Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/zoivL_WzxVLkhrs5WJeJrMiSpL0.roa
File:                     zoivL_WzxVLkhrs5WJeJrMiSpL0.roa (raw, json)
Hash identifier:          uulJv87eHKopdA5ii6HpoblGLnKccL2uJmNgMUcHZNA=
Subject key identifier:   CE:88:AF:2F:F5:B3:C5:52:E4:86:BB:39:58:97:89:AC:C8:92:A4:BD
Certificate issuer:       /CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
Certificate serial:       018CC80184A3D1192B70B46D4C21DD27E703
Authority key identifier: A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/zoivL_WzxVLkhrs5WJeJrMiSpL0.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15577
IP address blocks:        217.9.0.0/24 maxlen: 24
                          217.9.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:84:a3:d1:19:2b:70:b4:6d:4c:21:dd:27:e7:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce88af2ff5b3c552e486bb39589789acc892a4bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:bb:2c:d0:97:22:17:12:06:ee:24:d8:22:40:
                    6f:d0:19:20:76:90:db:2f:cc:6d:57:38:80:3f:83:
                    f1:11:9d:49:fb:82:0e:cb:45:95:9e:a4:60:5b:0f:
                    f7:d3:54:d2:30:dd:e4:2b:cd:aa:1a:e4:af:4f:d2:
                    9a:bf:62:fe:f3:54:df:d1:46:16:52:35:85:1a:aa:
                    4e:92:7a:ff:d3:9e:0c:c0:9a:a5:03:9d:02:6e:ae:
                    cd:8f:96:13:7a:33:d2:be:9c:02:2c:17:49:31:4b:
                    74:f1:7b:e4:c2:f1:f2:8b:33:f0:96:18:12:a7:90:
                    2d:ac:2d:23:48:3d:5e:28:d1:f9:81:55:d2:83:3c:
                    c2:4a:37:01:ec:fd:13:65:ca:26:69:26:5d:5d:1d:
                    10:da:9c:c1:4a:b8:66:d6:6e:18:2f:ca:38:13:83:
                    70:25:71:ac:58:1a:ff:78:01:0c:7b:f2:db:4e:6e:
                    2c:84:81:06:af:4a:ed:2f:8b:e0:02:5f:8e:e4:d1:
                    06:da:e5:71:ad:62:05:5e:96:9b:ac:09:70:06:51:
                    2c:16:72:7c:45:3b:ec:78:4d:7e:59:26:d2:d7:3a:
                    17:19:e4:05:ee:8a:88:5d:2d:3e:92:21:ed:fa:02:
                    c9:69:0c:70:f0:cb:99:a0:76:45:5d:f5:37:6e:d2:
                    7b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:88:AF:2F:F5:B3:C5:52:E4:86:BB:39:58:97:89:AC:C8:92:A4:BD
            X509v3 Authority Key Identifier:
                keyid:A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/zoivL_WzxVLkhrs5WJeJrMiSpL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.9.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:dd:f4:05:c7:c2:1a:d3:84:5a:b9:c9:82:bc:4e:21:4a:02:
         6e:f9:ab:39:2e:70:39:67:06:d8:0f:af:1b:db:49:e2:c7:46:
         9e:81:12:d2:e9:6a:83:27:22:0c:73:59:89:67:42:09:f2:ce:
         71:6f:9d:1d:3a:ae:37:01:9b:ee:05:24:15:87:18:75:ed:58:
         20:5a:f1:cc:a1:ff:1b:0c:63:c5:b4:3d:d3:7b:e8:e1:42:ad:
         07:5f:5d:c3:42:57:86:d4:59:05:ef:72:ce:b4:d9:b8:cf:46:
         f0:5f:db:40:c1:79:08:11:da:eb:3f:ce:75:dd:d6:6a:fa:cc:
         11:e9:67:52:23:60:e1:99:4d:3f:e4:51:de:47:6b:81:36:d9:
         b2:f9:d4:31:12:f6:75:1a:63:3a:31:5d:4b:f1:cb:40:d5:1e:
         b9:9f:59:23:bc:9b:d9:51:c9:a1:46:5a:5f:d8:9f:fd:fd:af:
         c7:3e:68:a2:dc:38:20:06:18:1c:90:0d:f1:1a:25:e7:a9:51:
         9b:7b:23:be:76:95:02:fe:8c:b4:55:05:3a:c6:e5:73:5e:a6:
         b7:a9:8f:a0:4f:b8:11:b6:df:30:d2:82:ba:b0:73:63:04:fa:
         9c:2b:a5:aa:39:58:1d:c2:30:64:ed:2e:a9:33:d9:90:14:53:
         01:5f:b0:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAYSj0RkrcLRtTCHdJ+cDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZWUxODJkOWM0M2E1Y2U3MDY4ZGZkOWJhN2FhOGVkOTBl
NWUwYmEwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTg4YWYyZmY1YjNjNTUyZTQ4NmJiMzk1ODk3ODlhY2M4OTJhNGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLss0JciFxIG7iTYIkBv0BkgdpDb
L8xtVziAP4PxEZ1J+4IOy0WVnqRgWw/301TSMN3kK82qGuSvT9Kav2L+81Tf0UYW
UjWFGqpOknr/054MwJqlA50Cbq7Nj5YTejPSvpwCLBdJMUt08XvkwvHyizPwlhgS
p5AtrC0jSD1eKNH5gVXSgzzCSjcB7P0TZcomaSZdXR0Q2pzBSrhm1m4YL8o4E4Nw
JXGsWBr/eAEMe/LbTm4shIEGr0rtL4vgAl+O5NEG2uVxrWIFXpabrAlwBlEsFnJ8
RTvseE1+WSbS1zoXGeQF7oqIXS0+kiHt+gLJaQxw8MuZoHZFXfU3btJ72wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6Iry/1s8VS5Ia7OViXiazIkqS9MB8GA1UdIwQY
MBaAFKfuGC2cQ6XOcGjf2bp6qO2Q5eC6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDkt
NmI1ZjY4NTIyYTdkLzEvem9pdkxfV3p4VkxraHJzNVdKZUpyTWlTcEwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDktNmI1ZjY4NTIyYTdk
LzEvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2QkAMA0G
CSqGSIb3DQEBCwUAA4IBAQA33fQFx8Ia04RaucmCvE4hSgJu+as5LnA5ZwbYD68b
20nix0aegRLS6WqDJyIMc1mJZ0IJ8s5xb50dOq43AZvuBSQVhxh17VggWvHMof8b
DGPFtD3Te+jhQq0HX13DQleG1FkF73LOtNm4z0bwX9tAwXkIEdrrP8513dZq+swR
6WdSI2DhmU0/5FHeR2uBNtmy+dQxEvZ1GmM6MV1L8ctA1R65n1kjvJvZUcmhRlpf
2J/9/a/HPmii3DggBhgckA3xGiXnqVGbeyO+dpUC/oy0VQU6xuVzXqa3qY+gT7gR
tt8w0oK6sHNjBPqcK6WqOVgdwjBk7S6pM9mQFFMBX7AW
-----END CERTIFICATE-----