Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/Z8BRGz_aS1a0TplDBX_AjtTjOK8.roa
File:                     Z8BRGz_aS1a0TplDBX_AjtTjOK8.roa (raw, json)
Hash identifier:          XSjC0jc4mo79lKpZLiAmCuI2hxKJYoGFvL4lk3hzG38=
Subject key identifier:   67:C0:51:1B:3F:DA:4B:56:B4:4E:99:43:05:7F:C0:8E:D4:E3:38:AF
Certificate issuer:       /CN=c4ddbd9f230919321bf56706f1069377926119f9
Certificate serial:       019109031D6BB6D2C621F612CD0F9F239EF9
Authority key identifier: C4:DD:BD:9F:23:09:19:32:1B:F5:67:06:F1:06:93:77:92:61:19:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xN29nyMJGTIb9WcG8QaTd5JhGfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/Z8BRGz_aS1a0TplDBX_AjtTjOK8.roa
Signing time:             Wed 31 Jul 2024 13:38:04 +0000
ROA not before:           Wed 31 Jul 2024 13:38:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3292
IP address blocks:        193.32.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/xN29nyMJGTIb9WcG8QaTd5JhGfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/xN29nyMJGTIb9WcG8QaTd5JhGfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xN29nyMJGTIb9WcG8QaTd5JhGfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:09:03:1d:6b:b6:d2:c6:21:f6:12:cd:0f:9f:23:9e:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ddbd9f230919321bf56706f1069377926119f9
        Validity
            Not Before: Jul 31 13:38:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67c0511b3fda4b56b44e9943057fc08ed4e338af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:eb:e7:af:ad:e7:8e:87:cb:4a:29:ef:2b:66:
                    43:58:91:81:c7:b0:a1:00:00:a6:8f:53:eb:3d:c4:
                    18:0e:f0:47:e1:02:2e:02:f3:cc:54:44:0d:70:e1:
                    92:31:4e:aa:6a:f9:28:cf:2d:75:81:62:a9:56:d8:
                    07:60:46:cf:30:a1:f7:60:0a:cb:01:78:4f:83:23:
                    47:41:32:82:68:2d:7a:43:f1:36:df:6d:18:19:87:
                    37:aa:cd:bc:91:22:84:48:01:70:81:02:c0:3f:25:
                    2e:7d:ce:b7:d6:fa:9a:0e:68:07:41:b5:40:f0:e9:
                    a1:79:50:e5:17:9f:7a:76:de:78:70:66:ff:1e:94:
                    f9:90:1e:d7:d5:d3:1b:c5:2f:be:28:9b:97:66:d7:
                    12:7a:51:5d:33:55:cf:00:1a:73:a0:cd:9a:5d:f0:
                    cd:f2:86:7c:39:2f:28:1d:cb:86:3b:a5:a0:28:54:
                    2d:ee:3c:dd:cf:bc:61:01:d0:eb:10:92:f7:f2:2d:
                    73:5d:43:ef:19:4e:e4:09:2a:c8:8a:6b:ed:5a:b3:
                    54:2e:99:d8:9f:de:c9:e7:9f:a8:32:53:e2:b4:03:
                    9e:56:8f:5c:39:1c:89:7d:cd:e2:c3:3f:6b:32:67:
                    f6:52:05:98:18:bf:bb:34:bc:2b:fe:4e:ed:90:34:
                    32:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:C0:51:1B:3F:DA:4B:56:B4:4E:99:43:05:7F:C0:8E:D4:E3:38:AF
            X509v3 Authority Key Identifier:
                keyid:C4:DD:BD:9F:23:09:19:32:1B:F5:67:06:F1:06:93:77:92:61:19:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xN29nyMJGTIb9WcG8QaTd5JhGfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/Z8BRGz_aS1a0TplDBX_AjtTjOK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/xN29nyMJGTIb9WcG8QaTd5JhGfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:c4:a8:d7:78:5a:2a:11:3f:45:48:c8:1e:21:4a:02:52:eb:
         3d:05:98:4a:5f:8d:3d:d9:62:e7:40:c6:ab:c3:95:07:3d:93:
         05:bb:01:f1:bb:e4:3e:c5:eb:12:bf:ad:1e:d7:2a:68:34:52:
         83:02:fa:60:f4:48:34:71:fd:d4:2f:8b:74:8b:c2:6b:84:95:
         0e:75:ad:84:0e:4b:25:16:16:b3:6f:55:0e:bb:70:01:7f:54:
         25:31:d9:61:48:86:e0:ee:78:dd:5a:4c:18:19:70:21:bd:5a:
         f7:58:e1:bf:46:30:4b:b5:0a:1b:8c:8a:83:98:ad:e6:46:4f:
         91:71:c1:9e:5d:95:11:02:86:27:84:b6:0d:e5:36:67:1a:ee:
         ed:52:fb:bf:fa:a8:f5:bb:d1:92:30:25:51:be:fe:71:53:85:
         0d:9b:21:a0:d1:ab:58:14:8e:d1:f2:3c:bb:c3:36:5b:be:a8:
         64:ad:4b:b3:3d:7d:4e:bb:c2:33:13:34:63:82:bf:58:ba:26:
         7e:a1:84:98:80:f3:4e:0c:38:a6:d5:87:fd:c1:08:06:fd:ca:
         27:2d:44:db:23:a7:07:34:03:26:40:84:d5:9f:bb:d1:b1:87:
         53:61:17:19:99:ea:5f:9a:91:5b:92:a3:5f:5c:b8:b6:d4:e5:
         50:be:b5:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEJAx1rttLGIfYSzQ+fI575MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZGRiZDlmMjMwOTE5MzIxYmY1NjcwNmYxMDY5Mzc3OTI2
MTE5ZjkwHhcNMjQwNzMxMTMzODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2MwNTExYjNmZGE0YjU2YjQ0ZTk5NDMwNTdmYzA4ZWQ0ZTMzOGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+vnr63njofLSinvK2ZDWJGBx7Ch
AACmj1PrPcQYDvBH4QIuAvPMVEQNcOGSMU6qavkozy11gWKpVtgHYEbPMKH3YArL
AXhPgyNHQTKCaC16Q/E2320YGYc3qs28kSKESAFwgQLAPyUufc631vqaDmgHQbVA
8OmheVDlF596dt54cGb/HpT5kB7X1dMbxS++KJuXZtcSelFdM1XPABpzoM2aXfDN
8oZ8OS8oHcuGO6WgKFQt7jzdz7xhAdDrEJL38i1zXUPvGU7kCSrIimvtWrNULpnY
n97J55+oMlPitAOeVo9cORyJfc3iwz9rMmf2UgWYGL+7NLwr/k7tkDQyUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfAURs/2ktWtE6ZQwV/wI7U4zivMB8GA1UdIwQY
MBaAFMTdvZ8jCRkyG/VnBvEGk3eSYRn5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE4yOW55TUpHVEliOVdjRzhRYVRkNUpoR2ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9lOWM4ZmUtYTY4Ny00OTUyLTlkODgt
YmZhYzkyOGJmNjU4LzEvWjhCUkd6X2FTMWEwVHBsREJYX0FqdFRqT0s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9lOWM4ZmUtYTY4Ny00OTUyLTlkODgtYmZhYzkyOGJmNjU4
LzEveE4yOW55TUpHVEliOVdjRzhRYVRkNUpoR2ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSBBMA0G
CSqGSIb3DQEBCwUAA4IBAQBjxKjXeFoqET9FSMgeIUoCUus9BZhKX4092WLnQMar
w5UHPZMFuwHxu+Q+xesSv60e1ypoNFKDAvpg9Eg0cf3UL4t0i8JrhJUOda2EDksl
Fhazb1UOu3ABf1QlMdlhSIbg7njdWkwYGXAhvVr3WOG/RjBLtQobjIqDmK3mRk+R
ccGeXZURAoYnhLYN5TZnGu7tUvu/+qj1u9GSMCVRvv5xU4UNmyGg0atYFI7R8jy7
wzZbvqhkrUuzPX1Ou8IzEzRjgr9YuiZ+oYSYgPNODDim1Yf9wQgG/conLUTbI6cH
NAMmQITVn7vRsYdTYRcZmepfmpFbkqNfXLi21OVQvrWR
-----END CERTIFICATE-----