Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/ZYZWe08nZ4ENdKCmCpNgpfQWrGY.roa
File:                     ZYZWe08nZ4ENdKCmCpNgpfQWrGY.roa (raw, json)
Hash identifier:          djlMcvtR7UnVT6gASaoF3PkWSAQ4exW1F3fYGsO6dr0=
Subject key identifier:   65:86:56:7B:4F:27:67:81:0D:74:A0:A6:0A:93:60:A5:F4:16:AC:66
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       018E0970581E19E9234E6F5D79E6D49067DA
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/ZYZWe08nZ4ENdKCmCpNgpfQWrGY.roa
Signing time:             Mon 04 Mar 2024 12:29:01 +0000
ROA not before:           Mon 04 Mar 2024 12:29:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48678
IP address blocks:        193.106.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:09:70:58:1e:19:e9:23:4e:6f:5d:79:e6:d4:90:67:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Mar  4 12:29:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6586567b4f2767810d74a0a60a9360a5f416ac66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e6:53:88:ac:ae:2f:6b:ed:40:ef:e0:2b:2f:
                    14:56:e5:46:7e:34:26:3f:67:83:ed:a1:fb:9d:51:
                    ef:a8:8f:84:9d:58:b7:18:83:7d:da:b1:69:98:db:
                    c8:b5:98:dc:ac:80:06:29:82:ac:97:74:77:31:d5:
                    3a:68:bf:1d:ac:e1:6d:67:20:89:4f:5f:f3:cd:39:
                    c2:39:cd:fe:e2:73:23:d8:4e:20:9e:0d:4f:6c:7e:
                    3e:7f:d5:c7:bd:b2:7e:fe:54:7a:76:12:c9:15:7a:
                    8a:9c:33:67:99:d3:dc:e1:32:a1:ea:41:41:4a:2b:
                    aa:0e:78:18:70:c9:ef:bc:a7:d0:c1:72:91:36:68:
                    49:17:03:b5:aa:a3:b4:3c:a5:c3:db:26:0e:b5:e8:
                    b4:82:22:df:c7:e6:73:06:a7:e2:76:a3:e7:b0:05:
                    71:13:d3:47:d2:27:90:8c:51:cf:55:ec:28:0c:7e:
                    db:22:3d:47:a1:b5:9e:f2:7b:7a:12:f3:38:2c:17:
                    e5:7d:28:13:11:93:ec:46:42:85:64:49:c2:f7:be:
                    d6:d2:1a:3e:5a:eb:60:9f:86:2c:a0:eb:c4:e2:e6:
                    a4:25:60:db:98:3d:47:8e:44:27:b8:a9:4e:fe:10:
                    00:a1:39:b0:c2:14:9e:b1:3e:31:85:db:63:c8:bf:
                    97:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:86:56:7B:4F:27:67:81:0D:74:A0:A6:0A:93:60:A5:F4:16:AC:66
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/ZYZWe08nZ4ENdKCmCpNgpfQWrGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:da:a2:66:46:96:06:52:94:d8:62:71:bc:c5:46:22:0b:3e:
         a4:51:85:d0:20:5e:5e:17:b1:6a:7e:75:8a:f3:d5:36:24:e9:
         6c:d2:dd:93:0c:e1:b3:96:e6:6f:aa:d9:32:a1:e8:8a:be:1c:
         a2:05:c6:1f:b9:bd:bf:4c:8c:d5:98:84:2f:25:9f:dd:58:a5:
         f7:3f:4a:b5:34:15:9a:93:3a:1f:1f:72:11:a4:3f:52:8f:f6:
         b2:c2:e5:a5:27:d7:c9:f2:9c:7d:83:00:97:76:92:c1:3b:ed:
         d2:28:93:37:0d:f1:33:97:e3:85:e9:26:a6:c1:24:09:23:f8:
         c7:77:27:fa:62:dd:b3:c9:84:a0:1a:fa:9a:a2:65:8e:b6:12:
         5e:9f:13:9a:8c:eb:95:4d:fd:4a:f6:44:3a:8a:24:64:ac:91:
         3d:29:fd:05:ed:47:43:9b:f2:2d:7a:4c:cc:7a:45:52:1d:6f:
         a4:6e:2e:fb:2f:e6:6e:ab:5a:ba:70:d7:c9:2a:ad:a4:b8:6d:
         04:9d:94:9d:e6:80:d8:a9:fb:08:56:3b:ec:00:5f:9b:d2:d3:
         f1:38:01:c7:64:d9:04:1b:ea:20:4a:a6:f9:27:61:df:9b:d3:
         99:57:a7:38:9b:ba:c5:3d:de:59:ea:44:a1:73:cf:27:47:43:
         15:24:a6:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4JcFgeGekjTm9deebUkGfaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjQwMzA0MTIyOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTg2NTY3YjRmMjc2NzgxMGQ3NGEwYTYwYTkzNjBhNWY0MTZhYzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+ZTiKyuL2vtQO/gKy8UVuVGfjQm
P2eD7aH7nVHvqI+EnVi3GIN92rFpmNvItZjcrIAGKYKsl3R3MdU6aL8drOFtZyCJ
T1/zzTnCOc3+4nMj2E4gng1PbH4+f9XHvbJ+/lR6dhLJFXqKnDNnmdPc4TKh6kFB
SiuqDngYcMnvvKfQwXKRNmhJFwO1qqO0PKXD2yYOtei0giLfx+ZzBqfidqPnsAVx
E9NH0ieQjFHPVewoDH7bIj1HobWe8nt6EvM4LBflfSgTEZPsRkKFZEnC977W0ho+
Wutgn4YsoOvE4uakJWDbmD1HjkQnuKlO/hAAoTmwwhSesT4xhdtjyL+XJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGWGVntPJ2eBDXSgpgqTYKX0FqxmMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvWllaV2UwOG5aNEVOZEtDbUNwTmdwZlFXckdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWrEMA0G
CSqGSIb3DQEBCwUAA4IBAQCL2qJmRpYGUpTYYnG8xUYiCz6kUYXQIF5eF7FqfnWK
89U2JOls0t2TDOGzluZvqtkyoeiKvhyiBcYfub2/TIzVmIQvJZ/dWKX3P0q1NBWa
kzofH3IRpD9Sj/aywuWlJ9fJ8px9gwCXdpLBO+3SKJM3DfEzl+OF6SamwSQJI/jH
dyf6Yt2zyYSgGvqaomWOthJenxOajOuVTf1K9kQ6iiRkrJE9Kf0F7UdDm/ItekzM
ekVSHW+kbi77L+Zuq1q6cNfJKq2kuG0EnZSd5oDYqfsIVjvsAF+b0tPxOAHHZNkE
G+ogSqb5J2Hfm9OZV6c4m7rFPd5Z6kShc88nR0MVJKbn
-----END CERTIFICATE-----