Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Zn4z7djRxj35GnT6XX7XDgrLjmQ.roa
File:                     Zn4z7djRxj35GnT6XX7XDgrLjmQ.roa (raw, json)
Hash identifier:          TWKOTHUACbr9uGhBhtBJfvzK+cMyaIW4ziORHkkBYJI=
Subject key identifier:   66:7E:33:ED:D8:D1:C6:3D:F9:1A:74:FA:5D:7E:D7:0E:0A:CB:8E:64
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018E654210E16A6688BFC10A99F330B81E6C
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Zn4z7djRxj35GnT6XX7XDgrLjmQ.roa
Signing time:             Fri 22 Mar 2024 08:23:32 +0000
ROA not before:           Fri 22 Mar 2024 08:23:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209196
IP address blocks:        92.52.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:65:42:10:e1:6a:66:88:bf:c1:0a:99:f3:30:b8:1e:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Mar 22 08:23:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=667e33edd8d1c63df91a74fa5d7ed70e0acb8e64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:57:09:ea:4d:ed:b8:db:8a:13:11:d3:70:ce:
                    ff:50:92:59:e4:fc:55:bb:a9:a0:92:d2:50:95:50:
                    37:5d:58:da:55:c6:4d:1c:b4:79:ce:5c:2d:b6:c9:
                    cf:29:b8:99:b2:c0:c5:c9:64:12:6d:20:ed:3e:75:
                    94:14:eb:89:5e:ad:ce:fb:03:c6:ce:52:19:fc:0a:
                    99:ae:e5:50:58:21:43:4a:60:ff:8f:e7:11:6c:04:
                    d8:7a:6c:b6:3e:ab:80:81:27:85:9b:17:32:14:2e:
                    0f:92:94:54:8b:e5:29:b0:57:85:f2:d1:e8:0e:2f:
                    95:b6:2d:dd:7e:99:6e:c3:45:ac:ac:3a:69:a3:06:
                    75:65:23:ba:9b:82:b6:9b:80:ca:07:e2:67:85:10:
                    e1:f3:a6:08:e8:bb:3e:33:ee:ee:c7:06:ad:46:92:
                    34:83:cd:2f:0f:c7:1f:2e:77:bb:a5:31:be:15:49:
                    7e:1f:43:fe:35:b5:d2:b4:ca:20:0e:2b:79:81:e0:
                    94:69:85:3d:6f:b5:60:b2:6b:78:ec:38:af:e5:5a:
                    1b:8f:57:b4:f0:87:5b:97:3d:f9:c8:e1:f8:ac:d2:
                    72:d1:0b:96:91:b6:66:c2:7b:cf:11:51:fc:e9:4e:
                    41:9b:96:ef:af:48:bc:66:95:d8:20:9d:44:a2:c8:
                    21:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:7E:33:ED:D8:D1:C6:3D:F9:1A:74:FA:5D:7E:D7:0E:0A:CB:8E:64
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Zn4z7djRxj35GnT6XX7XDgrLjmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.52.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:cb:80:14:54:ea:6d:ea:8a:fc:85:54:fc:b2:0d:53:f9:cb:
         53:c1:5b:74:ac:3d:84:f6:55:e9:09:2b:3f:a1:5b:ab:aa:b9:
         4f:64:fe:e0:d6:2b:2b:45:27:76:2d:70:56:80:50:fe:dc:97:
         6c:40:9c:c7:49:36:c8:a7:9a:58:cf:7c:2d:c1:fe:14:3b:fb:
         c3:22:9b:51:9e:42:de:ca:b4:21:d8:26:80:b5:c9:31:4a:2c:
         11:1f:22:32:ef:6a:ca:be:f6:b0:a7:12:9e:02:9c:22:b1:26:
         72:6a:7d:c5:c7:5d:ff:54:19:e8:8f:6d:c9:8c:80:67:84:e8:
         91:72:ba:8e:ac:57:5f:e7:12:0a:89:ef:f6:80:be:12:22:ef:
         ca:69:ca:e1:5f:9c:2a:34:10:41:f3:ab:68:16:5e:cb:1b:8a:
         90:3b:9e:20:5f:3e:7c:07:1a:fd:57:91:ce:bf:76:5a:dd:66:
         0b:ca:4a:54:f0:2a:a2:91:7f:48:77:12:4e:bc:46:05:cf:cc:
         b7:4f:f4:33:8d:46:df:ee:4a:c9:76:98:08:4f:c2:a0:24:54:
         09:e6:87:53:4d:95:3d:5d:cb:84:ac:f1:94:00:d4:18:6d:89:
         c4:74:09:f9:44:98:e1:f0:59:83:7f:f2:47:20:e6:e4:49:b9:
         ae:c0:75:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5lQhDhamaIv8EKmfMwuB5sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMzIyMDgyMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjdlMzNlZGQ4ZDFjNjNkZjkxYTc0ZmE1ZDdlZDcwZTBhY2I4ZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFcJ6k3tuNuKExHTcM7/UJJZ5PxV
u6mgktJQlVA3XVjaVcZNHLR5zlwttsnPKbiZssDFyWQSbSDtPnWUFOuJXq3O+wPG
zlIZ/AqZruVQWCFDSmD/j+cRbATYemy2PquAgSeFmxcyFC4PkpRUi+UpsFeF8tHo
Di+Vti3dfpluw0WsrDppowZ1ZSO6m4K2m4DKB+JnhRDh86YI6Ls+M+7uxwatRpI0
g80vD8cfLne7pTG+FUl+H0P+NbXStMogDit5geCUaYU9b7Vgsmt47Div5Vobj1e0
8Idblz35yOH4rNJy0QuWkbZmwnvPEVH86U5Bm5bvr0i8ZpXYIJ1EosghrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZ+M+3Y0cY9+Rp0+l1+1w4Ky45kMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvWm40ejdkalJ4ajM1R25UNlhYN1hEZ3JMam1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXDTXMA0G
CSqGSIb3DQEBCwUAA4IBAQAUy4AUVOpt6or8hVT8sg1T+ctTwVt0rD2E9lXpCSs/
oVurqrlPZP7g1isrRSd2LXBWgFD+3JdsQJzHSTbIp5pYz3wtwf4UO/vDIptRnkLe
yrQh2CaAtckxSiwRHyIy72rKvvawpxKeApwisSZyan3Fx13/VBnoj23JjIBnhOiR
crqOrFdf5xIKie/2gL4SIu/KacrhX5wqNBBB86toFl7LG4qQO54gXz58Bxr9V5HO
v3Za3WYLykpU8CqikX9IdxJOvEYFz8y3T/QzjUbf7krJdpgIT8KgJFQJ5odTTZU9
XcuErPGUANQYbYnEdAn5RJjh8FmDf/JHIObkSbmuwHUt
-----END CERTIFICATE-----