Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/dzpXEL7q-_J9FHaZ69ILVfQ-39I.roa
File:                     dzpXEL7q-_J9FHaZ69ILVfQ-39I.roa (raw, json)
Hash identifier:          z+lyn0as2tzVXHvThrDCeAvdeXatWBQ3/2yeFYkLTwc=
Subject key identifier:   77:3A:57:10:BE:EA:FB:F2:7D:14:76:99:EB:D2:0B:55:F4:3E:DF:D2
Certificate issuer:       /CN=9ae7d661afca3d3370b8e634494d5246b83d585f
Certificate serial:       018CC5004C874567A1491546B62CB1B4453A
Authority key identifier: 9A:E7:D6:61:AF:CA:3D:33:70:B8:E6:34:49:4D:52:46:B8:3D:58:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mufWYa_KPTNwuOY0SU1SRrg9WF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/dzpXEL7q-_J9FHaZ69ILVfQ-39I.roa
Signing time:             Mon 01 Jan 2024 12:29:40 +0000
ROA not before:           Mon 01 Jan 2024 12:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24951
IP address blocks:        89.45.84.0/22 maxlen: 22
                          185.39.228.0/22 maxlen: 22
                          2a01:4aa0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/mufWYa_KPTNwuOY0SU1SRrg9WF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/mufWYa_KPTNwuOY0SU1SRrg9WF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mufWYa_KPTNwuOY0SU1SRrg9WF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4c:87:45:67:a1:49:15:46:b6:2c:b1:b4:45:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ae7d661afca3d3370b8e634494d5246b83d585f
        Validity
            Not Before: Jan  1 12:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=773a5710beeafbf27d147699ebd20b55f43edfd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:45:91:0c:e6:ca:f1:b9:03:5f:a8:25:53:32:
                    0b:b8:1d:96:c6:d8:28:57:8a:fb:97:57:91:54:b6:
                    62:15:67:65:f6:77:10:57:a1:ad:57:ed:14:7f:75:
                    0d:dd:ed:ba:93:4b:8b:72:03:5a:ea:c0:04:78:6f:
                    d4:5f:36:9e:98:e0:cd:f8:b8:57:7e:d6:70:25:ae:
                    5a:05:7a:3c:d7:51:23:8f:ef:45:2a:ae:ef:3f:06:
                    10:5c:09:ed:7e:d8:a7:99:ef:d4:1d:0d:17:3d:04:
                    5e:c2:e2:f1:fd:f8:60:9d:13:a6:fb:b7:2d:fd:b7:
                    fb:48:fd:8d:6d:d3:d7:ef:2e:de:5c:0e:75:98:17:
                    f3:af:9b:2d:b2:56:3b:5a:b2:17:33:f1:3a:3a:7f:
                    2c:be:04:51:df:82:05:59:f3:5b:51:3f:14:05:64:
                    6d:9c:78:5f:d8:fe:2f:9d:ee:d3:88:96:6b:89:31:
                    f2:e5:d9:97:38:4e:46:bf:cf:3a:6c:99:7d:1e:48:
                    59:05:12:fa:03:a5:d4:dc:09:e2:35:95:3d:f6:07:
                    49:26:3d:99:01:3b:23:0a:ad:f6:a1:d2:54:68:09:
                    30:dd:4d:44:0d:ba:56:45:73:96:df:14:df:1a:ba:
                    d4:77:c8:cb:5e:1b:4c:db:39:72:17:e3:76:1c:1c:
                    a6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:3A:57:10:BE:EA:FB:F2:7D:14:76:99:EB:D2:0B:55:F4:3E:DF:D2
            X509v3 Authority Key Identifier:
