Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/ZaGM7vU-C3SM8z1p9dmMft9wHkA.roa
File:                     ZaGM7vU-C3SM8z1p9dmMft9wHkA.roa (raw, json)
Hash identifier:          3q8zvv+XwEiYfJx3bLvCYG+oSu3FqIvHNXdxfXdjWwk=
Subject key identifier:   65:A1:8C:EE:F5:3E:0B:74:8C:F3:3D:69:F5:D9:8C:7E:DF:70:1E:40
Certificate issuer:       /CN=f0ff2c6229af763a99f5349a32510df4a4526143
Certificate serial:       01928F698C5BE5981A188198CB0DF4632C3F
Authority key identifier: F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/ZaGM7vU-C3SM8z1p9dmMft9wHkA.roa
Signing time:             Tue 15 Oct 2024 09:01:51 +0000
ROA not before:           Tue 15 Oct 2024 09:01:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15617
IP address blocks:        188.73.192.0/18 maxlen: 24
                          212.152.64.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:8f:69:8c:5b:e5:98:1a:18:81:98:cb:0d:f4:63:2c:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0ff2c6229af763a99f5349a32510df4a4526143
        Validity
            Not Before: Oct 15 09:01:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65a18ceef53e0b748cf33d69f5d98c7edf701e40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4b:3f:a8:7b:63:80:39:5e:b6:34:e6:15:72:
                    bc:fa:2f:9d:15:6d:96:55:78:ec:27:1a:92:fb:bb:
                    8b:68:26:21:5a:a5:90:0f:17:68:75:91:c9:0c:ca:
                    a4:c8:5a:cf:ec:06:b4:1c:54:45:32:4c:51:2f:9d:
                    bb:1c:25:5a:41:59:0c:81:79:b4:5a:36:56:50:72:
                    84:88:d0:40:e5:8f:df:2f:c5:a2:90:13:2f:20:ac:
                    93:dd:e0:09:71:95:82:3d:9b:b7:31:28:b5:b2:fa:
                    c7:85:de:0c:eb:e1:9e:a5:8b:7c:60:df:1b:a0:06:
                    5e:f6:07:ac:d9:5e:e7:bb:56:04:e1:0e:b5:c1:17:
                    24:bc:1d:b9:63:b6:5a:7b:95:c8:1b:0a:00:0d:54:
                    d0:b0:d2:9d:23:43:ca:7a:da:a5:e6:03:3c:6e:dc:
                    c8:ed:4a:83:5f:cd:b8:39:2d:ea:ed:a2:08:ca:ff:
                    69:78:af:bc:37:33:37:45:1e:68:45:47:d0:5b:3c:
                    b7:11:99:97:ef:4f:8a:b6:25:e3:e5:af:7c:fb:8e:
                    f1:fe:43:17:89:e0:0e:8c:5f:c8:03:5f:27:27:28:
                    f4:84:74:80:27:1f:de:5b:be:b6:6a:d6:9f:61:1d:
                    75:db:84:6b:57:39:ba:fa:13:49:46:60:75:c7:ec:
                    46:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:A1:8C:EE:F5:3E:0B:74:8C:F3:3D:69:F5:D9:8C:7E:DF:70:1E:40
            X509v3 Authority Key Identifier:
                keyid:F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/ZaGM7vU-C3SM8z1p9dmMft9wHkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.73.192.0/18
