Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/CZHhAV2krkEDqW4m67HRTIvcas4.roa
File:                     CZHhAV2krkEDqW4m67HRTIvcas4.roa (raw, json)
Hash identifier:          G7C2GZ1/XSXeEq1uCuRxtCsq4rzVqO7dHsni3cl+9jo=
Subject key identifier:   09:91:E1:01:5D:A4:AE:41:03:A9:6E:26:EB:B1:D1:4C:8B:DC:6A:CE
Certificate issuer:       /CN=42f8ab2ba24879e45c445486fceb21af46656d5a
Certificate serial:       018F31502A40DAFFAF57132420055A262960
Authority key identifier: 42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/CZHhAV2krkEDqW4m67HRTIvcas4.roa
Signing time:             Tue 30 Apr 2024 23:21:28 +0000
ROA not before:           Tue 30 Apr 2024 23:21:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62390
IP address blocks:        217.147.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:31:50:2a:40:da:ff:af:57:13:24:20:05:5a:26:29:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42f8ab2ba24879e45c445486fceb21af46656d5a
        Validity
            Not Before: Apr 30 23:21:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0991e1015da4ae4103a96e26ebb1d14c8bdc6ace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ea:04:df:3d:f4:36:46:d5:6a:06:41:0f:2b:
                    9f:b6:a7:d2:58:40:b9:90:58:b6:b1:24:f5:d2:b7:
                    27:d2:aa:44:ed:6f:7d:b6:ea:c9:83:fe:31:be:78:
                    be:d4:78:78:e5:c0:cf:c9:83:65:db:05:b5:69:33:
                    f4:ad:2c:c4:25:81:85:72:80:b6:77:77:c8:02:98:
                    b8:33:bc:d6:1a:4e:c5:33:6d:11:37:3e:e3:b4:40:
                    58:4d:41:29:42:f8:a5:ae:05:35:7d:ed:5f:f1:5e:
                    1c:64:e3:03:19:62:42:94:41:63:9d:f7:00:29:b5:
                    cb:24:57:2e:f4:03:00:94:e6:be:b1:79:7c:5f:7d:
                    e7:40:41:9c:a1:61:a0:c6:39:9a:44:1b:1e:4f:23:
                    c9:26:95:64:83:37:13:44:f0:96:dc:57:54:87:c0:
                    df:c3:d4:ff:28:e3:1d:df:5a:55:d3:87:d3:76:89:
                    25:9d:da:59:78:19:a9:8e:71:9a:b7:e0:8f:cc:ff:
                    59:e4:d7:65:48:f3:2e:e0:c7:e2:5c:bc:a0:04:60:
                    5a:6a:90:7f:29:14:fd:2c:c5:d6:b7:40:81:04:5d:
                    85:20:d2:2a:18:01:71:8b:63:d2:66:9a:68:e1:3d:
                    46:fe:10:4f:ea:18:0b:52:6d:7c:da:db:6e:d8:30:
                    7b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:91:E1:01:5D:A4:AE:41:03:A9:6E:26:EB:B1:D1:4C:8B:DC:6A:CE
            X509v3 Authority Key Identifier:
                keyid:42:F8:AB:2B:A2:48:79:E4:5C:44:54:86:FC:EB:21:AF:46:65:6D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QvirK6JIeeRcRFSG_Oshr0ZlbVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/CZHhAV2krkEDqW4m67HRTIvcas4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c17c5d-7543-440f-878f-1769fef6be96/1/QvirK6JIeeRcRFSG_Oshr0ZlbVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:37:20:a0:e5:a1:96:5f:6a:c8:d1:0b:d4:bf:18:30:94:bf:
         fc:45:ca:c3:5f:20:7f:ce:8b:6c:7e:40:c3:16:89:28:75:38:
         62:e7:27:b6:ac:1b:b0:ed:10:a5:84:0f:ce:00:14:a9:95:84:
         4c:29:47:12:63:d7:f3:8d:81:86:76:fc:97:40:b6:cb:39:34:
         35:b8:6b:cc:56:6f:69:ab:0f:1a:34:0b:ab:80:62:c1:26:09:
         0d:b6:bb:a6:4b:8f:19:02:0d:15:a0:cd:87:c3:cb:48:04:25:
         d1:b9:87:a7:0d:ab:e8:e2:e7:52:b3:43:45:e5:13:6d:58:e2:
         bd:25:32:f5:eb:7e:e0:ca:fd:8b:50:80:25:f4:63:8e:5e:a8:
         91:d2:95:92:f1:39:48:64:94:5a:e3:fd:8b:11:55:e7:c9:35:
         68:0e:bd:c5:bb:07:4e:db:aa:eb:85:ee:e2:6c:6b:17:a4:b9:
         26:1b:33:da:fa:b3:eb:ee:12:af:65:b4:9d:81:cf:7e:cf:c2:
         74:4c:1f:3c:03:71:90:ad:d6:47:7c:01:80:ed:3f:d2:c5:74:
         2c:fe:7f:31:77:34:47:96:c4:69:44:5e:fa:11:25:56:73:7b:
         98:01:2d:ca:aa:70:c2:93:37:21:87:d6:81:72:c3:07:c0:7e:
         f5:d2:0b:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8xUCpA2v+vVxMkIAVaJilgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZjhhYjJiYTI0ODc5ZTQ1YzQ0NTQ4NmZjZWIyMWFmNDY2
NTZkNWEwHhcNMjQwNDMwMjMyMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTkxZTEwMTVkYTRhZTQxMDNhOTZlMjZlYmIxZDE0YzhiZGM2YWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3uoE3z30NkbVagZBDyuftqfSWEC5
kFi2sST10rcn0qpE7W99turJg/4xvni+1Hh45cDPyYNl2wW1aTP0rSzEJYGFcoC2
d3fIApi4M7zWGk7FM20RNz7jtEBYTUEpQvilrgU1fe1f8V4cZOMDGWJClEFjnfcA
KbXLJFcu9AMAlOa+sXl8X33nQEGcoWGgxjmaRBseTyPJJpVkgzcTRPCW3FdUh8Df
w9T/KOMd31pV04fTdoklndpZeBmpjnGat+CPzP9Z5NdlSPMu4MfiXLygBGBaapB/
KRT9LMXWt0CBBF2FINIqGAFxi2PSZppo4T1G/hBP6hgLUm182ttu2DB7ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmR4QFdpK5BA6luJuux0UyL3GrOMB8GA1UdIwQY
MBaAFEL4qyuiSHnkXERUhvzrIa9GZW1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYt
MTc2OWZlZjZiZTk2LzEvQ1pIaEFWMmtya0VEcVc0bTY3SFJUSXZjYXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jMTdjNWQtNzU0My00NDBmLTg3OGYtMTc2OWZlZjZiZTk2
LzEvUXZpcks2SkllZVJjUkZTR19Pc2hyMFpsYlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2ZOnMA0G
CSqGSIb3DQEBCwUAA4IBAQCYNyCg5aGWX2rI0QvUvxgwlL/8RcrDXyB/zotsfkDD
FokodThi5ye2rBuw7RClhA/OABSplYRMKUcSY9fzjYGGdvyXQLbLOTQ1uGvMVm9p
qw8aNAurgGLBJgkNtrumS48ZAg0VoM2Hw8tIBCXRuYenDavo4udSs0NF5RNtWOK9
JTL1637gyv2LUIAl9GOOXqiR0pWS8TlIZJRa4/2LEVXnyTVoDr3FuwdO26rrhe7i
bGsXpLkmGzPa+rPr7hKvZbSdgc9+z8J0TB88A3GQrdZHfAGA7T/SxXQs/n8xdzRH
lsRpRF76ESVWc3uYAS3KqnDCkzchh9aBcsMHwH710gty
-----END CERTIFICATE-----