Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/09c538-b260-44ab-9166-4258ee4de91e/1/Z3KBABiqWZcaTP-LR48ilDGmr80.roa
File:                     Z3KBABiqWZcaTP-LR48ilDGmr80.roa (raw, json)
Hash identifier:          29KqLZnznCR6BdzPVF+Lq6aPDIO780NX73twzGt8BAI=
Subject key identifier:   67:72:81:00:18:AA:59:97:1A:4C:FF:8B:47:8F:22:94:31:A6:AF:CD
Certificate issuer:       /CN=c5420eb5d94f0fab862e0840414f432b785e6054
Certificate serial:       01906DC273F28F8DD0772CEB1F730AA054F8
Authority key identifier: C5:42:0E:B5:D9:4F:0F:AB:86:2E:08:40:41:4F:43:2B:78:5E:60:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xUIOtdlPD6uGLghAQU9DK3heYFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/09c538-b260-44ab-9166-4258ee4de91e/1/Z3KBABiqWZcaTP-LR48ilDGmr80.roa
Signing time:             Mon 01 Jul 2024 10:06:18 +0000
ROA not before:           Mon 01 Jul 2024 10:06:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9177
IP address blocks:        46.172.96.0/20 maxlen: 24
                          81.161.208.0/20 maxlen: 24
                          83.97.0.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/09c538-b260-44ab-9166-4258ee4de91e/1/xUIOtdlPD6uGLghAQU9DK3heYFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/09c538-b260-44ab-9166-4258ee4de91e/1/xUIOtdlPD6uGLghAQU9DK3heYFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xUIOtdlPD6uGLghAQU9DK3heYFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6d:c2:73:f2:8f:8d:d0:77:2c:eb:1f:73:0a:a0:54:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5420eb5d94f0fab862e0840414f432b785e6054
        Validity
            Not Before: Jul  1 10:06:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6772810018aa59971a4cff8b478f229431a6afcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:91:69:8e:31:2e:19:d1:4a:96:b8:c3:39:0e:
                    e4:9d:3b:3a:3d:80:9a:de:64:94:ed:06:b7:1b:67:
                    a7:ff:2d:15:c7:49:96:1f:17:6d:4b:f8:92:91:b2:
                    ba:36:e3:01:18:a0:63:98:66:f3:1c:67:60:ca:71:
                    b2:c2:87:64:97:8f:df:42:17:a1:3e:6c:97:cf:c0:
                    82:66:ff:7d:18:a0:16:ee:d2:ff:a0:b0:d5:3e:ec:
                    81:68:06:24:46:44:d2:8b:61:71:aa:03:d5:d4:9a:
                    ee:72:f2:9f:96:bd:5d:b1:5c:41:33:05:0e:d0:04:
                    b8:71:5f:13:78:80:92:0c:8f:28:1d:39:6c:14:c7:
                    b4:17:54:f3:8c:9a:2b:5d:2c:d6:65:73:49:fd:ce:
                    e2:48:1f:58:71:72:2d:4d:2a:21:aa:95:dd:4c:06:
                    0c:78:c9:cc:ad:6c:4f:79:f2:dd:e1:26:57:dc:12:
                    b8:af:79:cb:75:8d:fe:ab:61:46:e9:ca:1b:97:d5:
                    f9:ce:5d:57:ef:b9:b0:ab:53:e0:93:c2:39:02:bf:
                    4b:6d:15:1d:4b:04:d2:dc:03:a5:8f:3f:c1:79:9d:
                    85:3a:45:1d:3a:6a:74:78:34:76:88:64:5e:bb:a5:
                    ca:db:cd:83:22:fe:d8:4f:9f:da:2b:17:d1:3a:32:
                    23:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:72:81:00:18:AA:59:97:1A:4C:FF:8B:47:8F:22:94:31:A6:AF:CD
            X509v3 Authority Key Identifier:
                keyid:C5:42:0E:B5:D9:4F:0F:AB:86:2E:08:40:41:4F:43:2B:78:5E:60:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xUIOtdlPD6uGLghAQU9DK3heYFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/09c538-b260-44ab-9166-4258ee4de91e/1/Z3KBABiqWZcaTP-LR48ilDGmr80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/09c538-b260-44ab-9166-4258ee4de91e/1/xUIOtdlPD6uGLghAQU9DK3heYFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.172.96.0/20
                  81.161.208.0/20
                  83.97.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7b:c5:26:ca:b8:d5:70:c1:fc:77:66:86:3e:09:98:10:87:f0:
         95:2f:58:9f:2f:77:79:4f:81:b2:e4:99:a9:7e:51:f5:3a:11:
         30:5b:94:e4:0f:2a:45:80:bf:04:05:b8:8b:cb:56:5c:7b:56:
         c5:41:84:18:33:7b:99:2d:60:c2:a0:23:59:d7:dc:2f:9e:36:
         d9:2b:e9:13:5a:5e:8f:e1:f1:4d:dc:c2:b9:43:fe:39:b7:d0:
         88:60:6f:94:43:0c:ff:db:c2:03:fa:bb:cd:86:dd:87:a3:ba:
         fd:12:f1:a1:29:60:46:3b:9f:e2:c8:4a:76:9e:02:ee:6a:89:
         b2:2c:fd:16:2b:e6:7d:da:7b:3c:70:7c:b3:50:83:92:2f:57:
         cb:4a:63:a7:e4:10:bb:41:f8:bf:db:99:89:0a:32:d3:dd:b5:
         8f:53:12:c7:5f:d6:67:1e:8a:89:69:3a:18:56:b5:2c:bd:f4:
         e5:9f:19:ae:a5:66:93:f4:14:63:26:b3:04:53:d0:83:33:02:
         d0:81:2e:d9:97:e9:03:03:52:46:ce:a8:4f:03:e7:a7:81:5b:
         5e:a3:8d:d2:7c:5a:5c:23:00:c7:8a:df:c0:14:33:93:4e:51:
         41:39:9c:5d:b5:99:15:61:77:47:89:95:40:52:c4:19:9d:9d:
         2b:02:56:86
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZBtwnPyj43QdyzrH3MKoFT4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NDIwZWI1ZDk0ZjBmYWI4NjJlMDg0MDQxNGY0MzJiNzg1
ZTYwNTQwHhcNMjQwNzAxMTAwNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzcyODEwMDE4YWE1OTk3MWE0Y2ZmOGI0NzhmMjI5NDMxYTZhZmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5FpjjEuGdFKlrjDOQ7knTs6PYCa
3mSU7Qa3G2en/y0Vx0mWHxdtS/iSkbK6NuMBGKBjmGbzHGdgynGywodkl4/fQheh
PmyXz8CCZv99GKAW7tL/oLDVPuyBaAYkRkTSi2FxqgPV1JrucvKflr1dsVxBMwUO
0AS4cV8TeICSDI8oHTlsFMe0F1TzjJorXSzWZXNJ/c7iSB9YcXItTSohqpXdTAYM
eMnMrWxPefLd4SZX3BK4r3nLdY3+q2FG6cobl9X5zl1X77mwq1Pgk8I5Ar9LbRUd
SwTS3AOljz/BeZ2FOkUdOmp0eDR2iGReu6XK282DIv7YT5/aKxfROjIjDwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGdygQAYqlmXGkz/i0ePIpQxpq/NMB8GA1UdIwQY
MBaAFMVCDrXZTw+rhi4IQEFPQyt4XmBUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFVJT3RkbFBENnVHTGdoQVFVOURLM2hlWUZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8wOWM1MzgtYjI2MC00NGFiLTkxNjYt
NDI1OGVlNGRlOTFlLzEvWjNLQkFCaXFXWmNhVFAtTFI0OGlsREdtcjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8wOWM1MzgtYjI2MC00NGFiLTkxNjYtNDI1OGVlNGRlOTFl
LzEveFVJT3RkbFBENnVHTGdoQVFVOURLM2hlWUZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQELqxgAwQE
UaHQAwQDU2EAMA0GCSqGSIb3DQEBCwUAA4IBAQB7xSbKuNVwwfx3ZoY+CZgQh/CV
L1ifL3d5T4Gy5JmpflH1OhEwW5TkDypFgL8EBbiLy1Zce1bFQYQYM3uZLWDCoCNZ
19wvnjbZK+kTWl6P4fFN3MK5Q/45t9CIYG+UQwz/28ID+rvNht2Ho7r9EvGhKWBG
O5/iyEp2ngLuaomyLP0WK+Z92ns8cHyzUIOSL1fLSmOn5BC7Qfi/25mJCjLT3bWP
UxLHX9ZnHoqJaToYVrUsvfTlnxmupWaT9BRjJrMEU9CDMwLQgS7Zl+kDA1JGzqhP
A+engVteo43SfFpcIwDHit/AFDOTTlFBOZxdtZkVYXdHiZVAUsQZnZ0rAlaG
-----END CERTIFICATE-----