Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/1-Z7ZWYPiZ2hj7xLSudygtz2OFzo.roa
File:                     1-Z7ZWYPiZ2hj7xLSudygtz2OFzo.roa (raw, json)
Hash identifier:          BxihL5gGPkQnk7wZS6/aGUbm9Vj+jFXvXQ7jld2w6I4=
Subject key identifier:   F9:9E:D9:59:83:E2:67:68:63:EF:12:D2:B9:DC:A0:B7:3D:8E:17:3A
Certificate issuer:       /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial:       019053EB187335E2805747D239A752EB1F63
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/1-Z7ZWYPiZ2hj7xLSudygtz2OFzo.roa
Signing time:             Wed 26 Jun 2024 09:40:34 +0000
ROA not before:           Wed 26 Jun 2024 09:40:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202571
IP address blocks:        94.184.80.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:53:eb:18:73:35:e2:80:57:47:d2:39:a7:52:eb:1f:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
        Validity
            Not Before: Jun 26 09:40:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f99ed95983e2676863ef12d2b9dca0b73d8e173a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:77:0b:8a:71:73:95:7e:af:c3:33:58:5f:aa:
                    91:71:90:9f:74:09:cd:12:e0:d7:55:f1:13:fe:d1:
                    01:4d:b1:e9:f1:b4:02:ca:ad:c9:41:57:9a:ec:d7:
                    fd:6e:a8:bf:15:86:f4:f5:d3:ab:80:64:9d:de:8e:
                    f8:20:83:6d:26:0f:84:a2:7f:0f:55:73:dc:f0:19:
                    c7:e9:d1:e3:b0:c6:07:8f:f2:59:71:1d:30:86:c8:
                    b6:18:7e:e1:6b:33:b4:3d:c1:36:03:02:58:13:2d:
                    12:65:67:57:ac:f4:04:07:f1:53:5d:3d:43:31:27:
                    fe:5c:47:f0:45:60:19:72:55:c0:f5:27:88:0f:1b:
                    f6:80:6e:5c:6e:15:5a:6b:72:51:48:a3:46:2d:78:
                    81:b8:df:02:8d:4c:6e:79:65:ca:a3:b9:0c:d6:09:
                    ca:76:fe:7e:f8:e6:2c:3d:b4:35:a7:f4:3c:5e:49:
                    87:31:f8:d0:c9:a4:da:d9:a6:93:d1:88:59:1e:5b:
                    33:f5:0e:80:57:d2:e6:65:0e:62:a2:62:d1:c7:48:
                    ed:51:d5:ee:7a:ed:08:b3:df:18:91:b5:b4:18:d6:
                    c7:e5:81:44:9d:47:15:3b:a3:4b:e3:64:0f:68:a7:
                    18:b3:df:99:7a:af:0f:18:87:47:22:71:6f:30:f4:
                    98:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:9E:D9:59:83:E2:67:68:63:EF:12:D2:B9:DC:A0:B7:3D:8E:17:3A
            X509v3 Authority Key Identifier:
                keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/1-Z7ZWYPiZ2hj7xLSudygtz2OFzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.184.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         32:e8:31:b7:fb:85:fb:93:6b:65:b1:ce:13:14:c8:0d:1d:57:
         7c:06:eb:18:b8:96:f9:57:59:ad:e6:84:ef:18:0d:33:4f:66:
         0d:5c:37:a0:09:5a:04:3b:81:04:40:63:62:28:f7:e8:2f:c3:
         ba:83:d6:4c:13:59:4c:6b:72:8c:96:82:8b:f3:8e:83:1e:7f:
         ba:f7:af:82:b4:f9:2e:c6:d0:8e:af:16:85:f5:eb:0e:7c:04:
         e3:2a:b3:18:31:38:1a:aa:72:d7:58:74:5b:cd:b8:83:19:94:
         6c:37:3d:e2:0f:2e:10:5c:59:81:28:ca:c8:e3:60:e4:71:7f:
         c7:69:b8:a9:ce:d6:4c:5e:e6:a2:a1:3f:2f:6b:3e:d6:83:19:
         4b:1b:e9:c4:18:a5:4b:2d:4b:d1:43:a7:06:32:cc:bc:ab:be:
         ad:fa:88:41:5b:67:3d:29:70:55:b0:37:3a:c3:d3:01:6b:d3:
         26:08:7d:91:27:13:ba:5b:8b:1a:19:ce:e1:a9:dc:5c:80:94:
         2c:a3:3e:73:05:f5:53:e3:b2:d6:57:ed:9b:6b:01:e7:2b:70:
         b9:39:ea:1a:0b:6d:93:55:9f:67:b9:5d:91:c0:0a:75:20:23:
         7d:cd:53:71:68:19:da:5b:d1:b7:d8:3d:46:16:6d:8d:c7:e2:
         6c:38:67:a9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBT6xhzNeKAV0fSOadS6x9jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjQwNjI2MDk0MDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTllZDk1OTgzZTI2NzY4NjNlZjEyZDJiOWRjYTBiNzNkOGUxNzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ncLinFzlX6vwzNYX6qRcZCfdAnN
EuDXVfET/tEBTbHp8bQCyq3JQVea7Nf9bqi/FYb09dOrgGSd3o74IINtJg+Eon8P
VXPc8BnH6dHjsMYHj/JZcR0whsi2GH7hazO0PcE2AwJYEy0SZWdXrPQEB/FTXT1D
MSf+XEfwRWAZclXA9SeIDxv2gG5cbhVaa3JRSKNGLXiBuN8CjUxueWXKo7kM1gnK
dv5++OYsPbQ1p/Q8XkmHMfjQyaTa2aaT0YhZHlsz9Q6AV9LmZQ5iomLRx0jtUdXu
eu0Is98YkbW0GNbH5YFEnUcVO6NL42QPaKcYs9+Zeq8PGIdHInFvMPSYoQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPme2VmD4mdoY+8S0rncoLc9jhc6MB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvMS1aN1pXWVBpWjJoajd4TFN1ZHlndHoyT0Z6by5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODQvNGYxYjI3LTMyNmEtNDY3OS1hNjRiLWRhNjE1Mzg4NWYz
Yi8xL1dEMTJCUkFYMEstcEZmejdlUW9BOUdaN0NvZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA164UDAN
BgkqhkiG9w0BAQsFAAOCAQEAMugxt/uF+5NrZbHOExTIDR1XfAbrGLiW+VdZreaE
7xgNM09mDVw3oAlaBDuBBEBjYij36C/DuoPWTBNZTGtyjJaCi/OOgx5/uvevgrT5
LsbQjq8WhfXrDnwE4yqzGDE4Gqpy11h0W824gxmUbDc94g8uEFxZgSjKyONg5HF/
x2m4qc7WTF7moqE/L2s+1oMZSxvpxBilSy1L0UOnBjLMvKu+rfqIQVtnPSlwVbA3
OsPTAWvTJgh9kScTuluLGhnO4ancXICULKM+cwX1U+Oy1lftm2sB5ytwuTnqGgtt
k1WfZ7ldkcAKdSAjfc1TcWgZ2lvRt9g9RhZtjcfibDhnqQ==
-----END CERTIFICATE-----