Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/61158a-7246-4b47-b496-c40c0dbe1de0/1/z7h9zIUE9D85pPMFMB4ry51Qozc.roa
File:                     z7h9zIUE9D85pPMFMB4ry51Qozc.roa (raw, json)
Hash identifier:          xUhgZJB+0H6cp0b1B8cSTYTw5mUNMQZj2X1kUk8nIk0=
Subject key identifier:   CF:B8:7D:CC:85:04:F4:3F:39:A4:F3:05:30:1E:2B:CB:9D:50:A3:37
Certificate issuer:       /CN=bcec8c732aa43ef0b39bd34d140fdd3a73aedb79
Certificate serial:       018CC86EF63D42FD0E1B16F8568EB8EF207C
Authority key identifier: BC:EC:8C:73:2A:A4:3E:F0:B3:9B:D3:4D:14:0F:DD:3A:73:AE:DB:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vOyMcyqkPvCzm9NNFA_dOnOu23k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/61158a-7246-4b47-b496-c40c0dbe1de0/1/z7h9zIUE9D85pPMFMB4ry51Qozc.roa
Signing time:             Tue 02 Jan 2024 04:29:24 +0000
ROA not before:           Tue 02 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.57.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/61158a-7246-4b47-b496-c40c0dbe1de0/1/vOyMcyqkPvCzm9NNFA_dOnOu23k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/61158a-7246-4b47-b496-c40c0dbe1de0/1/vOyMcyqkPvCzm9NNFA_dOnOu23k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vOyMcyqkPvCzm9NNFA_dOnOu23k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f6:3d:42:fd:0e:1b:16:f8:56:8e:b8:ef:20:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcec8c732aa43ef0b39bd34d140fdd3a73aedb79
        Validity
            Not Before: Jan  2 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfb87dcc8504f43f39a4f305301e2bcb9d50a337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:9b:29:4b:ea:2d:85:45:d4:fb:05:f0:41:a0:
                    24:3b:06:60:b6:67:22:45:c1:c1:56:ed:71:33:db:
                    f3:c9:f9:a3:ce:24:c8:4e:71:dc:23:9f:dd:77:4c:
                    5d:c1:f4:8a:b8:21:b4:45:b0:fc:dc:69:b4:72:ec:
                    2b:18:cd:fa:77:e1:28:e3:99:5e:72:91:bc:aa:d7:
                    60:3d:bd:34:47:42:8c:08:a1:35:82:1b:35:98:e4:
                    e9:31:cb:ba:0d:bb:a7:d8:54:44:0f:d6:91:18:9e:
                    0a:ef:9c:87:98:7a:da:37:64:c4:f7:84:1d:89:d9:
                    e1:8b:c9:0b:e3:0d:0a:1a:4c:41:4c:dc:29:d8:ca:
                    1d:1a:61:35:f3:24:c7:75:5b:09:be:02:33:6d:73:
                    e8:3a:a1:15:88:48:1c:e2:24:c1:dc:54:74:cd:9e:
                    c6:bd:ac:ec:cd:ab:23:a0:ba:77:aa:b0:25:03:dc:
                    bc:53:90:97:f8:37:70:56:5d:70:2b:94:2a:0e:04:
                    f8:d7:d5:01:bf:70:2a:b2:31:22:5a:9a:c3:9d:b2:
                    16:4c:35:3f:d2:c1:a0:90:02:89:da:70:3d:d3:be:
                    be:ae:28:94:d1:72:4a:ae:89:22:db:69:c9:cc:c9:
                    03:7a:75:99:e4:fe:36:a8:67:c8:a7:0d:ed:63:3e:
                    51:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:B8:7D:CC:85:04:F4:3F:39:A4:F3:05:30:1E:2B:CB:9D:50:A3:37
            X509v3 Authority Key Identifier:
                keyid:BC:EC:8C:73:2A:A4:3E:F0:B3:9B:D3:4D:14:0F:DD:3A:73:AE:DB:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vOyMcyqkPvCzm9NNFA_dOnOu23k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/61158a-7246-4b47-b496-c40c0dbe1de0/1/z7h9zIUE9D85pPMFMB4ry51Qozc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/61158a-7246-4b47-b496-c40c0dbe1de0/1/vOyMcyqkPvCzm9NNFA_dOnOu23k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.57.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         42:2a:78:a5:ea:37:0e:86:2f:37:ac:f9:9e:7b:46:dc:a0:16:
         56:85:87:0f:85:01:27:aa:ba:6c:6a:dc:21:20:81:68:ac:78:
         6e:03:4c:e2:b8:a1:7d:22:3b:17:23:ba:90:1f:b0:86:d2:9c:
         1f:fc:a1:ab:d0:0f:ce:98:fb:39:29:32:6a:7e:76:3c:d8:ee:
         f6:6f:f8:e9:91:d6:67:46:26:69:1a:5a:dc:9d:4a:4a:4d:81:
         0e:f7:b0:65:15:97:7f:d5:3e:fd:35:e6:9e:7d:76:c9:42:9e:
         af:10:b6:c0:63:1e:6c:ba:87:69:11:f8:91:e3:12:e9:4a:7a:
         ff:13:1c:c0:3e:77:f7:68:c4:a7:c6:cc:bb:bb:f9:d4:ea:d2:
         1e:8a:7c:67:27:91:c8:49:bd:c2:8e:cc:ea:5b:51:37:99:2c:
         d9:22:9f:38:91:27:82:e3:0e:4c:df:71:53:7d:be:dd:f9:35:
         74:37:5a:20:a1:fa:10:5f:35:9c:29:44:1f:de:88:84:77:2c:
         97:26:69:5b:a1:86:7f:d2:af:a5:62:fb:6c:c3:6f:2b:cb:8d:
         22:10:5b:cb:0a:06:ef:0e:c2:52:cc:ba:81:d4:9a:be:47:08:
         24:af:97:db:19:11:80:61:ec:5b:18:4a:04:3e:81:a6:b5:66:
         34:1d:46:ae
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIbvY9Qv0OGxb4Vo647yB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZWM4YzczMmFhNDNlZjBiMzliZDM0ZDE0MGZkZDNhNzNh
ZWRiNzkwHhcNMjQwMTAyMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmI4N2RjYzg1MDRmNDNmMzlhNGYzMDUzMDFlMmJjYjlkNTBhMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZspS+othUXU+wXwQaAkOwZgtmci
RcHBVu1xM9vzyfmjziTITnHcI5/dd0xdwfSKuCG0RbD83Gm0cuwrGM36d+Eo45le
cpG8qtdgPb00R0KMCKE1ghs1mOTpMcu6Dbun2FRED9aRGJ4K75yHmHraN2TE94Qd
idnhi8kL4w0KGkxBTNwp2ModGmE18yTHdVsJvgIzbXPoOqEViEgc4iTB3FR0zZ7G
vazszasjoLp3qrAlA9y8U5CX+DdwVl1wK5QqDgT419UBv3AqsjEiWprDnbIWTDU/
0sGgkAKJ2nA9076+riiU0XJKroki22nJzMkDenWZ5P42qGfIpw3tYz5RjwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFM+4fcyFBPQ/OaTzBTAeK8udUKM3MB8GA1UdIwQY
MBaAFLzsjHMqpD7ws5vTTRQP3Tpzrtt5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk95TWN5cWtQdkN6bTlOTkZBX2RPbk91MjNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC82MTE1OGEtNzI0Ni00YjQ3LWI0OTYt
YzQwYzBkYmUxZGUwLzEvejdoOXpJVUU5RDg1cFBNRk1CNHJ5NTFRb3pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC82MTE1OGEtNzI0Ni00YjQ3LWI0OTYtYzQwYzBkYmUxZGUw
LzEvdk95TWN5cWtQdkN6bTlOTkZBX2RPbk91MjNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjTkwDQYJ
KoZIhvcNAQELBQADggEBAEIqeKXqNw6GLzes+Z57RtygFlaFhw+FASequmxq3CEg
gWiseG4DTOK4oX0iOxcjupAfsIbSnB/8oavQD86Y+zkpMmp+djzY7vZv+OmR1mdG
JmkaWtydSkpNgQ73sGUVl3/VPv015p59dslCnq8QtsBjHmy6h2kR+JHjEulKev8T
HMA+d/doxKfGzLu7+dTq0h6KfGcnkchJvcKOzOpbUTeZLNkinziRJ4LjDkzfcVN9
vt35NXQ3WiCh+hBfNZwpRB/eiIR3LJcmaVuhhn/Sr6Vi+2zDbyvLjSIQW8sKBu8O
wlLMuoHUmr5HCCSvl9sZEYBh7FsYSgQ+gaa1ZjQdRq4=
-----END CERTIFICATE-----