Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/ZVLlW76AiqFm-Vu6WiohrwuwBXA.roa
File:                     ZVLlW76AiqFm-Vu6WiohrwuwBXA.roa (raw, json)
Hash identifier:          FhshLPpj1QHLE4QBA2raYSLjgLt6K43L3/QQeFa2UGQ=
Subject key identifier:   65:52:E5:5B:BE:80:8A:A1:66:F9:5B:BA:5A:2A:21:AF:0B:B0:05:70
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       01921A0E785F658DB04F3DCFD0557E9B25A7
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/ZVLlW76AiqFm-Vu6WiohrwuwBXA.roa
Signing time:             Sun 22 Sep 2024 14:06:48 +0000
ROA not before:           Sun 22 Sep 2024 14:06:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        188.191.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1a:0e:78:5f:65:8d:b0:4f:3d:cf:d0:55:7e:9b:25:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Sep 22 14:06:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6552e55bbe808aa166f95bba5a2a21af0bb00570
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:51:2a:4f:2f:4b:0e:27:e7:91:58:38:2e:ca:
                    4e:9c:22:11:56:ae:6a:5c:86:e9:95:d2:dd:4d:4f:
                    9c:45:67:03:04:0a:1f:a0:71:3d:98:29:a7:28:0c:
                    1f:af:fb:1e:41:56:a9:4a:90:4d:4f:f1:47:8f:19:
                    e5:fc:6f:be:0f:e8:08:d4:60:c4:7c:bc:4e:f6:01:
                    d5:23:47:75:5f:df:f0:de:01:ec:76:32:f6:bf:70:
                    d7:1d:1b:6b:38:65:4c:bc:49:97:b2:cd:6c:89:38:
                    9b:af:19:2c:f6:b4:21:b6:52:2d:f1:d5:49:68:12:
                    2d:57:b7:89:4a:18:1c:e5:4e:8e:e9:8c:37:0a:76:
                    88:52:8c:0e:cd:d4:13:e5:50:05:65:d0:c1:d3:3e:
                    37:32:79:e2:23:4a:d5:f9:42:cc:d1:10:a4:fe:ad:
                    d0:ce:02:68:c5:24:33:f1:f8:b6:74:e6:f0:ad:e4:
                    2e:aa:92:4d:5e:a2:74:af:ad:d9:88:db:aa:80:d2:
                    b5:0c:64:96:96:ee:37:bf:e5:32:0b:85:f2:66:d1:
                    0f:da:48:b0:82:6a:85:54:6e:91:bd:3c:97:c3:8b:
                    81:e8:1a:5b:a2:1f:d9:c5:35:e1:ff:8f:73:eb:9c:
                    75:01:b0:da:ba:77:c0:8a:ac:9c:48:c8:ad:69:98:
                    0a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:52:E5:5B:BE:80:8A:A1:66:F9:5B:BA:5A:2A:21:AF:0B:B0:05:70
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/ZVLlW76AiqFm-Vu6WiohrwuwBXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:3e:06:e4:36:48:33:fe:4c:ca:50:26:52:48:77:c3:34:7d:
         cd:cf:25:b1:a5:15:01:e1:26:f7:bd:bd:d3:41:1b:d6:ff:e3:
         2d:28:ee:37:13:cd:0c:ed:19:e8:04:9b:0e:1f:2b:32:d2:3c:
         03:c7:f4:bb:14:e6:82:77:74:60:8f:88:bc:9a:89:8a:3a:6e:
         c7:a4:18:c0:47:a2:74:e3:87:98:76:94:9c:ab:3c:68:b6:5d:
         5e:c7:cc:bc:cb:96:af:b3:9d:5d:cb:a9:e9:c2:77:f2:5b:93:
         18:ea:e3:7b:a5:fc:b4:d1:2d:7f:81:72:52:39:8c:c8:2d:d7:
         d6:6e:89:80:c9:a8:a4:04:af:99:8f:d8:5f:82:63:6f:ab:94:
         03:c0:08:d4:3a:85:c1:1d:ef:0e:da:88:64:36:76:ea:f0:a6:
         66:1b:01:bb:1d:7c:5f:89:6b:54:8c:b6:83:fd:7a:47:f9:bb:
         31:2e:f3:34:bc:1c:cd:b5:4c:de:b6:95:7e:5a:27:a2:59:47:
         a0:d1:36:a8:e6:b7:75:fb:6c:07:0f:0f:7c:c5:50:ae:c3:fd:
         ee:ee:ff:24:6a:d9:87:98:37:3e:38:4d:fe:c0:41:7e:22:4e:
         f2:3b:36:e7:9a:a0:5f:8f:48:2d:1e:5f:f7:fb:a3:0a:a5:ac:
         5b:d0:60:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIaDnhfZY2wTz3P0FV+myWnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQwOTIyMTQwNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTUyZTU1YmJlODA4YWExNjZmOTViYmE1YTJhMjFhZjBiYjAwNTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1EqTy9LDifnkVg4LspOnCIRVq5q
XIbpldLdTU+cRWcDBAofoHE9mCmnKAwfr/seQVapSpBNT/FHjxnl/G++D+gI1GDE
fLxO9gHVI0d1X9/w3gHsdjL2v3DXHRtrOGVMvEmXss1siTibrxks9rQhtlIt8dVJ
aBItV7eJShgc5U6O6Yw3CnaIUowOzdQT5VAFZdDB0z43MnniI0rV+ULM0RCk/q3Q
zgJoxSQz8fi2dObwreQuqpJNXqJ0r63ZiNuqgNK1DGSWlu43v+UyC4XyZtEP2kiw
gmqFVG6RvTyXw4uB6Bpboh/ZxTXh/49z65x1AbDaunfAiqycSMitaZgKfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVS5Vu+gIqhZvlbuloqIa8LsAVwMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvWlZMbFc3NkFpcUZtLVZ1Nldpb2hyd3V3QlhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9gMA0G
CSqGSIb3DQEBCwUAA4IBAQCAPgbkNkgz/kzKUCZSSHfDNH3NzyWxpRUB4Sb3vb3T
QRvW/+MtKO43E80M7RnoBJsOHysy0jwDx/S7FOaCd3Rgj4i8momKOm7HpBjAR6J0
44eYdpScqzxotl1ex8y8y5avs51dy6npwnfyW5MY6uN7pfy00S1/gXJSOYzILdfW
bomAyaikBK+Zj9hfgmNvq5QDwAjUOoXBHe8O2ohkNnbq8KZmGwG7HXxfiWtUjLaD
/XpH+bsxLvM0vBzNtUzetpV+WieiWUeg0Tao5rd1+2wHDw98xVCuw/3u7v8katmH
mDc+OE3+wEF+Ik7yOzbnmqBfj0gtHl/3+6MKpaxb0GCR
-----END CERTIFICATE-----