Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/znmniGbuvC5YwOh2wJgiXf2atIM.roa
File:                     znmniGbuvC5YwOh2wJgiXf2atIM.roa (raw, json)
Hash identifier:          XkQnN8TOJHC74kRYXNacir/tJaaRpthPJYSqdosfE9w=
Subject key identifier:   CE:79:A7:88:66:EE:BC:2E:58:C0:E8:76:C0:98:22:5D:FD:9A:B4:83
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       01913C63E46F7E4148191086A6610127D0E6
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/znmniGbuvC5YwOh2wJgiXf2atIM.roa
Signing time:             Sat 10 Aug 2024 13:04:25 +0000
ROA not before:           Sat 10 Aug 2024 13:04:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.21.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:3c:63:e4:6f:7e:41:48:19:10:86:a6:61:01:27:d0:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Aug 10 13:04:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce79a78866eebc2e58c0e876c098225dfd9ab483
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a3:4e:69:72:c2:18:4a:e5:dd:ab:b4:88:44:
                    b3:c0:38:dd:c3:41:aa:63:9b:fa:05:00:f9:ab:7f:
                    44:ce:35:f6:47:d8:6b:4c:50:df:8a:9f:89:5b:3b:
                    9d:ec:8f:2e:89:73:cb:d1:03:72:f8:a2:d2:17:0a:
                    7a:ac:4b:88:df:98:b4:cb:cc:82:0d:40:70:c6:d9:
                    57:bd:4e:88:41:05:bc:8a:ec:d9:8d:80:d8:7b:5d:
                    d8:43:94:d2:c4:18:ac:fd:fc:d4:bb:88:52:bc:a6:
                    3d:b5:c9:17:aa:d8:a8:98:d3:d2:a1:4a:b7:e0:4e:
                    b5:65:a1:9e:21:94:e2:ac:51:d4:16:67:e6:9c:18:
                    b9:ef:c7:a0:66:61:51:1d:78:f2:24:f9:e8:97:3e:
                    fe:01:23:bc:fb:11:45:c6:a4:d5:65:87:8b:d0:0a:
                    80:2f:df:b8:c6:17:1e:02:fb:36:91:da:37:f7:b4:
                    f6:96:fe:fc:8a:1d:3f:5d:b8:dd:a2:73:4a:f4:9e:
                    f2:0d:51:c6:c6:1c:37:a3:bb:10:36:99:f7:c6:00:
                    a2:e0:82:76:c5:f9:58:5c:2c:d8:35:bd:3f:3f:94:
                    38:30:1e:47:06:78:44:07:42:b4:4d:f7:39:0d:5b:
                    bc:bd:b1:fb:b0:8d:3f:fe:91:35:fe:51:d5:20:e9:
                    ca:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:79:A7:88:66:EE:BC:2E:58:C0:E8:76:C0:98:22:5D:FD:9A:B4:83
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/znmniGbuvC5YwOh2wJgiXf2atIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:36:59:7b:ae:d1:0a:3d:08:90:11:da:9b:eb:38:78:63:0d:
         f9:80:f6:8a:c0:95:1a:04:89:e4:b3:49:92:ac:0f:d7:cc:e4:
         32:dd:a5:54:70:cd:fe:41:44:50:d6:70:85:9d:3b:0a:b5:c8:
         2d:2c:c6:b7:e8:2a:be:6f:a0:da:32:d4:88:db:7b:e5:61:14:
         1f:ca:db:df:59:25:63:bd:3f:dc:7d:fd:b4:61:1e:a4:3c:1f:
         4e:62:29:f4:be:e4:d2:7d:c0:c2:2e:6c:d5:d9:d1:9d:4b:45:
         5f:49:3c:fc:16:8b:58:1e:4b:2a:a7:fd:2a:0c:43:26:4b:d7:
         c6:de:0f:0b:db:72:51:b2:86:f4:30:39:1e:67:be:47:9d:f9:
         ba:ea:c6:b7:1f:3b:b4:0b:59:3a:87:15:9d:21:04:f2:83:79:
         0d:3d:35:cf:72:9d:76:c4:26:3c:a0:e5:86:aa:d3:51:d3:3b:
         e3:21:35:38:42:dd:dc:ac:7b:ef:16:d0:2a:77:bb:99:4c:6e:
         2c:8c:59:26:9e:62:e1:e2:6e:97:81:43:f6:38:24:56:eb:f1:
         bc:21:b5:f9:fa:06:91:37:91:35:57:5e:a7:e1:6e:dc:f5:c3:
         6e:82:58:80:c4:84:68:4a:5c:cb:a8:2f:8b:1e:6b:df:3f:f5:
         2f:79:34:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZE8Y+RvfkFIGRCGpmEBJ9DmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQwODEwMTMwNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTc5YTc4ODY2ZWViYzJlNThjMGU4NzZjMDk4MjI1ZGZkOWFiNDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6NOaXLCGErl3au0iESzwDjdw0Gq
Y5v6BQD5q39EzjX2R9hrTFDfip+JWzud7I8uiXPL0QNy+KLSFwp6rEuI35i0y8yC
DUBwxtlXvU6IQQW8iuzZjYDYe13YQ5TSxBis/fzUu4hSvKY9tckXqtiomNPSoUq3
4E61ZaGeIZTirFHUFmfmnBi578egZmFRHXjyJPnolz7+ASO8+xFFxqTVZYeL0AqA
L9+4xhceAvs2kdo397T2lv78ih0/XbjdonNK9J7yDVHGxhw3o7sQNpn3xgCi4IJ2
xflYXCzYNb0/P5Q4MB5HBnhEB0K0Tfc5DVu8vbH7sI0//pE1/lHVIOnKoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM55p4hm7rwuWMDodsCYIl39mrSDMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvem5tbmlHYnV2QzVZd09oMndKZ2lYZjJhdElNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRX9MA0G
CSqGSIb3DQEBCwUAA4IBAQAgNll7rtEKPQiQEdqb6zh4Yw35gPaKwJUaBInks0mS
rA/XzOQy3aVUcM3+QURQ1nCFnTsKtcgtLMa36Cq+b6DaMtSI23vlYRQfytvfWSVj
vT/cff20YR6kPB9OYin0vuTSfcDCLmzV2dGdS0VfSTz8FotYHksqp/0qDEMmS9fG
3g8L23JRsob0MDkeZ75Hnfm66sa3Hzu0C1k6hxWdIQTyg3kNPTXPcp12xCY8oOWG
qtNR0zvjITU4Qt3crHvvFtAqd7uZTG4sjFkmnmLh4m6XgUP2OCRW6/G8IbX5+gaR
N5E1V16n4W7c9cNugliAxIRoSlzLqC+LHmvfP/UveTSX
-----END CERTIFICATE-----