Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/z-Ow7GqvyxPAglI0GLCxv1XnsAc.roa
File:                     z-Ow7GqvyxPAglI0GLCxv1XnsAc.roa (raw, json)
Hash identifier:          VKvrH2sx50ruQQBPzOvXtNTtYBwSt2p/HJn5MXNkvro=
Subject key identifier:   CF:E3:B0:EC:6A:AF:CB:13:C0:82:52:34:18:B0:B1:BF:55:E7:B0:07
Certificate issuer:       /CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
Certificate serial:       018E30C07D87C0D78918765EA606B6FCDA95
Authority key identifier: AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/z-Ow7GqvyxPAglI0GLCxv1XnsAc.roa
Signing time:             Tue 12 Mar 2024 03:41:45 +0000
ROA not before:           Tue 12 Mar 2024 03:41:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        128.65.168.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:30:c0:7d:87:c0:d7:89:18:76:5e:a6:06:b6:fc:da:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
        Validity
            Not Before: Mar 12 03:41:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfe3b0ec6aafcb13c082523418b0b1bf55e7b007
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f0:a0:21:b4:c3:ca:49:ce:62:6b:e1:81:e4:
                    7f:e7:bb:e7:ab:b9:69:c5:b4:a5:de:f5:2c:28:39:
                    80:3a:a0:17:7f:2b:d8:d9:d1:68:5d:3d:8e:0a:37:
                    92:4c:ad:61:9e:5a:dd:71:5a:ba:3b:ac:8b:00:b4:
                    66:c9:25:7d:f4:eb:66:39:73:3e:e7:a6:49:4f:7a:
                    3e:ec:d5:91:e4:8a:e7:e8:c4:62:64:4b:e1:9d:ae:
                    9b:4a:23:89:38:87:00:d6:43:61:a0:df:98:a2:c9:
                    22:85:b2:7c:d1:85:16:1f:0f:7b:4b:07:ae:c2:68:
                    7d:78:75:ac:0a:1b:c0:75:93:ea:33:2d:d4:5a:60:
                    db:15:d2:55:c1:8a:67:6f:81:39:c4:b8:7f:fa:bf:
                    3a:1c:70:8c:19:ce:d2:64:76:f8:cb:13:80:62:75:
                    7c:d7:ae:9d:e1:62:32:83:9a:9c:1f:17:49:e8:32:
                    f6:9a:7e:ff:6a:13:c2:3b:ab:b2:01:a1:06:39:f7:
                    cb:e2:66:4a:b4:67:aa:ff:04:2b:dd:73:76:c0:2f:
                    d4:48:7a:93:b5:75:42:d3:d6:03:38:2b:87:f0:03:
                    74:45:42:37:99:db:ff:91:4a:75:76:b0:13:14:aa:
                    fd:ba:f8:2a:95:c4:27:0e:b6:7a:06:d3:80:00:61:
                    2a:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:E3:B0:EC:6A:AF:CB:13:C0:82:52:34:18:B0:B1:BF:55:E7:B0:07
            X509v3 Authority Key Identifier:
                keyid:AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/z-Ow7GqvyxPAglI0GLCxv1XnsAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.65.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:f3:2a:b4:3b:c1:3e:52:03:7a:11:5c:e2:84:7a:43:b5:02:
         1c:e5:e7:a4:f3:33:06:d1:7d:c1:ff:10:d1:7b:bd:f6:53:76:
         80:80:38:97:fb:24:68:dd:9f:56:52:1e:92:b0:9d:e8:61:07:
         b1:34:61:ad:8e:9b:72:be:fa:61:f0:80:06:4a:d3:78:25:e4:
         b9:a4:92:38:cb:55:0f:fa:33:74:a9:e6:6a:7f:d7:4f:a4:f9:
         13:70:10:88:d4:61:6e:7c:8b:59:06:7e:07:df:f1:17:63:00:
         2a:ca:9e:ab:57:2d:01:c7:69:40:93:96:a1:d7:25:bc:b8:41:
         e4:2c:1a:ad:f0:e8:df:6f:4c:ae:4c:bb:7c:8e:81:e8:4d:52:
         95:6d:05:0a:10:df:cf:a3:26:3e:03:e0:44:80:67:a6:e4:c3:
         6e:7f:a6:a2:ae:70:bd:26:1f:de:3e:59:7e:b2:72:d7:de:4d:
         85:3f:95:0f:68:b1:ab:6a:6c:aa:3c:a6:ec:9c:e1:f5:cb:b2:
         3a:e9:e2:cd:44:0b:fb:b1:c6:db:c9:ab:25:03:11:07:bd:ac:
         85:32:bf:3a:a4:18:a3:1c:63:ac:db:30:95:4c:9d:b9:b5:55:
         b2:f4:6c:6c:8f:b2:bc:8c:c5:8b:a8:b7:9d:9d:00:e5:31:d6:
         09:01:bb:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4wwH2HwNeJGHZepga2/NqVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmYyZTg2ZGQ3Y2M5MTAxNjU4ZmY4ZDVhNTI0MTQ0NWZj
ZDFkNmEwHhcNMjQwMzEyMDM0MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmUzYjBlYzZhYWZjYjEzYzA4MjUyMzQxOGIwYjFiZjU1ZTdiMDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvCgIbTDyknOYmvhgeR/57vnq7lp
xbSl3vUsKDmAOqAXfyvY2dFoXT2OCjeSTK1hnlrdcVq6O6yLALRmySV99OtmOXM+
56ZJT3o+7NWR5Irn6MRiZEvhna6bSiOJOIcA1kNhoN+YoskihbJ80YUWHw97Sweu
wmh9eHWsChvAdZPqMy3UWmDbFdJVwYpnb4E5xLh/+r86HHCMGc7SZHb4yxOAYnV8
166d4WIyg5qcHxdJ6DL2mn7/ahPCO6uyAaEGOffL4mZKtGeq/wQr3XN2wC/USHqT
tXVC09YDOCuH8AN0RUI3mdv/kUp1drATFKr9uvgqlcQnDrZ6BtOAAGEqxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/jsOxqr8sTwIJSNBiwsb9V57AHMB8GA1UdIwQY
MBaAFK8vLobdfMkQFlj/jVpSQURfzR1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYt
NDZiYjdhZWMxZjMwLzEvei1PdzdHcXZ5eFBBZ2xJMEdMQ3h2MVhuc0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYtNDZiYjdhZWMxZjMw
LzEvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCgEGoMA0G
CSqGSIb3DQEBCwUAA4IBAQB/8yq0O8E+UgN6EVzihHpDtQIc5eek8zMG0X3B/xDR
e732U3aAgDiX+yRo3Z9WUh6SsJ3oYQexNGGtjptyvvph8IAGStN4JeS5pJI4y1UP
+jN0qeZqf9dPpPkTcBCI1GFufItZBn4H3/EXYwAqyp6rVy0Bx2lAk5ah1yW8uEHk
LBqt8Ojfb0yuTLt8joHoTVKVbQUKEN/PoyY+A+BEgGem5MNuf6airnC9Jh/ePll+
snLX3k2FP5UPaLGramyqPKbsnOH1y7I66eLNRAv7scbbyaslAxEHvayFMr86pBij
HGOs2zCVTJ25tVWy9Gxsj7K8jMWLqLednQDlMdYJAbs+
-----END CERTIFICATE-----