Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/dz_flg7YMsNbJtprDSgeHwa2rDE.roa
File:                     dz_flg7YMsNbJtprDSgeHwa2rDE.roa (raw, json)
Hash identifier:          JJZyBlgvVvopnlaRKQhjFqdeghU23xNemLnhSBIcnaM=
Subject key identifier:   77:3F:DF:96:0E:D8:32:C3:5B:26:DA:6B:0D:28:1E:1F:06:B6:AC:31
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01930414F14018A0857F0A1E5A473EB35689
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/dz_flg7YMsNbJtprDSgeHwa2rDE.roa
Signing time:             Thu 07 Nov 2024 00:45:01 +0000
ROA not before:           Thu 07 Nov 2024 00:45:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        109.111.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:04:14:f1:40:18:a0:85:7f:0a:1e:5a:47:3e:b3:56:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Nov  7 00:45:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=773fdf960ed832c35b26da6b0d281e1f06b6ac31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:4b:29:90:b7:4e:ed:ed:94:52:a4:4f:b3:6c:
                    4d:89:d1:27:ad:c0:bf:53:2d:3e:ca:00:76:d0:4b:
                    b8:08:b1:65:b2:9b:5f:dd:3e:18:c3:04:d0:2d:54:
                    29:0b:67:15:9d:4f:c3:e0:ff:fb:a1:6f:58:20:99:
                    a7:14:12:3e:33:40:e9:eb:9a:be:c8:35:7e:67:91:
                    8c:8d:54:a2:a0:fc:e8:bf:31:6a:75:6d:e7:3e:1d:
                    f4:ed:30:bd:32:f9:78:1b:91:e1:f9:af:0f:67:2e:
                    78:8c:e4:d9:40:54:87:33:29:44:87:cd:9a:c6:22:
                    a3:59:5c:64:34:5d:ac:ed:7e:80:bd:6f:b6:e1:a4:
                    d0:92:9e:c6:28:f0:74:23:17:67:1d:4f:d3:95:ef:
                    f8:77:3f:e9:0b:a1:31:8f:dd:64:52:78:f4:2e:ca:
                    a0:b1:de:77:41:e3:54:2d:e7:39:d7:a0:4d:13:bf:
                    a7:09:d2:5f:b1:d6:b0:71:cf:e9:4c:4d:30:f9:15:
                    d3:fa:b9:13:35:bc:4a:99:42:e5:3a:16:cc:7d:b5:
                    dd:f5:ef:24:25:1c:5e:63:5f:08:bb:63:ce:9c:49:
                    06:9e:50:fe:5d:97:33:3e:e1:10:96:ad:9d:58:e1:
                    5f:e7:6b:18:32:46:49:93:ac:3f:b7:eb:45:30:30:
                    22:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:3F:DF:96:0E:D8:32:C3:5B:26:DA:6B:0D:28:1E:1F:06:B6:AC:31
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/dz_flg7YMsNbJtprDSgeHwa2rDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:95:2a:26:ab:75:ca:79:67:19:7c:4a:cc:fd:c6:10:25:aa:
         61:df:a7:26:55:f9:59:34:88:87:be:d7:94:60:2f:80:26:e2:
         bc:c8:c6:4e:35:4e:07:73:50:05:39:e4:f8:9c:6c:37:45:49:
         2b:e5:23:84:da:b7:7c:a3:e3:00:ce:94:28:41:d7:e9:b7:dd:
         d8:09:27:55:01:fd:53:c7:38:a1:0a:48:a0:05:32:9a:85:7a:
         c4:bf:ee:84:d1:9b:dd:a1:c6:b4:b4:46:77:e5:cd:69:06:0a:
         9c:2b:7d:08:ac:7b:b2:ba:d3:9c:24:36:fb:61:29:ae:72:d4:
         e2:b0:04:d5:90:06:50:aa:a7:1f:a7:4f:91:e9:99:1e:1d:b9:
         54:3b:18:d5:da:31:f5:66:3a:28:0f:78:af:f1:08:d4:16:19:
         ec:56:0b:76:7f:16:e9:ad:1b:50:a0:9a:2e:44:50:e4:18:a5:
         e5:10:8d:aa:01:cc:9b:b9:16:1b:53:cd:30:43:d3:a0:b8:b1:
         de:f3:0a:a1:a6:57:5e:0f:db:5c:5f:26:ae:20:65:f0:dc:04:
         d1:22:46:7b:7b:29:ea:13:c4:25:7e:1b:c5:03:f9:e6:09:19:
         38:8b:19:fe:10:6f:4d:b0:d9:ca:fb:9d:f5:7f:78:5e:d1:3d:
         c2:d6:3e:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMEFPFAGKCFfwoeWkc+s1aJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQxMTA3MDA0NTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzNmZGY5NjBlZDgzMmMzNWIyNmRhNmIwZDI4MWUxZjA2YjZhYzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0spkLdO7e2UUqRPs2xNidEnrcC/
Uy0+ygB20Eu4CLFlsptf3T4YwwTQLVQpC2cVnU/D4P/7oW9YIJmnFBI+M0Dp65q+
yDV+Z5GMjVSioPzovzFqdW3nPh307TC9Mvl4G5Hh+a8PZy54jOTZQFSHMylEh82a
xiKjWVxkNF2s7X6AvW+24aTQkp7GKPB0IxdnHU/Tle/4dz/pC6Exj91kUnj0Lsqg
sd53QeNULec516BNE7+nCdJfsdawcc/pTE0w+RXT+rkTNbxKmULlOhbMfbXd9e8k
JRxeY18Iu2POnEkGnlD+XZczPuEQlq2dWOFf52sYMkZJk6w/t+tFMDAitwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHc/35YO2DLDWybaaw0oHh8GtqwxMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZHpfZmxnN1lNc05iSnRwckRTZ2VId2EyckRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbW88MA0G
CSqGSIb3DQEBCwUAA4IBAQB3lSomq3XKeWcZfErM/cYQJaph36cmVflZNIiHvteU
YC+AJuK8yMZONU4Hc1AFOeT4nGw3RUkr5SOE2rd8o+MAzpQoQdfpt93YCSdVAf1T
xzihCkigBTKahXrEv+6E0Zvdoca0tEZ35c1pBgqcK30IrHuyutOcJDb7YSmuctTi
sATVkAZQqqcfp0+R6ZkeHblUOxjV2jH1ZjooD3iv8QjUFhnsVgt2fxbprRtQoJou
RFDkGKXlEI2qAcybuRYbU80wQ9OguLHe8wqhpldeD9tcXyauIGXw3ATRIkZ7eynq
E8QlfhvFA/nmCRk4ixn+EG9NsNnK+531f3he0T3C1j6w
-----END CERTIFICATE-----