Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/zd4oqZevcPI8RGzQuGHNrPLplmQ.roa
File:                     zd4oqZevcPI8RGzQuGHNrPLplmQ.roa (raw, json)
Hash identifier:          PhzaY2rpouGuwAydj2VvJjEzg8U6QoNbRR9fK1kvn90=
Subject key identifier:   CD:DE:28:A9:97:AF:70:F2:3C:44:6C:D0:B8:61:CD:AC:F2:E9:96:64
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       018CC26D2CA7B713E0A902F0D465078E0646
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/zd4oqZevcPI8RGzQuGHNrPLplmQ.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47377
IP address blocks:        91.242.245.0/24 maxlen: 24
                          176.126.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2c:a7:b7:13:e0:a9:02:f0:d4:65:07:8e:06:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdde28a997af70f23c446cd0b861cdacf2e99664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:82:79:93:9d:db:e0:73:74:b4:39:fc:3e:09:
                    38:53:82:b7:a2:b4:10:32:68:6e:85:78:37:e4:cd:
                    d4:90:09:e2:cb:ea:8f:22:c7:88:2c:2a:ec:1b:0b:
                    db:cb:9e:b3:2e:81:39:db:8f:c2:9c:09:26:3e:2a:
                    dc:0a:8a:f7:c1:0e:59:6b:89:ff:9e:17:93:1d:48:
                    68:ec:21:e2:e8:b5:53:34:14:c5:8d:60:62:a0:f1:
                    74:22:23:5f:7c:0c:86:38:7a:1a:44:9f:d4:2e:c1:
                    99:1c:10:ae:0d:62:a8:f0:b1:4b:ff:ed:e5:72:d9:
                    5c:1e:0f:14:14:02:4d:2d:d4:eb:88:96:7b:6f:45:
                    ce:3d:d0:d6:16:36:03:86:de:d6:13:cf:9b:90:fb:
                    95:f2:58:e0:8f:a9:aa:47:25:99:96:3c:1c:87:a7:
                    1b:2f:84:61:e0:ef:ea:57:fa:7a:cb:65:2b:d6:2f:
                    9e:cb:e5:09:ac:c6:9b:ac:4a:94:ee:5a:13:a9:03:
                    b8:5c:9e:f6:b6:87:8c:82:f5:cc:d0:39:d5:82:4a:
                    40:63:f0:58:83:cd:90:26:68:f5:c3:4b:34:2e:b3:
                    dd:da:7c:fe:e7:63:0a:4d:98:4e:b7:d8:24:45:53:
                    18:56:9e:87:dd:1a:b5:f1:fb:3e:69:12:1b:e2:e8:
                    5d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:DE:28:A9:97:AF:70:F2:3C:44:6C:D0:B8:61:CD:AC:F2:E9:96:64
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/zd4oqZevcPI8RGzQuGHNrPLplmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.245.0/24
                  176.126.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:0c:ba:5d:6f:15:b3:04:c7:84:43:43:88:59:e9:d0:b1:80:
         f9:38:23:20:1d:79:2f:bc:98:22:41:a8:a6:06:92:12:37:0a:
         07:05:ce:bf:97:e3:b7:70:e9:bb:1d:ab:88:0e:f5:e8:eb:1a:
         61:80:ec:83:83:98:00:8b:a4:77:8b:02:33:24:80:e3:ac:b0:
         45:29:38:29:71:21:d9:12:d3:08:94:2b:cb:29:3d:f2:c9:78:
         bb:22:ff:7d:60:b4:4e:9b:12:c1:db:9d:2d:b3:2b:4a:cd:25:
         8f:fe:81:c8:e2:02:bf:28:33:71:f7:c0:3d:37:25:b4:fb:7f:
         68:2b:fb:42:78:5e:dd:c7:f9:6a:bb:0e:7d:f8:a6:9f:99:ac:
         41:a6:3b:b9:d7:b7:e4:00:ec:57:77:1d:55:20:90:23:c9:59:
         6b:2c:1a:46:5f:33:87:2c:00:30:74:cf:63:4a:34:8e:51:72:
         6d:1e:68:a6:36:27:ff:d5:1a:09:ff:f0:81:e1:b1:4d:f8:4c:
         b5:c9:91:e1:ae:14:4b:65:e6:ff:12:c5:a0:19:a4:15:93:64:
         13:6c:97:6f:06:cc:a2:04:bb:7c:ff:2c:84:88:20:e0:ec:4a:
         3f:07:96:f2:a9:2f:a1:38:cc:78:4f:2c:0c:48:8a:c4:85:d2:
         e2:ad:29:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbSyntxPgqQLw1GUHjgZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGRlMjhhOTk3YWY3MGYyM2M0NDZjZDBiODYxY2RhY2YyZTk5NjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4J5k53b4HN0tDn8Pgk4U4K3orQQ
MmhuhXg35M3UkAniy+qPIseILCrsGwvby56zLoE524/CnAkmPircCor3wQ5Za4n/
nheTHUho7CHi6LVTNBTFjWBioPF0IiNffAyGOHoaRJ/ULsGZHBCuDWKo8LFL/+3l
ctlcHg8UFAJNLdTriJZ7b0XOPdDWFjYDht7WE8+bkPuV8ljgj6mqRyWZljwch6cb
L4Rh4O/qV/p6y2Ur1i+ey+UJrMabrEqU7loTqQO4XJ72toeMgvXM0DnVgkpAY/BY
g82QJmj1w0s0LrPd2nz+52MKTZhOt9gkRVMYVp6H3Rq18fs+aRIb4uhd5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM3eKKmXr3DyPERs0Lhhzazy6ZZkMB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvemQ0b3FaZXZjUEk4Ukd6UXVHSE5yUExwbG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/L1AwQA
sH5kMA0GCSqGSIb3DQEBCwUAA4IBAQBkDLpdbxWzBMeEQ0OIWenQsYD5OCMgHXkv
vJgiQaimBpISNwoHBc6/l+O3cOm7HauIDvXo6xphgOyDg5gAi6R3iwIzJIDjrLBF
KTgpcSHZEtMIlCvLKT3yyXi7Iv99YLROmxLB250tsytKzSWP/oHI4gK/KDNx98A9
NyW0+39oK/tCeF7dx/lquw59+KafmaxBpju517fkAOxXdx1VIJAjyVlrLBpGXzOH
LAAwdM9jSjSOUXJtHmimNif/1RoJ//CB4bFN+Ey1yZHhrhRLZeb/EsWgGaQVk2QT
bJdvBsyiBLt8/yyEiCDg7Eo/B5byqS+hOMx4TywMSIrEhdLirSmo
-----END CERTIFICATE-----