Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/Z2b3jibAp-lgkBM-jMqaH7fNwlM.roa
File:                     Z2b3jibAp-lgkBM-jMqaH7fNwlM.roa (raw, json)
Hash identifier:          VBCKmRZASlHGcvHG3tE9JyzTrpKFa8hDoQ4Ltnwlhno=
Subject key identifier:   67:66:F7:8E:26:C0:A7:E9:60:90:13:3E:8C:CA:9A:1F:B7:CD:C2:53
Certificate issuer:       /CN=7ec65a1dcf8225e7f10be20ddde1e216e800b67c
Certificate serial:       018CC4244A78B3B5085F34E6A756E523AE10
Authority key identifier: 7E:C6:5A:1D:CF:82:25:E7:F1:0B:E2:0D:DD:E1:E2:16:E8:00:B6:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fsZaHc-CJefxC-IN3eHiFugAtnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/Z2b3jibAp-lgkBM-jMqaH7fNwlM.roa
Signing time:             Mon 01 Jan 2024 08:29:21 +0000
ROA not before:           Mon 01 Jan 2024 08:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        86.108.235.0/24 maxlen: 24
                          86.108.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/fsZaHc-CJefxC-IN3eHiFugAtnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/fsZaHc-CJefxC-IN3eHiFugAtnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fsZaHc-CJefxC-IN3eHiFugAtnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4a:78:b3:b5:08:5f:34:e6:a7:56:e5:23:ae:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ec65a1dcf8225e7f10be20ddde1e216e800b67c
        Validity
            Not Before: Jan  1 08:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6766f78e26c0a7e96090133e8cca9a1fb7cdc253
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:9a:0e:11:7f:75:da:4b:f5:19:a8:5e:39:23:
                    d6:03:2b:ee:ee:84:19:b2:91:09:2a:27:64:45:6b:
                    43:2c:d1:6a:c5:f3:12:aa:5e:ac:3f:c7:15:69:3c:
                    07:4c:f8:5c:0d:fd:94:ce:36:8b:63:fb:ba:3c:00:
                    33:24:d1:5f:5b:aa:3e:d8:c0:f4:0c:2e:fa:a0:a1:
                    e3:2e:f2:74:ba:4c:ef:1b:b8:63:86:7e:23:a3:64:
                    0a:ad:0d:7d:ca:a8:26:19:50:28:36:4e:53:e6:21:
                    48:d1:c0:ed:8b:f6:29:62:c9:69:64:06:f9:5f:c8:
                    a3:37:a8:92:f6:87:62:c8:46:31:8d:30:7b:94:2b:
                    c7:40:bd:ea:89:64:3e:c6:f3:02:86:38:6c:57:6b:
                    79:eb:60:3a:ee:60:66:c8:08:6f:8a:a5:e5:ec:38:
                    0b:76:b9:37:27:e6:59:89:c3:69:93:82:3e:5f:29:
                    8f:b3:c8:1b:45:da:a2:6c:05:e9:c3:31:40:e6:c6:
                    24:ad:01:e3:9c:5d:41:82:d0:db:36:9e:71:09:29:
                    07:46:6e:69:ad:47:8c:83:34:72:c5:41:bb:bd:b7:
                    2c:d1:a3:fd:8a:3d:e1:69:a2:87:17:a0:3b:c2:65:
                    48:36:ef:9d:5e:11:ef:20:6b:88:f5:38:0d:53:39:
                    5a:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:66:F7:8E:26:C0:A7:E9:60:90:13:3E:8C:CA:9A:1F:B7:CD:C2:53
            X509v3 Authority Key Identifier:
                keyid:7E:C6:5A:1D:CF:82:25:E7:F1:0B:E2:0D:DD:E1:E2:16:E8:00:B6:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fsZaHc-CJefxC-IN3eHiFugAtnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/Z2b3jibAp-lgkBM-jMqaH7fNwlM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/8e7785-9451-46fb-b244-7d9b8230537e/1/fsZaHc-CJefxC-IN3eHiFugAtnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.108.204.0/24
                  86.108.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:73:e2:53:4b:f4:cd:63:66:e2:71:b0:69:b8:87:94:a9:19:
         86:28:c0:ad:a8:1d:88:12:25:2f:96:2f:b4:c4:52:cc:c7:7f:
         ec:b0:98:e0:37:a8:08:0c:c0:a9:8c:48:b2:6c:30:74:4c:45:
         6b:a1:0a:4e:17:1c:fd:29:59:d0:2c:ed:04:a4:c9:62:a0:3f:
         6e:67:79:8e:d8:8e:71:b6:4d:57:4a:a0:50:e7:57:71:54:70:
         4c:d6:cd:fc:49:90:b4:0a:a5:14:dd:4a:11:2b:e5:bf:d1:7e:
         10:9d:12:75:28:42:be:5e:0c:6f:e8:39:63:c2:98:c1:5e:92:
         d4:5c:21:2d:1f:75:fa:a8:b9:af:c8:b7:48:17:2d:6a:58:57:
         80:68:50:68:ea:fb:26:df:b1:1c:d3:cb:bb:e3:93:50:13:e8:
         81:a0:95:2b:92:a8:fb:4d:c0:74:47:ed:b1:9a:20:80:e3:bb:
         a1:35:44:64:2e:cc:1d:01:f4:4e:1a:99:79:f3:99:02:95:f4:
         29:23:72:e6:23:6f:86:0b:be:25:1e:30:4f:10:80:6b:fe:05:
         17:47:b5:74:f9:7a:81:63:44:0b:34:f5:73:ff:c5:6a:82:5f:
         3f:cf:78:89:7b:94:31:36:49:4d:48:71:46:78:25:48:ed:0d:
         ba:1f:3c:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJEp4s7UIXzTmp1blI64QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlYzY1YTFkY2Y4MjI1ZTdmMTBiZTIwZGRkZTFlMjE2ZTgw
MGI2N2MwHhcNMjQwMTAxMDgyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzY2Zjc4ZTI2YzBhN2U5NjA5MDEzM2U4Y2NhOWExZmI3Y2RjMjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpoOEX912kv1GaheOSPWAyvu7oQZ
spEJKidkRWtDLNFqxfMSql6sP8cVaTwHTPhcDf2UzjaLY/u6PAAzJNFfW6o+2MD0
DC76oKHjLvJ0ukzvG7hjhn4jo2QKrQ19yqgmGVAoNk5T5iFI0cDti/YpYslpZAb5
X8ijN6iS9odiyEYxjTB7lCvHQL3qiWQ+xvMChjhsV2t562A67mBmyAhviqXl7DgL
drk3J+ZZicNpk4I+XymPs8gbRdqibAXpwzFA5sYkrQHjnF1BgtDbNp5xCSkHRm5p
rUeMgzRyxUG7vbcs0aP9ij3haaKHF6A7wmVINu+dXhHvIGuI9TgNUzlazwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGdm944mwKfpYJATPozKmh+3zcJTMB8GA1UdIwQY
MBaAFH7GWh3PgiXn8QviDd3h4hboALZ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnNaYUhjLUNKZWZ4Qy1JTjNlSGlGdWdBdG53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi84ZTc3ODUtOTQ1MS00NmZiLWIyNDQt
N2Q5YjgyMzA1MzdlLzEvWjJiM2ppYkFwLWxna0JNLWpNcWFIN2ZOd2xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi84ZTc3ODUtOTQ1MS00NmZiLWIyNDQtN2Q5YjgyMzA1Mzdl
LzEvZnNaYUhjLUNKZWZ4Qy1JTjNlSGlGdWdBdG53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVmzMAwQA
VmzrMA0GCSqGSIb3DQEBCwUAA4IBAQCec+JTS/TNY2bicbBpuIeUqRmGKMCtqB2I
EiUvli+0xFLMx3/ssJjgN6gIDMCpjEiybDB0TEVroQpOFxz9KVnQLO0EpMlioD9u
Z3mO2I5xtk1XSqBQ51dxVHBM1s38SZC0CqUU3UoRK+W/0X4QnRJ1KEK+Xgxv6Dlj
wpjBXpLUXCEtH3X6qLmvyLdIFy1qWFeAaFBo6vsm37Ec08u745NQE+iBoJUrkqj7
TcB0R+2xmiCA47uhNURkLswdAfROGpl585kClfQpI3LmI2+GC74lHjBPEIBr/gUX
R7V0+XqBY0QLNPVz/8Vqgl8/z3iJe5QxNklNSHFGeCVI7Q26Hzw+
-----END CERTIFICATE-----