Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/caa2da-5ebc-45cb-b8fe-08f3e8907c42/1/ZcCNcvdx8dkijz-vsLG_InixkfI.roa
File:                     ZcCNcvdx8dkijz-vsLG_InixkfI.roa (raw, json)
Hash identifier:          MUqeiNz4qNRhLZcovTLDik2ABGf7xG3vIBGcpHvWOes=
Subject key identifier:   65:C0:8D:72:F7:71:F1:D9:22:8F:3F:AF:B0:B1:BF:22:78:B1:91:F2
Certificate issuer:       /CN=0e3c9ee1be3308fd6bd4a7c7ac2b9d910089b779
Certificate serial:       018CC871092CFE63FC24B380D3F625E5C31F
Authority key identifier: 0E:3C:9E:E1:BE:33:08:FD:6B:D4:A7:C7:AC:2B:9D:91:00:89:B7:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Djye4b4zCP1r1KfHrCudkQCJt3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/caa2da-5ebc-45cb-b8fe-08f3e8907c42/1/ZcCNcvdx8dkijz-vsLG_InixkfI.roa
Signing time:             Tue 02 Jan 2024 04:31:40 +0000
ROA not before:           Tue 02 Jan 2024 04:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199034
IP address blocks:        91.202.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/caa2da-5ebc-45cb-b8fe-08f3e8907c42/1/Djye4b4zCP1r1KfHrCudkQCJt3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/caa2da-5ebc-45cb-b8fe-08f3e8907c42/1/Djye4b4zCP1r1KfHrCudkQCJt3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Djye4b4zCP1r1KfHrCudkQCJt3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 07:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:09:2c:fe:63:fc:24:b3:80:d3:f6:25:e5:c3:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e3c9ee1be3308fd6bd4a7c7ac2b9d910089b779
        Validity
            Not Before: Jan  2 04:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65c08d72f771f1d9228f3fafb0b1bf2278b191f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:84:2c:ef:81:84:94:e5:53:88:0e:46:3f:20:
                    2b:f1:32:82:c4:3f:9e:ef:59:be:00:8d:2f:a1:2b:
                    d3:7e:8c:87:52:fd:cb:4b:e0:d7:53:2c:7b:8c:3e:
                    24:33:f5:61:be:fe:ad:9c:e0:8c:47:f2:dc:e3:d0:
                    27:01:cf:c8:70:e2:91:39:5c:8e:13:c4:8b:ae:35:
                    29:b8:5b:c6:c2:4a:7a:e6:28:3f:89:65:38:df:5f:
                    ea:7d:8a:74:6d:cc:28:05:dd:bf:86:f0:9b:ee:40:
                    28:1f:8c:db:ed:28:9e:42:60:a6:f3:e4:4e:d9:95:
                    d4:1a:7b:04:c9:a9:68:ef:bf:0d:dd:52:4c:60:f8:
                    b7:ba:e3:a4:de:6e:b1:a8:a8:88:be:09:b3:68:a9:
                    27:e0:69:f4:60:99:28:32:cf:54:35:d8:4a:fa:75:
                    fe:17:7e:c3:87:eb:fc:3d:b1:13:69:f9:97:54:0e:
                    45:46:f4:50:8c:02:b9:7f:65:83:55:94:4a:a8:6c:
                    43:fe:3e:a9:73:09:d2:8e:18:1a:f3:f9:c5:97:8f:
                    bc:c9:c1:d3:ed:9e:7d:4e:36:d6:ea:a0:26:87:e4:
                    e8:f4:40:7b:b1:9e:c9:5e:b2:5a:06:8e:77:0b:82:
                    94:88:c1:28:90:f8:b9:37:8c:be:84:50:f6:01:d1:
                    df:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:C0:8D:72:F7:71:F1:D9:22:8F:3F:AF:B0:B1:BF:22:78:B1:91:F2
            X509v3 Authority Key Identifier:
                keyid:0E:3C:9E:E1:BE:33:08:FD:6B:D4:A7:C7:AC:2B:9D:91:00:89:B7:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Djye4b4zCP1r1KfHrCudkQCJt3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/caa2da-5ebc-45cb-b8fe-08f3e8907c42/1/ZcCNcvdx8dkijz-vsLG_InixkfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/caa2da-5ebc-45cb-b8fe-08f3e8907c42/1/Djye4b4zCP1r1KfHrCudkQCJt3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:ee:55:b9:0e:11:0a:96:16:a5:fe:f5:8a:bd:31:50:f9:78:
         f8:89:58:9a:d2:d6:e5:2c:be:79:b1:4b:66:20:92:36:a5:4d:
         29:df:dd:43:22:ec:f0:39:3d:8c:63:b6:e1:80:d1:2f:a2:cf:
         4f:b0:56:97:a6:58:09:f6:0f:a3:b7:cc:dc:5c:60:6e:95:b4:
         bd:d9:4f:bf:18:ed:b4:c0:c4:9f:36:5c:9b:86:50:6a:fe:90:
         ba:6c:c8:90:ab:80:e8:2d:8c:7f:40:60:77:f2:f5:d8:a2:9f:
         bd:05:f1:7b:b3:a7:ea:2a:86:c7:36:9a:c9:a7:ec:a7:fa:72:
         ea:80:c1:46:32:bb:7a:fe:e3:bd:18:03:0d:a5:50:52:94:d5:
         db:87:fd:d4:b2:c9:3c:93:04:a9:69:4f:cd:e6:12:81:5f:3e:
         d1:7c:7f:6e:a5:e1:73:ab:24:ff:6f:02:d7:20:32:7a:7d:01:
         1e:69:0e:e3:e3:e8:49:36:b8:87:b2:84:06:b0:f3:33:53:24:
         8f:a4:1d:ba:ad:82:fb:76:8f:e4:37:a5:90:17:65:ca:77:76:
         d1:cb:41:32:49:1f:2c:eb:35:6e:18:88:4f:46:b1:46:2b:12:
         4f:51:c9:e9:97:0f:64:24:1d:88:36:9b:42:f8:a4:da:52:0b:
         e1:64:17:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcQks/mP8JLOA0/Yl5cMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlM2M5ZWUxYmUzMzA4ZmQ2YmQ0YTdjN2FjMmI5ZDkxMDA4
OWI3NzkwHhcNMjQwMTAyMDQzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWMwOGQ3MmY3NzFmMWQ5MjI4ZjNmYWZiMGIxYmYyMjc4YjE5MWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYQs74GElOVTiA5GPyAr8TKCxD+e
71m+AI0voSvTfoyHUv3LS+DXUyx7jD4kM/Vhvv6tnOCMR/Lc49AnAc/IcOKROVyO
E8SLrjUpuFvGwkp65ig/iWU431/qfYp0bcwoBd2/hvCb7kAoH4zb7SieQmCm8+RO
2ZXUGnsEyalo778N3VJMYPi3uuOk3m6xqKiIvgmzaKkn4Gn0YJkoMs9UNdhK+nX+
F37Dh+v8PbETafmXVA5FRvRQjAK5f2WDVZRKqGxD/j6pcwnSjhga8/nFl4+8ycHT
7Z59TjbW6qAmh+To9EB7sZ7JXrJaBo53C4KUiMEokPi5N4y+hFD2AdHfywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXAjXL3cfHZIo8/r7CxvyJ4sZHyMB8GA1UdIwQY
MBaAFA48nuG+Mwj9a9Snx6wrnZEAibd5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGp5ZTRiNHpDUDFyMUtmSHJDdWRrUUNKdDNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9jYWEyZGEtNWViYy00NWNiLWI4ZmUt
MDhmM2U4OTA3YzQyLzEvWmNDTmN2ZHg4ZGtpanotdnNMR19Jbml4a2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9jYWEyZGEtNWViYy00NWNiLWI4ZmUtMDhmM2U4OTA3YzQy
LzEvRGp5ZTRiNHpDUDFyMUtmSHJDdWRrUUNKdDNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8qxMA0G
CSqGSIb3DQEBCwUAA4IBAQBr7lW5DhEKlhal/vWKvTFQ+Xj4iVia0tblLL55sUtm
IJI2pU0p391DIuzwOT2MY7bhgNEvos9PsFaXplgJ9g+jt8zcXGBulbS92U+/GO20
wMSfNlybhlBq/pC6bMiQq4DoLYx/QGB38vXYop+9BfF7s6fqKobHNprJp+yn+nLq
gMFGMrt6/uO9GAMNpVBSlNXbh/3Ussk8kwSpaU/N5hKBXz7RfH9upeFzqyT/bwLX
IDJ6fQEeaQ7j4+hJNriHsoQGsPMzUySPpB26rYL7do/kN6WQF2XKd3bRy0EySR8s
6zVuGIhPRrFGKxJPUcnplw9kJB2INptC+KTaUgvhZBdz
-----END CERTIFICATE-----