Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/ZbSWgo97EzziBYp6f21i6nZqYY0.roa
File:                     ZbSWgo97EzziBYp6f21i6nZqYY0.roa (raw, json)
Hash identifier:          lJ6SWEgmBAyC7Vrz4hekvwBkf8j2Z5cNYj9gBzeOS0k=
Subject key identifier:   65:B4:96:82:8F:7B:13:3C:E2:05:8A:7A:7F:6D:62:EA:76:6A:61:8D
Certificate issuer:       /CN=c12ac9b14fd261a8d2763aad417432bebc49a0d6
Certificate serial:       018ED2D0DB82D84C86DA81579E21D8008D5A
Authority key identifier: C1:2A:C9:B1:4F:D2:61:A8:D2:76:3A:AD:41:74:32:BE:BC:49:A0:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/ZbSWgo97EzziBYp6f21i6nZqYY0.roa
Signing time:             Fri 12 Apr 2024 14:58:06 +0000
ROA not before:           Fri 12 Apr 2024 14:58:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208324
IP address blocks:        45.143.29.0/24 maxlen: 24
                          45.143.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d2:d0:db:82:d8:4c:86:da:81:57:9e:21:d8:00:8d:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c12ac9b14fd261a8d2763aad417432bebc49a0d6
        Validity
            Not Before: Apr 12 14:58:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65b496828f7b133ce2058a7a7f6d62ea766a618d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c9:37:ce:1f:6d:c2:e4:e8:b4:9a:59:b8:5a:
                    0f:a6:79:97:d9:94:8f:25:59:4e:2a:3a:63:f8:15:
                    d6:14:c0:aa:f1:1f:61:e2:36:4c:1d:94:b5:3a:d8:
                    1b:b3:1a:75:9b:85:65:5e:57:1d:ca:d6:c1:ac:e5:
                    1e:e6:f0:01:bd:a0:ac:4c:09:42:39:fd:ea:a3:69:
                    51:28:15:62:f6:1b:87:3b:15:78:87:e1:3a:f3:5b:
                    37:a4:69:70:41:29:91:7b:28:bf:ad:13:52:54:3b:
                    65:d7:be:5c:c3:bb:07:a8:3f:ad:6f:1d:b0:8c:6d:
                    4b:7f:94:cd:0b:4f:87:c5:c3:d3:30:bf:87:30:cd:
                    c7:ab:13:82:0e:02:8d:c2:62:29:ce:5c:b6:a7:36:
                    ac:c4:37:c0:eb:f6:a7:69:7c:87:67:65:a9:f1:89:
                    9e:da:59:3b:f0:1a:e4:81:0d:b5:e2:db:13:fe:89:
                    42:9b:6c:65:02:26:6e:57:c3:03:f6:3f:3a:03:13:
                    8e:81:54:2f:e0:9b:41:dd:1f:91:8b:87:4a:32:08:
                    5a:30:f5:73:88:af:0f:fb:35:2b:69:ee:73:6f:5e:
                    94:21:4c:5c:3c:61:e8:c0:7d:7f:8e:21:cd:58:ca:
                    bc:68:c9:40:3e:d9:ee:a9:2e:a7:a3:c3:e0:31:4c:
                    ca:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:B4:96:82:8F:7B:13:3C:E2:05:8A:7A:7F:6D:62:EA:76:6A:61:8D
            X509v3 Authority Key Identifier:
                keyid:C1:2A:C9:B1:4F:D2:61:A8:D2:76:3A:AD:41:74:32:BE:BC:49:A0:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wSrJsU_SYajSdjqtQXQyvrxJoNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/ZbSWgo97EzziBYp6f21i6nZqYY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/7011dd-c2d9-4341-9236-2167cf01cf4a/1/wSrJsU_SYajSdjqtQXQyvrxJoNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.29.0/24
