Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/9db87f-a31a-4b4d-8624-280f5a4b5e03/1/zxl138YEv4f2kWDKwH83Gt8Vw3A.roa
File:                     zxl138YEv4f2kWDKwH83Gt8Vw3A.roa (raw, json)
Hash identifier:          gvL75f7HBL3LSeT6M3rYso4thc8biAi+dOBrYsSZpko=
Subject key identifier:   CF:19:75:DF:C6:04:BF:87:F6:91:60:CA:C0:7F:37:1A:DF:15:C3:70
Certificate issuer:       /CN=6cbc8402f092343b9c03d386069728f8983e6008
Certificate serial:       018CC2DB4FF7C07C56E48D38334E2752EF8B
Authority key identifier: 6C:BC:84:02:F0:92:34:3B:9C:03:D3:86:06:97:28:F8:98:3E:60:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bLyEAvCSNDucA9OGBpco-Jg-YAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/9db87f-a31a-4b4d-8624-280f5a4b5e03/1/zxl138YEv4f2kWDKwH83Gt8Vw3A.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        176.116.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/9db87f-a31a-4b4d-8624-280f5a4b5e03/1/bLyEAvCSNDucA9OGBpco-Jg-YAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/9db87f-a31a-4b4d-8624-280f5a4b5e03/1/bLyEAvCSNDucA9OGBpco-Jg-YAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bLyEAvCSNDucA9OGBpco-Jg-YAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4f:f7:c0:7c:56:e4:8d:38:33:4e:27:52:ef:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cbc8402f092343b9c03d386069728f8983e6008
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf1975dfc604bf87f69160cac07f371adf15c370
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:46:10:1f:cc:19:06:91:09:37:3c:82:b3:20:
                    3f:68:df:ff:fb:68:bb:be:3b:2b:f8:f9:75:c6:74:
                    30:e4:e1:f9:8b:e8:c4:81:e6:79:62:a5:41:f7:b6:
                    16:1f:53:14:2a:92:c2:7a:10:80:9f:37:c9:30:07:
                    e6:80:12:18:4e:9c:99:69:62:76:88:83:d4:f3:5e:
                    3b:5b:2f:9e:1c:90:65:63:14:b0:13:39:95:74:7a:
                    b6:34:e0:03:45:4c:18:19:b8:04:8b:7a:eb:f3:3d:
                    4f:c6:75:8e:67:32:55:bc:eb:d3:56:6b:d1:cf:11:
                    74:82:f0:a2:d3:ba:00:df:d9:5e:b5:19:a5:4c:3f:
                    3e:6a:52:7c:9b:12:82:be:1e:89:f0:91:8a:86:34:
                    c6:6d:c8:37:75:57:73:7c:a3:7e:30:86:c4:86:4d:
                    e9:6a:11:40:14:85:ac:b8:ec:c8:46:59:14:14:7b:
                    ba:8c:0d:0d:b5:3f:de:b2:b4:09:8d:a2:fd:85:79:
                    53:7d:7c:3c:31:0a:44:b3:45:71:03:6c:2f:8c:d6:
                    ac:45:de:60:73:0b:78:1b:d7:69:c4:79:5e:f2:1f:
                    bd:9c:17:b4:d5:22:ce:5b:db:0b:b6:82:ed:a6:d6:
                    75:65:62:b8:49:28:13:e4:cd:8a:70:9e:7b:f1:0d:
                    a4:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:19:75:DF:C6:04:BF:87:F6:91:60:CA:C0:7F:37:1A:DF:15:C3:70
            X509v3 Authority Key Identifier:
                keyid:6C:BC:84:02:F0:92:34:3B:9C:03:D3:86:06:97:28:F8:98:3E:60:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bLyEAvCSNDucA9OGBpco-Jg-YAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/9db87f-a31a-4b4d-8624-280f5a4b5e03/1/zxl138YEv4f2kWDKwH83Gt8Vw3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/9db87f-a31a-4b4d-8624-280f5a4b5e03/1/bLyEAvCSNDucA9OGBpco-Jg-YAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:b7:26:7c:21:52:d0:75:b3:80:55:19:16:54:63:ff:91:6f:
         d5:b9:6e:8c:09:4b:70:e3:af:ad:1c:89:2a:77:8f:86:01:67:
         c1:2e:6e:28:24:05:87:a6:5c:af:75:a9:3f:c2:5f:89:94:f6:
         5b:46:38:68:15:91:61:c0:3b:e1:36:1d:0e:e2:78:14:8a:30:
         10:a2:c6:de:47:eb:11:b3:f7:76:d8:94:f5:d6:f9:13:a2:82:
         f0:29:62:df:85:c1:27:e7:62:dd:a0:ef:93:0e:ef:88:79:4c:
         a7:bc:a8:5b:af:e7:6a:e0:e7:15:ba:2f:9b:4a:b0:7d:ee:19:
         1e:c8:e4:dd:58:53:95:88:95:c7:9c:2f:e8:fb:fe:c5:90:85:
         eb:f8:f0:26:fc:a8:e2:56:7a:3d:cd:bd:a8:93:2b:b9:51:70:
         60:bd:3f:32:07:bf:f3:df:35:27:5d:b2:8d:a3:8a:00:83:51:
         fb:14:26:35:77:36:89:68:d6:c6:f8:8c:47:b2:aa:b3:ae:ad:
         b0:0e:24:94:b9:13:ce:21:f3:6a:f7:70:65:13:b9:2a:18:3e:
         17:6c:d7:b8:c9:e4:f7:d0:4e:ee:0c:29:14:e7:61:cc:22:71:
         92:b7:e7:88:e0:0e:d4:92:3e:78:78:b5:a2:bd:e7:95:f4:1a:
         60:35:5e:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC20/3wHxW5I04M04nUu+LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYmM4NDAyZjA5MjM0M2I5YzAzZDM4NjA2OTcyOGY4OTgz
ZTYwMDgwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjE5NzVkZmM2MDRiZjg3ZjY5MTYwY2FjMDdmMzcxYWRmMTVjMzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0YQH8wZBpEJNzyCsyA/aN//+2i7
vjsr+Pl1xnQw5OH5i+jEgeZ5YqVB97YWH1MUKpLCehCAnzfJMAfmgBIYTpyZaWJ2
iIPU8147Wy+eHJBlYxSwEzmVdHq2NOADRUwYGbgEi3rr8z1PxnWOZzJVvOvTVmvR
zxF0gvCi07oA39letRmlTD8+alJ8mxKCvh6J8JGKhjTGbcg3dVdzfKN+MIbEhk3p
ahFAFIWsuOzIRlkUFHu6jA0NtT/esrQJjaL9hXlTfXw8MQpEs0VxA2wvjNasRd5g
cwt4G9dpxHle8h+9nBe01SLOW9sLtoLtptZ1ZWK4SSgT5M2KcJ578Q2kqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8Zdd/GBL+H9pFgysB/NxrfFcNwMB8GA1UdIwQY
MBaAFGy8hALwkjQ7nAPThgaXKPiYPmAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkx5RUF2Q1NORHVjQTlPR0JwY28tSmctWUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC85ZGI4N2YtYTMxYS00YjRkLTg2MjQt
MjgwZjVhNGI1ZTAzLzEvenhsMTM4WUV2NGYya1dES3dIODNHdDhWdzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC85ZGI4N2YtYTMxYS00YjRkLTg2MjQtMjgwZjVhNGI1ZTAz
LzEvYkx5RUF2Q1NORHVjQTlPR0JwY28tSmctWUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHQOMA0G
CSqGSIb3DQEBCwUAA4IBAQBGtyZ8IVLQdbOAVRkWVGP/kW/VuW6MCUtw46+tHIkq
d4+GAWfBLm4oJAWHplyvdak/wl+JlPZbRjhoFZFhwDvhNh0O4ngUijAQosbeR+sR
s/d22JT11vkTooLwKWLfhcEn52LdoO+TDu+IeUynvKhbr+dq4OcVui+bSrB97hke
yOTdWFOViJXHnC/o+/7FkIXr+PAm/KjiVno9zb2okyu5UXBgvT8yB7/z3zUnXbKN
o4oAg1H7FCY1dzaJaNbG+IxHsqqzrq2wDiSUuRPOIfNq93BlE7kqGD4XbNe4yeT3
0E7uDCkU52HMInGSt+eI4A7Ukj54eLWiveeV9BpgNV4o
-----END CERTIFICATE-----