Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/45c4fd-4294-4516-a74d-d6cd57287f9c/1/ZycuNa9jDFtYoiJDbFvu0up7hnI.roa
File:                     ZycuNa9jDFtYoiJDbFvu0up7hnI.roa (raw, json)
Hash identifier:          e6BXZANbdXOf4hMQEynPk+HYXrigRhXot6SVNCeetxU=
Subject key identifier:   67:27:2E:35:AF:63:0C:5B:58:A2:22:43:6C:5B:EE:D2:EA:7B:86:72
Certificate issuer:       /CN=fc8269f42e46441ab1ed994c89f747baa554e320
Certificate serial:       018CC9BC3684E726ABA8D66EBFCF6CB8DBF5
Authority key identifier: FC:82:69:F4:2E:46:44:1A:B1:ED:99:4C:89:F7:47:BA:A5:54:E3:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_IJp9C5GRBqx7ZlMifdHuqVU4yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/45c4fd-4294-4516-a74d-d6cd57287f9c/1/ZycuNa9jDFtYoiJDbFvu0up7hnI.roa
Signing time:             Tue 02 Jan 2024 10:33:24 +0000
ROA not before:           Tue 02 Jan 2024 10:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209571
IP address blocks:        141.98.224.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/45c4fd-4294-4516-a74d-d6cd57287f9c/1/_IJp9C5GRBqx7ZlMifdHuqVU4yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/45c4fd-4294-4516-a74d-d6cd57287f9c/1/_IJp9C5GRBqx7ZlMifdHuqVU4yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_IJp9C5GRBqx7ZlMifdHuqVU4yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:36:84:e7:26:ab:a8:d6:6e:bf:cf:6c:b8:db:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc8269f42e46441ab1ed994c89f747baa554e320
        Validity
            Not Before: Jan  2 10:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67272e35af630c5b58a222436c5beed2ea7b8672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:36:e4:19:68:a8:50:d2:1e:a1:cc:f9:1b:f9:
                    be:50:aa:f9:83:84:a4:90:76:5e:da:38:44:73:58:
                    68:2a:f4:23:3b:9d:35:8a:65:91:c6:17:1c:d2:f3:
                    4b:7d:89:a5:b2:5f:b8:83:41:8e:92:f1:3a:45:8e:
                    08:b6:af:85:4a:17:69:16:63:6a:87:15:ee:f2:d8:
                    61:4b:4b:56:0f:81:36:fb:8f:39:d7:b0:25:51:81:
                    fb:1f:3f:b0:da:34:2f:80:46:ce:73:85:b6:4d:2e:
                    69:df:ef:09:b4:49:59:35:94:5e:09:d7:cc:c2:92:
                    a6:b5:29:9d:ad:53:21:c7:ce:87:7d:1a:77:de:ee:
                    41:1d:4d:4d:af:69:be:8e:f3:66:08:c1:aa:65:7e:
                    b0:fc:5c:47:7d:1f:29:a6:01:bb:ee:26:28:06:5c:
                    ae:35:b1:1b:9f:ee:c8:9c:68:ee:94:f2:94:95:06:
                    ef:34:88:be:c3:ec:00:28:58:ff:03:12:32:80:de:
                    ba:c6:58:dc:cd:78:24:a5:25:92:14:91:9a:f5:ed:
                    7d:0c:61:a8:35:4f:55:e5:cd:80:8e:9e:49:c8:dd:
                    88:f6:d8:38:10:a4:f3:5c:8b:a0:1b:a7:aa:46:55:
                    74:8e:e5:47:6d:ce:48:6f:b0:26:f1:a5:66:c6:8b:
                    6c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:27:2E:35:AF:63:0C:5B:58:A2:22:43:6C:5B:EE:D2:EA:7B:86:72
            X509v3 Authority Key Identifier:
