Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/zLVR5eHsVyF3v7DJZuYpTiYit7U.roa
File:                     zLVR5eHsVyF3v7DJZuYpTiYit7U.roa (raw, json)
Hash identifier:          9CiKI5OxCios8CUTCapBMdu2mulRUdKCWZ7HsE14B50=
Subject key identifier:   CC:B5:51:E5:E1:EC:57:21:77:BF:B0:C9:66:E6:29:4E:26:22:B7:B5
Certificate issuer:       /CN=2c887302d1e740f5f98481fb4b7a461696bfe5c1
Certificate serial:       018CC9BCE04CD6C17F93AF40C52BD01264C6
Authority key identifier: 2C:88:73:02:D1:E7:40:F5:F9:84:81:FB:4B:7A:46:16:96:BF:E5:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/zLVR5eHsVyF3v7DJZuYpTiYit7U.roa
Signing time:             Tue 02 Jan 2024 10:34:07 +0000
ROA not before:           Tue 02 Jan 2024 10:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25309
IP address blocks:        194.116.99.0/24 maxlen: 24
                          2001:7f8:23::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e0:4c:d6:c1:7f:93:af:40:c5:2b:d0:12:64:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c887302d1e740f5f98481fb4b7a461696bfe5c1
        Validity
            Not Before: Jan  2 10:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccb551e5e1ec572177bfb0c966e6294e2622b7b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:dd:37:c0:db:73:78:30:8b:84:33:6f:14:bf:
                    61:45:b1:19:01:1d:de:05:19:01:c1:4b:59:ff:9a:
                    1a:3b:02:bb:8f:1a:86:a8:79:ae:d2:d6:7f:51:9d:
                    b5:3d:21:4c:e8:c3:a8:da:ac:3d:57:f1:9e:e7:05:
                    33:a6:73:3e:af:79:c8:6a:73:07:8f:34:72:b6:3d:
                    b8:f9:1e:d7:ba:20:06:61:35:15:37:a5:5b:12:8c:
                    d1:28:f1:0e:d7:78:d5:2c:41:40:8a:2c:c8:15:3c:
                    ad:cc:20:ca:a7:fa:ae:16:10:58:d1:04:2f:5c:d4:
                    e1:10:39:c9:90:55:07:5a:ab:a2:bb:a7:ff:1a:00:
                    6f:85:7b:61:59:dc:48:88:7d:98:1c:a1:52:93:45:
                    91:4d:5b:81:2d:07:0c:6e:4a:0b:32:b8:f8:27:f6:
                    e8:50:0e:ea:3f:bf:20:39:11:38:42:e8:47:20:07:
                    0b:d4:ef:df:8b:ea:fc:53:d8:57:9c:81:02:29:b6:
                    fd:09:0c:fd:a2:79:61:8a:3c:bc:f5:3c:31:1e:71:
                    61:34:d5:be:97:76:3b:de:e5:43:44:d3:58:40:66:
                    0a:ed:bf:c5:a1:bc:61:f3:af:e1:8d:ea:72:fc:7e:
                    a7:8a:ce:b9:b2:58:f1:fb:c9:68:a7:66:71:6f:e2:
                    15:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:B5:51:E5:E1:EC:57:21:77:BF:B0:C9:66:E6:29:4E:26:22:B7:B5
            X509v3 Authority Key Identifier:
                keyid:2C:88:73:02:D1:E7:40:F5:F9:84:81:FB:4B:7A:46:16:96:BF:E5:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/zLVR5eHsVyF3v7DJZuYpTiYit7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.99.0/24
