Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/224351-3a47-4014-b395-a63479610968/1/ZBplgDHPYXrzncGkdkEk1mwSOwk.roa
File:                     ZBplgDHPYXrzncGkdkEk1mwSOwk.roa (raw, json)
Hash identifier:          7pk8Tqn1bImuDmBm9uBMwEQMkyCt32VktSQDpZSwmW4=
Subject key identifier:   64:1A:65:80:31:CF:61:7A:F3:9D:C1:A4:76:41:24:D6:6C:12:3B:09
Certificate issuer:       /CN=c1d369e66cdbe30d7b3aff6081f20c17a98fdc5b
Certificate serial:       019104099DA016D18BBFAA4E9D9783B0D395
Authority key identifier: C1:D3:69:E6:6C:DB:E3:0D:7B:3A:FF:60:81:F2:0C:17:A9:8F:DC:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wdNp5mzb4w17Ov9ggfIMF6mP3Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/224351-3a47-4014-b395-a63479610968/1/ZBplgDHPYXrzncGkdkEk1mwSOwk.roa
Signing time:             Tue 30 Jul 2024 14:27:04 +0000
ROA not before:           Tue 30 Jul 2024 14:27:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204601
IP address blocks:        45.88.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/224351-3a47-4014-b395-a63479610968/1/wdNp5mzb4w17Ov9ggfIMF6mP3Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/224351-3a47-4014-b395-a63479610968/1/wdNp5mzb4w17Ov9ggfIMF6mP3Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wdNp5mzb4w17Ov9ggfIMF6mP3Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:04:09:9d:a0:16:d1:8b:bf:aa:4e:9d:97:83:b0:d3:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1d369e66cdbe30d7b3aff6081f20c17a98fdc5b
        Validity
            Not Before: Jul 30 14:27:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=641a658031cf617af39dc1a4764124d66c123b09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c1:6c:26:24:cb:18:8c:94:b3:1a:e9:d0:c6:
                    d3:44:cb:33:78:9c:45:3d:af:6c:68:7e:09:8f:42:
                    4a:ad:ca:1d:4f:5d:ae:80:c5:8b:ee:36:59:97:cb:
                    fb:35:d8:f9:23:55:03:a1:bd:8f:77:5a:9e:5f:f6:
                    25:c3:57:80:e9:b1:40:34:20:62:bd:af:ec:91:3a:
                    a8:03:90:7d:17:ed:90:34:62:ec:f4:41:3c:57:44:
                    38:a2:30:3a:e5:23:89:73:c5:60:62:08:80:4f:84:
                    16:ef:ae:3e:16:9c:af:db:3a:4e:78:7b:34:1f:f6:
                    0a:a0:24:fe:46:e3:40:15:4a:bc:ed:c0:82:09:fe:
                    18:9b:f7:0d:ff:70:a4:35:9b:44:ac:fd:d1:ad:25:
                    8f:a1:ba:01:e9:ab:da:15:25:97:93:b5:4e:b6:b2:
                    8d:79:54:95:e4:5a:63:2d:97:51:11:1d:75:fa:fb:
                    51:67:5d:e9:da:67:a0:6d:76:b0:59:53:1b:14:35:
                    3e:4b:e6:3d:0d:63:b0:ff:2e:bf:f1:2a:7b:b8:3d:
                    e9:af:14:5f:ce:e3:37:53:fe:68:68:d5:2f:22:03:
                    bb:1b:f1:68:47:81:7f:15:22:00:3c:f7:73:0e:12:
                    78:97:ab:3c:ef:a8:7a:ed:2c:e2:48:63:a2:a5:b1:
                    9f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:1A:65:80:31:CF:61:7A:F3:9D:C1:A4:76:41:24:D6:6C:12:3B:09
            X509v3 Authority Key Identifier:
