Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/zOiUb6C0vIjlye0tzdb9SD5C5GA.roa
File:                     zOiUb6C0vIjlye0tzdb9SD5C5GA.roa (raw, json)
Hash identifier:          P0/8K4gax3yz8F+2pW5WFEEmKS3G0Hok+z7e9n1LRJY=
Subject key identifier:   CC:E8:94:6F:A0:B4:BC:88:E5:C9:ED:2D:CD:D6:FD:48:3E:42:E4:60
Certificate issuer:       /CN=a38b176a7d92e501eedaef6c60e8ce3a68d75224
Certificate serial:       018CC801C5BE627249ACDBF30D93C29BCFDA
Authority key identifier: A3:8B:17:6A:7D:92:E5:01:EE:DA:EF:6C:60:E8:CE:3A:68:D7:52:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/zOiUb6C0vIjlye0tzdb9SD5C5GA.roa
Signing time:             Tue 02 Jan 2024 02:30:08 +0000
ROA not before:           Tue 02 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61977
IP address blocks:        193.0.232.0/24 maxlen: 24
                          2a13:1500::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c5:be:62:72:49:ac:db:f3:0d:93:c2:9b:cf:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a38b176a7d92e501eedaef6c60e8ce3a68d75224
        Validity
            Not Before: Jan  2 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cce8946fa0b4bc88e5c9ed2dcdd6fd483e42e460
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:20:46:b8:6a:37:22:d6:16:3a:02:49:34:04:
                    3e:a7:9c:42:88:ca:23:26:f0:12:76:cf:4b:e7:0e:
                    d9:cb:2b:7f:92:2e:1a:2e:84:40:0f:85:ae:2b:6a:
                    79:39:0d:69:78:63:ae:60:01:6b:08:e0:6a:68:af:
                    57:73:ff:39:a7:d4:1f:3e:7d:5b:61:b6:46:bb:3e:
                    c2:89:21:ff:bd:bb:64:1c:b4:e3:60:0e:64:1c:0a:
                    4e:04:be:79:e2:0a:89:36:08:ba:1d:79:01:fe:ae:
                    9f:ad:6c:ff:69:50:da:29:df:43:73:a1:e7:f0:05:
                    d1:77:00:77:ae:4e:1b:17:72:ad:08:18:fd:ce:c7:
                    48:ef:79:04:b5:c8:7b:06:d8:88:c9:d9:4b:fe:9d:
                    df:38:7f:04:d5:43:27:b2:cc:3b:2c:f2:5f:dc:90:
                    c3:4c:db:ee:c8:62:d0:44:71:a8:e3:2c:9c:be:07:
                    b2:94:c1:68:0e:35:b7:bd:e3:48:17:f0:aa:e1:68:
                    54:e5:bb:a6:55:a3:ce:c5:7d:60:85:18:57:90:7d:
                    7a:ce:4a:34:2a:b9:3b:07:2c:2f:6e:10:72:6c:5e:
                    2e:0b:a2:fc:3a:60:0f:62:ed:50:4a:a9:af:da:cc:
                    ec:2d:51:3e:1a:6f:e9:6b:f1:49:01:1c:e3:87:05:
                    cf:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:E8:94:6F:A0:B4:BC:88:E5:C9:ED:2D:CD:D6:FD:48:3E:42:E4:60
            X509v3 Authority Key Identifier:
                keyid:A3:8B:17:6A:7D:92:E5:01:EE:DA:EF:6C:60:E8:CE:3A:68:D7:52:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/zOiUb6C0vIjlye0tzdb9SD5C5GA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.232.0/24
