Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/ZswLuE8xTpFjijEr7xnHMRmSDMI.roa
File:                     ZswLuE8xTpFjijEr7xnHMRmSDMI.roa (raw, json)
Hash identifier:          xUP+inzdG1b7ZVqSQchmBhn+msiwJGSTVm7CuEHdxRA=
Subject key identifier:   66:CC:0B:B8:4F:31:4E:91:63:8A:31:2B:EF:19:C7:31:19:92:0C:C2
Certificate issuer:       /CN=38203463eb944b25c65135ca47bdbdab646f3984
Certificate serial:       018CC2DB07F9DA926CD409FD52E4AF4DE4BA
Authority key identifier: 38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/ZswLuE8xTpFjijEr7xnHMRmSDMI.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210266
IP address blocks:        2a00:8860:700::/40 maxlen: 64
                          2a00:8861:700::/40 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:07:f9:da:92:6c:d4:09:fd:52:e4:af:4d:e4:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38203463eb944b25c65135ca47bdbdab646f3984
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66cc0bb84f314e91638a312bef19c73119920cc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:50:ec:8d:2c:22:2a:92:6f:b1:85:f8:90:6a:
                    00:85:34:00:7f:30:67:3d:6a:4c:15:0b:d1:2e:47:
                    04:a8:98:fb:bb:f8:cc:27:02:dd:23:2c:d9:0e:1d:
                    7a:aa:9d:0e:e5:d4:82:57:ff:c1:b0:d7:22:d6:6f:
                    95:63:40:a9:5b:78:af:ca:9a:3d:41:fb:59:33:1b:
                    0d:b3:0b:ab:65:3a:53:ee:93:7d:86:23:41:c3:b7:
                    92:e1:e0:26:e9:7e:8e:df:53:51:c3:8b:51:01:9c:
                    13:32:f9:b3:90:27:de:fd:78:7f:7b:3e:39:28:65:
                    71:21:64:6b:f9:22:75:19:93:30:57:2e:d3:b1:79:
                    7a:94:89:32:d8:91:d8:f2:b0:ba:c1:63:31:9b:e5:
                    53:73:18:5c:66:06:5b:be:23:af:fe:74:7b:46:a2:
                    f9:89:b2:12:75:01:75:b0:97:08:32:f7:34:03:4b:
                    fb:88:8b:1d:8d:1c:59:4d:dd:40:9e:a5:61:21:79:
                    7f:a1:9c:f9:22:a5:b6:18:b0:ef:56:06:8a:9f:79:
                    35:8b:66:b6:05:d4:25:59:6a:12:08:bf:94:ef:1b:
                    cf:36:39:6f:af:dd:e9:b0:7e:f1:2b:c5:ac:ad:55:
                    55:5f:82:0f:21:71:5e:46:da:d6:a2:f6:d5:68:8e:
                    f0:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:CC:0B:B8:4F:31:4E:91:63:8A:31:2B:EF:19:C7:31:19:92:0C:C2
            X509v3 Authority Key Identifier:
                keyid:38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/ZswLuE8xTpFjijEr7xnHMRmSDMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:8860:700::/40
                  2a00:8861:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         18:45:26:38:f0:4c:3d:04:14:9e:d5:4b:d9:48:23:24:39:48:
         97:6a:75:d3:ee:3e:41:53:b2:6f:5a:5c:3f:b0:dc:06:9d:e1:
         19:3b:c8:64:32:0b:7d:2e:0e:9f:79:05:8d:6e:2c:6c:48:d8:
         81:a6:95:93:01:c7:7a:f2:5b:7d:ee:2c:76:51:cf:b7:31:3f:
         8e:65:48:e9:f7:0d:a4:74:b7:e7:4f:1f:66:09:a0:e0:fd:ff:
         d7:78:d4:91:52:de:85:9c:92:17:9e:7a:60:25:1c:07:85:c2:
         ff:e5:54:b5:b6:26:01:b7:89:9e:eb:56:b2:a1:6a:e2:59:36:
         5b:fc:97:52:eb:ce:55:5b:ed:3c:6f:c5:04:da:0e:78:57:09:
         88:40:7b:0b:97:59:87:d4:14:95:4d:1c:2e:7a:4e:19:f5:0e:
         61:a4:f6:06:cb:b3:17:f4:a4:eb:6a:d0:32:b7:f0:2c:1a:ce:
         f9:4f:05:dc:1c:7f:ef:1d:b0:d1:29:5d:d8:b9:6d:68:7f:31:
         dd:35:3b:83:6f:d0:5a:25:71:1a:d7:6e:26:77:b1:e4:03:3d:
         20:c9:c4:1e:60:ee:ca:cb:31:43:85:3b:18:1d:82:0d:0b:00:
         44:77:95:65:b6:92:ca:dc:e9:09:73:88:62:07:d3:f1:ef:5f:
         1e:91:03:32
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzC2wf52pJs1An9UuSvTeS6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjAzNDYzZWI5NDRiMjVjNjUxMzVjYTQ3YmRiZGFiNjQ2
ZjM5ODQwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmNjMGJiODRmMzE0ZTkxNjM4YTMxMmJlZjE5YzczMTE5OTIwY2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFDsjSwiKpJvsYX4kGoAhTQAfzBn
PWpMFQvRLkcEqJj7u/jMJwLdIyzZDh16qp0O5dSCV//BsNci1m+VY0CpW3ivypo9
QftZMxsNswurZTpT7pN9hiNBw7eS4eAm6X6O31NRw4tRAZwTMvmzkCfe/Xh/ez45
KGVxIWRr+SJ1GZMwVy7TsXl6lIky2JHY8rC6wWMxm+VTcxhcZgZbviOv/nR7RqL5
ibISdQF1sJcIMvc0A0v7iIsdjRxZTd1AnqVhIXl/oZz5IqW2GLDvVgaKn3k1i2a2
BdQlWWoSCL+U7xvPNjlvr93psH7xK8WsrVVVX4IPIXFeRtrWovbVaI7wmwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFGbMC7hPMU6RY4oxK+8ZxzEZkgzCMB8GA1UdIwQY
MBaAFDggNGPrlEslxlE1yke9vatkbzmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1Nzgt
NTg5MzUxNzliOTg1LzEvWnN3THVFOHhUcEZqaWpFcjd4bkhNUm1TRE1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1NzgtNTg5MzUxNzliOTg1
LzEvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKgCIYAcD
BgAqAIhhBzANBgkqhkiG9w0BAQsFAAOCAQEAGEUmOPBMPQQUntVL2UgjJDlIl2p1
0+4+QVOyb1pcP7DcBp3hGTvIZDILfS4On3kFjW4sbEjYgaaVkwHHevJbfe4sdlHP
tzE/jmVI6fcNpHS3508fZgmg4P3/13jUkVLehZySF556YCUcB4XC/+VUtbYmAbeJ
nutWsqFq4lk2W/yXUuvOVVvtPG/FBNoOeFcJiEB7C5dZh9QUlU0cLnpOGfUOYaT2
BsuzF/Sk62rQMrfwLBrO+U8F3Bx/7x2w0Sld2LltaH8x3TU7g2/QWiVxGtduJnex
5AM9IMnEHmDuyssxQ4U7GB2CDQsARHeVZbaSytzpCXOIYgfT8e9fHpEDMg==
-----END CERTIFICATE-----