                keyid:C1:D3:69:E6:6C:DB:E3:0D:7B:3A:FF:60:81:F2:0C:17:A9:8F:DC:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wdNp5mzb4w17Ov9ggfIMF6mP3Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/224351-3a47-4014-b395-a63479610968/1/ZBplgDHPYXrzncGkdkEk1mwSOwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/224351-3a47-4014-b395-a63479610968/1/wdNp5mzb4w17Ov9ggfIMF6mP3Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:31:b6:c9:13:27:54:ea:5c:0e:ca:3a:e8:b8:22:00:d0:c9:
         29:03:f7:cf:25:46:6a:2f:a6:cc:49:63:11:02:1f:15:8b:ca:
         3c:e8:1e:96:67:f4:a4:2d:91:c9:10:2d:19:f7:b9:89:ad:3c:
         64:23:bf:69:bb:d4:d3:6a:d5:0d:7a:56:62:a6:3b:e8:e6:83:
         58:6c:63:6a:ad:3c:0e:aa:0a:9f:49:99:33:f4:43:17:13:6c:
         9c:f7:9f:19:36:7e:f8:f0:33:0b:a4:92:fd:4e:74:04:fa:c4:
         0f:bc:d0:4e:25:62:f7:28:6e:dd:f1:de:5b:9d:4e:67:4d:93:
         52:c7:78:a0:85:c7:49:cc:b5:e2:d7:9f:61:b2:c3:e9:73:5f:
         15:e8:e8:3e:2e:95:89:31:de:dc:64:87:be:93:80:78:7b:93:
         93:56:7f:e1:70:76:cb:d6:a3:ba:b2:10:4f:3b:d7:71:eb:49:
         08:f0:78:d2:e3:0a:1d:4a:a6:d5:a7:be:45:51:74:33:7a:9b:
         ca:98:d2:39:f1:1b:ab:d2:cf:39:89:9f:91:02:14:84:9c:dc:
         ce:89:8b:ea:ab:d1:33:2d:11:98:9b:5f:15:42:ac:aa:8d:99:
         23:c4:90:5c:4c:42:4a:f5:c5:6d:05:dc:f2:0a:d2:91:7e:69:
         eb:e0:0c:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEECZ2gFtGLv6pOnZeDsNOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZDM2OWU2NmNkYmUzMGQ3YjNhZmY2MDgxZjIwYzE3YTk4
ZmRjNWIwHhcNMjQwNzMwMTQyNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDFhNjU4MDMxY2Y2MTdhZjM5ZGMxYTQ3NjQxMjRkNjZjMTIzYjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcFsJiTLGIyUsxrp0MbTRMszeJxF
Pa9saH4Jj0JKrcodT12ugMWL7jZZl8v7Ndj5I1UDob2Pd1qeX/Ylw1eA6bFANCBi
va/skTqoA5B9F+2QNGLs9EE8V0Q4ojA65SOJc8VgYgiAT4QW764+Fpyv2zpOeHs0
H/YKoCT+RuNAFUq87cCCCf4Ym/cN/3CkNZtErP3RrSWPoboB6avaFSWXk7VOtrKN
eVSV5FpjLZdRER11+vtRZ13p2megbXawWVMbFDU+S+Y9DWOw/y6/8Sp7uD3prxRf
zuM3U/5oaNUvIgO7G/FoR4F/FSIAPPdzDhJ4l6s876h67SziSGOipbGfywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQaZYAxz2F6853BpHZBJNZsEjsJMB8GA1UdIwQY
MBaAFMHTaeZs2+MNezr/YIHyDBepj9xbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2ROcDVtemI0dzE3T3Y5Z2dmSU1GNm1QM0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yMjQzNTEtM2E0Ny00MDE0LWIzOTUt
YTYzNDc5NjEwOTY4LzEvWkJwbGdESFBZWHJ6bmNHa2RrRWsxbXdTT3drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yMjQzNTEtM2E0Ny00MDE0LWIzOTUtYTYzNDc5NjEwOTY4
LzEvd2ROcDVtemI0dzE3T3Y5Z2dmSU1GNm1QM0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVhOMA0G
CSqGSIb3DQEBCwUAA4IBAQAEMbbJEydU6lwOyjrouCIA0MkpA/fPJUZqL6bMSWMR
Ah8Vi8o86B6WZ/SkLZHJEC0Z97mJrTxkI79pu9TTatUNelZipjvo5oNYbGNqrTwO
qgqfSZkz9EMXE2yc958ZNn748DMLpJL9TnQE+sQPvNBOJWL3KG7d8d5bnU5nTZNS
x3ighcdJzLXi159hssPpc18V6Og+LpWJMd7cZIe+k4B4e5OTVn/hcHbL1qO6shBP
O9dx60kI8HjS4wodSqbVp75FUXQzepvKmNI58Rur0s85iZ+RAhSEnNzOiYvqq9Ez
LRGYm18VQqyqjZkjxJBcTEJK9cVtBdzyCtKRfmnr4AyS
-----END CERTIFICATE-----