Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/ZSrioKfzjiikRJ1Qnzs_I9-X_vQ.roa
File:                     ZSrioKfzjiikRJ1Qnzs_I9-X_vQ.roa (raw, json)
Hash identifier:          ZicTSuhgS/bGFB7uxfWTSfXW4KfIQN9k+zMf9EMMjgo=
Subject key identifier:   65:2A:E2:A0:A7:F3:8E:28:A4:44:9D:50:9F:3B:3F:23:DF:97:FE:F4
Certificate issuer:       /CN=5cf4501b755002d9143e8fa6736815e9f0f93695
Certificate serial:       0192435CCF87C1ADFA100CF944AA3BEDC294
Authority key identifier: 5C:F4:50:1B:75:50:02:D9:14:3E:8F:A6:73:68:15:E9:F0:F9:36:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/ZSrioKfzjiikRJ1Qnzs_I9-X_vQ.roa
Signing time:             Mon 30 Sep 2024 14:36:48 +0000
ROA not before:           Mon 30 Sep 2024 14:36:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49440
IP address blocks:        88.97.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/XPRQG3VQAtkUPo-mc2gV6fD5NpU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/XPRQG3VQAtkUPo-mc2gV6fD5NpU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:43:5c:cf:87:c1:ad:fa:10:0c:f9:44:aa:3b:ed:c2:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cf4501b755002d9143e8fa6736815e9f0f93695
        Validity
            Not Before: Sep 30 14:36:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=652ae2a0a7f38e28a4449d509f3b3f23df97fef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:49:48:4e:de:85:97:76:32:e6:ea:c0:dc:7a:
                    88:8e:90:66:cd:b9:20:88:4b:57:d2:b4:d6:c0:6c:
                    77:ae:0a:56:d3:9c:e9:f6:3e:72:7d:82:20:3a:93:
                    62:52:e1:8f:f6:e9:fe:6a:38:5a:f1:3e:dd:ee:6d:
                    48:dd:14:4b:5f:0a:11:1f:25:32:e0:dd:85:df:88:
                    e8:fd:03:ab:32:57:76:1a:06:77:b9:3a:2f:b7:d5:
                    d7:f2:b6:3a:c7:35:33:32:e8:72:df:83:80:4a:8d:
                    28:f0:18:9d:3f:fc:6b:d4:12:38:94:bb:c8:b2:ef:
                    20:f4:63:cd:63:4b:35:2e:b6:7f:f9:ee:13:19:6b:
                    b0:f6:93:fe:43:31:2b:5b:fe:54:50:2d:99:16:7d:
                    aa:77:91:e1:b1:43:d1:37:80:6f:76:d9:11:62:78:
                    6a:c9:34:d0:a9:34:b4:73:ea:ca:ba:77:68:58:7c:
                    36:18:d4:bd:f9:92:1e:b7:81:f2:9c:19:c3:90:20:
                    db:55:5b:24:eb:e5:41:4f:f8:1f:1b:fa:ad:76:a5:
                    30:f6:db:6f:f1:2a:36:60:3c:a5:00:90:63:e3:e8:
                    4a:7d:8c:ae:a4:2e:45:4f:87:f6:bf:a4:93:39:0d:
                    68:ce:4b:b9:06:aa:56:6d:17:7c:8f:38:11:44:29:
                    35:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:2A:E2:A0:A7:F3:8E:28:A4:44:9D:50:9F:3B:3F:23:DF:97:FE:F4
            X509v3 Authority Key Identifier:
                keyid:5C:F4:50:1B:75:50:02:D9:14:3E:8F:A6:73:68:15:E9:F0:F9:36:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/ZSrioKfzjiikRJ1Qnzs_I9-X_vQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/XPRQG3VQAtkUPo-mc2gV6fD5NpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.97.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:0c:79:d9:82:42:84:6f:95:09:a4:ab:7d:a4:6a:64:62:08:
         14:e2:03:46:fd:92:e8:33:df:29:06:e2:75:1f:8c:36:c8:4c:
         4a:a8:34:d8:50:a4:f6:d2:a3:7b:41:73:f2:4e:6b:f1:bb:e0:
         2c:32:56:9d:52:0e:18:21:aa:2c:0a:86:d6:5b:2f:b5:b9:6a:
         58:64:3f:13:ed:b4:36:9a:b9:74:71:44:bb:e3:bb:44:bf:27:
         fe:2a:0b:b1:cd:20:4a:5a:d7:c3:a2:df:15:a7:15:cf:ec:db:
         37:bf:bc:33:9d:54:2d:ba:da:17:e2:c2:2e:3b:71:9e:36:d3:
         dd:a9:26:60:0b:27:02:da:d1:1d:d1:24:b5:e9:65:e0:4d:9a:
         2a:ee:43:a0:f6:c2:96:f0:c6:98:ba:d9:72:dc:1a:17:12:4d:
         28:96:f0:38:c1:03:ae:c9:23:9b:87:ed:9e:5a:4d:9d:49:ad:
         ae:77:e5:a3:53:fd:fd:1f:0a:4d:bc:bc:32:0f:c9:9b:bd:2e:
         f1:ff:13:92:c3:d6:31:7f:28:3b:61:55:fa:f7:7c:1e:93:e8:
         1f:6b:9e:b2:f3:c7:21:7f:5f:e2:2b:6f:02:f6:f6:ee:4f:ed:
         10:99:ca:66:c9:15:40:8a:3f:ba:44:63:f1:63:17:ab:f9:24:
         0d:15:ac:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJDXM+Hwa36EAz5RKo77cKUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjQ1MDFiNzU1MDAyZDkxNDNlOGZhNjczNjgxNWU5ZjBm
OTM2OTUwHhcNMjQwOTMwMTQzNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTJhZTJhMGE3ZjM4ZTI4YTQ0NDlkNTA5ZjNiM2YyM2RmOTdmZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwklITt6Fl3Yy5urA3HqIjpBmzbkg
iEtX0rTWwGx3rgpW05zp9j5yfYIgOpNiUuGP9un+ajha8T7d7m1I3RRLXwoRHyUy
4N2F34jo/QOrMld2GgZ3uTovt9XX8rY6xzUzMuhy34OASo0o8BidP/xr1BI4lLvI
su8g9GPNY0s1LrZ/+e4TGWuw9pP+QzErW/5UUC2ZFn2qd5HhsUPRN4BvdtkRYnhq
yTTQqTS0c+rKundoWHw2GNS9+ZIet4HynBnDkCDbVVsk6+VBT/gfG/qtdqUw9ttv
8So2YDylAJBj4+hKfYyupC5FT4f2v6STOQ1ozku5BqpWbRd8jzgRRCk1TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUq4qCn844opESdUJ87PyPfl/70MB8GA1UdIwQY
MBaAFFz0UBt1UALZFD6PpnNoFenw+TaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBSUUczVlFBdGtVUG8tbWMyZ1Y2ZkQ1TnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jMWNhMDctOTY1OC00NDQ2LThjYjUt
NjBjZjlhYjFiMTNlLzEvWlNyaW9LZnpqaWlrUkoxUW56c19JOS1YX3ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jMWNhMDctOTY1OC00NDQ2LThjYjUtNjBjZjlhYjFiMTNl
LzEvWFBSUUczVlFBdGtVUG8tbWMyZ1Y2ZkQ1TnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWGGoMA0G
CSqGSIb3DQEBCwUAA4IBAQCEDHnZgkKEb5UJpKt9pGpkYggU4gNG/ZLoM98pBuJ1
H4w2yExKqDTYUKT20qN7QXPyTmvxu+AsMladUg4YIaosCobWWy+1uWpYZD8T7bQ2
mrl0cUS747tEvyf+KguxzSBKWtfDot8VpxXP7Ns3v7wznVQtutoX4sIuO3GeNtPd
qSZgCycC2tEd0SS16WXgTZoq7kOg9sKW8MaYutly3BoXEk0olvA4wQOuySObh+2e
Wk2dSa2ud+WjU/39HwpNvLwyD8mbvS7x/xOSw9Yxfyg7YVX693wek+gfa56y88ch
f1/iK28C9vbuT+0QmcpmyRVAij+6RGPxYxer+SQNFay6
-----END CERTIFICATE-----