Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/536431-9cbe-43a9-8c1f-68ad2d111bac/1/z3D0NVNyJDNK8s3BOW1XwDWuHnE.roa
File:                     z3D0NVNyJDNK8s3BOW1XwDWuHnE.roa (raw, json)
Hash identifier:          M6po3Yhz4/E2RtBrmbgL7sXW1qOGoSDPbigld6qeqvQ=
Subject key identifier:   CF:70:F4:35:53:72:24:33:4A:F2:CD:C1:39:6D:57:C0:35:AE:1E:71
Certificate issuer:       /CN=8200596bbf382d498bc5ec2b3fd65339e85b98f2
Certificate serial:       018CC5DC676FB56B5DAEF80D79CA8BCB2C45
Authority key identifier: 82:00:59:6B:BF:38:2D:49:8B:C5:EC:2B:3F:D6:53:39:E8:5B:98:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ggBZa784LUmLxewrP9ZTOehbmPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/536431-9cbe-43a9-8c1f-68ad2d111bac/1/z3D0NVNyJDNK8s3BOW1XwDWuHnE.roa
Signing time:             Mon 01 Jan 2024 16:30:05 +0000
ROA not before:           Mon 01 Jan 2024 16:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43104
IP address blocks:        193.200.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/536431-9cbe-43a9-8c1f-68ad2d111bac/1/ggBZa784LUmLxewrP9ZTOehbmPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/536431-9cbe-43a9-8c1f-68ad2d111bac/1/ggBZa784LUmLxewrP9ZTOehbmPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ggBZa784LUmLxewrP9ZTOehbmPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:67:6f:b5:6b:5d:ae:f8:0d:79:ca:8b:cb:2c:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8200596bbf382d498bc5ec2b3fd65339e85b98f2
        Validity
            Not Before: Jan  1 16:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf70f435537224334af2cdc1396d57c035ae1e71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:75:b1:d8:b1:4f:bb:cc:e3:6f:9e:01:4b:2c:
                    3e:02:7d:b7:12:7b:3c:70:9f:e9:ab:31:24:42:55:
                    27:f6:5d:54:85:cb:e9:5c:ae:fb:35:36:6f:ce:b2:
                    58:e8:85:83:b6:0e:3b:41:cd:98:79:c4:f0:70:4d:
                    35:33:39:0f:88:0b:1e:a4:08:e1:93:99:fe:23:1b:
                    22:8f:a1:dc:d1:c2:6e:b9:5a:a7:63:19:95:e2:f2:
                    53:37:41:aa:6f:bf:ea:9c:6e:e9:00:c9:9b:97:7c:
                    d7:e2:ad:c2:85:56:2f:bf:aa:bb:b8:8d:db:8d:e2:
                    20:2c:41:0c:ce:d9:15:78:a7:b7:70:a2:5e:79:42:
                    32:63:8e:97:76:c8:34:01:d0:eb:9b:5d:86:08:d3:
                    c3:f3:37:1f:17:18:38:f5:70:d7:7e:a6:d8:9d:49:
                    3f:05:e8:a9:61:13:39:f6:cb:4b:39:bc:2c:cb:00:
                    79:d6:87:54:70:a8:58:0f:cd:e0:43:fd:1e:c8:d7:
                    2d:cd:71:be:7e:d7:17:8d:46:21:c1:f9:78:f2:48:
                    03:08:1f:35:08:45:fc:30:78:71:22:bf:99:9c:99:
                    63:cc:d9:95:de:a8:8a:b5:a4:f7:1f:51:19:95:97:
                    4b:76:b7:b4:da:d4:8d:9c:1d:68:68:12:45:4c:e1:
                    0d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:70:F4:35:53:72:24:33:4A:F2:CD:C1:39:6D:57:C0:35:AE:1E:71
            X509v3 Authority Key Identifier:
