Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f37027-afc4-444f-8008-95ce2c755d47/1/z0m6jBJrCvhOx3UUIsLn0OZ62FE.roa
File:                     z0m6jBJrCvhOx3UUIsLn0OZ62FE.roa (raw, json)
Hash identifier:          bzXACtdIj5XPh90avBGO/MVCxvr97eivXhwo1eDAxhc=
Subject key identifier:   CF:49:BA:8C:12:6B:0A:F8:4E:C7:75:14:22:C2:E7:D0:E6:7A:D8:51
Certificate issuer:       /CN=28954e28f6e01ca5c7353bc372f369a5f51d9bb4
Certificate serial:       0190D982D3389E4113170DA7C97BEA6A201E
Authority key identifier: 28:95:4E:28:F6:E0:1C:A5:C7:35:3B:C3:72:F3:69:A5:F5:1D:9B:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KJVOKPbgHKXHNTvDcvNppfUdm7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/f37027-afc4-444f-8008-95ce2c755d47/1/z0m6jBJrCvhOx3UUIsLn0OZ62FE.roa
Signing time:             Mon 22 Jul 2024 08:15:47 +0000
ROA not before:           Mon 22 Jul 2024 08:15:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        193.138.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/f37027-afc4-444f-8008-95ce2c755d47/1/KJVOKPbgHKXHNTvDcvNppfUdm7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/f37027-afc4-444f-8008-95ce2c755d47/1/KJVOKPbgHKXHNTvDcvNppfUdm7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KJVOKPbgHKXHNTvDcvNppfUdm7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:d9:82:d3:38:9e:41:13:17:0d:a7:c9:7b:ea:6a:20:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28954e28f6e01ca5c7353bc372f369a5f51d9bb4
        Validity
            Not Before: Jul 22 08:15:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf49ba8c126b0af84ec7751422c2e7d0e67ad851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:13:b3:d9:a1:0c:22:a3:ef:1d:ef:ad:fa:72:
                    f4:83:6a:76:97:f0:ad:88:aa:12:5d:01:0f:17:e9:
                    19:92:ad:ef:75:ec:91:ea:c6:56:6d:89:f3:06:62:
                    38:43:e9:5c:cf:3a:f3:53:0c:65:8d:88:b6:3f:43:
                    de:67:cf:42:73:0c:77:33:71:ef:b9:17:a5:8b:06:
                    59:c3:a0:67:8b:37:fd:fa:7a:64:cf:2a:1e:5a:1d:
                    dc:2d:08:21:18:05:5d:15:8c:16:88:64:7f:59:b7:
                    41:aa:01:56:25:29:81:f7:24:c2:ab:ba:a6:52:ae:
                    e9:df:e8:f3:f1:9e:76:04:cd:9f:03:f0:2a:cf:07:
                    64:56:bf:05:cb:6a:49:67:48:56:fd:42:9c:f7:4b:
                    6e:74:aa:17:7a:c1:94:ca:f8:cc:9e:70:58:42:30:
                    da:ff:62:45:40:85:1d:b2:16:4c:da:d2:1f:96:c8:
                    5b:51:b5:03:53:69:40:68:ac:33:08:11:7c:e9:0f:
                    ae:9e:86:37:da:38:b5:80:2c:a0:df:38:e7:28:a0:
                    ec:77:2e:4e:a3:2f:ff:5a:11:47:2f:fc:03:b8:16:
                    ba:01:9b:61:07:e0:8f:8e:81:2a:4c:0a:fc:94:3b:
                    19:32:f8:2f:bc:a6:07:6e:25:5b:a8:e8:5d:3e:2d:
                    bf:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:49:BA:8C:12:6B:0A:F8:4E:C7:75:14:22:C2:E7:D0:E6:7A:D8:51
            X509v3 Authority Key Identifier:
