Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/0c4392-2754-4e33-a02f-7bfb4381ab54/1/zt5_vqdq6MSwkfhrn2MtEX60Hw4.roa
File:                     zt5_vqdq6MSwkfhrn2MtEX60Hw4.roa (raw, json)
Hash identifier:          GnvHr13R1Hp9loaIJhANZd2Jf/9Zalmyth2nmyIlPTc=
Subject key identifier:   CE:DE:7F:BE:A7:6A:E8:C4:B0:91:F8:6B:9F:63:2D:11:7E:B4:1F:0E
Certificate issuer:       /CN=bde636ff523e5f3734227f33c44c2e50ff8d1ee2
Certificate serial:       018CC6B7A609272C9E2226170AB29DA25E1C
Authority key identifier: BD:E6:36:FF:52:3E:5F:37:34:22:7F:33:C4:4C:2E:50:FF:8D:1E:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/veY2_1I-Xzc0In8zxEwuUP-NHuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/0c4392-2754-4e33-a02f-7bfb4381ab54/1/zt5_vqdq6MSwkfhrn2MtEX60Hw4.roa
Signing time:             Mon 01 Jan 2024 20:29:33 +0000
ROA not before:           Mon 01 Jan 2024 20:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61108
IP address blocks:        178.238.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/0c4392-2754-4e33-a02f-7bfb4381ab54/1/veY2_1I-Xzc0In8zxEwuUP-NHuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/0c4392-2754-4e33-a02f-7bfb4381ab54/1/veY2_1I-Xzc0In8zxEwuUP-NHuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/veY2_1I-Xzc0In8zxEwuUP-NHuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a6:09:27:2c:9e:22:26:17:0a:b2:9d:a2:5e:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bde636ff523e5f3734227f33c44c2e50ff8d1ee2
        Validity
            Not Before: Jan  1 20:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cede7fbea76ae8c4b091f86b9f632d117eb41f0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:53:16:77:2d:36:64:3a:cb:32:16:b7:06:90:
                    1a:43:23:89:e8:b6:8f:51:44:e2:c5:08:e4:6f:11:
                    91:c7:0e:e1:f1:6d:0f:5e:85:ac:2a:0c:01:5e:66:
                    a2:28:09:16:28:7c:c3:88:27:66:33:34:0c:6d:df:
                    27:f6:5c:79:46:6b:bd:63:ed:25:d2:6e:ad:a0:a8:
                    97:33:f9:78:59:c9:e7:9b:59:df:3d:4f:e3:e3:e8:
                    fe:3c:5c:1b:65:ce:97:c9:80:ea:f2:a2:96:4b:e5:
                    f5:29:e1:0e:a3:a9:f0:bf:7e:3b:b1:a5:fe:90:2c:
                    a5:5e:e8:50:13:0c:b9:71:5b:1d:a3:d3:71:55:96:
                    34:e4:fa:12:9d:9d:ab:0d:02:eb:1f:91:ff:b1:99:
                    b6:1f:b3:92:c6:98:6d:80:fc:b3:2c:76:8b:9f:3c:
                    f9:3d:69:aa:d1:69:76:df:7f:a0:a4:17:33:fe:d9:
                    f1:af:5b:1e:48:1b:31:f5:ec:c9:4a:ca:cc:cc:6d:
                    e8:40:0f:9f:b1:da:d1:68:2f:c8:29:3d:8c:28:97:
                    98:19:be:17:65:e6:98:a8:06:c3:5f:f8:13:20:ee:
                    ed:43:d1:53:b3:f9:be:cf:5b:10:76:a5:a3:5e:49:
                    03:9b:15:35:72:5a:0a:ce:d7:da:86:d8:cf:13:7f:
                    03:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:DE:7F:BE:A7:6A:E8:C4:B0:91:F8:6B:9F:63:2D:11:7E:B4:1F:0E
            X509v3 Authority Key Identifier:
