Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/ed4da0-0647-446f-b065-db0dcc08f452/1/Czi28_UqSlX3DD8bfCsTEyQJNAY.roa
File:                     Czi28_UqSlX3DD8bfCsTEyQJNAY.roa (raw, json)
Hash identifier:          U3usmIUZJ5/S09+4kHHMMVDGMYSxW4/mpuj56A3xGKE=
Subject key identifier:   0B:38:B6:F3:F5:2A:4A:55:F7:0C:3F:1B:7C:2B:13:13:24:09:34:06
Certificate issuer:       /CN=66ef31adac663855b3ddd1931c44cf8064d6a6eb
Certificate serial:       018CC801B8075B0FF31BCEE03DEB22A326A6
Authority key identifier: 66:EF:31:AD:AC:66:38:55:B3:DD:D1:93:1C:44:CF:80:64:D6:A6:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zu8xraxmOFWz3dGTHETPgGTWpus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/ed4da0-0647-446f-b065-db0dcc08f452/1/Czi28_UqSlX3DD8bfCsTEyQJNAY.roa
Signing time:             Tue 02 Jan 2024 02:30:04 +0000
ROA not before:           Tue 02 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.160.155.0/24 maxlen: 24
                          2a0c:9e40:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/ed4da0-0647-446f-b065-db0dcc08f452/1/Zu8xraxmOFWz3dGTHETPgGTWpus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/ed4da0-0647-446f-b065-db0dcc08f452/1/Zu8xraxmOFWz3dGTHETPgGTWpus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zu8xraxmOFWz3dGTHETPgGTWpus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:b8:07:5b:0f:f3:1b:ce:e0:3d:eb:22:a3:26:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66ef31adac663855b3ddd1931c44cf8064d6a6eb
        Validity
            Not Before: Jan  2 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b38b6f3f52a4a55f70c3f1b7c2b131324093406
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c9:26:91:d3:33:19:6d:67:d9:06:8b:8e:f2:
                    84:90:25:d1:f1:6d:1f:ce:b7:aa:91:7a:62:d0:63:
                    08:5a:29:e0:ab:30:0c:aa:31:c0:79:d4:44:a8:90:
                    ad:a7:9e:14:5c:18:57:ad:57:a9:01:c2:0b:62:d6:
                    af:0e:3b:0f:b3:56:eb:f7:a4:57:54:75:a2:12:1b:
                    bc:74:5f:c8:3b:9d:6e:41:6f:13:bd:b7:d2:67:d3:
                    7a:c0:87:1b:9c:8f:ac:24:90:24:61:96:c2:6a:f0:
                    7d:7e:e3:68:84:7d:81:94:bc:ce:03:1b:5d:b5:5b:
                    df:c1:15:71:21:49:19:d2:11:f7:65:6d:96:ff:52:
                    0b:dc:d4:88:c1:41:c5:45:14:47:53:81:ba:8f:13:
                    b2:8a:b4:bd:70:c6:c0:51:c0:eb:42:84:b5:6a:7d:
                    1f:29:1c:d8:0d:85:61:ee:99:8a:f1:a5:ab:7f:97:
                    e9:b0:c4:1c:68:2c:16:93:59:ab:12:3f:e7:20:fd:
                    62:83:0d:1b:05:7f:65:c2:86:34:a8:78:83:a6:73:
                    23:54:95:ce:e5:d4:53:f8:72:a1:12:5e:d9:43:64:
                    4b:28:d1:6d:ab:e6:46:b0:ad:1d:d1:14:83:6d:6b:
                    3f:40:5a:75:4f:e8:e7:6a:57:48:c5:57:38:99:52:
                    cb:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:38:B6:F3:F5:2A:4A:55:F7:0C:3F:1B:7C:2B:13:13:24:09:34:06
            X509v3 Authority Key Identifier:
                keyid:66:EF:31:AD:AC:66:38:55:B3:DD:D1:93:1C:44:CF:80:64:D6:A6:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zu8xraxmOFWz3dGTHETPgGTWpus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ed4da0-0647-446f-b065-db0dcc08f452/1/Czi28_UqSlX3DD8bfCsTEyQJNAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ed4da0-0647-446f-b065-db0dcc08f452/1/Zu8xraxmOFWz3dGTHETPgGTWpus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.155.0/24
                IPv6:
                  2a0c:9e40:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:48:3c:aa:37:4d:73:0f:ad:65:e7:60:25:d3:3a:ab:56:cf:
         94:e2:92:07:d8:21:83:5b:e5:a1:4d:40:44:9b:c1:1e:f2:cc:
         1a:7b:d5:eb:33:7f:e3:66:a0:0d:65:e7:ef:c5:1f:e7:6e:18:
         6d:3a:9a:02:6e:31:50:f8:39:99:11:82:b8:af:59:c0:40:e0:
         69:c0:9b:0a:16:44:3a:d5:01:0e:33:ca:01:cb:48:cc:44:06:
         5f:94:e4:2d:c5:1d:2e:19:f7:79:b5:e2:e0:aa:86:c5:51:be:
         e5:89:2c:2b:b8:07:14:e4:96:97:ad:5b:b4:d9:d2:9b:9d:66:
         00:d5:cb:90:73:cb:5e:cd:85:04:b9:39:09:b3:d9:20:2a:bd:
         60:5c:a3:37:3f:88:9a:d9:5a:92:12:21:3e:9f:91:66:ed:2a:
         d5:1c:1b:ae:47:8c:45:aa:ad:cf:8f:1e:8b:cb:dd:d5:54:4d:
         3c:61:ff:4c:54:31:40:11:a4:78:8b:6c:96:cb:0e:e7:68:b9:
         63:43:dd:89:2b:33:f9:7e:c4:d3:d4:a2:40:c9:34:65:58:6a:
         cd:c2:35:60:9e:7f:ba:8d:5b:2b:25:55:cc:d8:56:24:28:f6:
         47:3b:2a:0a:87:20:01:1d:e7:88:6c:c5:72:8c:9f:8a:66:55:
         62:2f:a1:75
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAbgHWw/zG87gPesioyamMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZWYzMWFkYWM2NjM4NTViM2RkZDE5MzFjNDRjZjgwNjRk
NmE2ZWIwHhcNMjQwMTAyMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjM4YjZmM2Y1MmE0YTU1ZjcwYzNmMWI3YzJiMTMxMzI0MDkzNDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoskmkdMzGW1n2QaLjvKEkCXR8W0f
zreqkXpi0GMIWingqzAMqjHAedREqJCtp54UXBhXrVepAcILYtavDjsPs1br96RX
VHWiEhu8dF/IO51uQW8TvbfSZ9N6wIcbnI+sJJAkYZbCavB9fuNohH2BlLzOAxtd
tVvfwRVxIUkZ0hH3ZW2W/1IL3NSIwUHFRRRHU4G6jxOyirS9cMbAUcDrQoS1an0f
KRzYDYVh7pmK8aWrf5fpsMQcaCwWk1mrEj/nIP1igw0bBX9lwoY0qHiDpnMjVJXO
5dRT+HKhEl7ZQ2RLKNFtq+ZGsK0d0RSDbWs/QFp1T+jnaldIxVc4mVLLGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAs4tvP1KkpV9ww/G3wrExMkCTQGMB8GA1UdIwQY
MBaAFGbvMa2sZjhVs93RkxxEz4Bk1qbrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnU4eHJheG1PRld6M2RHVEhFVFBnR1RXcHVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9lZDRkYTAtMDY0Ny00NDZmLWIwNjUt
ZGIwZGNjMDhmNDUyLzEvQ3ppMjhfVXFTbFgzREQ4YmZDc1RFeVFKTkFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9lZDRkYTAtMDY0Ny00NDZmLWIwNjUtZGIwZGNjMDhmNDUy
LzEvWnU4eHJheG1PRld6M2RHVEhFVFBnR1RXcHVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwaCbMA8E
AgACMAkDBwAqDJ5AAAMwDQYJKoZIhvcNAQELBQADggEBABFIPKo3TXMPrWXnYCXT
OqtWz5TikgfYIYNb5aFNQESbwR7yzBp71eszf+NmoA1l5+/FH+duGG06mgJuMVD4
OZkRgrivWcBA4GnAmwoWRDrVAQ4zygHLSMxEBl+U5C3FHS4Z93m14uCqhsVRvuWJ
LCu4BxTklpetW7TZ0pudZgDVy5Bzy17NhQS5OQmz2SAqvWBcozc/iJrZWpISIT6f
kWbtKtUcG65HjEWqrc+PHovL3dVUTTxh/0xUMUARpHiLbJbLDudouWND3YkrM/l+
xNPUokDJNGVYas3CNWCef7qNWyslVczYViQo9kc7KgqHIAEd54hsxXKMn4pmVWIv
oXU=
-----END CERTIFICATE-----