Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/zpCN_VYdDnth_fNmV-f-zcQHJR8.roa
File:                     zpCN_VYdDnth_fNmV-f-zcQHJR8.roa (raw, json)
Hash identifier:          arz5L5XYn5NjJ+O5q3JcU04AUdyak3FoxHkT9DQQ/tw=
Subject key identifier:   CE:90:8D:FD:56:1D:0E:7B:61:FD:F3:66:57:E7:FE:CD:C4:07:25:1F
Certificate issuer:       /CN=66feef09c450990af34779ce701be6cd54b3d924
Certificate serial:       01921F3D1196C1178349389FD55126975990
Authority key identifier: 66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/zpCN_VYdDnth_fNmV-f-zcQHJR8.roa
Signing time:             Mon 23 Sep 2024 14:15:48 +0000
ROA not before:           Mon 23 Sep 2024 14:15:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204066
IP address blocks:        83.168.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1f:3d:11:96:c1:17:83:49:38:9f:d5:51:26:97:59:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66feef09c450990af34779ce701be6cd54b3d924
        Validity
            Not Before: Sep 23 14:15:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce908dfd561d0e7b61fdf36657e7fecdc407251f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2d:5e:dc:fc:bc:90:92:4c:05:4f:6d:22:42:
                    83:44:0e:9d:31:48:6b:06:ce:8d:82:24:68:fe:40:
                    e5:fb:aa:ca:ee:aa:a1:b7:86:38:be:a0:64:9b:d3:
                    55:3b:8d:a1:9d:fd:9d:61:9f:20:cf:32:45:94:ee:
                    27:ea:29:88:0f:4e:8b:07:4d:71:b6:f8:ee:6a:ef:
                    f7:7d:90:6c:1c:1e:aa:0e:33:7f:04:8d:6a:38:0f:
                    70:02:db:bf:e3:b5:e7:90:b6:bb:8b:1b:f6:7c:f0:
                    d9:e0:3f:8f:9a:17:a2:27:02:6f:79:d7:5c:10:e2:
                    44:61:a0:d4:93:ae:8a:85:cc:36:b2:a5:61:ed:67:
                    23:44:d4:e2:91:e1:4c:3a:10:57:65:68:95:38:9e:
                    be:f5:69:b0:f8:50:84:87:05:14:c8:21:f2:6e:64:
                    97:0a:26:53:46:f2:79:d4:8e:3d:5e:8b:be:4d:e5:
                    42:b4:31:e1:9b:4e:43:f6:7f:e7:98:04:07:bf:ae:
                    d2:1f:c0:14:13:8f:33:ff:b2:e6:13:a6:48:81:03:
                    c2:f0:16:a7:1d:b6:10:be:cc:e5:15:dc:2b:72:b6:
                    6a:65:c0:b6:07:08:18:db:ed:6c:f3:74:41:99:52:
                    ed:9e:02:a3:bd:04:eb:9a:51:df:e6:b0:1c:97:b1:
                    5f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:90:8D:FD:56:1D:0E:7B:61:FD:F3:66:57:E7:FE:CD:C4:07:25:1F
            X509v3 Authority Key Identifier:
                keyid:66:FE:EF:09:C4:50:99:0A:F3:47:79:CE:70:1B:E6:CD:54:B3:D9:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/zpCN_VYdDnth_fNmV-f-zcQHJR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a1597b-6ef2-4430-aa56-82451f33f4ca/1/Zv7vCcRQmQrzR3nOcBvmzVSz2SQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.168.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:9c:5c:e5:45:6d:d8:8d:75:fc:4d:b9:f3:4d:0b:33:ea:f7:
         42:44:cb:6a:31:e1:1c:12:ff:d2:0b:0f:20:1c:37:20:bf:f2:
         44:b9:cb:a7:77:60:75:02:ac:64:a1:48:3c:7c:b4:fa:7e:d1:
         28:a2:45:6c:10:75:29:b7:a1:24:57:af:cd:0c:16:d8:f1:50:
         24:2d:db:fc:cc:be:c4:69:8e:af:9c:d4:98:b3:07:01:ea:c9:
         af:b7:da:04:74:ac:b0:ca:ab:3b:8b:f7:20:d2:73:c9:61:e3:
         90:0c:4f:51:e0:a7:4a:eb:5b:e4:ec:26:97:54:48:d4:f5:aa:
         25:be:39:72:ae:95:2d:53:64:e1:6b:30:59:b3:e1:ed:94:87:
         f8:24:de:02:0b:9e:b9:61:dd:41:04:9c:38:e7:a1:fd:52:68:
         ef:87:0b:d7:4b:96:db:7b:91:0c:f7:50:2d:6a:aa:df:f7:b2:
         24:65:38:7e:78:c1:1a:a1:45:7e:48:42:a9:8c:d7:a2:c5:bc:
         19:66:28:5f:6b:57:f2:b1:9d:a8:30:bf:eb:53:70:53:71:98:
         b3:f4:00:04:81:94:11:4e:45:1c:13:16:04:c0:e0:a4:ec:7f:
         90:af:47:3a:bc:3d:30:f7:45:34:e1:f5:7d:0a:a6:fc:dd:9d:
         e3:d7:4d:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIfPRGWwReDSTif1VEml1mQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZmVlZjA5YzQ1MDk5MGFmMzQ3NzljZTcwMWJlNmNkNTRi
M2Q5MjQwHhcNMjQwOTIzMTQxNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTkwOGRmZDU2MWQwZTdiNjFmZGYzNjY1N2U3ZmVjZGM0MDcyNTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyC1e3Py8kJJMBU9tIkKDRA6dMUhr
Bs6NgiRo/kDl+6rK7qqht4Y4vqBkm9NVO42hnf2dYZ8gzzJFlO4n6imID06LB01x
tvjuau/3fZBsHB6qDjN/BI1qOA9wAtu/47XnkLa7ixv2fPDZ4D+PmheiJwJveddc
EOJEYaDUk66Khcw2sqVh7WcjRNTikeFMOhBXZWiVOJ6+9Wmw+FCEhwUUyCHybmSX
CiZTRvJ51I49Xou+TeVCtDHhm05D9n/nmAQHv67SH8AUE48z/7LmE6ZIgQPC8Ban
HbYQvszlFdwrcrZqZcC2BwgY2+1s83RBmVLtngKjvQTrmlHf5rAcl7FfswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6Qjf1WHQ57Yf3zZlfn/s3EByUfMB8GA1UdIwQY
MBaAFGb+7wnEUJkK80d5znAb5s1Us9kkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYt
ODI0NTFmMzNmNGNhLzEvenBDTl9WWWREbnRoX2ZObVYtZi16Y1FISlI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hMTU5N2ItNmVmMi00NDMwLWFhNTYtODI0NTFmMzNmNGNh
LzEvWnY3dkNjUlFtUXJ6UjNuT2NCdm16VlN6MlNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU6hGMA0G
CSqGSIb3DQEBCwUAA4IBAQC3nFzlRW3YjXX8TbnzTQsz6vdCRMtqMeEcEv/SCw8g
HDcgv/JEucund2B1AqxkoUg8fLT6ftEookVsEHUpt6EkV6/NDBbY8VAkLdv8zL7E
aY6vnNSYswcB6smvt9oEdKywyqs7i/cg0nPJYeOQDE9R4KdK61vk7CaXVEjU9aol
vjlyrpUtU2ThazBZs+HtlIf4JN4CC565Yd1BBJw456H9UmjvhwvXS5bbe5EM91At
aqrf97IkZTh+eMEaoUV+SEKpjNeixbwZZihfa1fysZ2oML/rU3BTcZiz9AAEgZQR
TkUcExYEwOCk7H+Qr0c6vD0w90U04fV9Cqb83Z3j100i
-----END CERTIFICATE-----