                IPv6:
                  2001:7f8:23::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:f9:a6:aa:79:09:79:32:8c:01:6e:4e:d5:17:a7:b1:81:b3:
         13:81:aa:0a:42:b5:c8:bd:30:77:54:8e:8c:07:91:20:03:61:
         80:d0:49:88:08:a4:45:44:2c:74:31:f8:69:41:86:c5:1a:70:
         4b:72:46:e0:b4:4c:80:36:7b:dd:d3:24:c1:64:b0:46:ab:82:
         3f:6c:a4:d6:20:91:62:f0:00:79:90:23:28:44:10:55:62:05:
         cf:da:2f:57:5b:37:0b:96:b9:11:b7:0a:90:81:e9:6e:1f:44:
         b5:1e:73:0d:22:f6:8b:b9:69:03:72:df:a2:58:70:81:37:f0:
         59:6e:5f:6e:96:25:81:8b:24:0e:2f:1e:5e:8c:d2:c7:f1:2f:
         51:8c:85:11:30:4c:be:04:a1:3f:9b:e3:05:be:c7:aa:49:dc:
         65:35:3e:37:9a:79:27:32:f3:fb:18:77:e3:22:7e:a2:83:75:
         99:d5:85:90:b8:9a:85:83:4d:e4:31:93:74:43:fc:af:07:b7:
         09:1c:eb:59:70:8d:ac:4a:de:c7:21:96:e2:e0:13:23:47:b6:
         37:e6:57:14:97:e7:cf:22:9d:aa:cb:df:4e:2c:7a:fb:c0:47:
         bd:e8:c6:f6:64:c1:26:a9:84:43:15:d7:16:e1:6f:c2:5a:9c:
         74:7f:af:cd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvOBM1sF/k69AxSvQEmTGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjODg3MzAyZDFlNzQwZjVmOTg0ODFmYjRiN2E0NjE2OTZi
ZmU1YzEwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2I1NTFlNWUxZWM1NzIxNzdiZmIwYzk2NmU2Mjk0ZTI2MjJiN2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqN03wNtzeDCLhDNvFL9hRbEZAR3e
BRkBwUtZ/5oaOwK7jxqGqHmu0tZ/UZ21PSFM6MOo2qw9V/Ge5wUzpnM+r3nIanMH
jzRytj24+R7XuiAGYTUVN6VbEozRKPEO13jVLEFAiizIFTytzCDKp/quFhBY0QQv
XNThEDnJkFUHWquiu6f/GgBvhXthWdxIiH2YHKFSk0WRTVuBLQcMbkoLMrj4J/bo
UA7qP78gORE4QuhHIAcL1O/fi+r8U9hXnIECKbb9CQz9onlhijy89TwxHnFhNNW+
l3Y73uVDRNNYQGYK7b/Fobxh86/hjepy/H6nis65sljx+8lop2Zxb+IVGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMy1UeXh7Fchd7+wyWbmKU4mIre1MB8GA1UdIwQY
MBaAFCyIcwLR50D1+YSB+0t6RhaWv+XBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEloekF0SG5RUFg1aElIN1MzcEdGcGFfNWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NDViNzQtZDhmYi00NDg4LWJiZmQt
YzAyOGQ5MWViYzljLzEvekxWUjVlSHNWeUYzdjdESlp1WXBUaVlpdDdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NDViNzQtZDhmYi00NDg4LWJiZmQtYzAyOGQ5MWViYzlj
LzEvTEloekF0SG5RUFg1aElIN1MzcEdGcGFfNWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwnRjMA8E
AgACMAkDBwAgAQf4ACMwDQYJKoZIhvcNAQELBQADggEBACL5pqp5CXkyjAFuTtUX
p7GBsxOBqgpCtci9MHdUjowHkSADYYDQSYgIpEVELHQx+GlBhsUacEtyRuC0TIA2
e93TJMFksEargj9spNYgkWLwAHmQIyhEEFViBc/aL1dbNwuWuRG3CpCB6W4fRLUe
cw0i9ou5aQNy36JYcIE38FluX26WJYGLJA4vHl6M0sfxL1GMhREwTL4EoT+b4wW+
x6pJ3GU1PjeaeScy8/sYd+MifqKDdZnVhZC4moWDTeQxk3RD/K8Htwkc61lwjaxK
3schluLgEyNHtjfmVxSX588inarL304sevvAR73oxvZkwSaphEMV1xbhb8JanHR/
r80=
-----END CERTIFICATE-----