Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/RziS74kv7uHp10fdkcU9eFNo_hY.roa
File:                     RziS74kv7uHp10fdkcU9eFNo_hY.roa (raw, json)
Hash identifier:          WwqsUYvlQ69ekycXDe7ghd4BQ333M+urxU8PwrkpKu4=
Subject key identifier:   47:38:92:EF:89:2F:EE:E1:E9:D7:47:DD:91:C5:3D:78:53:68:FE:16
Certificate issuer:       /CN=0d87142bdc2b3f0d0848a0d800b6930b1abb34bc
Certificate serial:       018CC5011E0AD21188B7C8302B07C7FD697F
Authority key identifier: 0D:87:14:2B:DC:2B:3F:0D:08:48:A0:D8:00:B6:93:0B:1A:BB:34:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/RziS74kv7uHp10fdkcU9eFNo_hY.roa
Signing time:             Mon 01 Jan 2024 12:30:33 +0000
ROA not before:           Mon 01 Jan 2024 12:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44390
IP address blocks:        80.92.239.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1e:0a:d2:11:88:b7:c8:30:2b:07:c7:fd:69:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d87142bdc2b3f0d0848a0d800b6930b1abb34bc
        Validity
            Not Before: Jan  1 12:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=473892ef892feee1e9d747dd91c53d785368fe16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:68:9d:8b:5a:4a:85:40:4a:d4:b2:53:82:f4:
                    85:3f:6f:87:e1:8c:38:97:53:38:c8:49:d7:ea:a3:
                    7a:5e:38:c9:7f:2c:18:9e:ea:7f:42:35:72:44:93:
                    5f:c8:c1:6e:43:1e:fc:84:3f:fe:48:ef:cf:57:a5:
                    41:ec:8c:54:72:3b:89:6c:7c:bc:c6:ad:44:cf:b9:
                    ca:1f:fb:1c:0c:6c:e5:7d:e3:ce:3a:71:71:2c:f1:
                    95:fc:48:03:82:09:01:b3:9c:c7:6b:2c:93:52:5d:
                    9b:ef:24:f2:fc:bc:dd:fb:fc:b0:10:db:39:69:00:
                    5d:65:30:fe:71:a3:c7:19:52:b6:02:0e:b1:13:28:
                    1c:43:25:84:a6:6b:a1:d1:90:b7:32:c0:fd:84:ea:
                    fa:b0:98:8b:32:b8:00:57:a1:f6:50:90:d1:76:3b:
                    f5:75:42:b5:cd:63:9c:3c:97:e8:4f:a5:d7:44:0c:
                    65:46:99:2b:9a:8a:46:01:6f:cd:e5:d0:cd:71:4c:
                    4c:aa:85:31:35:9f:62:fd:4f:bb:f6:50:2e:71:98:
                    65:80:ba:05:14:31:db:6e:c6:55:0a:a0:f1:1a:13:
                    93:3a:60:3b:e0:e0:4a:6f:c5:8b:cf:14:54:f4:e7:
                    99:7d:d9:83:9f:37:6a:ce:19:65:a0:4a:47:8d:23:
                    11:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:38:92:EF:89:2F:EE:E1:E9:D7:47:DD:91:C5:3D:78:53:68:FE:16
            X509v3 Authority Key Identifier:
                keyid:0D:87:14:2B:DC:2B:3F:0D:08:48:A0:D8:00:B6:93:0B:1A:BB:34:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/RziS74kv7uHp10fdkcU9eFNo_hY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.92.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:bf:49:6d:38:fb:84:b3:bc:26:d4:d0:08:9c:be:93:76:35:
