Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/Z84wjCG4uN9uclHFrFKwe4euU0A.roa
File:                     Z84wjCG4uN9uclHFrFKwe4euU0A.roa (raw, json)
Hash identifier:          wPl97ATSY771gCdeAQZXvjfoSexNRCpTXW1D18m7iCs=
Subject key identifier:   67:CE:30:8C:21:B8:B8:DF:6E:72:51:C5:AC:52:B0:7B:87:AE:53:40
Certificate issuer:       /CN=f98dfff7f3cdaa79aa8c51f5ce12b23870644081
Certificate serial:       018D12934093721ED67558A6ABC295AD69E8
Authority key identifier: F9:8D:FF:F7:F3:CD:AA:79:AA:8C:51:F5:CE:12:B2:38:70:64:40:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/Z84wjCG4uN9uclHFrFKwe4euU0A.roa
Signing time:             Tue 16 Jan 2024 14:00:56 +0000
ROA not before:           Tue 16 Jan 2024 14:00:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        195.62.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:12:93:40:93:72:1e:d6:75:58:a6:ab:c2:95:ad:69:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f98dfff7f3cdaa79aa8c51f5ce12b23870644081
        Validity
            Not Before: Jan 16 14:00:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67ce308c21b8b8df6e7251c5ac52b07b87ae5340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:84:59:00:a5:c6:5e:eb:c8:05:f5:07:23:7e:
                    6a:ef:5a:c1:55:61:f6:53:83:d5:b6:d7:92:67:df:
                    52:34:67:09:29:74:36:a2:79:df:cc:97:c0:2a:c4:
                    e2:8f:ea:11:b2:e0:14:f9:a6:65:74:d3:f0:30:0b:
                    6e:99:7f:7e:0f:95:6e:43:00:9c:33:8e:dd:05:61:
                    6d:c0:2c:c1:56:8c:b7:7b:14:32:b3:65:ed:21:89:
                    ab:8b:60:4b:4c:47:19:00:19:86:37:d2:54:71:9a:
                    51:85:03:61:fd:f2:8c:df:35:56:e2:57:b6:1b:78:
                    60:66:03:60:42:55:76:9d:f3:65:39:02:10:72:49:
                    37:d0:b7:51:e4:57:80:95:05:f5:13:ac:8e:de:16:
                    ef:5e:bd:34:c6:61:15:22:e9:79:d4:7b:84:76:c9:
                    79:ee:20:0f:22:9c:83:61:d8:e0:a5:64:82:ba:85:
                    38:f0:61:fe:31:23:aa:b4:6d:27:4c:19:ef:da:d2:
                    80:e8:8b:64:5e:9d:1e:27:3a:87:84:90:64:dd:5a:
                    1b:71:60:e4:9f:98:e4:59:a9:31:ca:ef:65:66:f9:
                    f1:49:d9:7a:4c:1a:42:1b:fe:1b:b0:68:20:2c:f8:
                    40:0a:e3:88:fb:e9:ac:cd:ab:7e:15:dd:2e:93:91:
                    ee:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:CE:30:8C:21:B8:B8:DF:6E:72:51:C5:AC:52:B0:7B:87:AE:53:40
            X509v3 Authority Key Identifier:
                keyid:F9:8D:FF:F7:F3:CD:AA:79:AA:8C:51:F5:CE:12:B2:38:70:64:40:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/Z84wjCG4uN9uclHFrFKwe4euU0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/5471a8-aedf-4d86-a46d-788c6306bb3f/1/1-Y3_9_PNqnmqjFH1zhKyOHBkQIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:28:fd:37:bc:2e:72:ba:09:8d:10:76:90:8f:69:c3:80:79:
