Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/mzxJVlkKDe2wgWqWW_FFTIL29Tc.roa
File:                     mzxJVlkKDe2wgWqWW_FFTIL29Tc.roa (raw, json)
Hash identifier:          fLysEB5d/I6/3nepjz6gZjbZ1Uy4H3/Gb3DHllAujLo=
Subject key identifier:   9B:3C:49:56:59:0A:0D:ED:B0:81:6A:96:5B:F1:45:4C:82:F6:F5:37
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       018D9318D9FB2E3C446A179CC91BA9C5F2B9
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/mzxJVlkKDe2wgWqWW_FFTIL29Tc.roa
Signing time:             Sat 10 Feb 2024 12:58:15 +0000
ROA not before:           Sat 10 Feb 2024 12:58:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212335
IP address blocks:        193.176.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:93:18:d9:fb:2e:3c:44:6a:17:9c:c9:1b:a9:c5:f2:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Feb 10 12:58:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b3c4956590a0dedb0816a965bf1454c82f6f537
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d8:2e:31:26:0b:ad:c5:13:ab:72:95:fb:f4:
                    ac:1b:85:c1:1c:53:93:c3:8f:1b:90:7f:7f:2f:b8:
                    20:1c:00:7a:b3:35:ab:1e:e8:b1:f6:13:55:ba:ce:
                    85:2c:aa:39:68:d4:47:e8:60:3c:29:35:a7:78:16:
                    ab:8b:c6:70:1a:a0:d1:7e:82:f1:dc:ae:45:1e:ae:
                    61:9b:17:17:a1:7a:2d:c9:d5:bb:46:10:78:68:fb:
                    f6:09:6b:e9:8c:79:14:62:33:47:4f:b3:fa:95:cd:
                    f8:2a:db:5d:6d:df:ab:01:68:bf:ca:fd:c6:55:15:
                    d8:2a:aa:dc:c2:d6:de:0e:36:41:98:97:71:9a:31:
                    a4:43:f7:fe:f1:79:81:06:fd:4c:c4:63:62:aa:85:
                    e0:d5:bd:1d:c0:b6:6d:3b:22:55:b1:f4:6b:3b:cb:
                    2e:11:c7:f5:a9:09:15:67:44:86:87:c3:1d:a2:0e:
                    f4:e1:0d:33:7f:5c:d0:02:aa:21:35:7c:85:f5:a6:
                    f7:24:3b:11:34:40:84:7c:31:54:5d:a2:62:14:c9:
                    a1:74:07:7e:21:e3:71:55:5a:f4:ef:68:dc:73:30:
                    03:f3:9a:ff:4e:af:71:b6:89:d3:22:9f:5a:bd:bf:
                    8f:2a:2e:5b:f2:67:ac:5a:47:a0:4b:da:c0:bc:7a:
                    af:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:3C:49:56:59:0A:0D:ED:B0:81:6A:96:5B:F1:45:4C:82:F6:F5:37
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/mzxJVlkKDe2wgWqWW_FFTIL29Tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:38:70:48:61:ec:e8:a0:c7:ad:ba:75:9f:52:26:a7:e2:cc:
         90:25:cf:9a:d1:89:3c:d1:3b:ab:fb:52:7c:e2:a8:51:ee:de:
         a2:d6:b6:16:0a:c2:85:2e:10:13:4c:8e:9d:47:64:dc:c9:5e:
         c2:85:e5:b8:2f:4e:51:c3:86:ba:88:88:1f:61:8c:ed:8c:69:
         70:c9:4c:4f:c8:ac:b0:b2:b4:63:bd:8a:c9:71:61:e5:93:ea:
         35:1e:b0:4d:ab:5d:d3:36:73:19:cc:90:6c:fd:7b:16:32:98:
         b5:ff:ac:6e:fc:5a:88:0c:18:bf:dd:9c:8f:eb:63:0b:ae:90:
         02:d4:90:82:0e:ed:dc:cb:c6:c1:7d:05:5c:54:75:82:0f:82:
         96:e7:0b:b3:53:56:47:8c:27:75:7d:c3:57:5b:2f:9a:b2:e0:
         74:65:0e:d5:0a:93:7f:27:dc:7e:64:a0:50:eb:c7:2f:bf:ac:
         03:c4:e7:b7:9b:42:5b:39:76:45:ee:59:c2:17:8e:8b:d7:87:
         94:3b:f1:1c:2e:0e:5d:15:1b:82:ab:9b:1c:a9:27:ac:f5:64:
         fb:aa:8d:75:fc:ff:2f:a0:d1:a1:0a:69:49:e6:b7:98:f6:8e:
         15:8d:d6:5b:26:99:1c:46:27:4a:66:78:f4:ac:96:f4:ba:ff:
         72:12:5d:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2TGNn7LjxEahecyRupxfK5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMjEwMTI1ODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjNjNDk1NjU5MGEwZGVkYjA4MTZhOTY1YmYxNDU0YzgyZjZmNTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9guMSYLrcUTq3KV+/SsG4XBHFOT
w48bkH9/L7ggHAB6szWrHuix9hNVus6FLKo5aNRH6GA8KTWneBari8ZwGqDRfoLx
3K5FHq5hmxcXoXotydW7RhB4aPv2CWvpjHkUYjNHT7P6lc34Kttdbd+rAWi/yv3G
VRXYKqrcwtbeDjZBmJdxmjGkQ/f+8XmBBv1MxGNiqoXg1b0dwLZtOyJVsfRrO8su
Ecf1qQkVZ0SGh8Mdog704Q0zf1zQAqohNXyF9ab3JDsRNECEfDFUXaJiFMmhdAd+
IeNxVVr072jcczAD85r/Tq9xtonTIp9avb+PKi5b8mesWkegS9rAvHqvLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJs8SVZZCg3tsIFqllvxRUyC9vU3MB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvbXp4SlZsa0tEZTJ3Z1dxV1dfRkZUSUwyOVRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbBgMA0G
CSqGSIb3DQEBCwUAA4IBAQCeOHBIYezooMetunWfUian4syQJc+a0Yk80Tur+1J8
4qhR7t6i1rYWCsKFLhATTI6dR2TcyV7CheW4L05Rw4a6iIgfYYztjGlwyUxPyKyw
srRjvYrJcWHlk+o1HrBNq13TNnMZzJBs/XsWMpi1/6xu/FqIDBi/3ZyP62MLrpAC
1JCCDu3cy8bBfQVcVHWCD4KW5wuzU1ZHjCd1fcNXWy+asuB0ZQ7VCpN/J9x+ZKBQ
68cvv6wDxOe3m0JbOXZF7lnCF46L14eUO/EcLg5dFRuCq5scqSes9WT7qo11/P8v
oNGhCmlJ5reY9o4VjdZbJpkcRidKZnj0rJb0uv9yEl1S
-----END CERTIFICATE-----