         a9:34:75:56:01:6f:0c:9c:8f:e9:6e:da:cb:24:77:5e:66:2c:
         6c:a4:86:7b:6e:3a:01:50:bc:87:1e:03:e6:d0:78:13:ff:37:
         55:bf:b7:11:5e:d1:09:b2:1b:54:6b:55:01:e1:ac:27:62:08:
         f0:cd:5c:8c:c4:db:f0:6c:3c:51:cf:9b:92:c0:00:3d:ea:02:
         03:4c:49:1c:c7:0d:b4:dc:67:ba:31:60:25:c8:08:b7:f8:23:
         7a:f6:af:15:86:a0:b9:ae:72:1b:7b:bd:a3:5d:63:72:b1:12:
         b7:43:dc:05:f6:02:2f:8b:44:67:b7:92:d1:a2:91:d9:4e:d3:
         db:20:79:b1:de:c8:c8:5a:88:b7:92:86:95:b5:72:dd:bb:7b:
         c6:d9:46:33:63:42:cb:5b:27:fe:ef:5f:9b:6b:57:94:68:4d:
         2a:c7:9b:85:91:65:11:de:a9:ba:05:81:47:8e:fc:b8:24:50:
         1b:ec:51:12:96:5f:df:ad:aa:6d:e4:d3:b1:62:50:b6:9e:1a:
         41:98:a8:23:7a:d7:40:de:10:a5:00:d8:c2:f0:07:b7:6e:b1:
         87:0f:1f:26:8b:a5:95:6b:a2:91:41:03:bb:1f:49:0e:6b:95:
         28:b9:17:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAR4K0hGIt8gwKwfH/Wl/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkODcxNDJiZGMyYjNmMGQwODQ4YTBkODAwYjY5MzBiMWFi
YjM0YmMwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzM4OTJlZjg5MmZlZWUxZTlkNzQ3ZGQ5MWM1M2Q3ODUzNjhmZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGidi1pKhUBK1LJTgvSFP2+H4Yw4
l1M4yEnX6qN6XjjJfywYnup/QjVyRJNfyMFuQx78hD/+SO/PV6VB7IxUcjuJbHy8
xq1Ez7nKH/scDGzlfePOOnFxLPGV/EgDggkBs5zHayyTUl2b7yTy/Lzd+/ywENs5
aQBdZTD+caPHGVK2Ag6xEygcQyWEpmuh0ZC3MsD9hOr6sJiLMrgAV6H2UJDRdjv1
dUK1zWOcPJfoT6XXRAxlRpkrmopGAW/N5dDNcUxMqoUxNZ9i/U+79lAucZhlgLoF
FDHbbsZVCqDxGhOTOmA74OBKb8WLzxRU9OeZfdmDnzdqzhlloEpHjSMRBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEc4ku+JL+7h6ddH3ZHFPXhTaP4WMB8GA1UdIwQY
MBaAFA2HFCvcKz8NCEig2AC2kwsauzS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFljVUs5d3JQdzBJU0tEWUFMYVRDeHE3Tkx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84ZjhjYzAtZjY5My00MjFjLWJjNTQt
YTMxNzA4ZDQwMzkxLzEvUnppUzc0a3Y3dUhwMTBmZGtjVTllRk5vX2hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84ZjhjYzAtZjY5My00MjFjLWJjNTQtYTMxNzA4ZDQwMzkx
LzEvRFljVUs5d3JQdzBJU0tEWUFMYVRDeHE3Tkx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUFzvMA0G
CSqGSIb3DQEBCwUAA4IBAQB0v0ltOPuEs7wm1NAInL6TdjWpNHVWAW8MnI/pbtrL
JHdeZixspIZ7bjoBULyHHgPm0HgT/zdVv7cRXtEJshtUa1UB4awnYgjwzVyMxNvw
bDxRz5uSwAA96gIDTEkcxw203Ge6MWAlyAi3+CN69q8VhqC5rnIbe72jXWNysRK3
Q9wF9gIvi0Rnt5LRopHZTtPbIHmx3sjIWoi3koaVtXLdu3vG2UYzY0LLWyf+71+b
a1eUaE0qx5uFkWUR3qm6BYFHjvy4JFAb7FESll/frapt5NOxYlC2nhpBmKgjetdA
3hClANjC8Ae3brGHDx8mi6WVa6KRQQO7H0kOa5UouRck
-----END CERTIFICATE-----