Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/zfR1am1XJUgCsRMN6F1J_zFd010.roa
File:                     zfR1am1XJUgCsRMN6F1J_zFd010.roa (raw, json)
Hash identifier:          1df8Q9UBprFwPYvT7eRQdYWyxjuhVxAn+A/6CPjf6LQ=
Subject key identifier:   CD:F4:75:6A:6D:57:25:48:02:B1:13:0D:E8:5D:49:FF:31:5D:D3:5D
Certificate issuer:       /CN=62efff88bf665ec86a9e356b79d06ba5940c383c
Certificate serial:       0192B018043FE07F570CDB71E892E268897E
Authority key identifier: 62:EF:FF:88:BF:66:5E:C8:6A:9E:35:6B:79:D0:6B:A5:94:0C:38:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yu__iL9mXshqnjVredBrpZQMODw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/zfR1am1XJUgCsRMN6F1J_zFd010.roa
Signing time:             Mon 21 Oct 2024 17:20:16 +0000
ROA not before:           Mon 21 Oct 2024 17:20:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214941
IP address blocks:        213.254.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/Yu__iL9mXshqnjVredBrpZQMODw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/Yu__iL9mXshqnjVredBrpZQMODw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yu__iL9mXshqnjVredBrpZQMODw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Nov 2024 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b0:18:04:3f:e0:7f:57:0c:db:71:e8:92:e2:68:89:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62efff88bf665ec86a9e356b79d06ba5940c383c
        Validity
            Not Before: Oct 21 17:20:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdf4756a6d57254802b1130de85d49ff315dd35d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:05:fb:fe:aa:c0:64:66:d6:0c:cf:bb:01:2e:
                    5a:1c:2c:54:65:40:f8:5b:90:60:c7:1a:c7:bd:0f:
                    a4:19:3a:79:8c:56:0c:5a:e2:a3:72:a3:a4:f8:d4:
                    5f:eb:9f:18:bc:98:65:a4:57:ab:6b:d3:d9:96:4e:
                    2f:6f:ed:ef:0d:7a:e4:36:06:08:d6:33:a7:3e:85:
                    4e:02:44:b6:55:26:85:67:9f:75:54:33:f0:4f:31:
                    d4:02:1b:23:af:a4:8c:d7:28:70:3a:f2:4c:8b:d2:
                    72:93:17:aa:24:c8:48:5d:58:85:0b:5f:d4:aa:db:
                    89:59:24:66:4b:d4:be:b5:d1:49:46:d4:46:ee:73:
                    30:56:be:ff:ea:c3:99:c0:6b:3b:89:7d:75:01:c5:
                    99:cc:fc:e2:1b:9d:b0:1f:8b:04:7b:ba:2d:ca:8e:
                    62:b2:bf:6d:f0:e5:a9:30:a0:9d:bc:eb:c2:e1:8c:
                    c5:1e:59:34:d7:5d:55:82:d6:5f:ba:13:dc:91:d7:
                    17:7e:ac:69:29:63:0e:ec:0b:ee:5d:b1:eb:c5:da:
                    75:5e:18:36:80:25:bc:80:68:7e:c0:54:21:b8:f0:
                    78:8c:d1:bd:16:b3:9b:52:cf:e2:2c:3e:45:81:ed:
                    e6:65:52:27:06:c3:b7:e5:80:91:0d:69:18:ed:43:
                    57:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:F4:75:6A:6D:57:25:48:02:B1:13:0D:E8:5D:49:FF:31:5D:D3:5D
            X509v3 Authority Key Identifier:
