Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/zXEhw2f1q37DuTfF2VBqv0sv82Y.roa
File:                     zXEhw2f1q37DuTfF2VBqv0sv82Y.roa (raw, json)
Hash identifier:          2JRLf2NNweXxKBwGQmFdygeT6IHzpALyFlb526t7MAs=
Subject key identifier:   CD:71:21:C3:67:F5:AB:7E:C3:B9:37:C5:D9:50:6A:BF:4B:2F:F3:66
Certificate issuer:       /CN=2c887302d1e740f5f98481fb4b7a461696bfe5c1
Certificate serial:       0191A26CC49504312A7A62A085DF921C5A0C
Authority key identifier: 2C:88:73:02:D1:E7:40:F5:F9:84:81:FB:4B:7A:46:16:96:BF:E5:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/zXEhw2f1q37DuTfF2VBqv0sv82Y.roa
Signing time:             Fri 30 Aug 2024 08:35:22 +0000
ROA not before:           Fri 30 Aug 2024 08:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207638
IP address blocks:        194.116.104.0/24 maxlen: 24
                          194.116.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a2:6c:c4:95:04:31:2a:7a:62:a0:85:df:92:1c:5a:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c887302d1e740f5f98481fb4b7a461696bfe5c1
        Validity
            Not Before: Aug 30 08:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd7121c367f5ab7ec3b937c5d9506abf4b2ff366
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:79:51:d6:6c:cc:c9:6a:a0:b7:ce:74:f7:5c:
                    97:ba:0c:b8:0c:f0:50:06:e1:45:f2:2d:83:d8:c3:
                    c2:fc:ff:6b:7c:82:23:34:b9:45:03:91:1d:93:c6:
                    2a:8a:97:d1:52:08:1f:88:2d:17:a2:36:60:a7:56:
                    d3:4e:47:c7:98:8c:01:e1:73:69:90:a9:88:de:b9:
                    fe:06:0f:b6:18:2e:43:c1:27:95:dc:bf:f7:ec:1d:
                    24:7d:81:29:9d:63:d2:13:e9:c7:9f:d0:8a:50:49:
                    ae:67:cd:e6:3c:69:c8:08:df:40:93:02:a4:13:b4:
                    a2:a5:b4:0a:f8:d0:67:d7:56:5c:e5:ba:ea:25:61:
                    46:58:67:d6:9c:80:8c:ef:b3:f2:10:d6:7e:3e:9b:
                    86:62:61:68:b1:bb:c4:ba:5d:b3:e7:62:29:55:04:
                    f9:25:1e:10:e7:88:39:0d:d0:94:5f:76:82:00:9a:
                    c4:c1:4a:2b:86:0c:b3:7b:0b:12:1b:e4:ed:a9:96:
                    2b:03:16:42:7f:2d:dd:60:00:5f:8e:14:14:65:61:
                    e3:94:81:79:0b:3b:55:5b:1b:da:99:19:ee:85:4f:
                    ef:e0:22:3b:43:00:e9:ac:86:38:f7:8d:97:95:b3:
                    cd:7d:1c:5f:70:e9:ba:b3:57:ab:e0:04:18:cd:4c:
                    08:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:71:21:C3:67:F5:AB:7E:C3:B9:37:C5:D9:50:6A:BF:4B:2F:F3:66
            X509v3 Authority Key Identifier:
                keyid:2C:88:73:02:D1:E7:40:F5:F9:84:81:FB:4B:7A:46:16:96:BF:E5:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LIhzAtHnQPX5hIH7S3pGFpa_5cE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/zXEhw2f1q37DuTfF2VBqv0sv82Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/645b74-d8fb-4488-bbfd-c028d91ebc9c/1/LIhzAtHnQPX5hIH7S3pGFpa_5cE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:06:e6:44:9e:f5:93:c4:02:3d:43:aa:c0:ec:fe:fe:33:4a:
         b2:10:2e:64:c0:d3:71:67:5a:e4:92:8e:27:15:0c:5d:c2:7d:
         4e:5f:80:9a:70:b1:2f:7a:94:da:dc:e3:b6:d4:3b:a5:12:e9:
         22:6a:29:b0:2d:73:cb:89:40:4f:4b:70:33:a2:ce:ef:c4:9e:
         8d:7a:62:8e:38:75:1c:59:7f:f9:05:97:56:e7:a4:01:4f:15:
         29:41:b7:6e:cc:f8:89:b9:74:46:d8:6e:05:eb:df:01:d8:0b:
         b5:80:09:da:29:f5:d7:d4:c8:1a:22:ef:19:73:76:54:47:06:
         09:ac:d1:b8:91:bb:7e:c1:ec:12:58:51:aa:46:23:6e:a4:f6:
         2f:d0:4a:5e:41:68:0d:31:79:67:fa:b4:88:d2:5a:01:5e:ca:
         3c:87:6e:66:13:60:5c:7b:7f:2d:54:79:96:57:ab:6d:30:c7:
         e7:fa:24:aa:23:f1:aa:7e:0e:22:a8:57:5f:4b:87:03:c6:76:
         95:58:f7:ca:9f:64:8b:39:cd:a1:37:bd:67:08:73:95:8e:0e:
         6e:6e:1c:c2:d2:78:30:ed:dc:03:db:e4:ad:24:c5:ec:43:64:
         f7:71:0d:1a:52:8c:4d:9c:f2:cb:92:59:a0:b0:f0:68:3e:2d:
         3f:10:ec:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGibMSVBDEqemKghd+SHFoMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjODg3MzAyZDFlNzQwZjVmOTg0ODFmYjRiN2E0NjE2OTZi
ZmU1YzEwHhcNMjQwODMwMDgzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDcxMjFjMzY3ZjVhYjdlYzNiOTM3YzVkOTUwNmFiZjRiMmZmMzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8HlR1mzMyWqgt85091yXugy4DPBQ
BuFF8i2D2MPC/P9rfIIjNLlFA5Edk8YqipfRUggfiC0XojZgp1bTTkfHmIwB4XNp
kKmI3rn+Bg+2GC5DwSeV3L/37B0kfYEpnWPSE+nHn9CKUEmuZ83mPGnICN9AkwKk
E7SipbQK+NBn11Zc5brqJWFGWGfWnICM77PyENZ+PpuGYmFosbvEul2z52IpVQT5
JR4Q54g5DdCUX3aCAJrEwUorhgyzewsSG+TtqZYrAxZCfy3dYABfjhQUZWHjlIF5
CztVWxvamRnuhU/v4CI7QwDprIY4942XlbPNfRxfcOm6s1er4AQYzUwIgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM1xIcNn9at+w7k3xdlQar9LL/NmMB8GA1UdIwQY
MBaAFCyIcwLR50D1+YSB+0t6RhaWv+XBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEloekF0SG5RUFg1aElIN1MzcEdGcGFfNWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NDViNzQtZDhmYi00NDg4LWJiZmQt
YzAyOGQ5MWViYzljLzEvelhFaHcyZjFxMzdEdVRmRjJWQnF2MHN2ODJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NDViNzQtZDhmYi00NDg4LWJiZmQtYzAyOGQ5MWViYzlj
LzEvTEloekF0SG5RUFg1aElIN1MzcEdGcGFfNWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnRoMA0G
CSqGSIb3DQEBCwUAA4IBAQB/BuZEnvWTxAI9Q6rA7P7+M0qyEC5kwNNxZ1rkko4n
FQxdwn1OX4CacLEvepTa3OO21DulEukiaimwLXPLiUBPS3Azos7vxJ6NemKOOHUc
WX/5BZdW56QBTxUpQbduzPiJuXRG2G4F698B2Au1gAnaKfXX1MgaIu8Zc3ZURwYJ
rNG4kbt+wewSWFGqRiNupPYv0EpeQWgNMXln+rSI0loBXso8h25mE2Bce38tVHmW
V6ttMMfn+iSqI/Gqfg4iqFdfS4cDxnaVWPfKn2SLOc2hN71nCHOVjg5ubhzC0ngw
7dwD2+StJMXsQ2T3cQ0aUoxNnPLLklmgsPBoPi0/EOxb
-----END CERTIFICATE-----