Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/ZbE_ouSxhARCro-5cPFYIF61h-0.roa
File:                     ZbE_ouSxhARCro-5cPFYIF61h-0.roa (raw, json)
Hash identifier:          67kHqs8lVq+cOtyt3VAlKd8PVh34Eva1hX2lK1P+gzw=
Subject key identifier:   65:B1:3F:A2:E4:B1:84:04:42:AE:8F:B9:70:F1:58:20:5E:B5:87:ED
Certificate issuer:       /CN=06c92df2c9faa2915fc5feb5a4270183419faef2
Certificate serial:       018CCA2BA8D0CA4C7DCC30FE5DED7A1609C3
Authority key identifier: 06:C9:2D:F2:C9:FA:A2:91:5F:C5:FE:B5:A4:27:01:83:41:9F:AE:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/ZbE_ouSxhARCro-5cPFYIF61h-0.roa
Signing time:             Tue 02 Jan 2024 12:35:08 +0000
ROA not before:           Tue 02 Jan 2024 12:35:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207241
IP address blocks:        193.200.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a8:d0:ca:4c:7d:cc:30:fe:5d:ed:7a:16:09:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06c92df2c9faa2915fc5feb5a4270183419faef2
        Validity
            Not Before: Jan  2 12:35:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65b13fa2e4b1840442ae8fb970f158205eb587ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a8:3b:a1:8f:6e:9f:53:cf:9e:23:f1:88:23:
                    07:4e:b1:70:9e:50:7e:49:4b:a7:09:30:08:0f:18:
                    c7:01:35:f1:39:a3:4c:e7:7b:c6:f7:a1:f1:71:48:
                    0b:e7:ab:a0:fa:61:89:46:3b:bd:6e:83:05:6c:11:
                    54:ba:7b:a0:56:65:26:07:c3:3d:6c:01:2e:dd:29:
                    14:d3:b1:7f:98:78:b2:72:2e:11:d2:41:2d:4b:ac:
                    48:34:02:1c:69:8d:22:b1:6e:9b:02:4e:19:fe:2d:
                    77:e8:6a:e0:77:d2:d0:93:da:2e:21:0e:b3:dd:66:
                    84:1c:a4:c5:f2:0c:e5:bc:72:f2:25:b6:e9:77:55:
                    f5:67:d4:3b:27:fc:54:97:fe:22:e6:06:df:a2:64:
                    11:bf:29:ca:7c:df:69:3f:3b:e1:85:93:61:b4:d8:
                    d1:12:39:7e:fc:84:6a:9b:fc:fc:63:00:ae:95:53:
                    66:4a:07:79:63:c6:3b:1d:6d:05:db:82:81:32:e8:
                    7b:c3:15:3f:0f:1f:03:1a:88:b8:2d:60:56:a5:14:
                    06:27:9a:02:30:84:14:1b:ee:ee:1a:e3:d7:b3:01:
                    36:36:7b:36:67:d3:71:ea:26:b9:c2:43:fe:ab:b5:
                    13:a1:00:7a:7b:16:7b:bc:69:6d:c2:06:3f:64:77:
                    57:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:B1:3F:A2:E4:B1:84:04:42:AE:8F:B9:70:F1:58:20:5E:B5:87:ED
            X509v3 Authority Key Identifier:
                keyid:06:C9:2D:F2:C9:FA:A2:91:5F:C5:FE:B5:A4:27:01:83:41:9F:AE:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/ZbE_ouSxhARCro-5cPFYIF61h-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:f9:5d:48:e9:e5:36:37:34:43:bf:6d:aa:5c:ae:06:6e:a7:
