Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/zCs_EM_c30USVyYkAvT8xfT2dPE.roa
File:                     zCs_EM_c30USVyYkAvT8xfT2dPE.roa (raw, json)
Hash identifier:          XMocI/wRMXrsdSLruue+nCp+tKr96xjDzAEjkbKJzGw=
Subject key identifier:   CC:2B:3F:10:CF:DC:DF:45:12:57:26:24:02:F4:FC:C5:F4:F6:74:F1
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018E7F898F89CB735C9C247BA4A60D623F10
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/zCs_EM_c30USVyYkAvT8xfT2dPE.roa
Signing time:             Wed 27 Mar 2024 10:51:45 +0000
ROA not before:           Wed 27 Mar 2024 10:51:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3292
IP address blocks:        2.21.28.0/22 maxlen: 22
                          2a02:26f0:116::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 12:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:89:8f:89:cb:73:5c:9c:24:7b:a4:a6:0d:62:3f:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Mar 27 10:51:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc2b3f10cfdcdf451257262402f4fcc5f4f674f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:13:d9:7a:37:b0:ff:62:0b:b5:b7:cf:a4:82:
                    cf:45:01:98:c3:7b:28:7f:d2:57:e1:1d:ef:69:eb:
                    b1:e3:50:8f:e5:92:96:f3:d1:75:24:02:8d:36:e9:
                    ec:5c:40:09:94:d9:15:49:f3:84:c7:45:9b:bb:9a:
                    7e:07:1f:85:06:ba:e6:7b:8b:a7:d9:11:89:86:30:
                    64:6d:bf:69:1e:34:cb:9f:2e:41:01:90:52:48:d7:
                    47:96:a0:75:85:27:3d:81:32:c1:b7:9f:8f:b0:2f:
                    97:25:25:4e:27:dd:20:9e:fb:ae:a0:c7:78:75:5a:
                    0c:23:f7:74:e3:fa:52:9a:c7:0a:57:0e:1d:51:1d:
                    dc:8a:21:6d:25:65:bf:04:e6:98:ee:32:2e:31:65:
                    3f:88:f9:1a:97:83:c4:87:dd:e8:f9:da:fd:1d:ee:
                    69:11:37:a4:14:7d:28:24:32:2d:79:8d:b8:12:0c:
                    21:80:b2:2e:41:e3:77:cd:aa:00:64:5a:c5:bd:b1:
                    87:4a:35:3b:27:ae:ec:7a:35:5e:9b:ce:4d:d6:05:
                    b1:46:4b:75:38:54:54:80:9a:72:6e:5b:d9:d4:c9:
                    e9:81:0f:e9:27:ba:7e:dd:dd:7c:95:9a:55:87:6d:
                    8a:2d:25:91:ba:70:93:be:0b:8d:4b:86:e6:30:d2:
                    35:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:2B:3F:10:CF:DC:DF:45:12:57:26:24:02:F4:FC:C5:F4:F6:74:F1
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/zCs_EM_c30USVyYkAvT8xfT2dPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.21.28.0/22
                IPv6:
                  2a02:26f0:116::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:f9:d7:45:9e:bf:b3:07:1c:fa:b4:5c:6b:98:6d:91:6f:be:
         f7:7b:f5:55:88:07:08:e0:0d:c1:62:8b:a0:75:0d:9f:85:0a:
         b3:e3:3d:9b:41:9b:e8:a8:92:5a:73:66:4e:18:18:8a:7f:fd:
         83:25:f8:c9:98:30:f6:76:8a:91:21:36:da:a6:20:08:b5:52:
         91:52:be:35:17:33:63:33:93:f7:cd:1a:0f:c1:09:14:e3:ee:
         1f:ba:bc:ea:9c:77:04:93:36:8a:30:d0:9d:32:c1:19:c0:21:
         0e:64:d8:74:20:5f:46:8e:49:48:92:4d:82:a0:0c:d6:03:f6:
         49:d9:dd:7e:8e:66:72:ee:09:0d:be:4c:07:2b:19:64:04:ff:
         cd:9a:09:4c:a6:56:a0:c5:c7:44:f2:2d:70:62:4a:32:3f:84:
         24:ea:5e:cb:d2:77:77:83:51:c2:26:f9:e8:fd:13:ed:79:e3:
         cd:57:2c:cc:d5:ad:ee:32:bb:3c:92:05:79:40:e9:a9:e3:62:
         f8:e2:5c:b7:8d:c2:e3:f5:31:59:ae:ff:27:94:c8:5f:e2:a0:
         fd:21:26:22:88:bd:41:a1:33:1f:ac:30:f6:37:c7:a5:18:e2:
         9b:f3:7b:04:03:f0:12:22:5b:cd:d7:a3:55:8e:d0:99:d1:76:
         d3:b6:57:d8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY5/iY+Jy3NcnCR7pKYNYj8QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI3MTA1MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzJiM2YxMGNmZGNkZjQ1MTI1NzI2MjQwMmY0ZmNjNWY0ZjY3NGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxPZejew/2ILtbfPpILPRQGYw3so
f9JX4R3vaeux41CP5ZKW89F1JAKNNunsXEAJlNkVSfOEx0Wbu5p+Bx+FBrrme4un
2RGJhjBkbb9pHjTLny5BAZBSSNdHlqB1hSc9gTLBt5+PsC+XJSVOJ90gnvuuoMd4
dVoMI/d04/pSmscKVw4dUR3ciiFtJWW/BOaY7jIuMWU/iPkal4PEh93o+dr9He5p
ETekFH0oJDIteY24EgwhgLIuQeN3zaoAZFrFvbGHSjU7J67sejVem85N1gWxRkt1
OFRUgJpyblvZ1MnpgQ/pJ7p+3d18lZpVh22KLSWRunCTvguNS4bmMNI1HwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMwrPxDP3N9FElcmJAL0/MX09nTxMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvekNzX0VNX2MzMFVTVnlZa0F2VDh4ZlQyZFBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCAhUcMA8E
AgACMAkDBwAqAibwARYwDQYJKoZIhvcNAQELBQADggEBAHD510Wev7MHHPq0XGuY
bZFvvvd79VWIBwjgDcFii6B1DZ+FCrPjPZtBm+ioklpzZk4YGIp//YMl+MmYMPZ2
ipEhNtqmIAi1UpFSvjUXM2Mzk/fNGg/BCRTj7h+6vOqcdwSTNoow0J0ywRnAIQ5k
2HQgX0aOSUiSTYKgDNYD9knZ3X6OZnLuCQ2+TAcrGWQE/82aCUymVqDFx0TyLXBi
SjI/hCTqXsvSd3eDUcIm+ej9E+15481XLMzVre4yuzySBXlA6anjYvjiXLeNwuP1
MVmu/yeUyF/ioP0hJiKIvUGhMx+sMPY3x6UY4pvzewQD8BIiW83Xo1WO0JnRdtO2
V9g=
-----END CERTIFICATE-----