Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/zgidg-dtgGEeq3so1fTdv91dOrI.roa
File:                     zgidg-dtgGEeq3so1fTdv91dOrI.roa (raw, json)
Hash identifier:          zZv4SR59/dgOvj3vA2L+j3M9j4k4o7VA0yvCEAXxudY=
Subject key identifier:   CE:08:9D:83:E7:6D:80:61:1E:AB:7B:28:D5:F4:DD:BF:DD:5D:3A:B2
Certificate issuer:       /CN=0f6363d428b7915c108825f09706004b8ea3d4b5
Certificate serial:       01931C39CBC0DFD9C44D657C792525CE6D27
Authority key identifier: 0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/zgidg-dtgGEeq3so1fTdv91dOrI.roa
Signing time:             Mon 11 Nov 2024 17:16:09 +0000
ROA not before:           Mon 11 Nov 2024 17:16:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        37.143.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1c:39:cb:c0:df:d9:c4:4d:65:7c:79:25:25:ce:6d:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f6363d428b7915c108825f09706004b8ea3d4b5
        Validity
            Not Before: Nov 11 17:16:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce089d83e76d80611eab7b28d5f4ddbfdd5d3ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9c:44:e6:1d:d2:fe:ab:f8:1e:82:ee:3c:95:
                    91:81:74:eb:a9:97:dd:e7:04:18:4a:91:91:bb:62:
                    85:68:23:92:a1:b0:42:eb:4d:46:46:c4:fa:f2:e6:
                    6f:08:46:53:b1:46:56:64:75:11:cf:4b:2a:e7:29:
                    8b:41:d7:6c:90:4a:67:b4:a3:29:77:31:b2:c4:18:
                    3c:c8:b8:f8:07:8d:ff:b0:8c:07:cf:7c:56:cd:bb:
                    1f:da:a1:24:4b:e6:e6:69:04:4d:cb:88:ab:b4:80:
                    95:36:23:cc:65:f8:5e:be:49:9c:ec:54:98:98:11:
                    e1:b0:42:99:ae:25:44:3c:02:e2:56:96:75:0d:e3:
                    45:7b:71:75:47:d4:68:c2:5d:71:fd:ad:21:9c:05:
                    62:4d:6d:a3:c0:e3:e7:a3:1c:ea:9e:2c:50:d5:aa:
                    10:da:bf:1c:26:b3:04:85:c5:e5:e7:6d:dd:0e:d1:
                    bf:3f:75:41:6f:7f:cc:6b:94:bb:6c:be:c6:70:7b:
                    e2:61:2a:2d:f7:94:47:f6:49:ac:37:e9:6b:17:63:
                    86:b2:a4:0b:9b:87:e7:0c:b6:47:0d:a0:99:2d:21:
                    78:ec:f4:8a:ec:0e:c2:e6:db:c5:06:0d:43:ac:8e:
                    c1:d5:77:34:8e:e5:56:81:05:50:c6:2b:46:ff:51:
                    c9:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:08:9D:83:E7:6D:80:61:1E:AB:7B:28:D5:F4:DD:BF:DD:5D:3A:B2
            X509v3 Authority Key Identifier:
                keyid:0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/zgidg-dtgGEeq3so1fTdv91dOrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:ec:4e:a8:a0:58:45:0c:3b:aa:26:45:4d:52:cf:c7:2f:c1:
         d6:e1:5a:df:a9:b4:f6:d0:cd:bf:0f:02:ad:b5:c4:ea:0e:89:
         90:34:f2:af:0a:0c:68:93:f5:db:3f:c0:ee:37:51:a0:22:0a:
         d5:d7:aa:75:d9:6f:5f:c1:95:7f:45:d9:93:84:8d:42:3c:ed:
         2f:44:b4:37:76:b4:b4:73:20:a3:52:00:f2:0a:67:d6:e0:0b:
         14:33:00:18:b7:8d:c6:02:67:d6:8a:dc:a4:26:56:71:c1:d8:
         da:77:cc:eb:f2:08:4f:12:2e:e2:6c:36:8a:60:8b:af:cb:14:
         12:ee:ea:3f:f8:79:a9:95:05:18:74:2f:8c:36:84:50:07:ce:
         b9:2c:8c:ff:c9:78:d6:16:16:bc:11:a7:eb:8c:8f:fe:45:e9:
         8f:22:ed:ed:df:33:fd:43:dd:3e:55:b8:bd:4d:13:0e:f0:48:
         60:3e:e9:53:87:84:a4:d9:c7:26:4b:21:88:d9:ca:f5:8a:af:
         81:63:26:c7:58:e5:a2:81:c4:7c:e2:68:b5:61:49:0c:5f:d7:
         07:e1:38:a8:fb:84:42:d6:21:87:eb:37:30:3a:07:51:38:e4:
         11:9a:c6:79:a2:8e:d6:cb:47:c4:d6:ed:87:aa:e7:40:57:ed:
         ba:90:12:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMcOcvA39nETWV8eSUlzm0nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNjM2M2Q0MjhiNzkxNWMxMDg4MjVmMDk3MDYwMDRiOGVh
M2Q0YjUwHhcNMjQxMTExMTcxNjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTA4OWQ4M2U3NmQ4MDYxMWVhYjdiMjhkNWY0ZGRiZmRkNWQzYWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZxE5h3S/qv4HoLuPJWRgXTrqZfd
5wQYSpGRu2KFaCOSobBC601GRsT68uZvCEZTsUZWZHURz0sq5ymLQddskEpntKMp
dzGyxBg8yLj4B43/sIwHz3xWzbsf2qEkS+bmaQRNy4irtICVNiPMZfhevkmc7FSY
mBHhsEKZriVEPALiVpZ1DeNFe3F1R9Rowl1x/a0hnAViTW2jwOPnoxzqnixQ1aoQ
2r8cJrMEhcXl523dDtG/P3VBb3/Ma5S7bL7GcHviYSot95RH9kmsN+lrF2OGsqQL
m4fnDLZHDaCZLSF47PSK7A7C5tvFBg1DrI7B1Xc0juVWgQVQxitG/1HJQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4InYPnbYBhHqt7KNX03b/dXTqyMB8GA1UdIwQY
MBaAFA9jY9Qot5FcEIgl8JcGAEuOo9S1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEt
MmUxYzBhZjRmYWE0LzEvemdpZGctZHRnR0VlcTNzbzFmVGR2OTFkT3JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEtMmUxYzBhZjRmYWE0
LzEvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJY8EMA0G
CSqGSIb3DQEBCwUAA4IBAQAt7E6ooFhFDDuqJkVNUs/HL8HW4VrfqbT20M2/DwKt
tcTqDomQNPKvCgxok/XbP8DuN1GgIgrV16p12W9fwZV/RdmThI1CPO0vRLQ3drS0
cyCjUgDyCmfW4AsUMwAYt43GAmfWitykJlZxwdjad8zr8ghPEi7ibDaKYIuvyxQS
7uo/+HmplQUYdC+MNoRQB865LIz/yXjWFha8EafrjI/+RemPIu3t3zP9Q90+Vbi9
TRMO8EhgPulTh4Sk2ccmSyGI2cr1iq+BYybHWOWigcR84mi1YUkMX9cH4Tio+4RC
1iGH6zcwOgdROOQRmsZ5oo7Wy0fE1u2HqudAV+26kBIL
-----END CERTIFICATE-----