Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/ZEUV1rC9CSvha8ccznU0mz0_Q2I.roa
File:                     ZEUV1rC9CSvha8ccznU0mz0_Q2I.roa (raw, json)
Hash identifier:          Zq3DvypeHZZHTtyoHG7Jb3wb7ZSVfq3KSvN9nPr4JvM=
Subject key identifier:   64:45:15:D6:B0:BD:09:2B:E1:6B:C7:1C:CE:75:34:9B:3D:3F:43:62
Certificate issuer:       /CN=efad344eb5f7eb1dee4b8f8435fb5b9d87663e9d
Certificate serial:       018D9CC47025D8542559DDF1A300368BAE67
Authority key identifier: EF:AD:34:4E:B5:F7:EB:1D:EE:4B:8F:84:35:FB:5B:9D:87:66:3E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7600TrX36x3uS4-ENftbnYdmPp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/ZEUV1rC9CSvha8ccznU0mz0_Q2I.roa
Signing time:             Mon 12 Feb 2024 10:02:15 +0000
ROA not before:           Mon 12 Feb 2024 10:02:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210158
IP address blocks:        193.36.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/7600TrX36x3uS4-ENftbnYdmPp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/7600TrX36x3uS4-ENftbnYdmPp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7600TrX36x3uS4-ENftbnYdmPp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9c:c4:70:25:d8:54:25:59:dd:f1:a3:00:36:8b:ae:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efad344eb5f7eb1dee4b8f8435fb5b9d87663e9d
        Validity
            Not Before: Feb 12 10:02:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=644515d6b0bd092be16bc71cce75349b3d3f4362
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:26:62:bb:fd:9c:4e:77:09:4c:6c:2a:f3:a9:
                    c5:04:57:30:65:9c:dd:9b:e4:4a:22:64:78:e4:90:
                    0a:57:ae:5a:dc:4a:6c:65:5e:7f:b6:a1:47:e4:df:
                    82:91:61:89:f3:5c:9b:33:12:6a:bc:3b:42:92:03:
                    12:dd:a4:70:d7:16:36:19:c8:fe:8e:69:ec:d1:56:
                    95:24:47:3c:6c:2a:9f:8c:b6:79:21:27:50:75:49:
                    f6:5e:53:82:51:25:e9:25:d6:77:47:58:92:d4:7b:
                    16:48:47:d2:54:b5:94:55:70:be:89:03:b6:b9:72:
                    24:d7:1f:06:eb:f4:d8:1f:9d:5c:7e:f9:14:7d:ef:
                    0e:4a:b2:29:ef:a9:0a:d8:2b:b0:7f:6b:f8:48:d5:
                    a7:14:91:70:fd:0d:e5:29:9d:50:a0:64:fc:21:91:
                    1f:8a:56:17:d5:b4:15:af:97:be:ee:e8:29:8a:7d:
                    58:c8:3e:04:11:06:8a:57:69:fc:3e:63:95:17:28:
                    66:b1:fb:51:d2:b9:6e:13:6d:c0:44:21:86:9b:7e:
                    72:eb:c4:39:2d:73:3e:da:5b:56:3c:b6:55:fe:8d:
                    86:ba:04:90:28:a8:2d:0e:c2:61:ac:cc:a7:57:de:
                    4c:b7:8d:42:21:25:52:9d:1b:69:de:f7:68:ad:8a:
                    8e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:45:15:D6:B0:BD:09:2B:E1:6B:C7:1C:CE:75:34:9B:3D:3F:43:62
            X509v3 Authority Key Identifier:
                keyid:EF:AD:34:4E:B5:F7:EB:1D:EE:4B:8F:84:35:FB:5B:9D:87:66:3E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7600TrX36x3uS4-ENftbnYdmPp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/ZEUV1rC9CSvha8ccznU0mz0_Q2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/7600TrX36x3uS4-ENftbnYdmPp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:1e:87:37:2d:34:3b:1e:d4:02:b6:2d:6c:92:f0:fe:17:99:
         87:5f:c4:f8:c9:89:45:ca:8f:cd:66:12:a0:c5:80:12:42:5e:
         59:f0:fc:3c:9d:d6:66:68:60:b4:8b:00:b6:b2:02:a0:7e:2b:
         d5:d9:d4:cb:04:4d:30:41:f6:7c:7d:f5:2a:57:47:b6:a6:d2:
         0e:85:9e:1b:54:15:3f:68:af:3f:0a:0d:32:2c:8f:4f:6e:be:
         25:37:97:5f:63:91:03:e5:34:ce:2e:ab:26:fc:7d:a2:05:72:
         e9:dd:4c:96:b8:4e:e6:85:5f:11:9f:95:ba:16:45:fd:2c:c5:
         12:64:63:f7:03:66:d5:37:f1:7f:62:ae:54:68:43:fc:ce:52:
         ac:46:00:00:e2:c3:d0:7e:57:d8:19:a8:0a:de:c0:af:86:08:
         b8:85:2b:21:2a:db:77:c0:38:1b:41:e2:cc:9d:78:2e:f4:20:
         8e:4e:76:b2:ff:89:20:06:87:e9:db:55:15:4f:ad:cb:9c:82:
         de:21:06:76:c2:50:e0:7e:a2:da:23:7f:8c:77:fa:34:63:5b:
         42:a9:1f:45:21:9d:89:04:99:21:9d:9e:4a:03:88:d0:e3:76:
         68:d5:5c:16:3e:c5:b4:ee:28:ab:08:a0:4f:44:de:3d:a6:3b:
         19:4e:68:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2cxHAl2FQlWd3xowA2i65nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYWQzNDRlYjVmN2ViMWRlZTRiOGY4NDM1ZmI1YjlkODc2
NjNlOWQwHhcNMjQwMjEyMTAwMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDQ1MTVkNmIwYmQwOTJiZTE2YmM3MWNjZTc1MzQ5YjNkM2Y0MzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iZiu/2cTncJTGwq86nFBFcwZZzd
m+RKImR45JAKV65a3EpsZV5/tqFH5N+CkWGJ81ybMxJqvDtCkgMS3aRw1xY2Gcj+
jmns0VaVJEc8bCqfjLZ5ISdQdUn2XlOCUSXpJdZ3R1iS1HsWSEfSVLWUVXC+iQO2
uXIk1x8G6/TYH51cfvkUfe8OSrIp76kK2Cuwf2v4SNWnFJFw/Q3lKZ1QoGT8IZEf
ilYX1bQVr5e+7ugpin1YyD4EEQaKV2n8PmOVFyhmsftR0rluE23ARCGGm35y68Q5
LXM+2ltWPLZV/o2GugSQKKgtDsJhrMynV95Mt41CISVSnRtp3vdorYqOOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGRFFdawvQkr4WvHHM51NJs9P0NiMB8GA1UdIwQY
MBaAFO+tNE619+sd7kuPhDX7W52HZj6dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzYwMFRyWDM2eDN1UzQtRU5mdGJuWWRtUHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xYTgzMGEtZjA2MS00Y2RjLWJhZmIt
YTJmZTlmMDE1ZDcxLzEvWkVVVjFyQzlDU3ZoYThjY3puVTBtejBfUTJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xYTgzMGEtZjA2MS00Y2RjLWJhZmItYTJmZTlmMDE1ZDcx
LzEvNzYwMFRyWDM2eDN1UzQtRU5mdGJuWWRtUHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSSuMA0G
CSqGSIb3DQEBCwUAA4IBAQBuHoc3LTQ7HtQCti1skvD+F5mHX8T4yYlFyo/NZhKg
xYASQl5Z8Pw8ndZmaGC0iwC2sgKgfivV2dTLBE0wQfZ8ffUqV0e2ptIOhZ4bVBU/
aK8/Cg0yLI9Pbr4lN5dfY5ED5TTOLqsm/H2iBXLp3UyWuE7mhV8Rn5W6FkX9LMUS
ZGP3A2bVN/F/Yq5UaEP8zlKsRgAA4sPQflfYGagK3sCvhgi4hSshKtt3wDgbQeLM
nXgu9CCOTnay/4kgBofp21UVT63LnILeIQZ2wlDgfqLaI3+Md/o0Y1tCqR9FIZ2J
BJkhnZ5KA4jQ43Zo1VwWPsW07iirCKBPRN49pjsZTmgb
-----END CERTIFICATE-----