Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/zg-by_xqtavGetSnMZ8pLTAeK9U.roa
File:                     zg-by_xqtavGetSnMZ8pLTAeK9U.roa (raw, json)
Hash identifier:          6esKUIqJoGkui+Oc4VSwTq1H2VVTB3FRBgQ07aJn/xI=
Subject key identifier:   CE:0F:9B:CB:FC:6A:B5:AB:C6:7A:D4:A7:31:9F:29:2D:30:1E:2B:D5
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018CC4255746AD194CE3C0606E718383246D
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/zg-by_xqtavGetSnMZ8pLTAeK9U.roa
Signing time:             Mon 01 Jan 2024 08:30:30 +0000
ROA not before:           Mon 01 Jan 2024 08:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22439
IP address blocks:        89.190.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:57:46:ad:19:4c:e3:c0:60:6e:71:83:83:24:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  1 08:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce0f9bcbfc6ab5abc67ad4a7319f292d301e2bd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:20:7e:0e:8a:e5:6d:38:93:f7:bd:b3:40:20:
                    b8:ea:51:af:7d:55:b8:95:b7:1e:f0:9e:14:38:0a:
                    88:e9:55:33:36:9a:db:ef:e3:47:5f:95:34:d6:38:
                    03:5f:0c:f5:29:53:38:bc:08:ea:8b:bb:88:1c:a0:
                    79:b3:6e:5a:f2:fb:82:ae:4e:78:3b:08:0b:c1:b9:
                    79:20:d7:15:0a:13:93:8e:4a:ff:32:e3:03:9c:34:
                    7f:94:a5:b4:84:bc:2b:03:ab:b2:fd:99:92:40:56:
                    7e:fd:49:ea:f6:bd:c5:51:4b:2a:52:09:a8:04:d1:
                    9c:f9:94:63:a9:9e:2f:e6:20:f1:39:a2:f9:c1:23:
                    9c:ba:a6:3b:b4:dd:79:05:cf:c8:0d:b5:6d:1c:ea:
                    7d:53:77:ed:6e:23:c2:91:ba:c2:cf:e5:b4:19:a6:
                    bb:96:04:b3:50:5b:5c:2a:f5:22:1e:eb:89:2f:72:
                    48:bd:89:11:3a:a7:b9:dd:da:07:c4:76:99:35:c4:
                    78:0c:06:e0:41:7d:cb:6a:eb:78:ec:b6:b5:22:be:
                    6a:77:e2:1c:7a:04:9d:19:26:56:7b:60:b5:4d:44:
                    f0:e3:6a:7e:c2:cd:57:9e:23:59:bd:ea:9f:9f:95:
                    da:d2:a8:a6:f3:9b:f8:50:a5:96:a4:e8:c0:53:ce:
                    47:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:0F:9B:CB:FC:6A:B5:AB:C6:7A:D4:A7:31:9F:29:2D:30:1E:2B:D5
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/zg-by_xqtavGetSnMZ8pLTAeK9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.190.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:28:ab:91:a3:c6:01:8c:b3:37:4a:d6:ba:d7:5a:af:b1:6d:
         d1:2d:8c:97:ac:34:16:78:70:ae:07:9a:63:c7:b9:99:f9:da:
         06:0f:9c:50:2f:8f:73:53:93:de:06:0f:a0:c1:12:7a:5c:3f:
         cb:2d:5f:10:29:78:27:34:57:d9:14:e9:88:81:a3:0c:a1:04:
         e5:45:05:82:6a:23:92:26:a2:a5:2e:21:b0:61:5a:15:f4:aa:
         12:ba:64:73:43:5b:b1:70:da:3e:d2:f2:f8:7e:ce:d7:e0:82:
         41:2f:01:eb:26:e6:82:b1:e3:01:1a:05:d9:8f:53:5d:04:7b:
         1e:90:b0:d0:33:52:9f:6f:a5:d2:1f:58:ed:26:e4:21:d3:58:
         d1:d8:02:ba:cd:b8:ed:7d:04:ec:b5:bd:ce:c7:4d:1f:28:4f:
         3e:32:66:78:9b:19:cd:a3:94:27:0d:54:f4:27:65:f7:1a:33:
         bc:07:0f:c9:d6:f9:0d:97:a5:cb:f9:f8:fa:2c:08:eb:e4:13:
         40:ad:96:8d:83:6e:34:a7:f5:1f:df:4c:18:fa:7e:03:f4:78:
         0e:d4:61:a4:f4:ee:32:3e:7c:f2:34:29:a3:ac:cc:d3:43:64:
         60:69:42:fe:3a:61:6e:c2:eb:48:81:2e:d2:3a:6c:25:a5:a0:
         a2:1f:66:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVdGrRlM48BgbnGDgyRtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTBmOWJjYmZjNmFiNWFiYzY3YWQ0YTczMTlmMjkyZDMwMWUyYmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCB+DorlbTiT972zQCC46lGvfVW4
lbce8J4UOAqI6VUzNprb7+NHX5U01jgDXwz1KVM4vAjqi7uIHKB5s25a8vuCrk54
OwgLwbl5INcVChOTjkr/MuMDnDR/lKW0hLwrA6uy/ZmSQFZ+/Unq9r3FUUsqUgmo
BNGc+ZRjqZ4v5iDxOaL5wSOcuqY7tN15Bc/IDbVtHOp9U3ftbiPCkbrCz+W0Gaa7
lgSzUFtcKvUiHuuJL3JIvYkROqe53doHxHaZNcR4DAbgQX3Laut47La1Ir5qd+Ic
egSdGSZWe2C1TUTw42p+ws1XniNZveqfn5Xa0qim85v4UKWWpOjAU85HLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4Pm8v8arWrxnrUpzGfKS0wHivVMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvemctYnlfeHF0YXZHZXRTbk1aOHBMVEFlSzlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWb6eMA0G
CSqGSIb3DQEBCwUAA4IBAQBMKKuRo8YBjLM3Sta611qvsW3RLYyXrDQWeHCuB5pj
x7mZ+doGD5xQL49zU5PeBg+gwRJ6XD/LLV8QKXgnNFfZFOmIgaMMoQTlRQWCaiOS
JqKlLiGwYVoV9KoSumRzQ1uxcNo+0vL4fs7X4IJBLwHrJuaCseMBGgXZj1NdBHse
kLDQM1Kfb6XSH1jtJuQh01jR2AK6zbjtfQTstb3Ox00fKE8+MmZ4mxnNo5QnDVT0
J2X3GjO8Bw/J1vkNl6XL+fj6LAjr5BNArZaNg240p/Uf30wY+n4D9HgO1GGk9O4y
PnzyNCmjrMzTQ2RgaUL+OmFuwutIgS7SOmwlpaCiH2b8
-----END CERTIFICATE-----