Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/_Zs5dE3rtK1TTG3_LHJI6Wb1b_8.roa
File:                     _Zs5dE3rtK1TTG3_LHJI6Wb1b_8.roa (raw, json)
Hash identifier:          fSNx1iyrd30OwohAZQ6ECYFOfJckOvNBtNz3nyH9oco=
Subject key identifier:   FD:9B:39:74:4D:EB:B4:AD:53:4C:6D:FF:2C:72:48:E9:66:F5:6F:FF
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       018E80ECC7FBBBFAC5588DE71776E0EADF1C
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/_Zs5dE3rtK1TTG3_LHJI6Wb1b_8.roa
Signing time:             Wed 27 Mar 2024 17:19:45 +0000
ROA not before:           Wed 27 Mar 2024 17:19:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48715
IP address blocks:        188.212.97.0/24 maxlen: 24
                          188.212.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:80:ec:c7:fb:bb:fa:c5:58:8d:e7:17:76:e0:ea:df:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Mar 27 17:19:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd9b39744debb4ad534c6dff2c7248e966f56fff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ac:10:90:57:95:30:b3:49:a8:35:d3:40:58:
                    52:32:41:65:b3:a5:b5:6d:36:d1:42:a3:b1:52:8e:
                    f5:16:a4:18:9a:b5:c7:00:18:e3:01:eb:32:20:3d:
                    76:bd:a3:de:7f:26:77:6b:fc:7a:93:44:63:4a:7f:
                    48:f5:92:a5:35:09:c9:0c:3a:cd:d7:21:f1:68:db:
                    ff:c2:9b:6e:c5:4d:37:9c:f9:b4:ea:5b:fc:3d:ea:
                    be:d8:05:68:58:6f:05:a0:58:96:bb:51:4d:b9:94:
                    39:14:a7:ee:4e:89:86:82:21:a9:51:4a:4c:76:00:
                    c4:23:07:d2:16:64:6a:7a:b5:8c:e9:b2:b5:66:de:
                    c9:8c:ce:14:2c:8c:1c:27:72:04:99:dc:d8:63:69:
                    85:98:c9:39:80:33:a6:92:df:17:ad:13:8b:1b:66:
                    9a:20:85:ce:22:4d:eb:c9:f6:15:b4:3f:31:52:7a:
                    95:da:ea:a2:93:1a:45:e4:5e:b7:82:2c:09:e9:20:
                    88:93:c7:b4:b5:1a:74:6d:78:49:24:22:9a:3f:83:
                    bd:13:4b:ba:6e:ed:c4:73:b7:16:0c:cd:c9:63:20:
                    12:6c:9d:04:8a:46:2a:4d:ea:94:07:23:05:29:d4:
                    5a:ae:e8:79:2b:25:7a:a5:7b:64:9d:3a:eb:4b:cc:
                    be:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:9B:39:74:4D:EB:B4:AD:53:4C:6D:FF:2C:72:48:E9:66:F5:6F:FF
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/_Zs5dE3rtK1TTG3_LHJI6Wb1b_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.212.97.0-188.212.98.255

    Signature Algorithm: sha256WithRSAEncryption
         78:33:70:07:c8:c4:aa:13:c7:ac:be:46:07:b2:2a:04:9b:62:
         00:31:42:15:de:f6:66:31:e7:98:91:78:fd:17:a8:d8:a8:4d:
         9f:de:55:b1:60:f1:0b:74:cb:dc:43:be:ce:ba:f5:ed:26:2c:
         b0:94:65:a1:07:3d:ad:77:19:47:cb:d6:db:3b:f5:33:f0:89:
         c0:fa:10:c7:a6:04:fb:67:af:78:6f:d6:cf:81:3d:d4:f1:a1:
         53:8b:44:6e:91:c5:d8:b1:0f:cd:02:7b:b3:a2:e1:e8:82:db:
         b0:85:30:d7:36:44:1a:10:41:11:24:e1:84:7c:69:14:c3:a5:
         50:10:b0:52:e2:7a:08:f3:db:25:29:de:91:7d:e1:e1:ff:2c:
         d2:53:a4:c5:91:1a:77:47:9c:37:53:75:62:fe:21:08:f4:7b:
         e9:e9:d8:04:53:b2:4d:77:b0:02:26:38:7c:f6:be:55:cd:3c:
         a6:fc:60:4c:05:d7:8f:0c:32:ca:cd:b1:d5:63:0c:8f:8e:a6:
         4a:ba:14:48:5a:a1:fc:de:db:48:05:b5:6a:63:a0:98:b5:ae:
         d6:9f:19:c5:4a:6d:11:d9:5c:18:5b:e3:74:60:fd:51:48:a0:
         8a:26:53:e0:83:c1:cf:74:13:ff:42:bd:d6:43:d6:8f:76:ac:
         21:8e:fd:8f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY6A7Mf7u/rFWI3nF3bg6t8cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjQwMzI3MTcxOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDliMzk3NDRkZWJiNGFkNTM0YzZkZmYyYzcyNDhlOTY2ZjU2ZmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlawQkFeVMLNJqDXTQFhSMkFls6W1
bTbRQqOxUo71FqQYmrXHABjjAesyID12vaPefyZ3a/x6k0RjSn9I9ZKlNQnJDDrN
1yHxaNv/wptuxU03nPm06lv8Peq+2AVoWG8FoFiWu1FNuZQ5FKfuTomGgiGpUUpM
dgDEIwfSFmRqerWM6bK1Zt7JjM4ULIwcJ3IEmdzYY2mFmMk5gDOmkt8XrROLG2aa
IIXOIk3ryfYVtD8xUnqV2uqikxpF5F63giwJ6SCIk8e0tRp0bXhJJCKaP4O9E0u6
bu3Ec7cWDM3JYyASbJ0EikYqTeqUByMFKdRaruh5KyV6pXtknTrrS8y+TwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFP2bOXRN67StU0xt/yxySOlm9W//MB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvX1pzNWRFM3J0SzFUVEczX0xISkk2V2IxYl84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC81GED
BAC81GIwDQYJKoZIhvcNAQELBQADggEBAHgzcAfIxKoTx6y+RgeyKgSbYgAxQhXe
9mYx55iReP0XqNioTZ/eVbFg8Qt0y9xDvs669e0mLLCUZaEHPa13GUfL1ts79TPw
icD6EMemBPtnr3hv1s+BPdTxoVOLRG6RxdixD80Ce7Oi4eiC27CFMNc2RBoQQREk
4YR8aRTDpVAQsFLiegjz2yUp3pF94eH/LNJTpMWRGndHnDdTdWL+IQj0e+np2ART
sk13sAImOHz2vlXNPKb8YEwF148MMsrNsdVjDI+Opkq6FEhaofze20gFtWpjoJi1
rtafGcVKbRHZXBhb43Rg/VFIoIomU+CDwc90E/9CvdZD1o92rCGO/Y8=
-----END CERTIFICATE-----