         95:2f:b6:b7:0d:cb:08:05:79:88:3e:94:4d:2b:94:65:1f:48:
         01:9f:b9:f6:b6:97:37:72:5b:31:b4:88:27:4c:d6:45:a6:08:
         5d:fe:f6:9f:c4:f9:65:b2:af:3d:d6:df:f9:07:63:32:3f:63:
         ba:24:a5:a6:f8:07:55:45:b5:63:6b:4f:9f:3e:e7:bf:85:8e:
         eb:a5:94:2c:c0:ea:c9:26:76:31:ec:7d:ec:3a:4b:65:12:b0:
         21:8c:ff:b1:e0:8e:c2:5a:56:d7:33:32:19:1d:77:7a:47:39:
         f8:65:18:a9:df:14:ce:93:ba:35:36:d2:2d:a8:a3:0d:42:00:
         af:d4:16:9a:fc:d7:b8:3f:f5:47:b0:ff:ec:4b:23:52:e4:68:
         52:b4:f6:5b:6d:5c:d0:4f:69:36:a4:1a:03:0b:57:06:c8:66:
         0b:f9:b6:65:14:65:46:c1:d4:fc:cc:17:73:93:f6:ed:54:75:
         c7:9a:90:d4:6b:cd:6d:2d:25:f7:4d:26:15:bf:0f:b0:2e:25:
         4c:78:52:90:33:4b:e2:8b:50:c2:a4:79:d6:68:6d:0b:ca:bc:
         12:de:18:bf:15:b9:5d:08:97:76:87:42:27:1d:64:83:76:e0:
         d0:f6:40:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK6jQykx9zDD+Xe16FgnDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YzkyZGYyYzlmYWEyOTE1ZmM1ZmViNWE0MjcwMTgzNDE5
ZmFlZjIwHhcNMjQwMTAyMTIzNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWIxM2ZhMmU0YjE4NDA0NDJhZThmYjk3MGYxNTgyMDVlYjU4N2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6g7oY9un1PPniPxiCMHTrFwnlB+
SUunCTAIDxjHATXxOaNM53vG96HxcUgL56ug+mGJRju9boMFbBFUunugVmUmB8M9
bAEu3SkU07F/mHiyci4R0kEtS6xINAIcaY0isW6bAk4Z/i136Grgd9LQk9ouIQ6z
3WaEHKTF8gzlvHLyJbbpd1X1Z9Q7J/xUl/4i5gbfomQRvynKfN9pPzvhhZNhtNjR
Ejl+/IRqm/z8YwCulVNmSgd5Y8Y7HW0F24KBMuh7wxU/Dx8DGoi4LWBWpRQGJ5oC
MIQUG+7uGuPXswE2Nns2Z9Nx6ia5wkP+q7UToQB6exZ7vGltwgY/ZHdXEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGWxP6LksYQEQq6PuXDxWCBetYftMB8GA1UdIwQY
MBaAFAbJLfLJ+qKRX8X+taQnAYNBn67yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNrdDhzbjZvcEZmeGY2MXBDY0JnMEdmcnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9hYWU5YTEtZDA1ZC00N2NhLTkxZGUt
ZDZkNTVjMTY5ZTE2LzEvWmJFX291U3hoQVJDcm8tNWNQRllJRjYxaC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9hYWU5YTEtZDA1ZC00N2NhLTkxZGUtZDZkNTVjMTY5ZTE2
LzEvQnNrdDhzbjZvcEZmeGY2MXBDY0JnMEdmcnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwci1MA0G
CSqGSIb3DQEBCwUAA4IBAQBl+V1I6eU2NzRDv22qXK4GbqeVL7a3DcsIBXmIPpRN
K5RlH0gBn7n2tpc3clsxtIgnTNZFpghd/vafxPllsq891t/5B2MyP2O6JKWm+AdV
RbVja0+fPue/hY7rpZQswOrJJnYx7H3sOktlErAhjP+x4I7CWlbXMzIZHXd6Rzn4
ZRip3xTOk7o1NtItqKMNQgCv1Baa/Ne4P/VHsP/sSyNS5GhStPZbbVzQT2k2pBoD
C1cGyGYL+bZlFGVGwdT8zBdzk/btVHXHmpDUa81tLSX3TSYVvw+wLiVMeFKQM0vi
i1DCpHnWaG0LyrwS3hi/FbldCJd2h0InHWSDduDQ9kB1
-----END CERTIFICATE-----