Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/ZzulzD395cBSoKuykRMGZIjsMfs.roa
File:                     ZzulzD395cBSoKuykRMGZIjsMfs.roa (raw, json)
Hash identifier:          TXF2QL7kNoMHjVcEZ34yU4bm/vfjsSnRV79piYD8Kbs=
Subject key identifier:   67:3B:A5:CC:3D:FD:E5:C0:52:A0:AB:B2:91:13:06:64:88:EC:31:FB
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       018D667C92119648CBAC0E0BF6842DA21C64
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/ZzulzD395cBSoKuykRMGZIjsMfs.roa
Signing time:             Thu 01 Feb 2024 21:04:16 +0000
ROA not before:           Thu 01 Feb 2024 21:04:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        171.33.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:66:7c:92:11:96:48:cb:ac:0e:0b:f6:84:2d:a2:1c:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Feb  1 21:04:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=673ba5cc3dfde5c052a0abb29113066488ec31fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:da:4d:e1:2e:31:b2:4f:86:d9:b8:3b:dd:ff:
                    98:6f:0b:ca:7d:33:00:2b:c2:db:d8:bf:b2:c3:fa:
                    59:a3:68:27:7d:fc:23:cd:b1:d0:ec:82:59:84:59:
                    72:60:b5:ef:de:df:a9:6b:6a:1d:92:ff:3b:5c:08:
                    20:41:57:0c:dd:d2:32:7f:2c:d2:ea:67:42:c6:bf:
                    32:dd:2a:4b:32:63:a7:32:81:c0:c4:99:90:72:40:
                    21:f3:64:50:33:ed:ae:19:27:5a:ea:8b:b4:f2:35:
                    84:83:44:20:4e:c7:e2:11:12:4b:68:4b:8e:f5:91:
                    bf:8a:fa:5d:79:b6:87:a3:8d:e1:a4:66:d2:01:c5:
                    6e:3d:46:f2:77:3d:f0:dc:39:cb:70:03:df:94:94:
                    da:9e:0a:fa:aa:86:b7:93:c6:3f:ba:20:60:8f:fc:
                    11:4b:69:79:fe:73:8f:91:14:4d:f7:70:1f:ad:fb:
                    70:ec:c8:42:37:29:72:55:8d:1c:14:fb:85:1c:a5:
                    1b:3f:94:89:ac:e9:8b:3e:97:12:e6:96:cb:f5:86:
                    4c:bf:41:af:dc:21:94:e6:24:4e:46:bd:33:b9:5b:
                    0c:1b:19:04:9a:e1:7d:71:41:96:0f:c8:33:e9:d7:
                    ac:7e:0d:d9:62:c7:f6:02:c5:f4:f8:8e:13:bf:89:
                    d3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:3B:A5:CC:3D:FD:E5:C0:52:A0:AB:B2:91:13:06:64:88:EC:31:FB
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/ZzulzD395cBSoKuykRMGZIjsMfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.33.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:47:7f:f8:e7:b9:74:75:29:5b:91:3e:2f:3e:64:c8:a8:d1:
         f5:58:8f:aa:ec:d7:b4:a2:aa:47:df:8b:bd:eb:10:4b:3c:e4:
         b7:a7:37:8b:32:45:c5:0b:fd:37:37:95:65:d5:78:59:0e:d1:
         51:8e:ff:a8:46:9b:ab:0a:53:47:f9:0c:1c:21:53:a3:70:36:
         08:79:3a:55:84:2d:e9:2c:5a:73:b3:d4:69:7d:52:a4:52:34:
         8c:7d:84:6f:e2:dd:71:39:7c:dc:35:39:3b:08:f0:19:13:4d:
         12:ad:ed:6a:0a:14:17:ef:a0:9d:11:3c:3d:38:12:a2:28:70:
         14:2e:49:99:e3:71:15:f0:2d:a9:18:1e:a0:3c:3f:e9:9f:c9:
         c0:86:83:93:d7:b6:32:a2:a7:97:7e:a6:21:b8:d1:66:d6:bb:
         66:51:15:ee:0c:e8:60:45:d7:8c:31:7b:f2:a6:5a:ba:a1:14:
         8a:d6:f1:34:8a:88:a2:87:3e:76:e9:23:57:07:18:f7:d2:10:
         d2:be:07:d4:c3:01:66:53:8c:ee:2e:df:c9:ed:8c:8d:ce:90:
         63:76:49:ef:e9:6d:c4:c2:a4:cb:f8:95:56:71:ec:75:5b:6b:
         00:6b:b2:90:81:7d:3a:4d:35:20:b9:a2:76:8e:9f:0b:59:0b:
         81:0e:d2:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1mfJIRlkjLrA4L9oQtohxkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjQwMjAxMjEwNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzNiYTVjYzNkZmRlNWMwNTJhMGFiYjI5MTEzMDY2NDg4ZWMzMWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdpN4S4xsk+G2bg73f+YbwvKfTMA
K8Lb2L+yw/pZo2gnffwjzbHQ7IJZhFlyYLXv3t+pa2odkv87XAggQVcM3dIyfyzS
6mdCxr8y3SpLMmOnMoHAxJmQckAh82RQM+2uGSda6ou08jWEg0QgTsfiERJLaEuO
9ZG/ivpdebaHo43hpGbSAcVuPUbydz3w3DnLcAPflJTangr6qoa3k8Y/uiBgj/wR
S2l5/nOPkRRN93Afrftw7MhCNylyVY0cFPuFHKUbP5SJrOmLPpcS5pbL9YZMv0Gv
3CGU5iRORr0zuVsMGxkEmuF9cUGWD8gz6desfg3ZYsf2AsX0+I4Tv4nTPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGc7pcw9/eXAUqCrspETBmSI7DH7MB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvWnp1bHpEMzk1Y0JTb0t1eWtSTUdaSWpzTWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqyHwMA0G
CSqGSIb3DQEBCwUAA4IBAQAcR3/457l0dSlbkT4vPmTIqNH1WI+q7Ne0oqpH34u9
6xBLPOS3pzeLMkXFC/03N5Vl1XhZDtFRjv+oRpurClNH+QwcIVOjcDYIeTpVhC3p
LFpzs9RpfVKkUjSMfYRv4t1xOXzcNTk7CPAZE00Sre1qChQX76CdETw9OBKiKHAU
LkmZ43EV8C2pGB6gPD/pn8nAhoOT17YyoqeXfqYhuNFm1rtmURXuDOhgRdeMMXvy
plq6oRSK1vE0ioiihz526SNXBxj30hDSvgfUwwFmU4zuLt/J7YyNzpBjdknv6W3E
wqTL+JVWcex1W2sAa7KQgX06TTUguaJ2jp8LWQuBDtII
-----END CERTIFICATE-----