Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/3ae379-79e1-46ab-b04d-0f0fa6b6e4bd/1/Z17s_aIhPEoNvmRt4Mw1Vg3dFzU.roa
File:                     Z17s_aIhPEoNvmRt4Mw1Vg3dFzU.roa (raw, json)
Hash identifier:          rDqMMk8+SpWpwTSWarb8VSAa/dFLLhGLckf6mHTK2L4=
Subject key identifier:   67:5E:EC:FD:A2:21:3C:4A:0D:BE:64:6D:E0:CC:35:56:0D:DD:17:35
Certificate issuer:       /CN=f1c49833f439b9e0677d8d3bf1f52dfbfb2c624f
Certificate serial:       018CC6B790732BC48A6B917C12F8B0CCB424
Authority key identifier: F1:C4:98:33:F4:39:B9:E0:67:7D:8D:3B:F1:F5:2D:FB:FB:2C:62:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8cSYM_Q5ueBnfY078fUt-_ssYk8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/3ae379-79e1-46ab-b04d-0f0fa6b6e4bd/1/Z17s_aIhPEoNvmRt4Mw1Vg3dFzU.roa
Signing time:             Mon 01 Jan 2024 20:29:28 +0000
ROA not before:           Mon 01 Jan 2024 20:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        194.11.212.0/24 maxlen: 24
                          194.11.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/3ae379-79e1-46ab-b04d-0f0fa6b6e4bd/1/8cSYM_Q5ueBnfY078fUt-_ssYk8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/3ae379-79e1-46ab-b04d-0f0fa6b6e4bd/1/8cSYM_Q5ueBnfY078fUt-_ssYk8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8cSYM_Q5ueBnfY078fUt-_ssYk8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:90:73:2b:c4:8a:6b:91:7c:12:f8:b0:cc:b4:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1c49833f439b9e0677d8d3bf1f52dfbfb2c624f
        Validity
            Not Before: Jan  1 20:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=675eecfda2213c4a0dbe646de0cc35560ddd1735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:54:58:6a:9c:e9:c0:e6:8c:40:fb:3e:93:26:
                    98:d6:12:c2:7d:d6:a7:1e:19:62:a5:40:bf:fd:f4:
                    c4:09:63:60:4d:76:ec:fd:fd:88:ab:ef:54:b5:36:
                    83:00:af:72:72:83:be:2b:b6:e3:05:13:88:a4:e1:
                    24:2c:ea:94:6b:53:bb:35:ee:e7:d5:03:92:3a:9e:
                    27:2e:9b:75:15:6d:a7:65:0f:eb:1a:11:e8:b5:db:
                    94:8d:8f:ea:be:aa:fd:06:d7:96:2f:58:30:37:89:
                    ef:9f:ae:22:9c:4a:ba:2c:a5:95:5e:19:f8:f6:d4:
                    1e:ec:c6:7f:5d:b5:6c:a7:4c:d1:6c:3b:8f:3e:1b:
                    3d:da:bb:55:9c:45:12:4d:21:65:84:2f:21:72:96:
                    82:f5:cc:2e:fa:51:f7:50:ea:8a:ee:75:ac:61:a6:
                    6b:42:14:57:53:0e:51:0e:f3:7e:4c:53:d1:51:25:
                    ca:0c:45:27:d1:38:1b:8e:e9:43:73:2d:9c:c3:83:
                    04:ab:9f:cf:98:ac:ee:fb:ee:09:a1:a9:f0:33:59:
                    6a:f0:98:cf:cf:97:c9:3e:cb:cb:c5:78:24:4e:92:
                    a2:ac:71:d6:65:f7:77:81:1e:f1:6f:f9:1a:28:ae:
                    ae:9d:70:15:98:66:17:28:90:9a:99:27:95:0c:92:
                    a1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:5E:EC:FD:A2:21:3C:4A:0D:BE:64:6D:E0:CC:35:56:0D:DD:17:35
            X509v3 Authority Key Identifier:
