Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/993772-5fba-40bf-b721-6c3950194370/1/zB87fk0pZN-cgLKW_xoF5XeZK3I.roa
File:                     zB87fk0pZN-cgLKW_xoF5XeZK3I.roa (raw, json)
Hash identifier:          pneIchu3Qnfz3/lj57rnc7ZWx2ArPrPmjk/9Tl0QbUU=
Subject key identifier:   CC:1F:3B:7E:4D:29:64:DF:9C:80:B2:96:FF:1A:05:E5:77:99:2B:72
Certificate issuer:       /CN=8353accb94e10cf8c2c29679067ee39099f404d3
Certificate serial:       01915ACD7FB51984316150ADACC9931091B2
Authority key identifier: 83:53:AC:CB:94:E1:0C:F8:C2:C2:96:79:06:7E:E3:90:99:F4:04:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1Osy5ThDPjCwpZ5Bn7jkJn0BNM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/993772-5fba-40bf-b721-6c3950194370/1/zB87fk0pZN-cgLKW_xoF5XeZK3I.roa
Signing time:             Fri 16 Aug 2024 10:48:22 +0000
ROA not before:           Fri 16 Aug 2024 10:48:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44375
IP address blocks:        93.126.0.0/18 maxlen: 18
                          193.178.200.0/22 maxlen: 22
                          2a13:f140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/993772-5fba-40bf-b721-6c3950194370/1/g1Osy5ThDPjCwpZ5Bn7jkJn0BNM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/993772-5fba-40bf-b721-6c3950194370/1/g1Osy5ThDPjCwpZ5Bn7jkJn0BNM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1Osy5ThDPjCwpZ5Bn7jkJn0BNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5a:cd:7f:b5:19:84:31:61:50:ad:ac:c9:93:10:91:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8353accb94e10cf8c2c29679067ee39099f404d3
        Validity
            Not Before: Aug 16 10:48:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc1f3b7e4d2964df9c80b296ff1a05e577992b72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:1e:8f:12:be:c1:ef:74:86:6c:74:bf:46:67:
                    e4:2d:2b:92:9a:01:52:ea:3e:fe:00:96:1d:45:4f:
                    2c:26:5c:c0:21:05:e9:4b:38:b7:a9:2e:0d:69:7e:
                    eb:49:3b:af:d0:1b:7f:54:71:1e:57:0e:b4:e3:31:
                    9a:1b:8f:bc:66:ad:89:7d:f1:61:33:eb:fb:28:18:
                    7e:f3:c4:c3:ab:f3:f7:59:d2:04:43:e6:f0:f2:22:
                    c1:e6:0c:6b:29:13:e0:21:22:b3:90:64:9a:b1:d6:
                    ee:cd:ca:96:5b:da:db:a9:d6:e8:0f:bc:a9:29:2e:
                    bd:e0:74:b2:f5:e5:6a:c9:cd:86:b3:43:45:35:0e:
                    03:6d:09:d1:11:c2:a8:e4:55:0d:19:1a:69:7c:a8:
                    1c:1a:29:14:e0:ed:39:a7:a8:bb:d9:c5:9d:da:25:
                    6e:f3:93:7e:fc:b6:3e:63:97:ea:70:e9:4f:a9:94:
                    a6:80:bd:a8:4e:47:0f:ce:91:f0:48:f7:87:dd:4a:
                    5d:57:07:5a:35:1b:9a:78:88:83:8e:4f:04:b0:05:
                    8a:f3:60:a1:ee:43:0a:05:56:8f:2b:82:dc:04:12:
                    4f:0a:43:69:dc:c8:bf:f8:dd:19:34:9e:b9:4e:91:
                    46:65:30:5e:c6:f5:67:48:b8:07:b9:57:61:db:e9:
                    a3:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:1F:3B:7E:4D:29:64:DF:9C:80:B2:96:FF:1A:05:E5:77:99:2B:72
            X509v3 Authority Key Identifier:
                keyid:83:53:AC:CB:94:E1:0C:F8:C2:C2:96:79:06:7E:E3:90:99:F4:04:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1Osy5ThDPjCwpZ5Bn7jkJn0BNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/993772-5fba-40bf-b721-6c3950194370/1/zB87fk0pZN-cgLKW_xoF5XeZK3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/993772-5fba-40bf-b721-6c3950194370/1/g1Osy5ThDPjCwpZ5Bn7jkJn0BNM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.126.0.0/18
                  193.178.200.0/22
                IPv6:
                  2a13:f140::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:1d:f1:b0:d3:1d:65:95:13:eb:ef:97:6b:a7:a2:57:b5:70:
         d2:bf:8b:04:99:7d:79:cb:5e:c7:51:d0:98:f8:b1:12:b3:ab:
         27:1e:ea:4a:22:b1:83:40:31:5b:e6:5a:8f:1f:7e:9d:2e:2e:
         f5:fc:79:d5:59:cb:a7:ce:71:b7:77:07:61:3d:19:a8:38:2d:
         38:b9:a4:cc:6b:8e:3d:59:b0:5e:2c:07:3d:72:1a:de:63:9c:
         82:3b:f2:5c:69:5a:6a:2f:bf:85:0f:20:02:a6:88:71:08:2d:
         cb:52:4c:99:48:ee:a7:91:28:43:8c:43:66:78:71:c3:d6:2d:
         23:4b:b7:78:69:25:75:8e:56:08:ee:a9:ed:0c:91:56:78:70:
         35:c5:73:f8:61:c7:a4:8f:8e:fb:ed:d1:a4:0e:d4:8d:1e:44:
         f2:0a:e5:f1:2d:95:0d:c1:23:a4:9e:29:7e:09:d0:ff:80:19:
         62:2f:bc:21:d9:5c:f8:b1:1b:78:84:9e:10:ab:d6:77:c6:c1:
         f5:e6:1a:5e:e6:43:d6:80:2f:ec:4c:58:b6:7e:ac:7d:ae:11:
         40:e3:00:31:44:74:8f:ea:ec:79:af:c4:61:80:6a:e4:a4:c4:
         4f:73:c1:56:33:b6:7b:c6:03:0b:c7:13:de:03:03:f1:a6:94:
         f5:1b:3e:69
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZFazX+1GYQxYVCtrMmTEJGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNTNhY2NiOTRlMTBjZjhjMmMyOTY3OTA2N2VlMzkwOTlm
NDA0ZDMwHhcNMjQwODE2MTA0ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzFmM2I3ZTRkMjk2NGRmOWM4MGIyOTZmZjFhMDVlNTc3OTkyYjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6h6PEr7B73SGbHS/RmfkLSuSmgFS
6j7+AJYdRU8sJlzAIQXpSzi3qS4NaX7rSTuv0Bt/VHEeVw604zGaG4+8Zq2JffFh
M+v7KBh+88TDq/P3WdIEQ+bw8iLB5gxrKRPgISKzkGSasdbuzcqWW9rbqdboD7yp
KS694HSy9eVqyc2Gs0NFNQ4DbQnREcKo5FUNGRppfKgcGikU4O05p6i72cWd2iVu
85N+/LY+Y5fqcOlPqZSmgL2oTkcPzpHwSPeH3UpdVwdaNRuaeIiDjk8EsAWK82Ch
7kMKBVaPK4LcBBJPCkNp3Mi/+N0ZNJ65TpFGZTBexvVnSLgHuVdh2+mj+wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMwfO35NKWTfnICylv8aBeV3mStyMB8GA1UdIwQY
MBaAFINTrMuU4Qz4wsKWeQZ+45CZ9ATTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzFPc3k1VGhEUGpDd3BaNUJuN2prSm4wQk5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy85OTM3NzItNWZiYS00MGJmLWI3MjEt
NmMzOTUwMTk0MzcwLzEvekI4N2ZrMHBaTi1jZ0xLV194b0Y1WGVaSzNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy85OTM3NzItNWZiYS00MGJmLWI3MjEtNmMzOTUwMTk0Mzcw
LzEvZzFPc3k1VGhEUGpDd3BaNUJuN2prSm4wQk5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGXX4AAwQC
wbLIMA0EAgACMAcDBQMqE/FAMA0GCSqGSIb3DQEBCwUAA4IBAQCIHfGw0x1llRPr
75drp6JXtXDSv4sEmX15y17HUdCY+LESs6snHupKIrGDQDFb5lqPH36dLi71/HnV
WcunznG3dwdhPRmoOC04uaTMa449WbBeLAc9chreY5yCO/JcaVpqL7+FDyACpohx
CC3LUkyZSO6nkShDjENmeHHD1i0jS7d4aSV1jlYI7qntDJFWeHA1xXP4Ycekj477
7dGkDtSNHkTyCuXxLZUNwSOknil+CdD/gBliL7wh2Vz4sRt4hJ4Qq9Z3xsH15hpe
5kPWgC/sTFi2fqx9rhFA4wAxRHSP6ux5r8RhgGrkpMRPc8FWM7Z7xgMLxxPeAwPx
ppT1Gz5p
-----END CERTIFICATE-----