Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/CZCsLmWAtamk8hPoM1dz4oO-oGE.roa
File:                     CZCsLmWAtamk8hPoM1dz4oO-oGE.roa (raw, json)
Hash identifier:          0YrsW9XbT3fjKoTm1NwavviDxQr4r2kHiysLJayur7I=
Subject key identifier:   09:90:AC:2E:65:80:B5:A9:A4:F2:13:E8:33:57:73:E2:83:BE:A0:61
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF5AE6426DE312BFB431767EE144A
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/CZCsLmWAtamk8hPoM1dz4oO-oGE.roa
Signing time:             Mon 01 Jan 2024 00:29:29 +0000
ROA not before:           Mon 01 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201044
IP address blocks:        213.199.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f5:ae:64:26:de:31:2b:fb:43:17:67:ee:14:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0990ac2e6580b5a9a4f213e8335773e283bea061
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:18:1d:15:03:2d:96:9c:38:f7:0c:fd:f3:1a:
                    06:42:df:e0:59:5b:32:b0:b4:29:15:29:d4:fe:40:
                    08:4c:0c:2e:68:f8:8b:bb:a0:26:f9:6f:5b:dd:7d:
                    da:7a:82:ab:6d:b9:cc:35:51:48:63:44:30:19:8c:
                    b7:46:74:47:fe:2b:df:49:75:66:56:49:e0:cf:0d:
                    40:9c:9d:83:a3:64:95:78:80:51:b4:1f:36:44:3c:
                    2a:46:f1:5e:58:37:17:68:f9:5f:88:1e:6c:af:23:
                    ed:26:96:5b:bc:65:37:94:35:dd:8e:47:1f:ba:45:
                    64:c6:f5:91:b6:33:7c:e0:de:4b:0f:45:c2:0d:81:
                    71:d8:e3:5d:49:fd:eb:13:d7:23:f4:83:6a:74:a6:
                    36:c9:be:ba:fa:73:b1:c3:04:a0:93:5e:4a:5e:26:
                    23:42:56:3c:b6:a7:5c:37:fc:6e:cd:f2:51:25:0b:
                    c3:c7:cc:2b:a1:dd:e9:f1:7c:6b:94:6a:b2:0f:ca:
                    9e:e5:10:cf:b2:91:ba:51:36:25:e3:fd:a9:ef:3d:
                    8e:51:ad:04:26:37:a6:c8:d5:fa:ad:09:ec:32:71:
                    55:bf:89:aa:9e:49:ab:20:15:a5:ac:46:d4:e2:b8:
                    7f:1a:26:78:2b:81:1c:87:31:a9:68:eb:80:7d:5d:
                    fa:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:90:AC:2E:65:80:B5:A9:A4:F2:13:E8:33:57:73:E2:83:BE:A0:61
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/CZCsLmWAtamk8hPoM1dz4oO-oGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.199.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:93:37:67:5e:47:2b:96:5f:48:60:56:04:3b:20:89:6f:69:
         f0:b9:b7:d6:c2:86:86:ab:ff:91:45:c5:4f:84:7d:63:80:66:
         ce:75:15:e2:a7:8f:6c:65:5a:a9:ad:61:7c:f3:92:9a:5a:3e:
         52:a0:89:d4:36:9d:d2:d0:83:d4:2a:7b:88:07:03:a4:14:b1:
         5c:37:bd:a7:88:b7:a9:2d:7f:99:9c:e8:19:10:e7:4d:3e:e6:
         44:16:57:1d:de:51:ba:fa:6d:75:f0:f8:f1:d0:fe:ba:49:6a:
         3f:5a:56:e6:37:9a:08:c2:07:cb:dd:6a:5f:60:3a:c2:1f:83:
         05:a6:f6:13:13:ff:a2:42:5b:e2:d7:bb:a6:56:77:86:68:a0:
         b6:16:94:14:79:36:cb:1e:02:f8:63:b8:ac:21:47:c6:b3:8e:
         75:0f:67:b1:9b:36:66:09:f5:6a:68:9f:20:d4:4c:6f:e7:ac:
         e0:13:cf:3c:9a:4c:58:38:43:fd:4b:37:f4:8b:bc:9b:c6:d7:
         30:ca:bd:6e:00:fa:fb:b9:31:d0:b4:cf:4f:34:e7:7d:5c:97:
         39:26:ae:dd:b9:6c:9c:d3:eb:74:21:2e:3e:55:da:15:e6:57:
         b4:cc:89:4a:fc:35:42:39:9a:8b:6c:af:ee:dc:d3:0e:85:7f:
         60:c1:b4:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPWuZCbeMSv7Qxdn7hRKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTkwYWMyZTY1ODBiNWE5YTRmMjEzZTgzMzU3NzNlMjgzYmVhMDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBgdFQMtlpw49wz98xoGQt/gWVsy
sLQpFSnU/kAITAwuaPiLu6Am+W9b3X3aeoKrbbnMNVFIY0QwGYy3RnRH/ivfSXVm
Vkngzw1AnJ2Do2SVeIBRtB82RDwqRvFeWDcXaPlfiB5sryPtJpZbvGU3lDXdjkcf
ukVkxvWRtjN84N5LD0XCDYFx2ONdSf3rE9cj9INqdKY2yb66+nOxwwSgk15KXiYj
QlY8tqdcN/xuzfJRJQvDx8wrod3p8XxrlGqyD8qe5RDPspG6UTYl4/2p7z2OUa0E
JjemyNX6rQnsMnFVv4mqnkmrIBWlrEbU4rh/GiZ4K4EchzGpaOuAfV36IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmQrC5lgLWppPIT6DNXc+KDvqBhMB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvQ1pDc0xtV0F0YW1rOGhQb00xZHo0b08tb0dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cf7MA0G
CSqGSIb3DQEBCwUAA4IBAQAKkzdnXkcrll9IYFYEOyCJb2nwubfWwoaGq/+RRcVP
hH1jgGbOdRXip49sZVqprWF885KaWj5SoInUNp3S0IPUKnuIBwOkFLFcN72niLep
LX+ZnOgZEOdNPuZEFlcd3lG6+m118Pjx0P66SWo/WlbmN5oIwgfL3WpfYDrCH4MF
pvYTE/+iQlvi17umVneGaKC2FpQUeTbLHgL4Y7isIUfGs451D2exmzZmCfVqaJ8g
1Exv56zgE888mkxYOEP9Szf0i7ybxtcwyr1uAPr7uTHQtM9PNOd9XJc5Jq7duWyc
0+t0IS4+VdoV5le0zIlK/DVCOZqLbK/u3NMOhX9gwbQW
-----END CERTIFICATE-----