Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/ZR1dHbcDEQu0Jnv2cSZmQYTuDDk.roa
File:                     ZR1dHbcDEQu0Jnv2cSZmQYTuDDk.roa (raw, json)
Hash identifier:          IgGeLumMzQ4TZQtMVp12obO9MB8hL2ty8Mjv0Gep5AE=
Subject key identifier:   65:1D:5D:1D:B7:03:11:0B:B4:26:7B:F6:71:26:66:41:84:EE:0C:39
Certificate issuer:       /CN=3c177b528043a85953fc250f991d9d8020e2810d
Certificate serial:       018CC492E016B75D4402E203DA465D72594D
Authority key identifier: 3C:17:7B:52:80:43:A8:59:53:FC:25:0F:99:1D:9D:80:20:E2:81:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PBd7UoBDqFlT_CUPmR2dgCDigQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/ZR1dHbcDEQu0Jnv2cSZmQYTuDDk.roa
Signing time:             Mon 01 Jan 2024 10:30:09 +0000
ROA not before:           Mon 01 Jan 2024 10:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202572
IP address blocks:        2a0a:2303::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/PBd7UoBDqFlT_CUPmR2dgCDigQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/PBd7UoBDqFlT_CUPmR2dgCDigQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PBd7UoBDqFlT_CUPmR2dgCDigQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 07:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e0:16:b7:5d:44:02:e2:03:da:46:5d:72:59:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c177b528043a85953fc250f991d9d8020e2810d
        Validity
            Not Before: Jan  1 10:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=651d5d1db703110bb4267bf67126664184ee0c39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:20:9c:34:88:de:2c:c4:b7:af:a9:7f:04:83:
                    5e:61:35:e0:61:09:1b:99:20:03:e3:c6:cf:ff:3e:
                    40:04:1a:e4:6c:a9:33:d8:27:56:86:f6:8e:86:b6:
                    dc:4d:1f:00:82:f7:1c:70:ba:4e:c9:9e:ac:c6:d0:
                    04:ac:d6:b2:84:6b:6a:34:53:60:02:9e:c6:77:9c:
                    f7:4e:66:85:5f:65:7c:bc:9d:97:4f:10:24:79:ef:
                    46:9f:30:e0:6d:70:a6:3b:c3:68:38:92:08:c4:a2:
                    c3:98:d7:fc:20:68:52:42:3c:b5:29:0e:1f:dc:13:
                    12:f0:1a:71:72:a7:9c:c4:ec:eb:e9:60:f0:5c:92:
                    31:95:1c:71:6f:10:c6:92:13:ab:f7:8b:37:5a:b0:
                    76:48:8b:65:c6:d3:d5:ec:e4:f1:1e:de:e6:bb:e5:
                    46:99:31:20:ad:e5:59:dc:59:8b:14:88:b0:bc:6f:
                    12:78:bf:77:ed:17:52:db:d5:c6:8e:1c:1f:e9:d1:
                    3a:ed:4f:62:9e:5f:48:73:6f:1a:7b:50:70:89:1f:
                    62:b0:0a:53:70:c4:a1:c8:60:1b:40:4d:25:1b:64:
                    62:d4:ec:63:a1:e8:d9:c0:2e:54:0b:d2:4b:58:08:
                    21:8f:e9:85:aa:fb:4f:bb:98:d3:28:fc:89:1a:b3:
                    cd:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:1D:5D:1D:B7:03:11:0B:B4:26:7B:F6:71:26:66:41:84:EE:0C:39
            X509v3 Authority Key Identifier:
                keyid:3C:17:7B:52:80:43:A8:59:53:FC:25:0F:99:1D:9D:80:20:E2:81:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PBd7UoBDqFlT_CUPmR2dgCDigQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/ZR1dHbcDEQu0Jnv2cSZmQYTuDDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5ed525-3f37-4c70-a2ec-a4151b5e2fcf/1/PBd7UoBDqFlT_CUPmR2dgCDigQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2303::/32

    Signature Algorithm: sha256WithRSAEncryption
         ba:4f:3a:55:bb:89:64:1a:c3:2d:c6:32:71:d2:e0:14:10:fb:
         66:39:70:37:64:81:88:a0:02:33:d6:d0:ca:f5:6b:04:4a:ee:
         85:8d:e8:1e:d0:06:10:2f:d0:1b:0e:fb:7a:c1:d7:b0:40:95:
         e0:8b:5e:ba:fa:ce:b4:78:9f:15:6d:36:88:fb:d1:96:26:30:
         46:95:aa:5f:5e:9d:bf:af:c0:3c:3a:0a:8f:0e:a2:67:49:ba:
         89:55:e4:8c:42:2f:e2:dc:ee:64:e7:87:4a:44:ab:ea:69:5e:
         e5:56:29:ac:8b:44:52:98:94:a0:2c:97:fc:fe:38:c4:be:57:
         52:bd:8d:19:ce:e3:92:ae:8e:a4:b4:53:be:49:3d:0a:3d:d1:
         33:5e:12:64:d1:aa:df:d7:b5:b8:36:2c:ba:d3:93:02:91:a3:
         be:46:e1:c5:df:75:61:6b:8d:54:7b:9c:7d:f5:99:34:a4:91:
         5c:67:84:be:8f:2b:4e:e6:a9:ad:5e:ed:41:5a:8e:d7:fd:d0:
         e0:13:30:22:27:67:f7:79:16:fb:37:c8:70:64:8f:71:ec:20:
         fe:42:ce:53:33:b8:da:fd:e1:1a:bc:fb:ee:70:15:d2:28:2a:
         fb:62:c5:cd:41:1a:ef:b1:15:65:8b:c2:3d:7d:62:f7:52:a9:
         10:2a:17:8e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEkuAWt11EAuID2kZdcllNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMTc3YjUyODA0M2E4NTk1M2ZjMjUwZjk5MWQ5ZDgwMjBl
MjgxMGQwHhcNMjQwMTAxMTAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTFkNWQxZGI3MDMxMTBiYjQyNjdiZjY3MTI2NjY0MTg0ZWUwYzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCCcNIjeLMS3r6l/BINeYTXgYQkb
mSAD48bP/z5ABBrkbKkz2CdWhvaOhrbcTR8AgvcccLpOyZ6sxtAErNayhGtqNFNg
Ap7Gd5z3TmaFX2V8vJ2XTxAkee9GnzDgbXCmO8NoOJIIxKLDmNf8IGhSQjy1KQ4f
3BMS8BpxcqecxOzr6WDwXJIxlRxxbxDGkhOr94s3WrB2SItlxtPV7OTxHt7mu+VG
mTEgreVZ3FmLFIiwvG8SeL937RdS29XGjhwf6dE67U9inl9Ic28ae1BwiR9isApT
cMShyGAbQE0lG2Ri1OxjoejZwC5UC9JLWAghj+mFqvtPu5jTKPyJGrPNjwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGUdXR23AxELtCZ79nEmZkGE7gw5MB8GA1UdIwQY
MBaAFDwXe1KAQ6hZU/wlD5kdnYAg4oENMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEJkN1VvQkRxRmxUX0NVUG1SMmRnQ0RpZ1EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81ZWQ1MjUtM2YzNy00YzcwLWEyZWMt
YTQxNTFiNWUyZmNmLzEvWlIxZEhiY0RFUXUwSm52MmNTWm1RWVR1RERrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81ZWQ1MjUtM2YzNy00YzcwLWEyZWMtYTQxNTFiNWUyZmNm
LzEvUEJkN1VvQkRxRmxUX0NVUG1SMmRnQ0RpZ1EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgojAzAN
BgkqhkiG9w0BAQsFAAOCAQEAuk86VbuJZBrDLcYycdLgFBD7ZjlwN2SBiKACM9bQ
yvVrBEruhY3oHtAGEC/QGw77esHXsECV4IteuvrOtHifFW02iPvRliYwRpWqX16d
v6/APDoKjw6iZ0m6iVXkjEIv4tzuZOeHSkSr6mle5VYprItEUpiUoCyX/P44xL5X
Ur2NGc7jkq6OpLRTvkk9Cj3RM14SZNGq39e1uDYsutOTApGjvkbhxd91YWuNVHuc
ffWZNKSRXGeEvo8rTuaprV7tQVqO1/3Q4BMwIidn93kW+zfIcGSPcewg/kLOUzO4
2v3hGrz77nAV0igq+2LFzUEa77EVZYvCPX1i91KpECoXjg==
-----END CERTIFICATE-----