                keyid:62:EF:FF:88:BF:66:5E:C8:6A:9E:35:6B:79:D0:6B:A5:94:0C:38:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yu__iL9mXshqnjVredBrpZQMODw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/zfR1am1XJUgCsRMN6F1J_zFd010.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3123b0-93e3-465d-80e4-040407a290d9/1/Yu__iL9mXshqnjVredBrpZQMODw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.254.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:3a:64:30:1a:c6:d2:e8:96:d3:34:77:9e:8e:8e:93:35:40:
         b7:17:15:cb:ed:b7:f3:52:5f:b1:f1:b0:11:f7:a3:37:93:e7:
         eb:46:00:35:cb:1b:d9:1d:90:73:1b:43:36:47:01:0c:58:58:
         36:6a:09:63:9c:4d:38:11:03:06:80:3a:d1:4b:f2:e1:a3:4b:
         b7:f9:db:b9:b8:58:b9:3b:b7:2e:36:d8:2b:42:2a:8f:4f:1c:
         56:11:4b:1a:21:a2:37:aa:f1:f4:e1:e9:ca:d7:15:48:2d:d5:
         5d:54:51:38:11:9f:1f:bd:34:7f:79:6d:5f:3b:6b:8d:84:71:
         b3:b5:2c:a5:fc:6b:59:0e:5e:4f:30:38:4f:05:58:e1:b2:ce:
         25:93:32:de:e6:36:1d:6e:34:fb:c5:cf:99:ab:c4:c6:a2:45:
         fb:58:33:b4:ba:98:e8:de:ce:d5:84:8e:ec:13:d8:81:98:93:
         c9:bc:cd:77:7d:bc:0e:81:a9:c0:76:2b:99:22:97:ae:11:66:
         12:9f:97:92:74:92:f5:c6:b5:de:a0:94:6e:31:98:87:be:db:
         ab:20:06:a7:d7:cb:95:7b:9f:6c:73:c0:37:46:b0:4d:23:2a:
         46:3e:ae:c7:7a:b0:33:be:dc:13:ca:98:3b:85:63:45:98:a0:
         ac:9e:bc:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKwGAQ/4H9XDNtx6JLiaIl+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZWZmZjg4YmY2NjVlYzg2YTllMzU2Yjc5ZDA2YmE1OTQw
YzM4M2MwHhcNMjQxMDIxMTcyMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGY0NzU2YTZkNTcyNTQ4MDJiMTEzMGRlODVkNDlmZjMxNWRkMzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQX7/qrAZGbWDM+7AS5aHCxUZUD4
W5BgxxrHvQ+kGTp5jFYMWuKjcqOk+NRf658YvJhlpFera9PZlk4vb+3vDXrkNgYI
1jOnPoVOAkS2VSaFZ591VDPwTzHUAhsjr6SM1yhwOvJMi9JykxeqJMhIXViFC1/U
qtuJWSRmS9S+tdFJRtRG7nMwVr7/6sOZwGs7iX11AcWZzPziG52wH4sEe7otyo5i
sr9t8OWpMKCdvOvC4YzFHlk0111VgtZfuhPckdcXfqxpKWMO7AvuXbHrxdp1Xhg2
gCW8gGh+wFQhuPB4jNG9FrObUs/iLD5Fge3mZVInBsO35YCRDWkY7UNX4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM30dWptVyVIArETDehdSf8xXdNdMB8GA1UdIwQY
MBaAFGLv/4i/Zl7Iap41a3nQa6WUDDg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXVfX2lMOW1Yc2hxbmpWcmVkQnJwWlFNT0R3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zMTIzYjAtOTNlMy00NjVkLTgwZTQt
MDQwNDA3YTI5MGQ5LzEvemZSMWFtMVhKVWdDc1JNTjZGMUpfekZkMDEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zMTIzYjAtOTNlMy00NjVkLTgwZTQtMDQwNDA3YTI5MGQ5
LzEvWXVfX2lMOW1Yc2hxbmpWcmVkQnJwWlFNT0R3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1f6qMA0G
CSqGSIb3DQEBCwUAA4IBAQCjOmQwGsbS6JbTNHeejo6TNUC3FxXL7bfzUl+x8bAR
96M3k+frRgA1yxvZHZBzG0M2RwEMWFg2agljnE04EQMGgDrRS/Lho0u3+du5uFi5
O7cuNtgrQiqPTxxWEUsaIaI3qvH04enK1xVILdVdVFE4EZ8fvTR/eW1fO2uNhHGz
tSyl/GtZDl5PMDhPBVjhss4lkzLe5jYdbjT7xc+Zq8TGokX7WDO0upjo3s7VhI7s
E9iBmJPJvM13fbwOganAdiuZIpeuEWYSn5eSdJL1xrXeoJRuMZiHvturIAan18uV
e59sc8A3RrBNIypGPq7HerAzvtwTypg7hWNFmKCsnryQ
-----END CERTIFICATE-----