                keyid:28:95:4E:28:F6:E0:1C:A5:C7:35:3B:C3:72:F3:69:A5:F5:1D:9B:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KJVOKPbgHKXHNTvDcvNppfUdm7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f37027-afc4-444f-8008-95ce2c755d47/1/z0m6jBJrCvhOx3UUIsLn0OZ62FE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f37027-afc4-444f-8008-95ce2c755d47/1/KJVOKPbgHKXHNTvDcvNppfUdm7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:4a:4d:2c:6c:73:36:1b:0b:b2:09:ba:dd:03:a5:d3:21:c9:
         ad:29:13:2c:6d:f0:7e:f8:b7:12:1b:7b:32:99:4d:9d:b8:27:
         de:52:b8:70:4c:2d:95:31:76:ca:36:b1:54:71:ed:ea:cb:a4:
         e1:97:15:12:2b:af:53:65:84:b9:24:00:d5:9f:83:bb:30:d6:
         ab:2d:ec:5d:9f:73:f2:3a:9d:51:95:ed:69:12:a9:a6:e6:4f:
         b3:88:ec:15:3d:2c:2c:1a:11:3a:0d:dc:cf:6f:42:c4:94:d2:
         84:c2:0f:2a:16:18:1d:ba:2f:56:87:bd:ee:da:0b:53:93:d5:
         79:2a:f6:6d:e3:f0:aa:33:3f:76:84:38:6d:fb:17:01:8f:14:
         28:3e:57:f5:28:65:1e:58:9e:09:a1:19:45:52:02:43:70:9a:
         1c:82:e4:c0:d5:32:34:b5:27:ee:07:dd:3d:f5:c6:84:c6:fa:
         5a:9f:4e:1a:d4:b8:19:03:32:23:95:03:96:a5:29:b3:23:0c:
         94:f6:c3:bc:ef:02:e5:91:af:59:9b:41:15:c4:ff:7b:99:80:
         c1:49:8e:c4:0c:ea:d3:16:47:0a:bb:f1:33:27:aa:5b:c6:24:
         37:cf:0f:7e:75:d4:16:f9:c0:87:0e:76:5f:57:21:c2:1d:05:
         e7:05:92:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDZgtM4nkETFw2nyXvqaiAeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4OTU0ZTI4ZjZlMDFjYTVjNzM1M2JjMzcyZjM2OWE1ZjUx
ZDliYjQwHhcNMjQwNzIyMDgxNTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjQ5YmE4YzEyNmIwYWY4NGVjNzc1MTQyMmMyZTdkMGU2N2FkODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9hOz2aEMIqPvHe+t+nL0g2p2l/Ct
iKoSXQEPF+kZkq3vdeyR6sZWbYnzBmI4Q+lczzrzUwxljYi2P0PeZ89Ccwx3M3Hv
uReliwZZw6Bnizf9+npkzyoeWh3cLQghGAVdFYwWiGR/WbdBqgFWJSmB9yTCq7qm
Uq7p3+jz8Z52BM2fA/AqzwdkVr8Fy2pJZ0hW/UKc90tudKoXesGUyvjMnnBYQjDa
/2JFQIUdshZM2tIflshbUbUDU2lAaKwzCBF86Q+unoY32ji1gCyg3zjnKKDsdy5O
oy//WhFHL/wDuBa6AZthB+CPjoEqTAr8lDsZMvgvvKYHbiVbqOhdPi2/YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9JuowSawr4Tsd1FCLC59DmethRMB8GA1UdIwQY
MBaAFCiVTij24BylxzU7w3LzaaX1HZu0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0pWT0tQYmdIS1hITlR2RGN2TnBwZlVkbTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mMzcwMjctYWZjNC00NDRmLTgwMDgt
OTVjZTJjNzU1ZDQ3LzEvejBtNmpCSnJDdmhPeDNVVUlzTG4wT1o2MkZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mMzcwMjctYWZjNC00NDRmLTgwMDgtOTVjZTJjNzU1ZDQ3
LzEvS0pWT0tQYmdIS1hITlR2RGN2TnBwZlVkbTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYpQMA0G
CSqGSIb3DQEBCwUAA4IBAQCuSk0sbHM2GwuyCbrdA6XTIcmtKRMsbfB++LcSG3sy
mU2duCfeUrhwTC2VMXbKNrFUce3qy6ThlxUSK69TZYS5JADVn4O7MNarLexdn3Py
Op1Rle1pEqmm5k+ziOwVPSwsGhE6DdzPb0LElNKEwg8qFhgdui9Wh73u2gtTk9V5
KvZt4/CqMz92hDht+xcBjxQoPlf1KGUeWJ4JoRlFUgJDcJocguTA1TI0tSfuB909
9caExvpan04a1LgZAzIjlQOWpSmzIwyU9sO87wLlka9Zm0EVxP97mYDBSY7EDOrT
FkcKu/EzJ6pbxiQ3zw9+ddQW+cCHDnZfVyHCHQXnBZLZ
-----END CERTIFICATE-----