Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/a89954-ad2f-4a48-a872-3ecf71a7115b/1/ZfVJh616KlVb-k1zEovYVZ4_NNM.roa
File:                     ZfVJh616KlVb-k1zEovYVZ4_NNM.roa (raw, json)
Hash identifier:          6udRXfrnSy9qQCZvxJEhykHnqFl/J035ZJFeYDyJZcA=
Subject key identifier:   65:F5:49:87:AD:7A:2A:55:5B:FA:4D:73:12:8B:D8:55:9E:3F:34:D3
Certificate issuer:       /CN=12303a6462dba29517de0ded87397fa9e5c4052e
Certificate serial:       018CC79337D78A77D4EECBF27BADF0DE6C0D
Authority key identifier: 12:30:3A:64:62:DB:A2:95:17:DE:0D:ED:87:39:7F:A9:E5:C4:05:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EjA6ZGLbopUX3g3thzl_qeXEBS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/a89954-ad2f-4a48-a872-3ecf71a7115b/1/ZfVJh616KlVb-k1zEovYVZ4_NNM.roa
Signing time:             Tue 02 Jan 2024 00:29:23 +0000
ROA not before:           Tue 02 Jan 2024 00:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.39.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/a89954-ad2f-4a48-a872-3ecf71a7115b/1/EjA6ZGLbopUX3g3thzl_qeXEBS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/a89954-ad2f-4a48-a872-3ecf71a7115b/1/EjA6ZGLbopUX3g3thzl_qeXEBS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EjA6ZGLbopUX3g3thzl_qeXEBS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:37:d7:8a:77:d4:ee:cb:f2:7b:ad:f0:de:6c:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12303a6462dba29517de0ded87397fa9e5c4052e
        Validity
            Not Before: Jan  2 00:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65f54987ad7a2a555bfa4d73128bd8559e3f34d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:64:f8:5e:a8:c8:55:c2:dd:cb:d3:d2:0e:30:
                    b4:5a:d9:3b:d5:67:df:04:34:7a:d6:d0:5e:4b:fb:
                    2a:5f:d8:78:7b:52:fe:ba:79:e1:e2:84:6c:d5:c0:
                    dd:5c:d6:c1:90:39:ed:ab:4d:32:02:21:78:be:f6:
                    b2:ab:5b:b1:a1:8f:57:6e:74:80:66:63:83:4a:b3:
                    e4:66:e8:29:70:7f:dc:e8:e8:8b:cc:eb:fd:c5:d0:
                    1d:57:b9:55:ec:8d:56:db:c9:56:0f:06:e9:f4:2b:
                    84:18:a6:41:87:4c:c0:d6:37:50:5e:c9:f6:f6:4f:
                    78:0e:79:cb:fd:17:8b:5b:46:1b:36:1a:7b:fe:ab:
                    3e:c0:d6:20:7d:52:4a:bc:9c:2b:1b:69:91:28:fd:
                    ea:d9:18:ac:65:1f:30:c2:ed:3c:2f:3f:1d:b8:19:
                    75:31:be:b1:53:9b:05:f4:42:73:34:ff:d8:40:1e:
                    80:ca:64:dd:a7:c0:96:a1:0c:13:31:66:62:50:e8:
                    fb:b0:74:d2:69:b7:d7:a5:e2:b2:f1:ae:9c:58:5d:
                    b8:fd:da:39:3d:bc:6d:85:d2:19:b0:4f:5a:20:9f:
                    e4:64:5a:0b:4b:33:b5:3f:d2:c0:b0:c0:42:d9:ad:
                    46:8b:33:ed:37:45:88:70:fb:8a:6b:d5:fd:60:e6:
                    e3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:F5:49:87:AD:7A:2A:55:5B:FA:4D:73:12:8B:D8:55:9E:3F:34:D3
            X509v3 Authority Key Identifier:
                keyid:12:30:3A:64:62:DB:A2:95:17:DE:0D:ED:87:39:7F:A9:E5:C4:05:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EjA6ZGLbopUX3g3thzl_qeXEBS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/a89954-ad2f-4a48-a872-3ecf71a7115b/1/ZfVJh616KlVb-k1zEovYVZ4_NNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/a89954-ad2f-4a48-a872-3ecf71a7115b/1/EjA6ZGLbopUX3g3thzl_qeXEBS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.39.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:29:e2:c6:fb:43:54:7e:a6:31:c8:10:79:cc:19:c5:89:3b:
         a1:ae:72:ee:27:1a:26:d1:cd:a2:7e:f5:e1:91:3c:1b:24:23:
         7d:6a:85:c0:21:15:f9:50:6e:18:7f:b9:3e:37:4d:83:27:4d:
         5b:1c:54:de:5c:8b:ff:44:88:e9:fb:3d:e2:3e:ae:c7:59:68:
         60:ed:2a:b1:52:0a:4c:e8:11:77:db:90:a5:99:6b:c3:56:80:
         88:57:08:aa:98:7f:e8:db:25:2f:14:72:d5:00:e6:d3:95:e0:
         30:2e:49:cb:94:df:45:aa:23:ee:49:1d:2f:5d:73:46:8e:80:
         da:84:98:cb:f5:70:02:1d:03:7a:c4:6e:bc:be:25:aa:ed:54:
         13:98:7e:ef:90:f4:63:bb:ab:a1:c9:03:8b:d3:7d:2e:45:ed:
         6a:56:57:1b:38:4d:6f:fb:cc:5c:79:b6:a5:eb:1a:1d:b8:b0:
         9a:dd:6d:05:b2:2f:75:1c:74:9f:bf:eb:6a:31:0f:99:f2:73:
         5b:12:4f:9a:5e:37:8c:5b:f3:6c:df:0a:a3:b0:0f:3a:6e:62:
         b4:73:8d:86:f1:bf:cc:89:be:7d:c1:c6:51:4c:80:80:7b:e7:
         1d:1d:2b:7e:a2:4d:d8:1f:3f:b1:69:3e:5b:58:16:b1:53:6d:
         f3:7b:e5:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkzfXinfU7svye63w3mwNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMzAzYTY0NjJkYmEyOTUxN2RlMGRlZDg3Mzk3ZmE5ZTVj
NDA1MmUwHhcNMjQwMTAyMDAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWY1NDk4N2FkN2EyYTU1NWJmYTRkNzMxMjhiZDg1NTllM2YzNGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWT4XqjIVcLdy9PSDjC0Wtk71Wff
BDR61tBeS/sqX9h4e1L+unnh4oRs1cDdXNbBkDntq00yAiF4vvayq1uxoY9XbnSA
ZmODSrPkZugpcH/c6OiLzOv9xdAdV7lV7I1W28lWDwbp9CuEGKZBh0zA1jdQXsn2
9k94DnnL/ReLW0YbNhp7/qs+wNYgfVJKvJwrG2mRKP3q2RisZR8wwu08Lz8duBl1
Mb6xU5sF9EJzNP/YQB6AymTdp8CWoQwTMWZiUOj7sHTSabfXpeKy8a6cWF24/do5
PbxthdIZsE9aIJ/kZFoLSzO1P9LAsMBC2a1GizPtN0WIcPuKa9X9YObj9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGX1SYeteipVW/pNcxKL2FWePzTTMB8GA1UdIwQY
MBaAFBIwOmRi26KVF94N7Yc5f6nlxAUuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWpBNlpHTGJvcFVYM2czdGh6bF9xZVhFQlM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hODk5NTQtYWQyZi00YTQ4LWE4NzIt
M2VjZjcxYTcxMTViLzEvWmZWSmg2MTZLbFZiLWsxekVvdllWWjRfTk5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hODk5NTQtYWQyZi00YTQ4LWE4NzItM2VjZjcxYTcxMTVi
LzEvRWpBNlpHTGJvcFVYM2czdGh6bF9xZVhFQlM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSdyMA0G
CSqGSIb3DQEBCwUAA4IBAQCTKeLG+0NUfqYxyBB5zBnFiTuhrnLuJxom0c2ifvXh
kTwbJCN9aoXAIRX5UG4Yf7k+N02DJ01bHFTeXIv/RIjp+z3iPq7HWWhg7SqxUgpM
6BF325ClmWvDVoCIVwiqmH/o2yUvFHLVAObTleAwLknLlN9FqiPuSR0vXXNGjoDa
hJjL9XACHQN6xG68viWq7VQTmH7vkPRju6uhyQOL030uRe1qVlcbOE1v+8xcebal
6xoduLCa3W0Fsi91HHSfv+tqMQ+Z8nNbEk+aXjeMW/Ns3wqjsA86bmK0c42G8b/M
ib59wcZRTICAe+cdHSt+ok3YHz+xaT5bWBaxU23ze+Uc
-----END CERTIFICATE-----