Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/7dda4f-f0c7-4008-9ab9-dfa0b8052614/1/zTDViT9SoQIFdivu4-5DuLRG1j0.roa
File:                     zTDViT9SoQIFdivu4-5DuLRG1j0.roa (raw, json)
Hash identifier:          su6Fx7uRT6PnNQz7U0TJNpPXPqGNKQuhI5XJ1u17kFQ=
Subject key identifier:   CD:30:D5:89:3F:52:A1:02:05:76:2B:EE:E3:EE:43:B8:B4:46:D6:3D
Certificate issuer:       /CN=ec2e821d88de7a011341704202346f7c2bb9ebcf
Certificate serial:       018CC26D0C392238541504C9E04CF32BE2A0
Authority key identifier: EC:2E:82:1D:88:DE:7A:01:13:41:70:42:02:34:6F:7C:2B:B9:EB:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7C6CHYjeegETQXBCAjRvfCu5688.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/7dda4f-f0c7-4008-9ab9-dfa0b8052614/1/zTDViT9SoQIFdivu4-5DuLRG1j0.roa
Signing time:             Mon 01 Jan 2024 00:29:35 +0000
ROA not before:           Mon 01 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35720
IP address blocks:        194.79.24.0/22 maxlen: 22
                          194.79.24.0/23 maxlen: 23
                          194.79.26.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/7dda4f-f0c7-4008-9ab9-dfa0b8052614/1/7C6CHYjeegETQXBCAjRvfCu5688.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/7dda4f-f0c7-4008-9ab9-dfa0b8052614/1/7C6CHYjeegETQXBCAjRvfCu5688.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7C6CHYjeegETQXBCAjRvfCu5688.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:0c:39:22:38:54:15:04:c9:e0:4c:f3:2b:e2:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec2e821d88de7a011341704202346f7c2bb9ebcf
        Validity
            Not Before: Jan  1 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd30d5893f52a10205762beee3ee43b8b446d63d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:13:53:51:9f:ec:8c:8d:78:b8:ca:5e:c0:e3:
                    c1:3d:3b:37:26:fa:39:df:89:e9:a4:f5:56:90:5c:
                    2b:78:21:b9:a5:34:da:77:47:d8:90:6b:71:ea:39:
                    fb:ca:0e:82:cd:2d:77:41:d9:36:23:d2:95:24:c6:
                    a8:ec:02:d1:e7:35:f4:9b:8e:d3:5f:56:2e:03:a1:
                    ca:fb:29:fd:a3:d4:5b:4b:6e:9c:73:ea:fd:9c:f3:
                    fe:b2:37:c4:4e:9a:00:75:b5:ac:27:cd:c2:7a:0a:
                    30:fc:97:ac:2b:18:62:b1:e7:cf:53:ab:f1:43:8e:
                    5b:9f:12:df:38:7f:b7:21:e3:55:5c:73:1a:26:e9:
                    e4:e9:77:14:44:67:0e:9d:26:1f:be:7a:85:0e:4f:
                    54:1b:4d:92:90:9a:d5:d3:2c:e5:46:fa:78:3f:b8:
                    7e:ce:32:05:20:d3:65:6f:b6:6b:f9:03:5c:34:97:
                    17:52:f0:33:9a:83:04:ee:cb:71:0a:db:67:ac:06:
                    62:e2:60:f3:5a:b5:b9:48:a5:1a:27:ac:86:31:af:
                    df:c1:db:50:fa:8c:6c:82:df:49:90:6b:b6:7c:85:
                    c9:14:e5:92:9e:de:c1:86:64:ba:7c:f3:e4:7c:4c:
                    bb:0b:96:01:ff:57:50:81:c5:da:2c:34:7a:55:0a:
                    d7:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:30:D5:89:3F:52:A1:02:05:76:2B:EE:E3:EE:43:B8:B4:46:D6:3D
            X509v3 Authority Key Identifier:
                keyid:EC:2E:82:1D:88:DE:7A:01:13:41:70:42:02:34:6F:7C:2B:B9:EB:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7C6CHYjeegETQXBCAjRvfCu5688.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/7dda4f-f0c7-4008-9ab9-dfa0b8052614/1/zTDViT9SoQIFdivu4-5DuLRG1j0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/7dda4f-f0c7-4008-9ab9-dfa0b8052614/1/7C6CHYjeegETQXBCAjRvfCu5688.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.79.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d9:bc:3a:c7:d1:99:38:30:e1:7c:a1:04:4e:a4:c0:f0:e8:06:
         2f:86:4d:42:45:02:c1:bf:2b:71:ea:10:dd:71:ae:92:ed:8f:
         fb:37:99:a9:56:05:46:c7:26:1e:01:7f:fc:57:b3:9c:8a:c7:
         16:de:ac:50:ef:f6:76:75:82:61:da:9e:07:5f:71:3b:b8:63:
         f1:a2:02:7d:0a:49:b6:f0:06:34:c2:46:2d:c8:b8:4a:28:b9:
         91:57:85:30:e5:30:b0:c3:5b:bc:91:0b:5c:db:ba:16:cd:d4:
         48:37:37:78:13:67:a6:d0:c8:2b:f8:fb:98:f5:c3:8b:bb:c8:
         8b:c1:b4:43:8b:1d:6d:11:cb:a4:a8:47:23:1f:28:ba:22:6b:
         46:6e:59:e8:c8:eb:1f:9e:54:e3:6c:58:fd:7d:0d:f8:e4:b5:
         53:22:1e:36:12:3f:72:f3:05:f0:b3:20:9d:28:ab:cd:9d:c9:
         40:f0:aa:72:e8:7d:cb:5d:94:62:9f:09:65:b6:d2:38:8a:4a:
         2f:98:cf:fd:8f:04:45:fa:8b:24:2f:ea:ec:48:7a:77:67:30:
         fe:6f:42:fe:57:6f:fb:43:33:56:ea:bb:3f:d8:29:0f:f6:c1:
         7d:e8:6a:54:08:d6:14:a2:e2:65:03:62:c9:c0:da:8c:d0:16:
         be:93:ef:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQw5IjhUFQTJ4EzzK+KgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMmU4MjFkODhkZTdhMDExMzQxNzA0MjAyMzQ2ZjdjMmJi
OWViY2YwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDMwZDU4OTNmNTJhMTAyMDU3NjJiZWVlM2VlNDNiOGI0NDZkNjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhNTUZ/sjI14uMpewOPBPTs3Jvo5
34nppPVWkFwreCG5pTTad0fYkGtx6jn7yg6CzS13Qdk2I9KVJMao7ALR5zX0m47T
X1YuA6HK+yn9o9RbS26cc+r9nPP+sjfETpoAdbWsJ83Cegow/JesKxhisefPU6vx
Q45bnxLfOH+3IeNVXHMaJunk6XcURGcOnSYfvnqFDk9UG02SkJrV0yzlRvp4P7h+
zjIFINNlb7Zr+QNcNJcXUvAzmoME7stxCttnrAZi4mDzWrW5SKUaJ6yGMa/fwdtQ
+oxsgt9JkGu2fIXJFOWSnt7BhmS6fPPkfEy7C5YB/1dQgcXaLDR6VQrX+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0w1Yk/UqECBXYr7uPuQ7i0RtY9MB8GA1UdIwQY
MBaAFOwugh2I3noBE0FwQgI0b3wruevPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0M2Q0hZamVlZ0VUUVhCQ0FqUnZmQ3U1Njg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy83ZGRhNGYtZjBjNy00MDA4LTlhYjkt
ZGZhMGI4MDUyNjE0LzEvelREVmlUOVNvUUlGZGl2dTQtNUR1TFJHMWowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy83ZGRhNGYtZjBjNy00MDA4LTlhYjktZGZhMGI4MDUyNjE0
LzEvN0M2Q0hZamVlZ0VUUVhCQ0FqUnZmQ3U1Njg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwk8YMA0G
CSqGSIb3DQEBCwUAA4IBAQDZvDrH0Zk4MOF8oQROpMDw6AYvhk1CRQLBvytx6hDd
ca6S7Y/7N5mpVgVGxyYeAX/8V7OciscW3qxQ7/Z2dYJh2p4HX3E7uGPxogJ9Ckm2
8AY0wkYtyLhKKLmRV4Uw5TCww1u8kQtc27oWzdRINzd4E2em0Mgr+PuY9cOLu8iL
wbRDix1tEcukqEcjHyi6ImtGblnoyOsfnlTjbFj9fQ345LVTIh42Ej9y8wXwsyCd
KKvNnclA8Kpy6H3LXZRinwllttI4ikovmM/9jwRF+oskL+rsSHp3ZzD+b0L+V2/7
QzNW6rs/2CkP9sF96GpUCNYUouJlA2LJwNqM0Ba+k+9A
-----END CERTIFICATE-----