                IPv6:
                  2a13:1500::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:e8:7c:97:d2:c2:da:27:f1:f0:f3:b2:3b:d4:d8:34:8c:fa:
         50:62:23:e6:4a:ba:47:f2:2d:b0:18:81:e2:50:06:34:40:8d:
         9e:f5:f3:bd:03:13:32:55:34:6c:9c:45:44:f3:32:74:a6:1b:
         be:a5:01:c5:3c:62:b1:4c:14:16:da:56:72:d2:86:39:39:f5:
         3b:7e:b4:1d:be:51:66:6f:04:b6:e7:e9:10:10:66:8d:2e:5e:
         2c:58:11:08:7b:32:69:0a:3f:68:22:c3:7b:33:b9:06:66:6b:
         5d:ee:90:31:92:e3:22:f0:39:17:71:68:bf:fd:db:6d:b3:db:
         7b:71:65:a8:05:8b:cc:37:bd:05:03:5e:3d:64:18:cc:6c:9b:
         30:fe:9a:78:29:fc:20:9b:00:ed:a1:c2:59:d4:27:28:16:c0:
         6e:56:a0:a3:95:fa:93:fe:6d:fe:d2:cd:70:0d:3c:d5:5d:ff:
         34:3e:36:3e:1b:cd:21:b4:47:44:13:b8:cb:94:eb:a7:21:07:
         e3:cf:ab:ef:91:1e:42:0f:14:6e:d4:99:1b:85:27:a6:e7:40:
         0e:26:24:cd:17:83:5a:7e:3a:9d:34:6f:4f:9c:3d:2a:47:5a:
         83:62:05:84:28:d9:43:ed:ef:ae:6c:de:cc:e9:0f:5f:06:ad:
         25:cb:09:b7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAcW+YnJJrNvzDZPCm8/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzOGIxNzZhN2Q5MmU1MDFlZWRhZWY2YzYwZThjZTNhNjhk
NzUyMjQwHhcNMjQwMTAyMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2U4OTQ2ZmEwYjRiYzg4ZTVjOWVkMmRjZGQ2ZmQ0ODNlNDJlNDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSBGuGo3ItYWOgJJNAQ+p5xCiMoj
JvASds9L5w7Zyyt/ki4aLoRAD4WuK2p5OQ1peGOuYAFrCOBqaK9Xc/85p9QfPn1b
YbZGuz7CiSH/vbtkHLTjYA5kHApOBL554gqJNgi6HXkB/q6frWz/aVDaKd9Dc6Hn
8AXRdwB3rk4bF3KtCBj9zsdI73kEtch7BtiIydlL/p3fOH8E1UMnssw7LPJf3JDD
TNvuyGLQRHGo4yycvgeylMFoDjW3veNIF/Cq4WhU5bumVaPOxX1ghRhXkH16zko0
Krk7BywvbhBybF4uC6L8OmAPYu1QSqmv2szsLVE+Gm/pa/FJARzjhwXPgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMzolG+gtLyI5cntLc3W/Ug+QuRgMB8GA1UdIwQY
MBaAFKOLF2p9kuUB7trvbGDozjpo11IkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRzWGFuMlM1UUh1MnU5c1lPak9PbWpYVWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi84MTAwZGItNDQzYS00YzdlLWJiZTIt
ZWZlNzljMjU0ZTI1LzEvek9pVWI2QzB2SWpseWUwdHpkYjlTRDVDNUdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi84MTAwZGItNDQzYS00YzdlLWJiZTItZWZlNzljMjU0ZTI1
LzEvbzRzWGFuMlM1UUh1MnU5c1lPak9PbWpYVWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwQDoMA0E
AgACMAcDBQMqExUAMA0GCSqGSIb3DQEBCwUAA4IBAQB/6HyX0sLaJ/Hw87I71Ng0
jPpQYiPmSrpH8i2wGIHiUAY0QI2e9fO9AxMyVTRsnEVE8zJ0phu+pQHFPGKxTBQW
2lZy0oY5OfU7frQdvlFmbwS25+kQEGaNLl4sWBEIezJpCj9oIsN7M7kGZmtd7pAx
kuMi8DkXcWi//dtts9t7cWWoBYvMN70FA149ZBjMbJsw/pp4KfwgmwDtocJZ1Cco
FsBuVqCjlfqT/m3+0s1wDTzVXf80PjY+G80htEdEE7jLlOunIQfjz6vvkR5CDxRu
1JkbhSem50AOJiTNF4NafjqdNG9PnD0qR1qDYgWEKNlD7e+ubN7M6Q9fBq0lywm3
-----END CERTIFICATE-----