Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/e06713-d6da-401c-bae5-65d33f1b58c8/1/ZrNGwCA-9OBv8wy5in0MNgrXg8k.roa
File:                     ZrNGwCA-9OBv8wy5in0MNgrXg8k.roa (raw, json)
Hash identifier:          0J8pTk5PmtXMV8Z35JeNb2azYOZBzntbn9z2PcNZpMY=
Subject key identifier:   66:B3:46:C0:20:3E:F4:E0:6F:F3:0C:B9:8A:7D:0C:36:0A:D7:83:C9
Certificate issuer:       /CN=9b9319025733da87ed8fca2032e3f8a660495a71
Certificate serial:       018CC6B79416ED679317601C2677461F55FC
Authority key identifier: 9B:93:19:02:57:33:DA:87:ED:8F:CA:20:32:E3:F8:A6:60:49:5A:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m5MZAlcz2oftj8ogMuP4pmBJWnE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/e06713-d6da-401c-bae5-65d33f1b58c8/1/ZrNGwCA-9OBv8wy5in0MNgrXg8k.roa
Signing time:             Mon 01 Jan 2024 20:29:28 +0000
ROA not before:           Mon 01 Jan 2024 20:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49233
IP address blocks:        185.251.108.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/e06713-d6da-401c-bae5-65d33f1b58c8/1/m5MZAlcz2oftj8ogMuP4pmBJWnE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/e06713-d6da-401c-bae5-65d33f1b58c8/1/m5MZAlcz2oftj8ogMuP4pmBJWnE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m5MZAlcz2oftj8ogMuP4pmBJWnE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:94:16:ed:67:93:17:60:1c:26:77:46:1f:55:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b9319025733da87ed8fca2032e3f8a660495a71
        Validity
            Not Before: Jan  1 20:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66b346c0203ef4e06ff30cb98a7d0c360ad783c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:1e:6f:fa:5d:ba:2a:73:39:f3:90:1d:c8:9e:
                    de:bb:57:d7:e0:bc:a5:b9:99:86:01:39:d0:cf:5a:
                    bb:be:a1:1b:cb:c1:16:35:1e:ed:ca:65:fe:7b:54:
                    2f:bd:a5:1b:ba:91:d4:7f:82:de:64:71:69:6b:13:
                    6e:5d:82:a8:c4:3e:9f:aa:d3:ad:65:9b:81:17:dd:
                    49:d8:32:5b:81:98:52:f2:0c:10:c6:b3:aa:55:5a:
                    af:14:33:21:55:a7:6d:6b:7a:4e:98:2f:0b:52:3e:
                    8a:4d:ae:a1:55:37:24:b6:ef:34:5b:c3:c2:d6:50:
                    d5:da:a1:d2:ea:2b:ba:be:84:a8:36:95:7a:1a:42:
                    52:c3:5b:c8:ca:8a:38:0f:41:e9:f2:ea:98:1c:63:
                    ab:e3:19:09:a4:11:7d:90:cd:4c:bf:4e:ba:e3:86:
                    a6:14:9b:92:c1:1d:fb:c7:13:0f:25:a3:1d:6c:bc:
                    3c:87:5c:88:c9:b8:4c:aa:aa:88:85:66:d9:6d:46:
                    2c:e3:74:3a:fd:68:af:77:63:2e:08:14:fe:e4:e4:
                    cf:ed:40:1e:ff:ba:75:d9:d7:9f:e2:ef:e9:e3:8f:
                    bf:64:84:94:07:ee:bf:32:14:35:d4:a4:53:fb:0b:
                    98:7f:50:55:21:b7:e0:83:78:40:f1:d4:c0:a8:34:
                    47:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:B3:46:C0:20:3E:F4:E0:6F:F3:0C:B9:8A:7D:0C:36:0A:D7:83:C9
            X509v3 Authority Key Identifier:
                keyid:9B:93:19:02:57:33:DA:87:ED:8F:CA:20:32:E3:F8:A6:60:49:5A:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m5MZAlcz2oftj8ogMuP4pmBJWnE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/e06713-d6da-401c-bae5-65d33f1b58c8/1/ZrNGwCA-9OBv8wy5in0MNgrXg8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/e06713-d6da-401c-bae5-65d33f1b58c8/1/m5MZAlcz2oftj8ogMuP4pmBJWnE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:f8:99:5f:5c:d9:00:4b:c4:0e:2d:30:9d:21:ea:66:59:3e:
         29:48:e1:49:48:99:9c:6a:10:1f:01:5c:54:9f:4f:29:d5:c0:
         b0:4e:18:9a:67:37:ca:91:c4:25:ce:11:38:e5:42:69:05:be:
         19:6d:53:ad:1d:26:c4:f4:65:65:3a:bd:32:b3:02:88:35:1d:
         a1:84:0b:65:0e:e0:9f:3e:70:91:cd:00:3d:b7:6a:d4:22:af:
         55:70:1c:6f:e1:9f:26:93:46:4d:27:8b:50:ac:0a:7b:e0:64:
         09:0d:b1:9f:de:c4:16:24:51:28:40:7e:00:54:76:7b:c0:cb:
         47:8b:fa:b6:7d:a6:0e:75:b3:d8:91:6f:ad:4f:09:c4:17:e9:
         c3:3e:4c:f7:2f:86:f6:19:38:a2:ec:92:87:99:85:1a:37:64:
         65:75:44:6d:a9:9c:a0:79:00:b8:1d:9f:53:71:6f:8b:ea:29:
         bb:96:af:e9:c5:7e:52:93:8e:81:5b:40:ea:46:3a:d6:26:cc:
         cd:7c:08:20:5b:45:4c:7a:ed:46:01:f9:65:5d:ed:d7:82:7a:
         64:3d:76:ff:90:9d:8d:d1:2d:c3:06:7d:e2:82:91:3b:69:4c:
         b5:28:2d:9a:25:f6:a0:b3:fc:d9:8b:c2:3c:2c:e9:55:d2:6a:
         c7:6c:17:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt5QW7WeTF2AcJndGH1X8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliOTMxOTAyNTczM2RhODdlZDhmY2EyMDMyZTNmOGE2NjA0
OTVhNzEwHhcNMjQwMTAxMjAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmIzNDZjMDIwM2VmNGUwNmZmMzBjYjk4YTdkMGMzNjBhZDc4M2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4R5v+l26KnM585AdyJ7eu1fX4Lyl
uZmGATnQz1q7vqEby8EWNR7tymX+e1QvvaUbupHUf4LeZHFpaxNuXYKoxD6fqtOt
ZZuBF91J2DJbgZhS8gwQxrOqVVqvFDMhVadta3pOmC8LUj6KTa6hVTcktu80W8PC
1lDV2qHS6iu6voSoNpV6GkJSw1vIyoo4D0Hp8uqYHGOr4xkJpBF9kM1Mv06644am
FJuSwR37xxMPJaMdbLw8h1yIybhMqqqIhWbZbUYs43Q6/Wivd2MuCBT+5OTP7UAe
/7p12def4u/p44+/ZISUB+6/MhQ11KRT+wuYf1BVIbfgg3hA8dTAqDRHEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGazRsAgPvTgb/MMuYp9DDYK14PJMB8GA1UdIwQY
MBaAFJuTGQJXM9qH7Y/KIDLj+KZgSVpxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTVNWkFsY3oyb2Z0ajhvZ011UDRwbUJKV25FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9lMDY3MTMtZDZkYS00MDFjLWJhZTUt
NjVkMzNmMWI1OGM4LzEvWnJOR3dDQS05T0J2OHd5NWluME1OZ3JYZzhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9lMDY3MTMtZDZkYS00MDFjLWJhZTUtNjVkMzNmMWI1OGM4
LzEvbTVNWkFsY3oyb2Z0ajhvZ011UDRwbUJKV25FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuftsMA0G
CSqGSIb3DQEBCwUAA4IBAQCM+JlfXNkAS8QOLTCdIepmWT4pSOFJSJmcahAfAVxU
n08p1cCwThiaZzfKkcQlzhE45UJpBb4ZbVOtHSbE9GVlOr0yswKINR2hhAtlDuCf
PnCRzQA9t2rUIq9VcBxv4Z8mk0ZNJ4tQrAp74GQJDbGf3sQWJFEoQH4AVHZ7wMtH
i/q2faYOdbPYkW+tTwnEF+nDPkz3L4b2GTii7JKHmYUaN2RldURtqZygeQC4HZ9T
cW+L6im7lq/pxX5Sk46BW0DqRjrWJszNfAggW0VMeu1GAfllXe3XgnpkPXb/kJ2N
0S3DBn3igpE7aUy1KC2aJfags/zZi8I8LOlV0mrHbBfk
-----END CERTIFICATE-----