                keyid:9A:E7:D6:61:AF:CA:3D:33:70:B8:E6:34:49:4D:52:46:B8:3D:58:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mufWYa_KPTNwuOY0SU1SRrg9WF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/dzpXEL7q-_J9FHaZ69ILVfQ-39I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e4705c-e6da-422e-859c-3b68a49dc042/1/mufWYa_KPTNwuOY0SU1SRrg9WF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.45.84.0/22
                  185.39.228.0/22
                IPv6:
                  2a01:4aa0::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:e4:e3:45:76:73:49:9b:4c:e1:3b:cf:09:64:78:ea:c3:9f:
         27:1d:c5:e2:55:b3:ad:4f:d7:ad:ac:92:53:07:7d:67:ac:c8:
         bb:98:ed:2d:05:b7:36:59:c9:5f:66:d2:8d:c8:47:a5:57:98:
         29:2f:0c:f0:8f:26:d0:6d:e6:59:07:23:73:d3:23:93:b2:f3:
         e9:b1:3a:8e:0c:04:d7:35:e9:91:94:98:79:c4:f2:48:61:4b:
         48:6b:05:68:e8:39:7c:d9:61:37:41:eb:2f:28:ea:30:a6:3c:
         06:42:48:17:69:46:1e:93:8f:e7:22:56:e4:2f:51:9c:db:b8:
         af:c0:28:8b:85:cc:3b:15:4e:22:f3:8b:89:55:5e:97:ab:15:
         de:1e:66:d3:32:d9:93:cf:f6:1b:b1:ae:b1:32:dd:36:f7:3d:
         7d:0f:4a:c7:b4:45:8b:fe:ef:87:a0:71:0e:bc:0d:25:3e:f7:
         7f:0b:3a:3d:bf:9f:f2:64:13:9f:9a:8b:76:eb:92:04:69:fe:
         b5:07:3b:fe:74:f7:ad:ea:4b:6c:1a:19:bc:98:56:5c:56:49:
         fc:8c:fa:f8:9a:e0:bc:d6:d1:23:c5:46:2f:76:c3:5a:ee:e3:
         8b:35:5c:c8:16:7e:fb:7d:f0:75:5d:a3:3e:60:8a:bc:36:33:
         6a:0f:64:10
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFAEyHRWehSRVGtiyxtEU6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZTdkNjYxYWZjYTNkMzM3MGI4ZTYzNDQ5NGQ1MjQ2Yjgz
ZDU4NWYwHhcNMjQwMTAxMTIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzNhNTcxMGJlZWFmYmYyN2QxNDc2OTllYmQyMGI1NWY0M2VkZmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUWRDObK8bkDX6glUzILuB2Wxtgo
V4r7l1eRVLZiFWdl9ncQV6GtV+0Uf3UN3e26k0uLcgNa6sAEeG/UXzaemODN+LhX
ftZwJa5aBXo811Ejj+9FKq7vPwYQXAntftinme/UHQ0XPQRewuLx/fhgnROm+7ct
/bf7SP2NbdPX7y7eXA51mBfzr5stslY7WrIXM/E6On8svgRR34IFWfNbUT8UBWRt
nHhf2P4vne7TiJZriTHy5dmXOE5Gv886bJl9HkhZBRL6A6XU3AniNZU99gdJJj2Z
ATsjCq32odJUaAkw3U1EDbpWRXOW3xTfGrrUd8jLXhtM2zlyF+N2HBymRQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHc6VxC+6vvyfRR2mevSC1X0Pt/SMB8GA1UdIwQY
MBaAFJrn1mGvyj0zcLjmNElNUka4PVhfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXVmV1lhX0tQVE53dU9ZMFNVMVNScmc5V0Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9lNDcwNWMtZTZkYS00MjJlLTg1OWMt
M2I2OGE0OWRjMDQyLzEvZHpwWEVMN3EtX0o5RkhhWjY5SUxWZlEtMzlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9lNDcwNWMtZTZkYS00MjJlLTg1OWMtM2I2OGE0OWRjMDQy
LzEvbXVmV1lhX0tQVE53dU9ZMFNVMVNScmc5V0Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCWS1UAwQC
uSfkMA0EAgACMAcDBQAqAUqgMA0GCSqGSIb3DQEBCwUAA4IBAQAo5ONFdnNJm0zh
O88JZHjqw58nHcXiVbOtT9etrJJTB31nrMi7mO0tBbc2WclfZtKNyEelV5gpLwzw
jybQbeZZByNz0yOTsvPpsTqODATXNemRlJh5xPJIYUtIawVo6Dl82WE3QesvKOow
pjwGQkgXaUYek4/nIlbkL1Gc27ivwCiLhcw7FU4i84uJVV6XqxXeHmbTMtmTz/Yb
sa6xMt029z19D0rHtEWL/u+HoHEOvA0lPvd/Czo9v5/yZBOfmot265IEaf61Bzv+
dPet6ktsGhm8mFZcVkn8jPr4muC81tEjxUYvdsNa7uOLNVzIFn77ffB1XaM+YIq8
NjNqD2QQ
-----END CERTIFICATE-----