Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/zPYjomGhwGos4Sn1Htc73GW0sik.roa
File:                     zPYjomGhwGos4Sn1Htc73GW0sik.roa (raw, json)
Hash identifier:          nBlqgnqZiewlUCFw1qcycrcj36q2cKIn19kHiwAgzGY=
Subject key identifier:   CC:F6:23:A2:61:A1:C0:6A:2C:E1:29:F5:1E:D7:3B:DC:65:B4:B2:29
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       0192C6A76B3B091C9DFB30204DCC93971DBA
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/zPYjomGhwGos4Sn1Htc73GW0sik.roa
Signing time:             Sat 26 Oct 2024 02:28:33 +0000
ROA not before:           Sat 26 Oct 2024 02:28:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13213
IP address blocks:        168.199.235.0/24 maxlen: 24
                          185.171.255.0/24 maxlen: 24
                          185.226.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c6:a7:6b:3b:09:1c:9d:fb:30:20:4d:cc:93:97:1d:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Oct 26 02:28:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccf623a261a1c06a2ce129f51ed73bdc65b4b229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4b:bb:07:51:08:a6:c3:a2:97:98:75:83:c0:
                    28:5e:b7:b4:a1:aa:6b:a9:56:23:67:e4:19:9d:c3:
                    8c:be:f4:17:99:dc:35:b1:5d:f7:24:ca:4b:f4:ed:
                    87:e6:4a:4d:14:00:9f:ea:0d:74:d6:fc:34:51:21:
                    4e:e6:3a:00:e1:a9:a4:12:f3:dd:b6:6a:a1:24:d3:
                    a9:01:b8:3f:f3:b8:2f:50:a6:a5:45:2d:cf:da:b3:
                    5c:4f:c9:61:3d:41:54:40:58:2d:33:83:f6:e6:88:
                    9f:5e:6d:71:8d:8b:48:6f:d4:14:a5:59:90:5b:06:
                    40:87:49:f8:da:03:e2:3f:8b:e9:40:ad:c7:63:bf:
                    3e:d5:99:a4:79:1e:60:05:86:68:91:d8:88:b4:d3:
                    7f:b0:92:6b:3a:6d:8a:01:00:5a:32:ce:2d:80:e9:
                    41:b1:9e:04:5e:a4:22:c7:1f:25:44:0c:c9:89:f1:
                    b8:50:43:a8:12:3e:c5:50:ec:bc:fa:ef:c1:b6:ab:
                    d9:a2:6b:88:10:40:d7:f2:13:9e:a9:7b:51:e4:a8:
                    c3:35:15:f1:d5:56:11:0a:3c:73:ab:a9:86:50:d2:
                    a8:bf:40:e4:bd:6e:4d:b7:dd:c0:05:63:36:37:5f:
                    f2:92:b1:7b:d3:43:62:88:35:59:db:00:36:7c:37:
                    45:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:F6:23:A2:61:A1:C0:6A:2C:E1:29:F5:1E:D7:3B:DC:65:B4:B2:29
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/zPYjomGhwGos4Sn1Htc73GW0sik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.235.0/24
                  185.171.255.0/24
                  185.226.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:9a:a8:f4:38:72:92:cf:57:6d:a1:bd:93:03:26:b0:43:c4:
         8b:87:f3:ff:ee:3c:24:a8:22:61:d3:56:a7:36:d2:85:0e:2c:
         d1:aa:98:d1:61:5d:c8:b8:66:4b:bb:ef:1d:91:06:ea:08:01:
         97:41:9d:fd:7a:b7:67:40:7e:3d:d1:d0:9f:90:fa:61:aa:72:
         58:08:b1:d4:f3:9a:25:78:df:90:64:71:89:42:7c:f8:75:e9:
         3e:49:75:d8:88:a4:48:41:de:36:db:8f:77:f9:32:2a:93:48:
         f2:15:c9:35:76:ab:11:eb:50:e8:05:99:76:0d:8b:81:ba:c5:
         f5:d8:dd:1b:3e:19:95:a3:7a:94:8b:13:48:2c:de:9b:f0:2a:
         4f:ef:a5:f7:83:33:96:60:0c:e8:ad:2a:b4:99:71:89:03:23:
         36:76:c0:df:a0:bd:7a:6b:9f:17:52:c2:7a:ee:72:be:2d:11:
         76:30:86:b3:27:01:83:36:06:e0:3e:f5:16:7d:a7:e7:21:6b:
         2a:b7:73:80:cd:8d:48:e7:df:29:38:2f:78:57:a9:18:0c:6a:
         3d:c9:11:78:e9:6a:7f:43:12:2f:2c:f6:e6:9c:5b:92:a3:6e:
         35:3e:b2:e6:a4:86:03:e2:59:b3:a3:2a:10:49:c8:5b:87:7e:
         44:30:8b:7e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZLGp2s7CRyd+zAgTcyTlx26MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjQxMDI2MDIyODMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2Y2MjNhMjYxYTFjMDZhMmNlMTI5ZjUxZWQ3M2JkYzY1YjRiMjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwku7B1EIpsOil5h1g8AoXre0oapr
qVYjZ+QZncOMvvQXmdw1sV33JMpL9O2H5kpNFACf6g101vw0USFO5joA4amkEvPd
tmqhJNOpAbg/87gvUKalRS3P2rNcT8lhPUFUQFgtM4P25oifXm1xjYtIb9QUpVmQ
WwZAh0n42gPiP4vpQK3HY78+1ZmkeR5gBYZokdiItNN/sJJrOm2KAQBaMs4tgOlB
sZ4EXqQixx8lRAzJifG4UEOoEj7FUOy8+u/BtqvZomuIEEDX8hOeqXtR5KjDNRXx
1VYRCjxzq6mGUNKov0DkvW5Nt93ABWM2N1/ykrF700NiiDVZ2wA2fDdFgQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMz2I6JhocBqLOEp9R7XO9xltLIpMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvelBZam9tR2h3R29zNFNuMUh0YzczR1cwc2lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAqMfrAwQA
uav/AwQAueLMMA0GCSqGSIb3DQEBCwUAA4IBAQBjmqj0OHKSz1dtob2TAyawQ8SL
h/P/7jwkqCJh01anNtKFDizRqpjRYV3IuGZLu+8dkQbqCAGXQZ39erdnQH490dCf
kPphqnJYCLHU85oleN+QZHGJQnz4dek+SXXYiKRIQd422493+TIqk0jyFck1dqsR
61DoBZl2DYuBusX12N0bPhmVo3qUixNILN6b8CpP76X3gzOWYAzorSq0mXGJAyM2
dsDfoL16a58XUsJ67nK+LRF2MIazJwGDNgbgPvUWfafnIWsqt3OAzY1I598pOC94
V6kYDGo9yRF46Wp/QxIvLPbmnFuSo241PrLmpIYD4lmzoyoQSchbh35EMIt+
-----END CERTIFICATE-----