         65:82:79:06:46:90:4f:52:e9:ec:5d:3e:ef:db:09:c2:2e:85:
         b1:9f:43:04:62:fb:f8:c6:3a:83:cd:57:3c:70:70:74:ad:1a:
         44:67:59:28:28:51:83:98:a6:db:f8:71:64:4a:50:50:48:71:
         0c:8a:c1:05:09:f4:03:64:60:1d:71:86:67:42:54:59:e7:57:
         da:98:8d:7d:25:df:5c:63:2a:8f:91:82:28:57:51:c2:49:44:
         48:3b:17:02:6e:8b:c4:8d:80:70:2a:9f:25:d9:39:6f:21:09:
         c3:d1:d1:cc:c7:5e:c6:7b:ed:4a:5a:d7:e9:ce:32:c1:43:03:
         49:37:58:99:7f:af:10:43:60:ec:ce:9f:c7:3e:51:42:be:9f:
         a5:6f:52:15:c0:97:0b:76:af:f7:4e:a8:1b:82:75:e5:ac:3b:
         f9:0d:15:bb:03:2f:1e:c1:40:1e:9c:1d:e9:48:90:63:42:39:
         b8:a1:a5:20:55:4c:64:b3:16:52:71:d5:37:00:27:1c:d2:4c:
         52:be:d9:f3:d8:76:33:fa:a9:15:11:14:86:73:53:0e:a6:d2:
         ea:f0:60:1c:4f:2f:00:0f:a1:e7:06:75:b2:b3:d1:b4:0b:d7:
         7c:32:94:93
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY0Sk0CTch7WdVimq8KVrWnoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5OGRmZmY3ZjNjZGFhNzlhYThjNTFmNWNlMTJiMjM4NzA2
NDQwODEwHhcNMjQwMTE2MTQwMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2NlMzA4YzIxYjhiOGRmNmU3MjUxYzVhYzUyYjA3Yjg3YWU1MzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4oRZAKXGXuvIBfUHI35q71rBVWH2
U4PVtteSZ99SNGcJKXQ2onnfzJfAKsTij+oRsuAU+aZldNPwMAtumX9+D5VuQwCc
M47dBWFtwCzBVoy3exQys2XtIYmri2BLTEcZABmGN9JUcZpRhQNh/fKM3zVW4le2
G3hgZgNgQlV2nfNlOQIQckk30LdR5FeAlQX1E6yO3hbvXr00xmEVIul51HuEdsl5
7iAPIpyDYdjgpWSCuoU48GH+MSOqtG0nTBnv2tKA6ItkXp0eJzqHhJBk3VobcWDk
n5jkWakxyu9lZvnxSdl6TBpCG/4bsGggLPhACuOI++mszat+Fd0uk5HuRQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGfOMIwhuLjfbnJRxaxSsHuHrlNAMB8GA1UdIwQY
MBaAFPmN//fzzap5qoxR9c4SsjhwZECBMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1ZM185X1BOcW5tcWpGSDF6aEt5T0hCa1FJRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjgvNTQ3MWE4LWFlZGYtNGQ4Ni1hNDZk
LTc4OGM2MzA2YmIzZi8xL1o4NHdqQ0c0dU45dWNsSEZyRkt3ZTRldVUwQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjgvNTQ3MWE4LWFlZGYtNGQ4Ni1hNDZkLTc4OGM2MzA2YmIz
Zi8xLzEtWTNfOV9QTnFubXFqRkgxemhLeU9IQmtRSUUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDPjIw
DQYJKoZIhvcNAQELBQADggEBAFko/Te8LnK6CY0QdpCPacOAeWWCeQZGkE9S6exd
Pu/bCcIuhbGfQwRi+/jGOoPNVzxwcHStGkRnWSgoUYOYptv4cWRKUFBIcQyKwQUJ
9ANkYB1xhmdCVFnnV9qYjX0l31xjKo+RgihXUcJJREg7FwJui8SNgHAqnyXZOW8h
CcPR0czHXsZ77Upa1+nOMsFDA0k3WJl/rxBDYOzOn8c+UUK+n6VvUhXAlwt2r/dO
qBuCdeWsO/kNFbsDLx7BQB6cHelIkGNCObihpSBVTGSzFlJx1TcAJxzSTFK+2fPY
djP6qRURFIZzUw6m0urwYBxPLwAPoecGdbKz0bQL13wylJM=
-----END CERTIFICATE-----