Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/zMj8Rh12UcgvQOBX19U4056FXnY.roa
File:                     zMj8Rh12UcgvQOBX19U4056FXnY.roa (raw, json)
Hash identifier:          rLgXHQXZ+O4EHjnPYqf3dP3E/oJ2QkabjRtXamBW8Kg=
Subject key identifier:   CC:C8:FC:46:1D:76:51:C8:2F:40:E0:57:D7:D5:38:D3:9E:85:5E:76
Certificate issuer:       /CN=f030658f16d2d88d34164592fcd4de13131f1695
Certificate serial:       018DE722686E8D3A0B72EDE170BF61757AD1
Authority key identifier: F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/zMj8Rh12UcgvQOBX19U4056FXnY.roa
Signing time:             Mon 26 Feb 2024 20:36:48 +0000
ROA not before:           Mon 26 Feb 2024 20:36:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        217.196.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e7:22:68:6e:8d:3a:0b:72:ed:e1:70:bf:61:75:7a:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f030658f16d2d88d34164592fcd4de13131f1695
        Validity
            Not Before: Feb 26 20:36:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccc8fc461d7651c82f40e057d7d538d39e855e76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a8:96:f3:64:dc:3e:f7:7d:6a:a6:f5:eb:70:
                    20:38:3d:6a:4b:29:60:20:f0:0b:5f:5c:b0:f0:a4:
                    c5:d6:93:17:5b:e9:5f:e5:d5:71:2b:0a:3c:4e:f4:
                    d7:57:e0:1d:07:da:07:67:c6:7c:08:45:57:df:aa:
                    69:82:63:74:aa:b5:28:d1:95:c2:9b:45:42:76:83:
                    72:6a:63:04:d4:b1:5a:54:55:ad:4c:85:82:5a:d7:
                    2e:36:ee:1d:80:d3:5c:8f:72:8c:39:b3:f6:b6:ab:
                    78:7d:e7:de:ac:5b:c5:f8:74:ba:b5:29:24:5c:71:
                    d7:d9:18:e8:64:96:7c:97:c0:74:0e:1d:bf:2a:c6:
                    82:27:ac:a1:64:f9:41:c3:76:e1:bb:ca:6d:53:38:
                    e0:5a:79:19:3d:8a:8f:08:c9:23:6e:ea:1d:ad:7c:
                    96:8e:bc:69:2e:8e:ef:d5:fa:9f:bd:0f:be:b7:39:
                    b5:1e:3c:c7:f6:d9:59:0b:d0:1a:93:f3:ae:b3:59:
                    74:ac:88:ed:6c:a2:0c:30:e9:37:41:12:8b:1a:5e:
                    dc:42:51:74:b4:9f:77:c1:6b:6a:b7:0d:9f:c3:6d:
                    eb:20:9b:0e:89:ca:08:dd:0d:31:78:17:40:5e:3d:
                    27:b5:db:19:3f:4d:e4:dc:2b:eb:d1:b9:be:84:14:
                    19:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:C8:FC:46:1D:76:51:C8:2F:40:E0:57:D7:D5:38:D3:9E:85:5E:76
            X509v3 Authority Key Identifier:
                keyid:F0:30:65:8F:16:D2:D8:8D:34:16:45:92:FC:D4:DE:13:13:1F:16:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8DBljxbS2I00FkWS_NTeExMfFpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/zMj8Rh12UcgvQOBX19U4056FXnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/6693e3-89ca-44a1-a8b6-894805289cc0/1/8DBljxbS2I00FkWS_NTeExMfFpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.196.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:5f:8d:31:c6:76:cc:3f:a4:bd:87:3f:b8:cd:d4:fe:3f:75:
         47:31:6e:f2:96:6d:54:a0:7d:7b:43:59:0c:29:b0:cd:a5:d4:
         d5:65:3e:86:56:36:fc:c5:9b:83:9a:94:d9:06:a4:31:e5:17:
         9f:5a:4a:5a:e5:88:8f:8a:4a:d1:4c:64:93:53:ac:d0:ea:f0:
         e2:bc:24:15:7b:56:37:74:66:af:31:74:47:a3:83:d1:c6:d5:
         09:14:23:0a:44:5b:c6:a6:0a:8c:ae:c5:d5:7b:51:97:22:79:
         78:e9:91:03:1a:f2:0d:0f:37:c3:c1:b9:ee:95:a4:58:1e:67:
         0b:b0:ea:00:d9:45:91:89:4c:ea:50:5d:f9:48:d7:f6:39:f6:
         4d:94:75:b4:00:84:4b:9f:6e:88:a2:02:1b:f8:19:11:6d:49:
         15:f9:61:f9:37:e9:31:e4:91:28:33:7f:e5:3a:c8:cc:83:81:
         f4:2e:b3:86:59:87:c9:dc:67:c9:87:e6:17:9c:15:0f:76:19:
         87:e7:86:ac:39:e6:19:cc:76:44:d8:42:59:d0:7b:25:6f:af:
         2c:cc:49:6e:81:33:99:49:fd:af:8f:ad:0f:2a:1e:fd:67:5a:
         b7:22:18:7f:8e:26:d4:5d:44:1d:d0:b7:09:9d:93:f6:36:cc:
         a0:7f:0e:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3nImhujToLcu3hcL9hdXrRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMzA2NThmMTZkMmQ4OGQzNDE2NDU5MmZjZDRkZTEzMTMx
ZjE2OTUwHhcNMjQwMjI2MjAzNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2M4ZmM0NjFkNzY1MWM4MmY0MGUwNTdkN2Q1MzhkMzllODU1ZTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaiW82TcPvd9aqb163AgOD1qSylg
IPALX1yw8KTF1pMXW+lf5dVxKwo8TvTXV+AdB9oHZ8Z8CEVX36ppgmN0qrUo0ZXC
m0VCdoNyamME1LFaVFWtTIWCWtcuNu4dgNNcj3KMObP2tqt4feferFvF+HS6tSkk
XHHX2RjoZJZ8l8B0Dh2/KsaCJ6yhZPlBw3bhu8ptUzjgWnkZPYqPCMkjbuodrXyW
jrxpLo7v1fqfvQ++tzm1HjzH9tlZC9Aak/Ous1l0rIjtbKIMMOk3QRKLGl7cQlF0
tJ93wWtqtw2fw23rIJsOicoI3Q0xeBdAXj0ntdsZP03k3Cvr0bm+hBQZxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzI/EYddlHIL0DgV9fVONOehV52MB8GA1UdIwQY
MBaAFPAwZY8W0tiNNBZFkvzU3hMTHxaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYt
ODk0ODA1Mjg5Y2MwLzEvek1qOFJoMTJVY2d2UU9CWDE5VTQwNTZGWG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82NjkzZTMtODljYS00NGExLWE4YjYtODk0ODA1Mjg5Y2Mw
LzEvOERCbGp4YlMySTAwRmtXU19OVGVFeE1mRnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cRgMA0G
CSqGSIb3DQEBCwUAA4IBAQBuX40xxnbMP6S9hz+4zdT+P3VHMW7ylm1UoH17Q1kM
KbDNpdTVZT6GVjb8xZuDmpTZBqQx5RefWkpa5YiPikrRTGSTU6zQ6vDivCQVe1Y3
dGavMXRHo4PRxtUJFCMKRFvGpgqMrsXVe1GXInl46ZEDGvINDzfDwbnulaRYHmcL
sOoA2UWRiUzqUF35SNf2OfZNlHW0AIRLn26IogIb+BkRbUkV+WH5N+kx5JEoM3/l
OsjMg4H0LrOGWYfJ3GfJh+YXnBUPdhmH54asOeYZzHZE2EJZ0Hslb68szElugTOZ
Sf2vj60PKh79Z1q3Ihh/jibUXUQd0LcJnZP2Nsygfw6D
-----END CERTIFICATE-----