Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/fe455d-f6ce-436c-8327-db6ddb4a44e5/1/ZaZOFNtUYwNolPi_hexuk5bbR8c.roa
File:                     ZaZOFNtUYwNolPi_hexuk5bbR8c.roa (raw, json)
Hash identifier:          HwIStkYmPO+87y83/del1tEm1kzowkBS8/0H3b5Nh8E=
Subject key identifier:   65:A6:4E:14:DB:54:63:03:68:94:F8:BF:85:EC:6E:93:96:DB:47:C7
Certificate issuer:       /CN=68a7c2c84ffa4934cf0f73ef1a1a1a3378731826
Certificate serial:       018CC9BBD74B811037C0AFD51EDF1B67C110
Authority key identifier: 68:A7:C2:C8:4F:FA:49:34:CF:0F:73:EF:1A:1A:1A:33:78:73:18:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aKfCyE_6STTPD3PvGhoaM3hzGCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/fe455d-f6ce-436c-8327-db6ddb4a44e5/1/ZaZOFNtUYwNolPi_hexuk5bbR8c.roa
Signing time:             Tue 02 Jan 2024 10:32:59 +0000
ROA not before:           Tue 02 Jan 2024 10:32:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        194.169.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/fe455d-f6ce-436c-8327-db6ddb4a44e5/1/aKfCyE_6STTPD3PvGhoaM3hzGCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/fe455d-f6ce-436c-8327-db6ddb4a44e5/1/aKfCyE_6STTPD3PvGhoaM3hzGCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aKfCyE_6STTPD3PvGhoaM3hzGCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:d7:4b:81:10:37:c0:af:d5:1e:df:1b:67:c1:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68a7c2c84ffa4934cf0f73ef1a1a1a3378731826
        Validity
            Not Before: Jan  2 10:32:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65a64e14db5463036894f8bf85ec6e9396db47c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:1e:51:2c:ca:ce:69:b8:eb:bc:8d:ea:ff:23:
                    14:61:a3:c4:04:c6:96:d6:17:55:4b:f9:1b:ef:82:
                    79:5e:ef:ad:a7:c8:08:b5:e2:29:e1:7a:c6:c3:c4:
                    2e:c0:6b:ec:fd:78:d6:86:cf:ca:ba:69:5d:9f:6d:
                    ec:5f:fc:83:ab:49:3b:9a:df:00:8c:95:e5:eb:ce:
                    68:9c:1c:2c:4a:4a:63:f1:2c:6e:e9:c8:12:cc:a2:
                    ac:4a:44:1c:ed:d8:94:3a:2b:de:e1:51:b0:2b:74:
                    a6:db:65:a1:8c:e0:fa:f8:1e:d2:c4:de:97:b1:56:
                    51:8c:14:c6:ae:f2:c7:2b:12:26:a4:ff:d6:ed:97:
                    74:16:9e:eb:15:2a:04:c1:f8:77:9a:90:55:52:fe:
                    4f:ae:38:57:5d:db:41:60:e9:39:37:3d:7a:55:13:
                    c1:5d:88:06:7b:54:49:0b:a6:b2:dd:71:1d:d7:b1:
                    03:c1:86:d8:ce:b7:c0:91:32:57:c9:7a:23:bc:f7:
                    74:74:9a:f8:ea:85:89:15:10:b4:ae:7e:fd:6c:23:
                    c1:05:eb:41:10:65:10:0b:f4:89:38:56:45:be:04:
                    c0:56:08:9b:e8:55:20:c6:98:a5:19:cf:e0:1c:e9:
                    7d:e6:00:87:69:fe:b9:37:6b:48:8e:4e:9e:48:d9:
                    c4:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:A6:4E:14:DB:54:63:03:68:94:F8:BF:85:EC:6E:93:96:DB:47:C7
            X509v3 Authority Key Identifier:
