Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/Z-TsKqvr0RoTDQtSoVbb0Y409S8.roa
File:                     Z-TsKqvr0RoTDQtSoVbb0Y409S8.roa (raw, json)
Hash identifier:          ye9d0c2RSZAMSxMtkVQ3OmdTPg5XQGVUu1JQxFEBIgY=
Subject key identifier:   67:E4:EC:2A:AB:EB:D1:1A:13:0D:0B:52:A1:56:DB:D1:8E:34:F5:2F
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       0190976718B219B8EF659450AC8F7AEBB3DA
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/Z-TsKqvr0RoTDQtSoVbb0Y409S8.roa
Signing time:             Tue 09 Jul 2024 12:10:34 +0000
ROA not before:           Tue 09 Jul 2024 12:10:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212271
IP address blocks:        152.89.170.0/24 maxlen: 24
                          152.89.171.0/24 maxlen: 24
                          185.57.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:97:67:18:b2:19:b8:ef:65:94:50:ac:8f:7a:eb:b3:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jul  9 12:10:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67e4ec2aabebd11a130d0b52a156dbd18e34f52f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5f:b0:08:58:f3:fd:db:50:55:42:71:b2:36:
                    6e:28:0e:c9:d8:de:ff:09:e2:a9:e8:53:4a:3a:11:
                    a7:5c:ce:df:a4:1a:22:9f:9f:7f:0d:33:36:2e:80:
                    59:47:ea:34:9a:f0:68:5e:50:8f:48:ed:e3:43:42:
                    ae:75:57:ab:a8:31:98:3a:94:b5:48:3b:3c:ea:b6:
                    14:12:6a:51:96:72:b1:11:f5:00:52:2d:dc:fb:c9:
                    3f:2d:88:9d:0c:0b:9c:c8:4d:ae:50:0e:0a:8a:47:
                    b3:c1:d4:c0:5a:27:9a:1e:46:f5:fe:12:83:61:24:
                    c1:d1:cf:34:8f:af:97:b8:31:83:52:1c:10:6a:7a:
                    c1:e3:89:93:4d:a2:b3:be:09:ed:0c:e2:50:b8:8b:
                    f1:fa:aa:08:7e:8f:f6:3f:b0:cc:89:b7:ae:46:c6:
                    f0:c7:4a:b0:76:7a:4a:43:d6:ff:f0:96:0c:4d:1d:
                    4c:3a:c6:96:f8:ff:17:74:42:e6:26:6b:ef:b9:a1:
                    08:db:49:9f:5d:70:d6:1f:f9:f5:74:f3:13:93:89:
                    6b:1c:06:a2:8f:d1:fb:6a:db:3c:b0:53:06:46:cd:
                    d6:af:5d:68:bc:e0:3b:60:37:fb:c5:58:5d:56:d7:
                    d3:c5:65:26:b7:5f:d7:78:95:fa:fc:88:7f:ea:d7:
                    69:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:E4:EC:2A:AB:EB:D1:1A:13:0D:0B:52:A1:56:DB:D1:8E:34:F5:2F
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/Z-TsKqvr0RoTDQtSoVbb0Y409S8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.170.0/23
                  185.57.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:23:3d:45:2b:17:35:1f:d9:1c:eb:14:20:b9:6f:0a:a2:06:
         c7:33:9a:b0:6a:e4:32:cc:83:5b:29:48:58:aa:78:42:46:f0:
         2b:23:62:6d:2e:56:b0:c0:80:8c:b3:04:49:de:a4:da:b4:e7:
         d9:a8:87:99:66:ad:97:83:59:3c:2d:bf:9f:a8:e6:44:20:c9:
         e1:f9:d7:29:ce:09:e9:fd:ac:3d:4b:63:15:a8:f3:a1:eb:5a:
         25:72:f2:8b:df:ee:c5:24:72:00:a5:0c:ca:a0:d9:31:a2:0d:
         52:9d:0e:b1:94:07:55:18:35:4f:83:fe:5e:56:ee:cf:80:15:
         45:ab:54:b4:6e:61:bc:e6:75:9e:c4:b4:85:ac:f3:5b:ff:2a:
         9d:96:02:63:e3:50:24:c3:47:18:a3:d9:4b:fc:8b:6f:6b:9c:
         cf:c5:3f:7c:12:fb:92:b4:44:52:2f:9c:4a:e5:34:5e:c2:06:
         c2:84:06:a0:2d:fe:c7:bd:78:2a:6b:3f:d9:d5:aa:cb:84:f4:
         2a:18:69:a2:35:f1:41:d5:9c:80:ea:da:76:8e:a2:80:a6:cc:
         b3:30:8d:25:be:6f:99:1b:bd:d9:4f:ef:36:a9:6a:c7:1a:87:
         a5:04:f5:56:c7:4d:1b:c5:e6:af:1f:9b:53:78:88:e4:37:2a:
         a2:fb:fe:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCXZxiyGbjvZZRQrI9667PaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwNzA5MTIxMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2U0ZWMyYWFiZWJkMTFhMTMwZDBiNTJhMTU2ZGJkMThlMzRmNTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAml+wCFjz/dtQVUJxsjZuKA7J2N7/
CeKp6FNKOhGnXM7fpBoin59/DTM2LoBZR+o0mvBoXlCPSO3jQ0KudVerqDGYOpS1
SDs86rYUEmpRlnKxEfUAUi3c+8k/LYidDAucyE2uUA4KikezwdTAWieaHkb1/hKD
YSTB0c80j6+XuDGDUhwQanrB44mTTaKzvgntDOJQuIvx+qoIfo/2P7DMibeuRsbw
x0qwdnpKQ9b/8JYMTR1MOsaW+P8XdELmJmvvuaEI20mfXXDWH/n1dPMTk4lrHAai
j9H7ats8sFMGRs3Wr11ovOA7YDf7xVhdVtfTxWUmt1/XeJX6/Ih/6tdpewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGfk7Cqr69EaEw0LUqFW29GONPUvMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvWi1Uc0txdnIwUm9URFF0U29WYmIwWTQwOVM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBmFmqAwQA
uTnnMA0GCSqGSIb3DQEBCwUAA4IBAQAQIz1FKxc1H9kc6xQguW8KogbHM5qwauQy
zINbKUhYqnhCRvArI2JtLlawwICMswRJ3qTatOfZqIeZZq2Xg1k8Lb+fqOZEIMnh
+dcpzgnp/aw9S2MVqPOh61olcvKL3+7FJHIApQzKoNkxog1SnQ6xlAdVGDVPg/5e
Vu7PgBVFq1S0bmG85nWexLSFrPNb/yqdlgJj41Akw0cYo9lL/Itva5zPxT98EvuS
tERSL5xK5TRewgbChAagLf7HvXgqaz/Z1arLhPQqGGmiNfFB1ZyA6tp2jqKApsyz
MI0lvm+ZG73ZT+82qWrHGoelBPVWx00bxeavH5tTeIjkNyqi+/58
-----END CERTIFICATE-----