Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Z_gNnUVibF923T3OaPpKlTwCkkA.roa
File:                     Z_gNnUVibF923T3OaPpKlTwCkkA.roa (raw, json)
Hash identifier:          WdfHpvMf52O5dFx7Fn9SwovpxdKGb35mu7K2Bswel1s=
Subject key identifier:   67:F8:0D:9D:45:62:6C:5F:76:DD:3D:CE:68:FA:4A:95:3C:02:92:40
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B899975C8834AED07858277CE8293
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Z_gNnUVibF923T3OaPpKlTwCkkA.roa
Signing time:             Mon 01 Jan 2024 18:31:28 +0000
ROA not before:           Mon 01 Jan 2024 18:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197887
IP address blocks:        85.31.250.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:89:99:75:c8:83:4a:ed:07:85:82:77:ce:82:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67f80d9d45626c5f76dd3dce68fa4a953c029240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:27:6c:4b:37:a5:d5:ad:24:67:a5:1b:cd:9b:
                    09:4c:56:6e:0e:1a:e2:5a:7a:43:9a:69:4f:c0:d7:
                    44:3b:8a:cb:01:bb:7b:39:f0:40:ca:07:b0:68:52:
                    e7:04:a1:cb:c1:6f:8f:6b:10:17:66:d0:a1:83:fc:
                    cf:55:66:42:20:42:d8:ca:00:a5:df:34:66:b1:e9:
                    ed:9c:05:64:ee:4d:66:d6:9f:ff:56:2f:1d:13:fb:
                    26:f2:c8:8c:b1:21:e8:53:8a:ee:40:80:14:49:28:
                    d2:4a:af:e1:1b:7e:bd:d1:5b:af:31:73:34:13:0d:
                    9e:a1:42:13:25:b5:8a:f4:08:7c:cb:98:9b:a9:c7:
                    42:00:98:3d:2b:e4:77:93:0a:f1:72:2c:aa:54:6a:
                    54:40:f4:dd:eb:1a:b6:0f:34:a3:e6:5d:db:a3:75:
                    66:69:1e:9b:c7:82:4e:5a:cd:67:16:ec:81:91:64:
                    13:69:78:61:9b:59:30:ed:fc:e1:98:aa:0a:75:19:
                    96:f2:7c:e7:aa:14:e3:07:e1:60:f7:e1:31:8e:ec:
                    99:2b:e2:ed:fe:99:1d:54:49:16:c1:33:f2:24:ef:
                    cf:ed:21:e6:69:10:79:8a:c5:cb:7f:a0:b7:4b:05:
                    45:35:ce:be:d0:79:03:31:7b:92:ed:f0:bc:c0:79:
                    99:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:F8:0D:9D:45:62:6C:5F:76:DD:3D:CE:68:FA:4A:95:3C:02:92:40
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/Z_gNnUVibF923T3OaPpKlTwCkkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:a8:56:07:49:aa:e8:05:2a:fe:03:82:ae:3b:26:96:c4:9a:
         f0:b8:68:37:61:a2:b0:a1:d0:89:a1:73:ef:6c:6f:77:34:b5:
         8c:eb:ae:0e:f7:f0:c8:b9:c0:77:b0:f4:ce:bd:b6:8e:65:ff:
         38:bc:ec:ee:cf:d0:1e:d4:f0:76:92:4e:72:fe:e0:0c:48:3f:
         30:ac:ab:2e:fa:30:9e:ca:fc:9b:2b:92:80:5f:30:4a:e8:f1:
         c4:63:b2:34:8b:e5:77:fd:20:18:82:ef:6d:09:f7:e8:d9:de:
         81:88:10:51:25:27:58:ef:7e:17:86:e6:cc:9e:30:16:13:ea:
         66:51:ea:e7:ad:6f:8d:f5:ca:89:17:75:2e:d9:93:a4:e8:7a:
         52:05:d5:9e:66:d8:bf:1d:45:a3:a1:8b:2b:c1:60:a7:8c:f3:
         43:00:4f:88:b9:ea:25:06:57:43:f6:23:13:53:95:b1:10:1d:
         c5:5b:80:a0:80:af:19:1c:ec:6b:e3:b8:55:3e:14:d8:79:72:
         ca:81:6a:88:fb:04:e9:a3:d9:ca:47:e5:49:16:d9:8a:a1:92:
         fb:4c:55:68:85:0b:d5:ea:2b:7f:36:af:b3:8d:77:b4:a5:91:
         19:7b:ac:6d:09:ac:5f:7a:c8:e3:4e:16:ed:ee:6f:d8:bc:85:
         e7:cf:7a:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4mZdciDSu0HhYJ3zoKTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2Y4MGQ5ZDQ1NjI2YzVmNzZkZDNkY2U2OGZhNGE5NTNjMDI5MjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSdsSzel1a0kZ6UbzZsJTFZuDhri
WnpDmmlPwNdEO4rLAbt7OfBAygewaFLnBKHLwW+PaxAXZtChg/zPVWZCIELYygCl
3zRmsentnAVk7k1m1p//Vi8dE/sm8siMsSHoU4ruQIAUSSjSSq/hG3690VuvMXM0
Ew2eoUITJbWK9Ah8y5ibqcdCAJg9K+R3kwrxciyqVGpUQPTd6xq2DzSj5l3bo3Vm
aR6bx4JOWs1nFuyBkWQTaXhhm1kw7fzhmKoKdRmW8nznqhTjB+Fg9+ExjuyZK+Lt
/pkdVEkWwTPyJO/P7SHmaRB5isXLf6C3SwVFNc6+0HkDMXuS7fC8wHmZIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGf4DZ1FYmxfdt09zmj6SpU8ApJAMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvWl9nTm5VVmliRjkyM1QzT2FQcEtsVHdDa2tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVR/6MA0G
CSqGSIb3DQEBCwUAA4IBAQBiqFYHSaroBSr+A4KuOyaWxJrwuGg3YaKwodCJoXPv
bG93NLWM664O9/DIucB3sPTOvbaOZf84vOzuz9Ae1PB2kk5y/uAMSD8wrKsu+jCe
yvybK5KAXzBK6PHEY7I0i+V3/SAYgu9tCffo2d6BiBBRJSdY734XhubMnjAWE+pm
UernrW+N9cqJF3Uu2ZOk6HpSBdWeZti/HUWjoYsrwWCnjPNDAE+IueolBldD9iMT
U5WxEB3FW4CggK8ZHOxr47hVPhTYeXLKgWqI+wTpo9nKR+VJFtmKoZL7TFVohQvV
6it/Nq+zjXe0pZEZe6xtCaxfesjjThbt7m/YvIXnz3pX
-----END CERTIFICATE-----