Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/Zfxi7MYDcMd_ChYJlzK3Lk1mb34.roa
File:                     Zfxi7MYDcMd_ChYJlzK3Lk1mb34.roa (raw, json)
Hash identifier:          UIvGxorXFTcawj6QjVXo/y+gPXsM4EdBeMti0mBfwGc=
Subject key identifier:   65:FC:62:EC:C6:03:70:C7:7F:0A:16:09:97:32:B7:2E:4D:66:6F:7E
Certificate issuer:       /CN=9ba94bc14937bb0b3632374355a446724104a981
Certificate serial:       018CC492ED252532F03CFBC6E58AA72A5958
Authority key identifier: 9B:A9:4B:C1:49:37:BB:0B:36:32:37:43:55:A4:46:72:41:04:A9:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/Zfxi7MYDcMd_ChYJlzK3Lk1mb34.roa
Signing time:             Mon 01 Jan 2024 10:30:12 +0000
ROA not before:           Mon 01 Jan 2024 10:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10010
IP address blocks:        193.151.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:ed:25:25:32:f0:3c:fb:c6:e5:8a:a7:2a:59:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ba94bc14937bb0b3632374355a446724104a981
        Validity
            Not Before: Jan  1 10:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65fc62ecc60370c77f0a16099732b72e4d666f7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b4:f6:49:62:77:15:93:e1:7f:25:cf:11:18:
                    23:b9:b5:3c:37:ed:64:32:7d:6f:63:5d:c4:a2:b8:
                    72:81:bd:e2:8e:61:25:6b:ad:99:ff:08:09:26:6e:
                    86:b3:65:46:ba:61:8b:b3:9a:c9:62:22:04:36:d2:
                    de:b7:ff:ef:8a:25:20:53:46:90:06:87:3c:e8:4d:
                    cd:8b:8c:2c:c4:36:b4:fb:57:8f:a4:b4:b3:7b:e9:
                    fe:c3:5b:b7:a0:c5:35:30:1c:54:8c:0e:5f:12:94:
                    5e:67:e0:e2:c6:eb:70:87:e7:73:a6:6f:44:b5:e6:
                    6a:3b:1e:a7:64:de:23:e1:8e:b5:54:8b:a2:c0:94:
                    fc:03:6a:0d:d7:6e:09:9d:74:d3:71:9e:64:fc:97:
                    7b:9a:41:e8:24:3e:1a:98:10:91:73:f1:47:56:ae:
                    06:75:c0:f6:bc:a9:85:29:3c:62:95:c2:dd:c4:4a:
                    0e:ad:80:2b:e9:90:22:11:e3:ab:db:70:bb:51:d8:
                    ef:ae:ca:38:17:7f:53:7a:3d:3d:63:af:6c:90:c6:
                    89:2f:a1:a4:57:2c:57:29:2a:1f:55:13:d8:e5:c3:
                    eb:56:3c:a3:c0:cf:f1:7c:7f:9d:66:b9:b8:ac:f0:
                    13:3d:60:28:3d:f4:d6:89:9f:2d:dd:58:ae:47:9d:
                    64:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:FC:62:EC:C6:03:70:C7:7F:0A:16:09:97:32:B7:2E:4D:66:6F:7E
            X509v3 Authority Key Identifier:
                keyid:9B:A9:4B:C1:49:37:BB:0B:36:32:37:43:55:A4:46:72:41:04:A9:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/Zfxi7MYDcMd_ChYJlzK3Lk1mb34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:7e:95:20:50:b8:d3:31:90:7d:b9:de:2d:b1:27:05:33:b4:
         c2:05:b7:bd:12:6e:ff:ce:cd:e6:bb:84:3c:eb:bb:72:67:da:
         65:6a:37:c7:f5:33:e7:1b:c5:a5:8f:62:fe:0e:73:4a:10:d8:
         5b:62:d9:17:f0:8e:7a:e7:10:8e:81:7f:9a:bd:a5:ca:bb:40:
         99:56:5b:4d:2d:e0:1e:e5:d4:76:88:5a:ed:d6:d8:99:cc:05:
         f5:9f:e9:79:04:6f:68:b3:35:77:c1:2b:7f:39:26:b8:59:07:
         05:23:e5:66:99:18:69:2b:21:69:94:c8:2c:7d:41:5c:c6:a6:
         48:86:cc:fb:78:50:8d:f8:a4:27:ed:70:4b:e0:70:e3:5c:1e:
         5f:db:52:d2:32:54:ac:ae:8f:e3:bd:f0:ed:9c:e9:24:15:8a:
         52:9c:7d:e7:26:61:fa:d0:4a:0d:da:c8:5a:9e:ab:21:1f:83:
         82:01:41:30:1a:ef:2a:d5:82:c3:4c:cb:f6:6b:ae:35:9d:e4:
         ca:83:df:42:52:4d:97:f5:1b:44:b1:9d:fd:d8:11:fa:92:12:
         c2:cc:17:78:d9:a9:d4:49:80:ab:1b:72:c3:6f:3e:7f:02:d9:
         a6:98:0e:cb:36:59:1d:0b:57:0b:4a:59:70:c6:5c:25:28:33:
         3b:c9:43:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEku0lJTLwPPvG5YqnKllYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYTk0YmMxNDkzN2JiMGIzNjMyMzc0MzU1YTQ0NjcyNDEw
NGE5ODEwHhcNMjQwMTAxMTAzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWZjNjJlY2M2MDM3MGM3N2YwYTE2MDk5NzMyYjcyZTRkNjY2ZjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7T2SWJ3FZPhfyXPERgjubU8N+1k
Mn1vY13Eorhygb3ijmEla62Z/wgJJm6Gs2VGumGLs5rJYiIENtLet//viiUgU0aQ
Boc86E3Ni4wsxDa0+1ePpLSze+n+w1u3oMU1MBxUjA5fEpReZ+Dixutwh+dzpm9E
teZqOx6nZN4j4Y61VIuiwJT8A2oN124JnXTTcZ5k/Jd7mkHoJD4amBCRc/FHVq4G
dcD2vKmFKTxilcLdxEoOrYAr6ZAiEeOr23C7Udjvrso4F39Tej09Y69skMaJL6Gk
VyxXKSofVRPY5cPrVjyjwM/xfH+dZrm4rPATPWAoPfTWiZ8t3ViuR51kcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGX8YuzGA3DHfwoWCZcyty5NZm9+MB8GA1UdIwQY
MBaAFJupS8FJN7sLNjI3Q1WkRnJBBKmBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTZsTHdVazN1d3MyTWpkRFZhUkdja0VFcVlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9jYzc4NDMtZDEzNi00ZmZiLThiOTkt
ODM2YzMxMmFjOGMyLzEvWmZ4aTdNWURjTWRfQ2hZSmx6SzNMazFtYjM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9jYzc4NDMtZDEzNi00ZmZiLThiOTktODM2YzMxMmFjOGMy
LzEvbTZsTHdVazN1d3MyTWpkRFZhUkdja0VFcVlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZdvMA0G
CSqGSIb3DQEBCwUAA4IBAQBrfpUgULjTMZB9ud4tsScFM7TCBbe9Em7/zs3mu4Q8
67tyZ9plajfH9TPnG8Wlj2L+DnNKENhbYtkX8I565xCOgX+avaXKu0CZVltNLeAe
5dR2iFrt1tiZzAX1n+l5BG9oszV3wSt/OSa4WQcFI+VmmRhpKyFplMgsfUFcxqZI
hsz7eFCN+KQn7XBL4HDjXB5f21LSMlSsro/jvfDtnOkkFYpSnH3nJmH60EoN2sha
nqshH4OCAUEwGu8q1YLDTMv2a641neTKg99CUk2X9RtEsZ392BH6khLCzBd42anU
SYCrG3LDbz5/AtmmmA7LNlkdC1cLSllwxlwlKDM7yUO3
-----END CERTIFICATE-----