Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/ZPVHCd-HO3DHyMWeYzW6PkoAMEs.roa
File:                     ZPVHCd-HO3DHyMWeYzW6PkoAMEs.roa (raw, json)
Hash identifier:          90Amxzj8HViMfby7f34COdZK8iPztJltjVQ9+bDMXp4=
Subject key identifier:   64:F5:47:09:DF:87:3B:70:C7:C8:C5:9E:63:35:BA:3E:4A:00:30:4B
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       018CC500B7180D328C4409D66E48CCBEE2B7
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/ZPVHCd-HO3DHyMWeYzW6PkoAMEs.roa
Signing time:             Mon 01 Jan 2024 12:30:07 +0000
ROA not before:           Mon 01 Jan 2024 12:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212815
IP address blocks:        81.28.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 22:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b7:18:0d:32:8c:44:09:d6:6e:48:cc:be:e2:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Jan  1 12:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64f54709df873b70c7c8c59e6335ba3e4a00304b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b4:9c:fb:5d:49:71:9b:d2:a3:6b:48:6e:a6:
                    75:81:76:d9:7c:38:d5:63:bc:ca:f0:37:41:9e:83:
                    4a:ce:14:80:bb:fd:d9:fc:ff:e9:15:e4:27:b4:bc:
                    a9:c1:2b:75:87:0d:bf:f9:66:e7:90:02:03:cf:c9:
                    4d:f4:28:61:04:37:7c:fc:f4:4b:21:cb:f1:05:f0:
                    67:50:ca:58:84:dc:1f:55:9a:ba:94:ff:9c:2f:0c:
                    0f:6f:b9:71:2e:1f:c3:db:02:cc:ca:3f:d2:f1:cd:
                    5e:55:90:9b:59:12:6f:cb:4c:24:84:96:a7:ba:ef:
                    46:8e:de:33:9d:06:0f:cc:8a:51:1a:5b:19:56:c7:
                    ba:0e:33:45:5d:50:fd:5d:a8:26:e9:d5:5d:80:df:
                    42:a3:95:e7:cb:13:9e:7a:d0:42:ec:bf:10:15:36:
                    70:b9:17:2e:7d:23:aa:9a:ac:41:b8:01:7e:0e:d0:
                    e3:d6:05:73:3f:30:6f:08:6e:4d:59:35:d6:fc:fe:
                    85:06:a5:cf:65:51:88:a8:48:3b:9b:07:f8:d7:37:
                    49:a5:4a:d6:99:47:63:9c:04:8e:8c:57:bc:8d:0d:
                    f7:ed:87:87:74:a9:a6:e8:95:43:d6:4e:4d:80:bb:
                    91:84:17:59:cb:53:df:01:46:31:dc:d7:9f:01:29:
                    99:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:F5:47:09:DF:87:3B:70:C7:C8:C5:9E:63:35:BA:3E:4A:00:30:4B
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/ZPVHCd-HO3DHyMWeYzW6PkoAMEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.28.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:62:c6:93:3f:90:22:7f:b5:8d:a0:41:fe:ce:15:13:54:20:
         ca:84:ab:6a:1d:6d:46:5b:2d:00:2e:f7:6c:8c:ba:11:93:53:
         bb:d6:bf:c3:91:b5:77:4a:0f:f5:97:73:47:7e:75:98:9a:75:
         5e:2a:f2:01:05:0f:85:c6:3a:c4:d5:dc:6d:fa:d9:47:ca:46:
         aa:ea:39:16:df:4c:12:0a:2b:8d:06:21:48:b8:db:ac:e4:58:
         68:63:7b:94:cf:f2:59:54:4a:ea:00:a7:e5:c2:55:6c:2c:7a:
         e9:1a:cd:dd:80:a7:7e:25:86:39:cb:1d:ac:31:b5:3a:72:89:
         b1:94:c2:07:29:a1:d2:d4:92:3a:ae:5e:e5:48:54:c6:4f:3b:
         fa:27:f1:73:be:73:45:1f:a7:05:d6:d1:c7:6e:59:a5:68:90:
         2e:02:15:e9:ef:4e:fe:e6:65:4b:23:41:df:19:ba:ef:10:a8:
         d2:08:0a:31:91:76:7d:f7:3b:63:a7:a0:ad:ae:68:3c:64:0e:
         17:58:15:a4:29:35:61:64:e3:b4:32:5c:6a:b5:c3:70:2b:4f:
         a2:20:5e:7a:dd:e8:64:7d:c6:69:25:d6:d8:f5:cc:96:ec:d9:
         5f:6e:91:3f:b7:71:7b:a6:33:fd:c2:05:6f:77:36:0c:34:c8:
         12:b9:95:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALcYDTKMRAnWbkjMvuK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjQwMTAxMTIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGY1NDcwOWRmODczYjcwYzdjOGM1OWU2MzM1YmEzZTRhMDAzMDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrSc+11JcZvSo2tIbqZ1gXbZfDjV
Y7zK8DdBnoNKzhSAu/3Z/P/pFeQntLypwSt1hw2/+WbnkAIDz8lN9ChhBDd8/PRL
IcvxBfBnUMpYhNwfVZq6lP+cLwwPb7lxLh/D2wLMyj/S8c1eVZCbWRJvy0wkhJan
uu9Gjt4znQYPzIpRGlsZVse6DjNFXVD9Xagm6dVdgN9Co5XnyxOeetBC7L8QFTZw
uRcufSOqmqxBuAF+DtDj1gVzPzBvCG5NWTXW/P6FBqXPZVGIqEg7mwf41zdJpUrW
mUdjnASOjFe8jQ337YeHdKmm6JVD1k5NgLuRhBdZy1PfAUYx3NefASmZEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGT1Rwnfhztwx8jFnmM1uj5KADBLMB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvWlBWSENkLUhPM0RIeU1XZVl6VzZQa29BTUVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURz8MA0G
CSqGSIb3DQEBCwUAA4IBAQCzYsaTP5Aif7WNoEH+zhUTVCDKhKtqHW1GWy0ALvds
jLoRk1O71r/DkbV3Sg/1l3NHfnWYmnVeKvIBBQ+FxjrE1dxt+tlHykaq6jkW30wS
CiuNBiFIuNus5FhoY3uUz/JZVErqAKflwlVsLHrpGs3dgKd+JYY5yx2sMbU6comx
lMIHKaHS1JI6rl7lSFTGTzv6J/FzvnNFH6cF1tHHblmlaJAuAhXp707+5mVLI0Hf
GbrvEKjSCAoxkXZ99ztjp6Ctrmg8ZA4XWBWkKTVhZOO0MlxqtcNwK0+iIF563ehk
fcZpJdbY9cyW7NlfbpE/t3F7pjP9wgVvdzYMNMgSuZXj
-----END CERTIFICATE-----