                keyid:F1:C4:98:33:F4:39:B9:E0:67:7D:8D:3B:F1:F5:2D:FB:FB:2C:62:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8cSYM_Q5ueBnfY078fUt-_ssYk8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/3ae379-79e1-46ab-b04d-0f0fa6b6e4bd/1/Z17s_aIhPEoNvmRt4Mw1Vg3dFzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/3ae379-79e1-46ab-b04d-0f0fa6b6e4bd/1/8cSYM_Q5ueBnfY078fUt-_ssYk8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.207.0/24
                  194.11.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:f3:23:0b:c1:3c:e5:b6:51:c0:ad:b8:7a:2c:40:25:e7:73:
         75:0e:f1:93:7a:55:d6:e7:00:13:c7:00:40:1a:4e:bf:ed:5c:
         21:42:fc:ae:69:9d:cd:44:7f:1c:55:ca:0c:42:f6:a9:02:04:
         2a:ed:92:11:f6:f4:9f:33:f3:c4:88:ff:f1:0b:e9:ce:fb:7b:
         17:f0:ef:b6:ef:c1:2e:81:51:cf:9e:69:97:14:17:9d:43:ce:
         08:7b:f8:ed:f2:c3:ea:92:e3:c6:48:3f:56:d0:ff:05:76:34:
         ad:70:32:54:65:4d:ba:11:ae:40:56:1d:71:c7:2e:93:6d:f4:
         af:2b:91:f6:1c:10:2f:95:2a:0f:52:4b:a4:df:be:84:4d:7c:
         10:31:6c:07:91:af:a2:50:be:db:0b:74:0c:84:ee:b7:a5:a4:
         ca:2b:93:22:98:f8:bd:ae:07:d3:0c:a7:07:0f:32:91:e9:9b:
         8a:47:a4:f2:ec:21:8b:43:2f:b8:04:27:4e:73:f3:9e:86:57:
         b0:36:3a:56:8a:8b:a9:29:a8:ad:39:60:8d:ea:ac:71:d8:6f:
         3c:0a:cc:64:0a:de:a3:a6:57:0f:64:78:05:2e:3b:e9:cf:bc:
         73:01:d0:bb:0e:ce:81:a5:4b:df:9e:11:96:8e:c3:ad:26:e2:
         69:0b:0c:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt5BzK8SKa5F8EviwzLQkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxYzQ5ODMzZjQzOWI5ZTA2NzdkOGQzYmYxZjUyZGZiZmIy
YzYyNGYwHhcNMjQwMTAxMjAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzVlZWNmZGEyMjEzYzRhMGRiZTY0NmRlMGNjMzU1NjBkZGQxNzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVRYapzpwOaMQPs+kyaY1hLCfdan
HhlipUC//fTECWNgTXbs/f2Iq+9UtTaDAK9ycoO+K7bjBROIpOEkLOqUa1O7Ne7n
1QOSOp4nLpt1FW2nZQ/rGhHotduUjY/qvqr9BteWL1gwN4nvn64inEq6LKWVXhn4
9tQe7MZ/XbVsp0zRbDuPPhs92rtVnEUSTSFlhC8hcpaC9cwu+lH3UOqK7nWsYaZr
QhRXUw5RDvN+TFPRUSXKDEUn0TgbjulDcy2cw4MEq5/PmKzu++4JoanwM1lq8JjP
z5fJPsvLxXgkTpKirHHWZfd3gR7xb/kaKK6unXAVmGYXKJCamSeVDJKhmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGde7P2iITxKDb5kbeDMNVYN3Rc1MB8GA1UdIwQY
MBaAFPHEmDP0ObngZ32NO/H1Lfv7LGJPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGNTWU1fUTV1ZUJuZlkwNzhmVXQtX3NzWWs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8zYWUzNzktNzllMS00NmFiLWIwNGQt
MGYwZmE2YjZlNGJkLzEvWjE3c19hSWhQRW9Odm1SdDRNdzFWZzNkRnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8zYWUzNzktNzllMS00NmFiLWIwNGQtMGYwZmE2YjZlNGJk
LzEvOGNTWU1fUTV1ZUJuZlkwNzhmVXQtX3NzWWs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwgvPAwQA
wgvUMA0GCSqGSIb3DQEBCwUAA4IBAQA+8yMLwTzltlHArbh6LEAl53N1DvGTelXW
5wATxwBAGk6/7VwhQvyuaZ3NRH8cVcoMQvapAgQq7ZIR9vSfM/PEiP/xC+nO+3sX
8O+278EugVHPnmmXFBedQ84Ie/jt8sPqkuPGSD9W0P8FdjStcDJUZU26Ea5AVh1x
xy6TbfSvK5H2HBAvlSoPUkuk376ETXwQMWwHka+iUL7bC3QMhO63paTKK5MimPi9
rgfTDKcHDzKR6ZuKR6Ty7CGLQy+4BCdOc/OehlewNjpWioupKaitOWCN6qxx2G88
CsxkCt6jplcPZHgFLjvpz7xzAdC7Ds6BpUvfnhGWjsOtJuJpCwzS
-----END CERTIFICATE-----