thu 07 Mar 2024 17:55:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210538
IP address blocks:        45.94.170.0/24 maxlen: 24
                          193.57.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1a:0d:e2:08:44:7b:9e:89:9b:d9:e0:73:b1:d3:7f:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Mar  7 17:55:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc3e0e505c55ad65b3e103d7fed98fb0ea8746dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a2:3f:ac:2f:d3:4a:ae:d2:1c:ed:dd:9d:96:
                    84:fa:cc:79:d0:89:85:7e:2c:0c:d4:c7:c4:ee:3c:
                    d8:b8:e9:08:94:51:31:35:19:f1:04:71:60:5e:0e:
                    fa:7b:d8:fb:6e:82:c3:62:6d:a6:72:98:1b:d9:e6:
                    06:2e:ea:73:6c:63:9c:63:b6:46:e2:e6:c5:f9:aa:
                    04:bf:85:b7:b7:2f:6d:ed:a5:e9:e3:c5:49:1b:b3:
                    65:d5:00:6e:af:10:80:a5:35:a7:df:e4:08:6a:f6:
                    55:71:7a:6f:6b:48:22:a9:dc:86:1f:a6:35:4d:ee:
                    78:80:1a:16:1f:d8:de:0b:76:b0:a4:26:97:99:82:
                    3b:d6:64:9f:0a:bd:34:13:14:87:12:48:78:25:72:
                    7a:9f:1e:c4:d5:7a:0d:a4:3e:79:bd:51:c4:28:04:
                    14:81:5c:cf:90:b9:2e:31:b1:d6:94:ac:a3:0f:c1:
                    ec:81:fa:35:a0:40:eb:96:71:a1:17:5e:7b:4d:cb:
                    ce:05:65:5b:fc:a4:9e:b2:0c:ce:11:d2:8d:fa:fd:
                    76:59:e1:20:18:bb:59:70:05:e4:13:12:75:ee:a5:
                    8f:fd:1b:87:28:d7:85:d0:20:cd:47:08:97:c5:73:
                    d2:34:c6:15:fc:95:c2:a2:21:9d:21:25:17:13:ee:
                    6d:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:3E:0E:50:5C:55:AD:65:B3:E1:03:D7:FE:D9:8F:B0:EA:87:46:DC
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/zD4OUFxVrWWz4QPX_tmPsOqHRtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.170.0/24
                  193.57.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:83:2a:5c:b1:b3:63:4c:d2:96:14:49:80:82:fc:ca:50:18:
         08:8c:ea:a6:5f:10:f1:b8:74:ac:75:b4:16:63:09:e0:da:3f:
         8b:45:d7:0f:a7:d1:bf:8e:25:f3:65:60:fe:62:81:92:d7:38:
         81:81:ab:cf:75:b3:78:b9:94:bd:f8:34:38:2a:35:24:93:53:
         77:78:a3:77:2d:7f:44:a4:1c:c0:38:1e:69:99:9d:3e:59:4e:
         02:68:5f:a0:62:38:d6:f8:aa:6c:a3:a3:6d:42:2b:e2:fc:a4:
         4c:ab:79:8f:60:99:a0:66:44:47:cb:7e:6d:b9:38:cb:11:e1:
         33:84:c5:e8:99:52:9f:d9:42:7c:15:f2:73:06:df:b5:e7:f1:
         68:49:57:11:ae:c9:8a:ed:2a:ed:e9:e0:67:a7:dc:38:c7:e2:
         6b:fd:b3:ca:c1:e7:97:3b:71:97:18:2e:21:da:b4:ec:30:f9:
         64:81:b6:f6:f1:3b:87:e7:4f:38:04:f2:c1:f5:03:05:f4:16:
         72:1e:45:89:5d:3a:bf:6d:66:a9:48:03:2f:6a:91:64:90:b4:
         c6:13:c6:4b:52:5d:29:2c:58:30:cc:47:9d:3a:c9:e6:ff:e9:
         35:a1:fe:91:ee:6c:e5:6f:6f:f3:30:32:9b:f5:af:30:73:d5:
         9a:d0:36:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4aDeIIRHueiZvZ4HOx039wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMzA3MTc1NTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzNlMGU1MDVjNTVhZDY1YjNlMTAzZDdmZWQ5OGZiMGVhODc0NmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6I/rC/TSq7SHO3dnZaE+sx50ImF
fiwM1MfE7jzYuOkIlFExNRnxBHFgXg76e9j7boLDYm2mcpgb2eYGLupzbGOcY7ZG
4ubF+aoEv4W3ty9t7aXp48VJG7Nl1QBurxCApTWn3+QIavZVcXpva0giqdyGH6Y1
Te54gBoWH9jeC3awpCaXmYI71mSfCr00ExSHEkh4JXJ6nx7E1XoNpD55vVHEKAQU
gVzPkLkuMbHWlKyjD8Hsgfo1oEDrlnGhF157TcvOBWVb/KSesgzOEdKN+v12WeEg
GLtZcAXkExJ17qWP/RuHKNeF0CDNRwiXxXPSNMYV/JXCoiGdISUXE+5ttwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMw+DlBcVa1ls+ED1/7Zj7Dqh0bcMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvekQ0T1VGeFZyV1d6NFFQWF90bVBzT3FIUnR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALV6qAwQA
wTkpMA0GCSqGSIb3DQEBCwUAA4IBAQBEgypcsbNjTNKWFEmAgvzKUBgIjOqmXxDx
uHSsdbQWYwng2j+LRdcPp9G/jiXzZWD+YoGS1ziBgavPdbN4uZS9+DQ4KjUkk1N3
eKN3LX9EpBzAOB5pmZ0+WU4CaF+gYjjW+Kpso6NtQivi/KRMq3mPYJmgZkRHy35t
uTjLEeEzhMXomVKf2UJ8FfJzBt+15/FoSVcRrsmK7Srt6eBnp9w4x+Jr/bPKweeX
O3GXGC4h2rTsMPlkgbb28TuH5084BPLB9QMF9BZyHkWJXTq/bWapSAMvapFkkLTG
E8ZLUl0pLFgwzEedOsnm/+k1of6R7mzlb2/zMDKb9a8wc9Wa0DYF
-----END CERTIFICATE-----