                keyid:FC:82:69:F4:2E:46:44:1A:B1:ED:99:4C:89:F7:47:BA:A5:54:E3:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_IJp9C5GRBqx7ZlMifdHuqVU4yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/45c4fd-4294-4516-a74d-d6cd57287f9c/1/ZycuNa9jDFtYoiJDbFvu0up7hnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/45c4fd-4294-4516-a74d-d6cd57287f9c/1/_IJp9C5GRBqx7ZlMifdHuqVU4yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:73:b0:93:d9:0e:26:58:34:11:b5:a9:c9:76:26:23:df:77:
         28:d3:f3:83:e9:66:cd:fb:29:0f:6a:f3:26:72:5b:78:62:7e:
         ad:92:c1:58:de:02:e4:22:d9:7d:96:46:f5:20:33:31:9f:39:
         b3:70:87:13:be:7e:56:34:b3:25:1a:28:d0:1b:fa:7a:1b:2b:
         7b:10:b8:3a:27:fc:ec:bd:6a:ef:5f:88:ef:7d:fe:ce:a4:bb:
         72:0a:5a:e0:fe:9c:0d:ee:23:44:ad:3f:2e:ef:dc:0a:dc:1e:
         fa:0e:57:36:1d:3c:4b:42:cb:88:24:99:d4:fd:a8:03:a1:e0:
         8c:7d:f1:eb:5e:79:07:16:3d:90:2a:09:93:af:a6:f7:a1:ab:
         17:0a:7e:9e:84:36:2f:d4:25:d6:22:3c:9d:d2:ba:86:f5:b9:
         27:0d:44:0f:db:67:90:37:34:be:d8:1c:54:7c:b0:55:43:42:
         29:9c:87:10:cb:94:05:7d:c6:68:69:d9:4d:b2:5e:60:f0:ef:
         77:f5:c6:1b:7f:f6:d0:60:eb:3c:9b:6f:46:f0:60:3a:54:66:
         84:b2:01:04:04:6e:4f:b0:53:dc:10:46:8e:15:8c:35:27:e4:
         3f:1d:cb:c0:d8:c6:49:37:5d:21:13:46:c4:b2:e8:ef:98:fa:
         f9:b8:83:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvDaE5yarqNZuv89suNv1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjODI2OWY0MmU0NjQ0MWFiMWVkOTk0Yzg5Zjc0N2JhYTU1
NGUzMjAwHhcNMjQwMTAyMTAzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzI3MmUzNWFmNjMwYzViNThhMjIyNDM2YzViZWVkMmVhN2I4NjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTbkGWioUNIeocz5G/m+UKr5g4Sk
kHZe2jhEc1hoKvQjO501imWRxhcc0vNLfYmlsl+4g0GOkvE6RY4Itq+FShdpFmNq
hxXu8thhS0tWD4E2+48517AlUYH7Hz+w2jQvgEbOc4W2TS5p3+8JtElZNZReCdfM
wpKmtSmdrVMhx86HfRp33u5BHU1Nr2m+jvNmCMGqZX6w/FxHfR8ppgG77iYoBlyu
NbEbn+7InGjulPKUlQbvNIi+w+wAKFj/AxIygN66xljczXgkpSWSFJGa9e19DGGo
NU9V5c2Ajp5JyN2I9tg4EKTzXIugG6eqRlV0juVHbc5Ib7Am8aVmxotsCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcnLjWvYwxbWKIiQ2xb7tLqe4ZyMB8GA1UdIwQY
MBaAFPyCafQuRkQase2ZTIn3R7qlVOMgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0lKcDlDNUdSQnF4N1psTWlmZEh1cVZVNHlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80NWM0ZmQtNDI5NC00NTE2LWE3NGQt
ZDZjZDU3Mjg3ZjljLzEvWnljdU5hOWpERnRZb2lKRGJGdnUwdXA3aG5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80NWM0ZmQtNDI5NC00NTE2LWE3NGQtZDZjZDU3Mjg3Zjlj
LzEvX0lKcDlDNUdSQnF4N1psTWlmZEh1cVZVNHlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjWLgMA0G
CSqGSIb3DQEBCwUAA4IBAQCkc7CT2Q4mWDQRtanJdiYj33co0/OD6WbN+ykPavMm
clt4Yn6tksFY3gLkItl9lkb1IDMxnzmzcIcTvn5WNLMlGijQG/p6Gyt7ELg6J/zs
vWrvX4jvff7OpLtyClrg/pwN7iNErT8u79wK3B76Dlc2HTxLQsuIJJnU/agDoeCM
ffHrXnkHFj2QKgmTr6b3oasXCn6ehDYv1CXWIjyd0rqG9bknDUQP22eQNzS+2BxU
fLBVQ0IpnIcQy5QFfcZoadlNsl5g8O939cYbf/bQYOs8m29G8GA6VGaEsgEEBG5P
sFPcEEaOFYw1J+Q/HcvA2MZJN10hE0bEsujvmPr5uIMo
-----END CERTIFICATE-----