Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/zmbCsknJH083v6TVx-XCpSuiAcQ.roa
File:                     zmbCsknJH083v6TVx-XCpSuiAcQ.roa (raw, json)
Hash identifier:          0Y4kTb80Lx01GeN5FqaZUfEbjR4Cfrg/Bqv4XWrtaSk=
Subject key identifier:   CE:66:C2:B2:49:C9:1F:4F:37:BF:A4:D5:C7:E5:C2:A5:2B:A2:01:C4
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       018CC86FC4088E781CA0635E61A245C1CF26
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/zmbCsknJH083v6TVx-XCpSuiAcQ.roa
Signing time:             Tue 02 Jan 2024 04:30:17 +0000
ROA not before:           Tue 02 Jan 2024 04:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209372
IP address blocks:        45.130.214.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 19:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:c4:08:8e:78:1c:a0:63:5e:61:a2:45:c1:cf:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  2 04:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce66c2b249c91f4f37bfa4d5c7e5c2a52ba201c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a6:11:7c:28:d3:17:0f:55:60:a0:5b:64:35:
                    3f:c2:0c:00:19:b0:bc:76:3b:e2:44:58:f0:02:c5:
                    ed:53:f3:d8:15:1d:d7:1b:58:f6:18:7f:f4:fc:45:
                    d2:12:1a:9d:f4:47:02:00:98:dc:71:f5:35:1d:af:
                    cc:cd:9c:85:35:82:4e:3e:7b:fd:51:b0:3f:22:63:
                    a9:7a:65:d9:56:1b:6b:a7:df:5d:76:83:03:3d:90:
                    92:02:5a:b9:4b:dc:2a:bd:e9:61:bc:f6:50:7f:96:
                    8f:87:2d:1c:61:32:46:c1:dc:f4:d3:4c:a4:69:b6:
                    b1:db:83:10:51:e4:51:4d:8d:9a:d2:de:c4:84:d2:
                    3f:ea:d5:28:8e:73:c2:4f:29:95:8f:8a:a5:10:7f:
                    c8:b1:a0:51:9f:f8:9c:72:e3:6a:d2:66:79:91:51:
                    7f:cd:3e:49:9f:33:93:3f:dd:75:8f:d7:c2:d5:c4:
                    30:55:dc:43:32:f7:fd:05:16:14:aa:f8:34:2b:a1:
                    ed:f4:da:1c:51:8c:e0:0a:52:5a:42:39:1f:c3:78:
                    b2:18:04:06:82:42:e6:c4:6e:cb:35:4d:7a:c0:ac:
                    49:fc:a5:6e:e2:d9:27:51:29:62:cb:18:97:4f:56:
                    08:c6:a5:98:27:24:f9:06:68:82:dd:fd:37:4a:ab:
                    f4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:66:C2:B2:49:C9:1F:4F:37:BF:A4:D5:C7:E5:C2:A5:2B:A2:01:C4
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/zmbCsknJH083v6TVx-XCpSuiAcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:6e:25:08:2e:e4:29:e0:32:4e:ef:03:aa:a2:2f:7f:f3:7a:
         21:95:71:06:2a:1d:23:dd:e7:79:6b:2e:d9:89:29:54:90:73:
         26:26:be:93:9e:5c:7a:56:52:7c:f4:a2:87:66:12:d7:39:f1:
         e8:c6:5f:97:07:b6:05:03:bc:1b:ac:a9:37:44:6e:11:55:d1:
         bd:63:ba:b0:24:f3:a4:99:c9:8d:08:64:cc:24:f2:f3:8b:e2:
         49:23:00:60:05:40:63:45:88:d9:67:bd:20:b8:4c:5f:ab:d8:
         31:f1:b7:3f:b8:c4:25:91:e9:ba:31:ee:39:ac:33:26:40:4f:
         f7:44:12:e3:99:31:40:7b:9e:05:0c:64:d1:7e:a0:7e:98:61:
         e8:5c:6a:c7:ea:9f:d4:b0:20:af:1d:2d:35:f8:a0:ec:bc:bb:
         48:ed:4b:8c:04:05:2b:b0:3a:a3:6c:7d:65:dd:5b:6a:dd:a5:
         ed:20:b3:78:95:34:88:6d:d5:22:10:96:2a:6e:3c:be:90:9f:
         d4:3a:cd:11:ed:8b:bd:1d:59:20:c2:e6:ff:ee:e6:b0:ca:3b:
         98:93:ff:4a:b5:4a:e1:c1:b7:07:9e:55:27:d7:d5:93:6d:70:
         77:8f:b7:ca:56:40:4a:fb:f9:88:02:a9:8b:5c:9d:c2:e6:31:
         fd:67:57:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb8QIjngcoGNeYaJFwc8mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjQwMTAyMDQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTY2YzJiMjQ5YzkxZjRmMzdiZmE0ZDVjN2U1YzJhNTJiYTIwMWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKYRfCjTFw9VYKBbZDU/wgwAGbC8
djviRFjwAsXtU/PYFR3XG1j2GH/0/EXSEhqd9EcCAJjccfU1Ha/MzZyFNYJOPnv9
UbA/ImOpemXZVhtrp99ddoMDPZCSAlq5S9wqvelhvPZQf5aPhy0cYTJGwdz000yk
abax24MQUeRRTY2a0t7EhNI/6tUojnPCTymVj4qlEH/IsaBRn/iccuNq0mZ5kVF/
zT5JnzOTP911j9fC1cQwVdxDMvf9BRYUqvg0K6Ht9NocUYzgClJaQjkfw3iyGAQG
gkLmxG7LNU16wKxJ/KVu4tknUSliyxiXT1YIxqWYJyT5BmiC3f03Sqv0nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5mwrJJyR9PN7+k1cflwqUrogHEMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvem1iQ3NrbkpIMDgzdjZUVngtWENwU3VpQWNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYLWMA0G
CSqGSIb3DQEBCwUAA4IBAQAmbiUILuQp4DJO7wOqoi9/83ohlXEGKh0j3ed5ay7Z
iSlUkHMmJr6Tnlx6VlJ89KKHZhLXOfHoxl+XB7YFA7wbrKk3RG4RVdG9Y7qwJPOk
mcmNCGTMJPLzi+JJIwBgBUBjRYjZZ70guExfq9gx8bc/uMQlkem6Me45rDMmQE/3
RBLjmTFAe54FDGTRfqB+mGHoXGrH6p/UsCCvHS01+KDsvLtI7UuMBAUrsDqjbH1l
3Vtq3aXtILN4lTSIbdUiEJYqbjy+kJ/UOs0R7Yu9HVkgwub/7uawyjuYk/9KtUrh
wbcHnlUn19WTbXB3j7fKVkBK+/mIAqmLXJ3C5jH9Z1eo
-----END CERTIFICATE-----