                keyid:82:00:59:6B:BF:38:2D:49:8B:C5:EC:2B:3F:D6:53:39:E8:5B:98:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ggBZa784LUmLxewrP9ZTOehbmPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/536431-9cbe-43a9-8c1f-68ad2d111bac/1/z3D0NVNyJDNK8s3BOW1XwDWuHnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/536431-9cbe-43a9-8c1f-68ad2d111bac/1/ggBZa784LUmLxewrP9ZTOehbmPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:5e:74:df:d2:47:71:c0:b3:45:32:b0:a9:fc:c4:19:c5:5b:
         c0:b9:ea:d0:5f:52:ac:cb:24:2c:1c:68:2a:6e:55:73:9e:82:
         1f:d7:c3:ac:58:49:f0:cd:1f:f5:e0:52:45:33:f5:32:d4:3d:
         d4:99:44:a1:66:b3:db:a6:95:27:e1:cb:0e:a5:cd:53:e9:ab:
         35:95:89:ce:27:ef:ed:cd:c0:7a:0f:1f:54:fc:fa:b9:94:ae:
         5f:ba:c0:ab:b5:29:c5:91:4c:0e:db:6a:72:95:92:be:be:df:
         09:0b:d4:2a:8e:e1:92:a8:d3:8f:27:e5:18:36:9a:a7:cf:14:
         1e:3e:b1:f9:58:4a:9f:f6:fb:43:ba:7c:69:22:4c:1e:15:50:
         b4:6f:1d:78:86:67:32:d5:45:90:01:db:5a:7f:80:b8:48:4b:
         c0:e5:af:2a:32:0b:54:f1:63:8d:de:91:5d:b0:00:4f:cc:0d:
         50:d5:fa:2a:5d:9e:35:30:41:9b:d6:18:e0:c0:bd:3d:6a:95:
         47:45:81:5c:26:6c:6e:63:16:89:b2:8a:bd:d1:e3:dc:88:d2:
         a5:0b:75:e8:f4:4b:3c:74:b9:cc:5d:b4:a1:3b:40:06:5c:26:
         4b:23:36:76:f8:d9:64:c5:f8:a8:33:64:4a:f4:e6:c3:cd:b5:
         6f:e7:60:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3GdvtWtdrvgNecqLyyxFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMDA1OTZiYmYzODJkNDk4YmM1ZWMyYjNmZDY1MzM5ZTg1
Yjk4ZjIwHhcNMjQwMTAxMTYzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjcwZjQzNTUzNzIyNDMzNGFmMmNkYzEzOTZkNTdjMDM1YWUxZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXWx2LFPu8zjb54BSyw+An23Ens8
cJ/pqzEkQlUn9l1UhcvpXK77NTZvzrJY6IWDtg47Qc2YecTwcE01MzkPiAsepAjh
k5n+Ixsij6Hc0cJuuVqnYxmV4vJTN0Gqb7/qnG7pAMmbl3zX4q3ChVYvv6q7uI3b
jeIgLEEMztkVeKe3cKJeeUIyY46Xdsg0AdDrm12GCNPD8zcfFxg49XDXfqbYnUk/
BeipYRM59stLObwsywB51odUcKhYD83gQ/0eyNctzXG+ftcXjUYhwfl48kgDCB81
CEX8MHhxIr+ZnJljzNmV3qiKtaT3H1EZlZdLdre02tSNnB1oaBJFTOENLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9w9DVTciQzSvLNwTltV8A1rh5xMB8GA1UdIwQY
MBaAFIIAWWu/OC1Ji8XsKz/WUznoW5jyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2dCWmE3ODRMVW1MeGV3clA5WlRPZWhibVBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS81MzY0MzEtOWNiZS00M2E5LThjMWYt
NjhhZDJkMTExYmFjLzEvejNEME5WTnlKRE5LOHMzQk9XMVh3RFd1SG5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS81MzY0MzEtOWNiZS00M2E5LThjMWYtNjhhZDJkMTExYmFj
LzEvZ2dCWmE3ODRMVW1MeGV3clA5WlRPZWhibVBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcjgMA0G
CSqGSIb3DQEBCwUAA4IBAQARXnTf0kdxwLNFMrCp/MQZxVvAuerQX1KsyyQsHGgq
blVznoIf18OsWEnwzR/14FJFM/Uy1D3UmUShZrPbppUn4csOpc1T6as1lYnOJ+/t
zcB6Dx9U/Pq5lK5fusCrtSnFkUwO22pylZK+vt8JC9QqjuGSqNOPJ+UYNpqnzxQe
PrH5WEqf9vtDunxpIkweFVC0bx14hmcy1UWQAdtaf4C4SEvA5a8qMgtU8WON3pFd
sABPzA1Q1foqXZ41MEGb1hjgwL09apVHRYFcJmxuYxaJsoq90ePciNKlC3Xo9Es8
dLnMXbShO0AGXCZLIzZ2+NlkxfioM2RK9ObDzbVv52Bb
-----END CERTIFICATE-----