Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/ZdUeN1bLq4XgbKblwgHS4Oj88P8.roa
File:                     ZdUeN1bLq4XgbKblwgHS4Oj88P8.roa (raw, json)
Hash identifier:          InmlRBn5QxfjyqCOmiv9oA25xVX45xrP7hPbtLQGpno=
Subject key identifier:   65:D5:1E:37:56:CB:AB:85:E0:6C:A6:E5:C2:01:D2:E0:E8:FC:F0:FF
Certificate issuer:       /CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Certificate serial:       0192485CB70714A9A63697FBCDFC1B54E120
Authority key identifier: 28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/ZdUeN1bLq4XgbKblwgHS4Oj88P8.roa
Signing time:             Tue 01 Oct 2024 13:54:48 +0000
ROA not before:           Tue 01 Oct 2024 13:54:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59456
IP address blocks:        194.99.66.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:48:5c:b7:07:14:a9:a6:36:97:fb:cd:fc:1b:54:e1:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
        Validity
            Not Before: Oct  1 13:54:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65d51e3756cbab85e06ca6e5c201d2e0e8fcf0ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d1:3c:6b:06:eb:b2:90:17:27:0a:93:48:06:
                    e7:e2:34:6c:e7:56:d9:56:36:30:01:1d:cf:b9:01:
                    85:1d:63:8a:41:a6:12:ac:b2:83:a3:03:28:af:83:
                    00:57:99:fc:d2:66:16:58:d5:e7:b2:85:8a:9c:34:
                    03:d3:95:cb:00:ae:87:08:4d:a0:9f:87:55:89:03:
                    24:35:65:5e:c2:c7:d0:5f:08:6e:a6:6c:5f:18:09:
                    ef:7a:fd:17:ed:db:8d:12:3a:d2:ac:85:b5:74:3d:
                    ff:68:96:dc:03:ec:53:7d:d6:39:94:1d:7f:e1:e6:
                    55:8b:8f:95:ed:c9:54:ad:9f:88:c5:e5:80:5b:fd:
                    63:aa:18:dc:24:06:eb:d1:a2:a9:75:8f:7c:6a:e3:
                    48:79:c3:b0:0d:d2:73:e5:eb:4c:a5:30:35:56:b5:
                    99:b7:cd:1c:97:81:d7:0f:18:4e:e8:d6:32:9f:05:
                    35:73:8a:74:4d:bc:f0:1f:94:7e:68:7d:e3:4e:47:
                    73:b3:81:35:d2:a6:1d:53:55:02:0d:22:4c:20:31:
                    06:fd:3c:23:c0:61:3a:7e:a8:29:ea:f8:ea:40:41:
                    95:3f:a0:78:19:80:e4:05:a9:83:88:ac:2f:8a:0c:
                    2b:69:14:d6:41:dd:90:bc:64:fe:9d:6f:a4:96:7b:
                    ef:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:D5:1E:37:56:CB:AB:85:E0:6C:A6:E5:C2:01:D2:E0:E8:FC:F0:FF
            X509v3 Authority Key Identifier:
                keyid:28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/ZdUeN1bLq4XgbKblwgHS4Oj88P8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:a3:d0:23:33:72:d4:1a:89:82:2b:47:bf:d9:83:8b:de:73:
         ac:80:e6:21:13:d7:ac:8f:c4:f9:c6:b9:26:65:47:c0:9c:e7:
         48:36:91:63:31:e9:0a:c4:95:2e:ee:23:7f:92:34:38:51:fb:
         23:58:c9:29:9f:f0:db:67:59:95:96:df:30:be:6b:15:9b:26:
         22:63:d2:ca:4c:25:9f:f9:b8:f3:2e:97:d2:bd:a3:47:bb:da:
         4a:0f:e7:82:8a:f9:c5:6b:6c:8b:e1:69:b5:2e:1e:24:46:fc:
         19:69:b0:0e:25:db:c6:b4:f0:d5:d8:15:a8:32:f5:40:4c:06:
         17:c3:99:78:b7:1c:84:2a:e8:96:1f:04:d6:53:69:5c:e9:8c:
         82:19:c6:9a:cc:13:46:ae:fa:ae:5c:42:06:91:a5:ea:ce:d9:
         57:1e:99:76:81:bb:57:8c:c2:1d:14:22:98:da:d6:95:d1:f4:
         32:4f:57:41:2c:52:52:34:d9:c3:1b:dc:be:59:bf:cb:53:2b:
         13:7b:dd:c6:8a:f7:e2:21:b3:37:4a:d4:7c:1b:98:fa:61:5c:
         bc:a9:23:25:d4:e7:60:4a:32:62:b0:58:59:73:eb:9b:d1:1c:
         a1:76:48:3d:08:f9:19:45:ee:d5:dd:34:57:3f:de:a7:d1:6d:
         78:3a:8d:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJIXLcHFKmmNpf7zfwbVOEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NjRiYjM0ZmI1ZDE2Y2E5ZDFmYTNmOTc5NGNiNDhkNGJl
ZDg0NzMwHhcNMjQxMDAxMTM1NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWQ1MWUzNzU2Y2JhYjg1ZTA2Y2E2ZTVjMjAxZDJlMGU4ZmNmMGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdE8awbrspAXJwqTSAbn4jRs51bZ
VjYwAR3PuQGFHWOKQaYSrLKDowMor4MAV5n80mYWWNXnsoWKnDQD05XLAK6HCE2g
n4dViQMkNWVewsfQXwhupmxfGAnvev0X7duNEjrSrIW1dD3/aJbcA+xTfdY5lB1/
4eZVi4+V7clUrZ+IxeWAW/1jqhjcJAbr0aKpdY98auNIecOwDdJz5etMpTA1VrWZ
t80cl4HXDxhO6NYynwU1c4p0TbzwH5R+aH3jTkdzs4E10qYdU1UCDSJMIDEG/Twj
wGE6fqgp6vjqQEGVP6B4GYDkBamDiKwvigwraRTWQd2QvGT+nW+klnvvmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXVHjdWy6uF4Gym5cIB0uDo/PD/MB8GA1UdIwQY
MBaAFChkuzT7XRbKnR+j+XlMtI1L7YRzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEt
NTkwMGE1OTQ3YjhkLzEvWmRVZU4xYkxxNFhnYktibHdnSFM0T2o4OFA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEtNTkwMGE1OTQ3Yjhk
LzEvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmNCMA0G
CSqGSIb3DQEBCwUAA4IBAQBFo9AjM3LUGomCK0e/2YOL3nOsgOYhE9esj8T5xrkm
ZUfAnOdINpFjMekKxJUu7iN/kjQ4UfsjWMkpn/DbZ1mVlt8wvmsVmyYiY9LKTCWf
+bjzLpfSvaNHu9pKD+eCivnFa2yL4Wm1Lh4kRvwZabAOJdvGtPDV2BWoMvVATAYX
w5l4txyEKuiWHwTWU2lc6YyCGcaazBNGrvquXEIGkaXqztlXHpl2gbtXjMIdFCKY
2taV0fQyT1dBLFJSNNnDG9y+Wb/LUysTe93GivfiIbM3StR8G5j6YVy8qSMl1Odg
SjJisFhZc+ub0Ryhdkg9CPkZRe7V3TRXP96n0W14Oo3E
-----END CERTIFICATE-----