                keyid:68:A7:C2:C8:4F:FA:49:34:CF:0F:73:EF:1A:1A:1A:33:78:73:18:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aKfCyE_6STTPD3PvGhoaM3hzGCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/fe455d-f6ce-436c-8327-db6ddb4a44e5/1/ZaZOFNtUYwNolPi_hexuk5bbR8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/fe455d-f6ce-436c-8327-db6ddb4a44e5/1/aKfCyE_6STTPD3PvGhoaM3hzGCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:1a:a1:f1:8a:8f:91:8a:04:b6:48:4f:6e:44:9f:69:fb:cd:
         4b:30:ea:79:43:f4:22:cf:92:6d:da:b7:9b:7f:e1:98:92:7c:
         6e:f7:fc:42:fe:3a:1f:4c:0a:2f:53:ab:3e:5d:2b:31:55:7a:
         6d:47:95:9a:be:71:74:67:d5:55:a7:44:42:7f:f2:42:4f:c1:
         89:cf:2d:ea:5f:07:4a:17:7f:ff:0c:dc:29:91:af:fc:58:ec:
         8f:d6:4c:85:63:0e:3b:b6:7b:b8:14:62:c2:5c:fb:e6:6a:df:
         05:b1:b0:c0:04:f3:d8:4c:6b:00:80:c1:32:3e:1a:df:35:02:
         6d:5a:30:68:21:21:70:17:43:53:f5:da:3c:0c:a8:d6:6a:c4:
         6c:35:a4:14:5b:07:24:31:42:40:2e:bb:fa:35:a1:e1:45:62:
         fa:45:c5:85:8d:ee:31:b7:03:cb:61:a0:0a:24:40:36:4a:ec:
         3b:2d:0f:91:ba:56:f1:3f:56:84:2d:7b:e8:cc:d6:6a:38:01:
         25:b3:bb:12:ec:67:5f:33:2c:46:4a:1e:c2:95:99:d4:8f:26:
         f2:0f:d1:fa:e2:0e:a9:3d:71:87:b5:a9:28:7f:51:69:85:f8:
         30:74:a2:ff:cd:08:03:b6:c7:69:38:c2:09:22:e6:19:d9:e7:
         4c:82:f0:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu9dLgRA3wK/VHt8bZ8EQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YTdjMmM4NGZmYTQ5MzRjZjBmNzNlZjFhMWExYTMzNzg3
MzE4MjYwHhcNMjQwMTAyMTAzMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWE2NGUxNGRiNTQ2MzAzNjg5NGY4YmY4NWVjNmU5Mzk2ZGI0N2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhB5RLMrOabjrvI3q/yMUYaPEBMaW
1hdVS/kb74J5Xu+tp8gIteIp4XrGw8QuwGvs/XjWhs/Kumldn23sX/yDq0k7mt8A
jJXl685onBwsSkpj8Sxu6cgSzKKsSkQc7diUOive4VGwK3Sm22WhjOD6+B7SxN6X
sVZRjBTGrvLHKxImpP/W7Zd0Fp7rFSoEwfh3mpBVUv5PrjhXXdtBYOk5Nz16VRPB
XYgGe1RJC6ay3XEd17EDwYbYzrfAkTJXyXojvPd0dJr46oWJFRC0rn79bCPBBetB
EGUQC/SJOFZFvgTAVgib6FUgxpilGc/gHOl95gCHaf65N2tIjk6eSNnEeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGWmThTbVGMDaJT4v4XsbpOW20fHMB8GA1UdIwQY
MBaAFGinwshP+kk0zw9z7xoaGjN4cxgmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUtmQ3lFXzZTVFRQRDNQdkdob2FNM2h6R0NZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9mZTQ1NWQtZjZjZS00MzZjLTgzMjct
ZGI2ZGRiNGE0NGU1LzEvWmFaT0ZOdFVZd05vbFBpX2hleHVrNWJiUjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9mZTQ1NWQtZjZjZS00MzZjLTgzMjctZGI2ZGRiNGE0NGU1
LzEvYUtmQ3lFXzZTVFRQRDNQdkdob2FNM2h6R0NZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqnbMA0G
CSqGSIb3DQEBCwUAA4IBAQBsGqHxio+RigS2SE9uRJ9p+81LMOp5Q/Qiz5Jt2reb
f+GYknxu9/xC/jofTAovU6s+XSsxVXptR5WavnF0Z9VVp0RCf/JCT8GJzy3qXwdK
F3//DNwpka/8WOyP1kyFYw47tnu4FGLCXPvmat8FsbDABPPYTGsAgMEyPhrfNQJt
WjBoISFwF0NT9do8DKjWasRsNaQUWwckMUJALrv6NaHhRWL6RcWFje4xtwPLYaAK
JEA2Suw7LQ+RulbxP1aELXvozNZqOAEls7sS7GdfMyxGSh7ClZnUjybyD9H64g6p
PXGHtakof1FphfgwdKL/zQgDtsdpOMIJIuYZ2edMgvCb
-----END CERTIFICATE-----