Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/ZwkyChbsSJk1g6Ao-Hw5oMvDT8E.roa
File:                     ZwkyChbsSJk1g6Ao-Hw5oMvDT8E.roa (raw, json)
Hash identifier:          86lwT6T3LJpC1lcuBkxP5xpAKi98U70K0aUiQUMk0FA=
Subject key identifier:   67:09:32:0A:16:EC:48:99:35:83:A0:28:F8:7C:39:A0:CB:C3:4F:C1
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       018CC348E0AB66C2036E37DB52F1FC4D83F1
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/ZwkyChbsSJk1g6Ao-Hw5oMvDT8E.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        92.51.40.0/22 maxlen: 24
                          92.51.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e0:ab:66:c2:03:6e:37:db:52:f1:fc:4d:83:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6709320a16ec48993583a028f87c39a0cbc34fc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:29:41:37:9d:78:49:e5:54:88:54:fc:37:5b:
                    11:eb:43:96:6f:1a:1a:4d:6f:bb:67:19:29:cc:87:
                    89:1a:de:c5:9e:57:b5:a4:2a:cd:39:88:5d:01:3d:
                    14:4e:ae:f3:74:1e:55:13:f2:2a:56:3d:bc:1b:9e:
                    e9:1e:ab:6f:99:f2:ea:5e:c4:49:e6:01:7e:9c:71:
                    76:48:b4:fd:d8:ec:1b:bd:ab:91:a9:46:c9:82:f0:
                    13:d5:80:33:2f:4c:3b:f9:ae:56:8a:44:69:62:07:
                    67:c3:9c:a5:e8:de:b8:a0:b4:d2:7e:4d:a5:fb:30:
                    a3:d7:a0:d2:71:44:2c:33:1a:7e:cd:27:d4:e3:6e:
                    ae:de:63:96:2b:25:64:c1:4c:89:db:a6:64:e8:9a:
                    aa:47:2c:f0:f3:19:3d:07:6a:2d:00:e6:0a:3a:0b:
                    33:b0:4e:6c:fe:2c:80:de:53:e2:6d:62:f0:94:21:
                    5d:2d:4e:39:e7:f5:c7:fe:a3:61:92:a4:3f:41:df:
                    19:7c:8f:6a:e6:be:65:26:0b:fc:36:4e:ff:2c:3d:
                    46:65:4b:aa:5b:97:9d:6c:ba:4c:8c:d5:b3:b8:65:
                    ef:00:ef:89:ca:ce:57:be:c5:46:e3:1b:93:a6:88:
                    bb:f4:6c:de:65:be:fc:4e:02:7b:f4:34:46:62:a8:
                    29:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:09:32:0A:16:EC:48:99:35:83:A0:28:F8:7C:39:A0:CB:C3:4F:C1
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/ZwkyChbsSJk1g6Ao-Hw5oMvDT8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.51.32.0/22
                  92.51.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:9f:ca:e6:b4:48:b0:9d:64:31:e6:29:8a:92:2e:53:5f:bc:
         7b:e0:8f:d7:59:2c:ae:d1:4b:8c:33:ab:39:82:b6:85:30:5a:
         54:c4:cb:02:4a:66:b2:f3:57:ef:f4:a0:96:a6:53:ce:44:9d:
         af:ff:07:13:60:7e:6c:e0:6b:fd:66:c6:9e:ec:54:3f:10:73:
         11:19:18:a0:4d:31:03:a1:d2:e3:93:f0:26:57:37:10:82:44:
         e8:2f:30:fc:33:90:d6:85:ab:68:3f:ff:21:3e:28:33:28:22:
         b8:ad:5f:43:3b:38:ba:2b:30:8d:e8:82:a0:b7:8f:b8:bc:e3:
         80:0f:26:55:65:28:b5:3f:b0:ba:e9:42:1e:ce:36:b1:05:aa:
         a1:b5:69:af:8f:33:45:8f:9c:eb:a7:9d:c5:be:97:68:f5:d3:
         2d:95:35:7e:a8:f4:fa:82:12:43:52:d5:aa:03:25:1d:36:aa:
         9a:e5:31:7f:fc:4b:76:10:44:fd:91:36:9a:4a:b5:68:c5:27:
         bc:51:0a:b8:a0:e3:9c:97:26:e3:df:b8:8f:4a:ad:ee:83:da:
         52:f2:1a:82:6e:ad:2a:0f:6d:80:fa:7b:8a:3d:0a:b2:96:76:
         77:74:e1:8a:f3:b1:af:24:f3:ba:f2:76:d9:87:ce:69:33:3d:
         d9:32:f0:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSOCrZsIDbjfbUvH8TYPxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzA5MzIwYTE2ZWM0ODk5MzU4M2EwMjhmODdjMzlhMGNiYzM0ZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjClBN514SeVUiFT8N1sR60OWbxoa
TW+7ZxkpzIeJGt7Fnle1pCrNOYhdAT0UTq7zdB5VE/IqVj28G57pHqtvmfLqXsRJ
5gF+nHF2SLT92OwbvauRqUbJgvAT1YAzL0w7+a5WikRpYgdnw5yl6N64oLTSfk2l
+zCj16DScUQsMxp+zSfU426u3mOWKyVkwUyJ26Zk6JqqRyzw8xk9B2otAOYKOgsz
sE5s/iyA3lPibWLwlCFdLU455/XH/qNhkqQ/Qd8ZfI9q5r5lJgv8Nk7/LD1GZUuq
W5edbLpMjNWzuGXvAO+Jys5XvsVG4xuTpoi79GzeZb78TgJ79DRGYqgpeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGcJMgoW7EiZNYOgKPh8OaDLw0/BMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvWndreUNoYnNTSmsxZzZBby1IdzVvTXZEVDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXDMgAwQC
XDMoMA0GCSqGSIb3DQEBCwUAA4IBAQAqn8rmtEiwnWQx5imKki5TX7x74I/XWSyu
0UuMM6s5graFMFpUxMsCSmay81fv9KCWplPORJ2v/wcTYH5s4Gv9Zsae7FQ/EHMR
GRigTTEDodLjk/AmVzcQgkToLzD8M5DWhatoP/8hPigzKCK4rV9DOzi6KzCN6IKg
t4+4vOOADyZVZSi1P7C66UIezjaxBaqhtWmvjzNFj5zrp53Fvpdo9dMtlTV+qPT6
ghJDUtWqAyUdNqqa5TF//Et2EET9kTaaSrVoxSe8UQq4oOOclybj37iPSq3ug9pS
8hqCbq0qD22A+nuKPQqylnZ3dOGK87GvJPO68nbZh85pMz3ZMvBR
-----END CERTIFICATE-----