Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/3zzM7NffxFno83u6oEnY1hyZ5NU.roa
File:                     3zzM7NffxFno83u6oEnY1hyZ5NU.roa (raw, json)
Hash identifier:          HfZLXpx1gazP8eoqqt4PJWQMJ2KNtvsakpVy67Ep0Rs=
Subject key identifier:   DF:3C:CC:EC:D7:DF:C4:59:E8:F3:7B:BA:A0:49:D8:D6:1C:99:E4:D5
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A8A269F30DAFD59DCD8A883470CE5
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/3zzM7NffxFno83u6oEnY1hyZ5NU.roa
Signing time:             Mon 01 Jan 2024 18:30:22 +0000
ROA not before:           Mon 01 Jan 2024 18:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208503
IP address blocks:        178.170.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:8a:26:9f:30:da:fd:59:dc:d8:a8:83:47:0c:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df3cccecd7dfc459e8f37bbaa049d8d61c99e4d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:82:9f:01:4f:45:d3:db:7b:5a:bf:5e:fb:89:
                    b1:0e:76:bd:cc:2c:ee:04:9a:16:81:f0:8e:ae:9c:
                    39:19:a5:eb:b5:4e:85:92:49:87:48:47:22:22:0d:
                    b0:d8:03:d9:eb:f5:49:84:bc:99:0c:70:35:14:83:
                    ad:13:b4:6e:e8:cf:7d:e9:9f:a7:7a:65:e2:85:43:
                    f4:ae:e1:d7:61:30:cd:8e:77:8b:ae:15:6e:eb:6a:
                    01:9c:f5:89:70:bb:f5:1f:2c:35:2f:b7:1b:45:3b:
                    79:42:47:dd:9e:b6:0d:2e:9e:15:82:14:5d:d4:6d:
                    b6:02:02:7a:d8:f5:69:0d:96:51:0e:64:5a:cd:21:
                    65:04:c1:19:bc:60:b8:c4:89:e3:f5:06:7d:dd:71:
                    fe:12:1f:76:57:27:50:29:52:ef:64:b9:c2:76:4e:
                    f8:19:b3:c5:c0:9a:56:22:85:97:3d:b8:80:08:b1:
                    db:85:e6:33:df:9b:eb:45:de:5f:34:d1:46:eb:09:
                    0f:a4:27:8e:c3:89:87:4f:af:4f:52:e7:95:29:bb:
                    fc:4f:85:a1:c7:2e:35:d0:d6:ec:f5:1a:c0:17:0c:
                    92:2c:20:6c:ca:a5:0d:71:b5:08:1d:66:a9:2d:58:
                    be:87:9d:5f:58:cd:7a:e1:9c:7f:8e:2c:88:5f:f9:
                    53:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:3C:CC:EC:D7:DF:C4:59:E8:F3:7B:BA:A0:49:D8:D6:1C:99:E4:D5
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/3zzM7NffxFno83u6oEnY1hyZ5NU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.170.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:a9:69:8f:39:e1:dc:8c:22:20:bf:fd:e8:96:15:70:db:c8:
         77:9a:21:32:b8:44:48:59:66:50:f6:69:10:53:58:35:d9:13:
         f4:2a:f8:32:f5:81:f0:c2:f8:8b:f5:f1:80:50:0b:22:78:ec:
         26:49:08:2d:28:7e:73:02:67:e2:0c:f9:1a:1a:2b:ee:a0:46:
         fd:0e:a8:cd:fc:a0:80:d0:7c:e4:a6:4f:60:6a:28:a9:98:5f:
         b7:94:6b:10:12:a2:a0:74:3a:de:fa:30:a7:61:98:67:57:58:
         96:61:cb:25:0b:36:9c:de:8c:f4:51:c8:86:6f:5e:5e:6e:3d:
         2f:dc:55:c8:a4:24:aa:a6:25:4a:98:0f:f4:eb:cb:c1:33:19:
         35:4a:f2:40:5a:c0:d8:a2:30:58:90:e3:74:15:ad:0b:25:b6:
         43:57:b6:d3:a2:43:23:2e:f2:b9:7c:52:f3:10:fb:0e:5a:2e:
         f7:35:c6:35:56:2f:eb:49:9f:74:67:48:f3:56:df:ed:50:33:
         77:49:7c:e4:67:a6:be:33:76:97:73:ef:46:f1:e1:e7:63:6f:
         99:7d:a6:37:7a:63:58:48:34:7f:ee:63:a2:45:35:51:b7:7b:
         3b:2c:b1:13:a2:40:e0:4c:18:66:ec:37:dd:5d:42:d3:1e:e8:
         24:79:e1:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSoomnzDa/Vnc2KiDRwzlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjNjY2NlY2Q3ZGZjNDU5ZThmMzdiYmFhMDQ5ZDhkNjFjOTllNGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoKfAU9F09t7Wr9e+4mxDna9zCzu
BJoWgfCOrpw5GaXrtU6FkkmHSEciIg2w2APZ6/VJhLyZDHA1FIOtE7Ru6M996Z+n
emXihUP0ruHXYTDNjneLrhVu62oBnPWJcLv1Hyw1L7cbRTt5QkfdnrYNLp4VghRd
1G22AgJ62PVpDZZRDmRazSFlBMEZvGC4xInj9QZ93XH+Eh92VydQKVLvZLnCdk74
GbPFwJpWIoWXPbiACLHbheYz35vrRd5fNNFG6wkPpCeOw4mHT69PUueVKbv8T4Wh
xy410Nbs9RrAFwySLCBsyqUNcbUIHWapLVi+h51fWM164Zx/jiyIX/lTcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN88zOzX38RZ6PN7uqBJ2NYcmeTVMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvM3p6TTdOZmZ4Rm5vODN1Nm9FblkxaHlaNU5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsqroMA0G
CSqGSIb3DQEBCwUAA4IBAQDIqWmPOeHcjCIgv/3olhVw28h3miEyuERIWWZQ9mkQ
U1g12RP0Kvgy9YHwwviL9fGAUAsieOwmSQgtKH5zAmfiDPkaGivuoEb9DqjN/KCA
0Hzkpk9gaiipmF+3lGsQEqKgdDre+jCnYZhnV1iWYcslCzac3oz0UciGb15ebj0v
3FXIpCSqpiVKmA/068vBMxk1SvJAWsDYojBYkON0Fa0LJbZDV7bTokMjLvK5fFLz
EPsOWi73NcY1Vi/rSZ90Z0jzVt/tUDN3SXzkZ6a+M3aXc+9G8eHnY2+ZfaY3emNY
SDR/7mOiRTVRt3s7LLETokDgTBhm7DfdXULTHugkeeE+
-----END CERTIFICATE-----