                keyid:BD:E6:36:FF:52:3E:5F:37:34:22:7F:33:C4:4C:2E:50:FF:8D:1E:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/veY2_1I-Xzc0In8zxEwuUP-NHuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/0c4392-2754-4e33-a02f-7bfb4381ab54/1/zt5_vqdq6MSwkfhrn2MtEX60Hw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/0c4392-2754-4e33-a02f-7bfb4381ab54/1/veY2_1I-Xzc0In8zxEwuUP-NHuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.238.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:b1:2f:4b:38:ff:cb:99:fe:42:45:20:61:88:6c:d2:08:29:
         94:98:bc:60:37:84:4c:4d:ad:6a:cc:1e:93:14:f3:ee:cf:a0:
         d0:06:be:a8:6d:7a:71:60:ef:60:73:6f:99:c7:64:42:b4:ba:
         76:1b:45:23:e5:38:c5:ac:12:3b:b2:22:a9:be:2d:b8:6c:e6:
         b0:a6:cf:39:79:23:3b:08:39:36:ec:46:63:29:4e:e7:f2:5b:
         3c:94:89:24:2a:48:c4:3e:78:bf:ce:7a:32:87:38:88:e9:ce:
         35:a3:28:71:46:67:f7:61:00:92:c0:54:19:32:7b:ce:7a:34:
         42:7c:95:21:ea:fb:48:3e:bf:58:bc:5f:27:b4:b3:6d:de:a1:
         34:99:aa:65:10:25:c6:ca:29:ad:20:66:4a:ff:48:f5:99:d5:
         a0:57:13:0e:d0:e2:64:16:ff:b0:e7:9c:2a:09:f2:9b:94:f7:
         ef:62:a5:b8:4b:d7:6a:94:88:4f:fc:dd:d1:dd:c4:b3:2e:c4:
         f9:bd:26:f2:59:c6:83:59:e8:b2:b8:70:c2:c6:00:c7:61:27:
         69:d9:b7:61:7f:2e:ad:90:ec:ae:f2:4f:6b:5d:07:4c:65:8a:
         97:1b:26:b4:40:57:2c:e6:2e:89:6e:d2:3c:8d:f5:29:84:98:
         fd:52:7e:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6YJJyyeIiYXCrKdol4cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZTYzNmZmNTIzZTVmMzczNDIyN2YzM2M0NGMyZTUwZmY4
ZDFlZTIwHhcNMjQwMTAxMjAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWRlN2ZiZWE3NmFlOGM0YjA5MWY4NmI5ZjYzMmQxMTdlYjQxZjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1MWdy02ZDrLMha3BpAaQyOJ6LaP
UUTixQjkbxGRxw7h8W0PXoWsKgwBXmaiKAkWKHzDiCdmMzQMbd8n9lx5Rmu9Y+0l
0m6toKiXM/l4Wcnnm1nfPU/j4+j+PFwbZc6XyYDq8qKWS+X1KeEOo6nwv347saX+
kCylXuhQEwy5cVsdo9NxVZY05PoSnZ2rDQLrH5H/sZm2H7OSxphtgPyzLHaLnzz5
PWmq0Wl233+gpBcz/tnxr1seSBsx9ezJSsrMzG3oQA+fsdrRaC/IKT2MKJeYGb4X
ZeaYqAbDX/gTIO7tQ9FTs/m+z1sQdqWjXkkDmxU1cloKztfahtjPE38DkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM7ef76naujEsJH4a59jLRF+tB8OMB8GA1UdIwQY
MBaAFL3mNv9SPl83NCJ/M8RMLlD/jR7iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmVZMl8xSS1YemMwSW44enhFd3VVUC1OSHVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8wYzQzOTItMjc1NC00ZTMzLWEwMmYt
N2JmYjQzODFhYjU0LzEvenQ1X3ZxZHE2TVN3a2Zocm4yTXRFWDYwSHc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8wYzQzOTItMjc1NC00ZTMzLWEwMmYtN2JmYjQzODFhYjU0
LzEvdmVZMl8xSS1YemMwSW44enhFd3VVUC1OSHVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsu4AMA0G
CSqGSIb3DQEBCwUAA4IBAQAJsS9LOP/Lmf5CRSBhiGzSCCmUmLxgN4RMTa1qzB6T
FPPuz6DQBr6obXpxYO9gc2+Zx2RCtLp2G0Uj5TjFrBI7siKpvi24bOawps85eSM7
CDk27EZjKU7n8ls8lIkkKkjEPni/znoyhziI6c41oyhxRmf3YQCSwFQZMnvOejRC
fJUh6vtIPr9YvF8ntLNt3qE0maplECXGyimtIGZK/0j1mdWgVxMO0OJkFv+w55wq
CfKblPfvYqW4S9dqlIhP/N3R3cSzLsT5vSbyWcaDWeiyuHDCxgDHYSdp2bdhfy6t
kOyu8k9rXQdMZYqXGya0QFcs5i6JbtI8jfUphJj9Un5C
-----END CERTIFICATE-----