Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/zhOP3lvrhLmtbsg36PvyJ85A__E.roa
File:                     zhOP3lvrhLmtbsg36PvyJ85A__E.roa (raw, json)
Hash identifier:          sZEtem4CIZlHTDCbW362jtQcMOQNtmEcK1gF38QKOdI=
Subject key identifier:   CE:13:8F:DE:5B:EB:84:B9:AD:6E:C8:37:E8:FB:F2:27:CE:40:FF:F1
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       018CC9BCC172EEEEB7EB76A84FF11601BC2F
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/zhOP3lvrhLmtbsg36PvyJ85A__E.roa
Signing time:             Tue 02 Jan 2024 10:33:59 +0000
ROA not before:           Tue 02 Jan 2024 10:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209774
IP address blocks:        212.170.158.0/24 maxlen: 24
                          194.179.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c1:72:ee:ee:b7:eb:76:a8:4f:f1:16:01:bc:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  2 10:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce138fde5beb84b9ad6ec837e8fbf227ce40fff1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fb:90:53:b2:cc:cc:e9:fc:53:07:aa:8a:0e:
                    2c:00:56:20:58:82:5b:16:47:d9:aa:bf:0c:75:dd:
                    4b:b3:fb:93:d0:65:ac:ac:12:14:12:2f:e5:87:88:
                    d5:a6:d4:7e:d9:d8:db:98:1a:4a:aa:b1:36:f2:42:
                    b2:8e:b7:53:4c:57:a7:d4:88:e5:7a:39:4e:95:83:
                    c4:ef:c7:12:8d:63:4a:80:4d:b5:b5:55:bd:c6:31:
                    f3:0e:22:f7:dd:81:d7:20:bc:64:23:06:98:fa:03:
                    4e:34:55:46:c8:1a:0b:c5:0e:f6:59:1b:dc:17:9a:
                    5e:de:2f:4f:41:c0:9d:6d:c7:8c:73:19:b2:1d:2c:
                    83:fd:3c:02:76:1d:de:54:e4:9f:1c:68:ff:b3:c3:
                    4e:86:2c:ea:d9:1d:30:90:6c:9e:d3:4a:e0:c5:35:
                    c8:db:d4:f9:3b:b0:a6:c9:41:06:0e:36:3b:9d:8f:
                    41:db:14:a2:f7:d3:34:29:98:6d:26:89:b7:4d:8b:
                    2e:1d:5a:c0:2b:5c:70:3c:6f:b4:eb:a6:f3:04:68:
                    8d:81:6e:10:6c:c5:6d:0a:1a:a4:b5:a9:93:72:47:
                    81:ff:54:64:f9:37:5f:52:f6:7e:bd:c9:67:66:87:
                    ef:f2:78:04:5c:61:f7:c6:29:5d:aa:a8:47:72:9b:
                    a0:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:13:8F:DE:5B:EB:84:B9:AD:6E:C8:37:E8:FB:F2:27:CE:40:FF:F1
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/zhOP3lvrhLmtbsg36PvyJ85A__E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.179.123.0/24
                  212.170.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:8a:32:83:88:cf:b8:f3:dd:0d:47:49:b2:70:e9:54:a0:99:
         d4:84:9c:5b:45:63:b9:8a:0c:f2:64:2e:ca:26:cd:7f:fc:cb:
         1b:bd:e0:9e:f0:51:dc:70:c9:ff:e8:2e:64:41:48:44:78:7d:
         24:34:ec:fe:3e:34:c3:1e:76:b9:fb:2c:d6:55:09:6f:61:ae:
         31:4e:1a:87:a8:fe:bd:d1:42:5b:74:7b:61:0b:86:da:dd:64:
         9d:5d:a6:00:8d:88:51:40:05:3a:7b:bb:b6:ab:88:7c:17:c7:
         c5:9f:d5:2a:cf:30:04:7d:96:81:6d:23:dc:e4:d3:c6:d8:55:
         fa:2d:7c:09:ad:54:3e:64:af:f2:2e:52:48:dd:3d:4c:c3:d6:
         6c:72:58:0a:dc:ef:66:c9:a6:d7:20:6d:d8:bd:73:d1:03:0d:
         c7:35:cf:15:89:b4:69:9e:d7:1e:f4:33:93:f0:86:68:d4:b5:
         bd:1b:6a:bc:e5:f9:96:84:d7:ce:86:1a:ec:fc:bc:c8:27:61:
         88:e7:25:3e:31:a4:9b:69:3f:89:92:d6:f4:46:52:18:37:4a:
         e0:4f:a4:33:a7:b0:a6:d8:f6:3e:48:7b:10:80:7f:22:72:45:
         57:c0:2e:09:fc:80:73:8e:d9:4f:13:a9:35:fc:6e:7b:71:57:
         6c:c3:35:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvMFy7u6363aoT/EWAbwvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjQwMTAyMTAzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTEzOGZkZTViZWI4NGI5YWQ2ZWM4MzdlOGZiZjIyN2NlNDBmZmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovuQU7LMzOn8Uweqig4sAFYgWIJb
FkfZqr8Mdd1Ls/uT0GWsrBIUEi/lh4jVptR+2djbmBpKqrE28kKyjrdTTFen1Ijl
ejlOlYPE78cSjWNKgE21tVW9xjHzDiL33YHXILxkIwaY+gNONFVGyBoLxQ72WRvc
F5pe3i9PQcCdbceMcxmyHSyD/TwCdh3eVOSfHGj/s8NOhizq2R0wkGye00rgxTXI
29T5O7CmyUEGDjY7nY9B2xSi99M0KZhtJom3TYsuHVrAK1xwPG+066bzBGiNgW4Q
bMVtChqktamTckeB/1Rk+TdfUvZ+vclnZofv8ngEXGH3xildqqhHcpugfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM4Tj95b64S5rW7IN+j78ifOQP/xMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvemhPUDNsdnJoTG10YnNnMzZQdnlKODVBX19FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwrN7AwQA
1KqeMA0GCSqGSIb3DQEBCwUAA4IBAQDQijKDiM+4890NR0mycOlUoJnUhJxbRWO5
igzyZC7KJs1//MsbveCe8FHccMn/6C5kQUhEeH0kNOz+PjTDHna5+yzWVQlvYa4x
ThqHqP690UJbdHthC4ba3WSdXaYAjYhRQAU6e7u2q4h8F8fFn9UqzzAEfZaBbSPc
5NPG2FX6LXwJrVQ+ZK/yLlJI3T1Mw9ZsclgK3O9myabXIG3YvXPRAw3HNc8VibRp
ntce9DOT8IZo1LW9G2q85fmWhNfOhhrs/LzIJ2GI5yU+MaSbaT+Jktb0RlIYN0rg
T6Qzp7Cm2PY+SHsQgH8ickVXwC4J/IBzjtlPE6k1/G57cVdswzWq
-----END CERTIFICATE-----