Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/098583-36ce-4692-9dc3-9d988a600757/1/ZXRdT2cnMGCUlawCIGIBaK1hfME.roa
File:                     ZXRdT2cnMGCUlawCIGIBaK1hfME.roa (raw, json)
Hash identifier:          e0VJTyTS0oIBZxBdQT4lqqoXnPmOJeqIuneV9KcVdkM=
Subject key identifier:   65:74:5D:4F:67:27:30:60:94:95:AC:02:20:62:01:68:AD:61:7C:C1
Certificate issuer:       /CN=88ed0c0901c69e5c5d8f51a675d055982f91d2a7
Certificate serial:       018CCA99934F5CF333E1411FA02342B66C47
Authority key identifier: 88:ED:0C:09:01:C6:9E:5C:5D:8F:51:A6:75:D0:55:98:2F:91:D2:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iO0MCQHGnlxdj1GmddBVmC-R0qc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/098583-36ce-4692-9dc3-9d988a600757/1/ZXRdT2cnMGCUlawCIGIBaK1hfME.roa
Signing time:             Tue 02 Jan 2024 14:35:11 +0000
ROA not before:           Tue 02 Jan 2024 14:35:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.151.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/098583-36ce-4692-9dc3-9d988a600757/1/iO0MCQHGnlxdj1GmddBVmC-R0qc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/098583-36ce-4692-9dc3-9d988a600757/1/iO0MCQHGnlxdj1GmddBVmC-R0qc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iO0MCQHGnlxdj1GmddBVmC-R0qc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:93:4f:5c:f3:33:e1:41:1f:a0:23:42:b6:6c:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88ed0c0901c69e5c5d8f51a675d055982f91d2a7
        Validity
            Not Before: Jan  2 14:35:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65745d4f672730609495ac0220620168ad617cc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:94:c0:91:2a:c4:ac:48:73:9e:23:b9:a4:f2:
                    5c:fe:74:c3:12:70:8a:93:e1:ff:52:b0:e2:fc:10:
                    6d:c0:2d:a3:76:96:0d:33:1d:fd:42:d0:3e:14:ba:
                    63:13:f4:aa:d5:4a:8c:c8:38:82:1c:a1:01:91:d3:
                    f0:dd:d2:83:c7:93:8b:11:1c:bd:2d:3b:e9:fd:0d:
                    bb:5a:95:d6:e3:08:f0:c6:3d:a3:45:c1:75:b1:dc:
                    fe:38:b8:c2:ee:c9:23:16:b1:44:8d:18:a2:17:7d:
                    16:c9:19:ad:19:df:8f:87:c5:ef:2d:49:5b:dc:c0:
                    4e:26:5a:d5:99:d0:2d:50:d9:89:66:67:26:48:4f:
                    ca:19:6f:77:e4:a9:a6:8b:fe:58:78:37:99:7c:da:
                    39:18:d1:2f:ed:a4:4b:1b:de:40:43:13:e2:fe:23:
                    4e:36:0f:5d:10:ea:1f:48:46:e7:2b:64:0d:40:49:
                    96:04:9b:3a:1f:a5:12:bb:de:7b:c2:3f:4a:60:01:
                    94:6e:e7:fd:93:5f:e1:16:e2:ff:77:92:ac:61:87:
                    e5:03:0c:9d:8f:ef:f0:91:e6:6c:5b:eb:58:0b:ef:
                    30:03:4d:06:b4:58:1c:f4:40:5e:56:02:63:f0:83:
                    c8:a1:8d:3b:b8:1e:9a:4d:ae:47:67:26:21:99:fc:
                    4a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:74:5D:4F:67:27:30:60:94:95:AC:02:20:62:01:68:AD:61:7C:C1
            X509v3 Authority Key Identifier:
                keyid:88:ED:0C:09:01:C6:9E:5C:5D:8F:51:A6:75:D0:55:98:2F:91:D2:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iO0MCQHGnlxdj1GmddBVmC-R0qc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/098583-36ce-4692-9dc3-9d988a600757/1/ZXRdT2cnMGCUlawCIGIBaK1hfME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/098583-36ce-4692-9dc3-9d988a600757/1/iO0MCQHGnlxdj1GmddBVmC-R0qc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:fd:1d:7f:93:13:0a:c0:dc:50:a8:26:d1:dd:e3:30:c3:e5:
         c9:a0:7e:71:a3:e3:26:d5:d7:4b:e0:7f:b3:81:e7:a7:36:f7:
         26:f3:cc:dc:11:c9:ad:32:99:49:5d:27:54:62:27:38:c8:e6:
         31:a4:60:5a:f7:08:99:6b:9c:d5:e6:cb:42:8b:15:79:8b:da:
         9e:c2:68:33:ee:bd:d8:e0:dd:c6:07:19:3e:8f:5b:23:91:67:
         65:bf:28:31:e6:bc:19:73:2a:f8:07:8b:28:c9:3f:a3:99:fd:
         ee:a1:cc:97:1a:2e:0e:3c:0e:2c:a7:4a:ab:f7:16:52:33:3d:
         e1:37:82:36:8b:4d:4c:45:c4:ef:74:ae:88:e0:36:d4:fe:fb:
         f9:5e:23:13:0b:48:db:ac:6f:7c:4a:a9:04:2c:ce:b6:75:70:
         d0:d8:5d:71:45:cb:50:fe:79:a3:a9:87:75:e0:f9:e3:2f:ff:
         32:ef:57:27:e8:85:3d:65:5b:13:0b:b7:be:5f:86:b1:ff:c2:
         f9:7f:0c:04:56:1d:bc:ee:0b:a8:d0:c9:c4:54:c9:a3:f4:fb:
         87:fb:8b:4a:70:77:27:f6:c9:eb:ec:b3:0d:73:8f:ac:1d:0f:
         92:92:77:50:e6:3c:4b:c1:a2:26:f5:16:9c:6c:e5:09:4e:e4:
         d4:07:de:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmZNPXPMz4UEfoCNCtmxHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZWQwYzA5MDFjNjllNWM1ZDhmNTFhNjc1ZDA1NTk4MmY5
MWQyYTcwHhcNMjQwMTAyMTQzNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTc0NWQ0ZjY3MjczMDYwOTQ5NWFjMDIyMDYyMDE2OGFkNjE3Y2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZTAkSrErEhzniO5pPJc/nTDEnCK
k+H/UrDi/BBtwC2jdpYNMx39QtA+FLpjE/Sq1UqMyDiCHKEBkdPw3dKDx5OLERy9
LTvp/Q27WpXW4wjwxj2jRcF1sdz+OLjC7skjFrFEjRiiF30WyRmtGd+Ph8XvLUlb
3MBOJlrVmdAtUNmJZmcmSE/KGW935Kmmi/5YeDeZfNo5GNEv7aRLG95AQxPi/iNO
Ng9dEOofSEbnK2QNQEmWBJs6H6USu957wj9KYAGUbuf9k1/hFuL/d5KsYYflAwyd
j+/wkeZsW+tYC+8wA00GtFgc9EBeVgJj8IPIoY07uB6aTa5HZyYhmfxKLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGV0XU9nJzBglJWsAiBiAWitYXzBMB8GA1UdIwQY
MBaAFIjtDAkBxp5cXY9RpnXQVZgvkdKnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU8wTUNRSEdubHhkajFHbWRkQlZtQy1SMHFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8wOTg1ODMtMzZjZS00NjkyLTlkYzMt
OWQ5ODhhNjAwNzU3LzEvWlhSZFQyY25NR0NVbGF3Q0lHSUJhSzFoZk1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8wOTg1ODMtMzZjZS00NjkyLTlkYzMtOWQ5ODhhNjAwNzU3
LzEvaU8wTUNRSEdubHhkajFHbWRkQlZtQy1SMHFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZdcMA0G
CSqGSIb3DQEBCwUAA4IBAQBe/R1/kxMKwNxQqCbR3eMww+XJoH5xo+Mm1ddL4H+z
geenNvcm88zcEcmtMplJXSdUYic4yOYxpGBa9wiZa5zV5stCixV5i9qewmgz7r3Y
4N3GBxk+j1sjkWdlvygx5rwZcyr4B4soyT+jmf3uocyXGi4OPA4sp0qr9xZSMz3h
N4I2i01MRcTvdK6I4DbU/vv5XiMTC0jbrG98SqkELM62dXDQ2F1xRctQ/nmjqYd1
4PnjL/8y71cn6IU9ZVsTC7e+X4ax/8L5fwwEVh287guo0MnEVMmj9PuH+4tKcHcn
9snr7LMNc4+sHQ+SkndQ5jxLwaIm9RacbOUJTuTUB95h
-----END CERTIFICATE-----