                  212.152.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         11:58:06:1a:a5:3c:a8:55:eb:e6:f3:57:d5:08:6d:84:ed:80:
         74:d1:7d:1f:1c:6f:72:4e:48:1d:49:39:5f:b2:89:5a:7d:75:
         73:72:c9:3c:f5:4b:9f:5e:c8:d3:04:4b:04:a4:85:08:79:b4:
         84:94:00:0e:af:13:0a:c6:1a:7c:da:02:b4:1c:24:1c:30:0d:
         0f:cc:5c:ae:1c:d3:e5:ff:f5:38:d3:05:5d:16:69:81:22:1f:
         e4:2c:97:75:86:52:30:09:4d:ca:15:1d:c6:f1:ea:f1:67:c7:
         88:a0:05:51:93:34:4e:34:52:2f:e2:2e:7c:22:2d:47:5b:81:
         28:cb:72:ac:12:8e:99:bd:0f:fd:f1:6d:a0:c7:93:fb:a3:09:
         8d:25:fd:b3:ab:f1:fa:f8:1a:c8:e3:a9:2a:ad:ef:60:2f:f4:
         a3:ee:3a:4c:f0:28:0d:0d:a7:89:b1:f0:61:4e:b0:e1:09:88:
         d3:5e:26:02:b0:9c:7b:23:be:93:74:55:11:0d:9d:93:26:2a:
         37:4d:f2:da:2a:43:df:43:ed:0c:90:40:b8:0c:51:5b:1e:2e:
         e2:bb:bb:a2:cb:30:07:01:70:da:74:f2:14:33:eb:3b:c6:be:
         ff:a2:9e:d9:92:2e:fc:99:15:a6:79:2c:0a:43:62:7e:15:28:
         19:68:25:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKPaYxb5ZgaGIGYyw30Yyw/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZmYyYzYyMjlhZjc2M2E5OWY1MzQ5YTMyNTEwZGY0YTQ1
MjYxNDMwHhcNMjQxMDE1MDkwMTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWExOGNlZWY1M2UwYjc0OGNmMzNkNjlmNWQ5OGM3ZWRmNzAxZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUs/qHtjgDletjTmFXK8+i+dFW2W
VXjsJxqS+7uLaCYhWqWQDxdodZHJDMqkyFrP7Aa0HFRFMkxRL527HCVaQVkMgXm0
WjZWUHKEiNBA5Y/fL8WikBMvIKyT3eAJcZWCPZu3MSi1svrHhd4M6+GepYt8YN8b
oAZe9ges2V7nu1YE4Q61wRckvB25Y7Zae5XIGwoADVTQsNKdI0PKetql5gM8btzI
7UqDX824OS3q7aIIyv9peK+8NzM3RR5oRUfQWzy3EZmX70+KtiXj5a98+47x/kMX
ieAOjF/IA18nJyj0hHSAJx/eW762atafYR1124RrVzm6+hNJRmB1x+xG9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGWhjO71Pgt0jPM9afXZjH7fcB5AMB8GA1UdIwQY
MBaAFPD/LGIpr3Y6mfU0mjJRDfSkUmFDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYt
ZTY5ZjdhNWQyZDkwLzEvWmFHTTd2VS1DM1NNOHoxcDlkbU1mdDl3SGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wNTFmYTItYzU4MC00YTAyLWExODYtZTY5ZjdhNWQyZDkw
LzEvOFA4c1lpbXZkanFaOVRTYU1sRU45S1JTWVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGvEnAAwQG
1JhAMA0GCSqGSIb3DQEBCwUAA4IBAQARWAYapTyoVevm81fVCG2E7YB00X0fHG9y
TkgdSTlfsolafXVzcsk89UufXsjTBEsEpIUIebSElAAOrxMKxhp82gK0HCQcMA0P
zFyuHNPl//U40wVdFmmBIh/kLJd1hlIwCU3KFR3G8erxZ8eIoAVRkzRONFIv4i58
Ii1HW4Eoy3KsEo6ZvQ/98W2gx5P7owmNJf2zq/H6+BrI46kqre9gL/Sj7jpM8CgN
DaeJsfBhTrDhCYjTXiYCsJx7I76TdFURDZ2TJio3TfLaKkPfQ+0MkEC4DFFbHi7i
u7uiyzAHAXDadPIUM+s7xr7/op7Zki78mRWmeSwKQ2J+FSgZaCWF
-----END CERTIFICATE-----