                  45.143.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:7b:55:78:92:89:bd:37:d2:92:1c:70:f8:53:ec:32:fe:e4:
         56:4a:e7:b3:ca:29:ae:3d:ec:72:2f:82:56:1e:df:20:db:25:
         1a:d9:56:93:34:f0:c7:2d:1d:9e:d2:aa:85:d7:66:35:e3:3e:
         1d:61:e5:b4:21:a8:fa:54:ea:57:9b:6d:7f:73:a7:1f:4c:e0:
         d9:c9:18:80:77:dd:f9:25:ae:a9:92:84:41:82:b5:e1:0d:9d:
         a7:76:f7:10:fd:cd:75:b5:be:ea:24:aa:7b:95:90:25:fd:24:
         dd:5d:5a:ec:46:2a:77:59:6e:70:43:8b:8b:85:5b:3f:5e:5c:
         6e:70:b7:2b:1d:c8:c7:88:83:c4:82:35:75:bf:db:78:a3:11:
         4c:91:1e:bd:bb:24:2c:82:96:ba:d7:e1:ed:cd:d4:ad:fd:de:
         52:cd:8c:9b:99:48:3c:ff:9d:ed:9f:fc:f7:65:fe:7f:2e:a2:
         0a:44:e4:a2:63:ca:79:4a:df:fa:06:59:25:f5:c1:98:03:2f:
         11:42:0d:cf:0b:64:c5:0e:32:c9:e6:d4:eb:bc:b8:b6:75:a7:
         83:2c:e0:4b:2b:4d:da:70:6f:9f:85:d3:22:ff:43:73:45:06:
         db:ef:ae:02:3c:ab:4c:eb:33:3f:a1:4a:13:36:eb:1a:e0:f8:
         ba:32:c8:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7S0NuC2EyG2oFXniHYAI1aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMmFjOWIxNGZkMjYxYThkMjc2M2FhZDQxNzQzMmJlYmM0
OWEwZDYwHhcNMjQwNDEyMTQ1ODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWI0OTY4MjhmN2IxMzNjZTIwNThhN2E3ZjZkNjJlYTc2NmE2MThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8k3zh9twuTotJpZuFoPpnmX2ZSP
JVlOKjpj+BXWFMCq8R9h4jZMHZS1Otgbsxp1m4VlXlcdytbBrOUe5vABvaCsTAlC
Of3qo2lRKBVi9huHOxV4h+E681s3pGlwQSmReyi/rRNSVDtl175cw7sHqD+tbx2w
jG1Lf5TNC0+HxcPTML+HMM3HqxOCDgKNwmIpzly2pzasxDfA6/anaXyHZ2Wp8Yme
2lk78BrkgQ214tsT/olCm2xlAiZuV8MD9j86AxOOgVQv4JtB3R+Ri4dKMghaMPVz
iK8P+zUrae5zb16UIUxcPGHowH1/jiHNWMq8aMlAPtnuqS6no8PgMUzKawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGW0loKPexM84gWKen9tYup2amGNMB8GA1UdIwQY
MBaAFMEqybFP0mGo0nY6rUF0Mr68SaDWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1NySnNVX1NZYWpTZGpxdFFYUXl2cnhKb05ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83MDExZGQtYzJkOS00MzQxLTkyMzYt
MjE2N2NmMDFjZjRhLzEvWmJTV2dvOTdFenppQllwNmYyMWk2blpxWVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS83MDExZGQtYzJkOS00MzQxLTkyMzYtMjE2N2NmMDFjZjRh
LzEvd1NySnNVX1NZYWpTZGpxdFFYUXl2cnhKb05ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY8dAwQA
LY8fMA0GCSqGSIb3DQEBCwUAA4IBAQBAe1V4kom9N9KSHHD4U+wy/uRWSuezyimu
PexyL4JWHt8g2yUa2VaTNPDHLR2e0qqF12Y14z4dYeW0Iaj6VOpXm21/c6cfTODZ
yRiAd935Ja6pkoRBgrXhDZ2ndvcQ/c11tb7qJKp7lZAl/STdXVrsRip3WW5wQ4uL
hVs/XlxucLcrHcjHiIPEgjV1v9t4oxFMkR69uyQsgpa61+HtzdSt/d5SzYybmUg8
/53tn/z3Zf5/LqIKROSiY8p5St/6Blkl9cGYAy8RQg3PC2TFDjLJ5tTrvLi2daeD
LOBLK03acG+fhdMi/0NzRQbb764CPKtM6zM/oUoTNusa4Pi6Msg2
-----END CERTIFICATE-----