Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/453199-6343-4c67-b87e-32eb3a4ead43/1/ZmTv6PoYY--aJPG20SaemnUbI5E.roa
File:                     ZmTv6PoYY--aJPG20SaemnUbI5E.roa (raw, json)
Hash identifier:          k2gxgu3fzWe99hcU+pYPAEeOh6H7kCYlDn4YJmehlLo=
Subject key identifier:   66:64:EF:E8:FA:18:63:EF:9A:24:F1:B6:D1:26:9E:9A:75:1B:23:91
Certificate issuer:       /CN=a5c249eb6fa6b5dbaf6ab9deb3a7778ee0eb3487
Certificate serial:       018E00F0DA8886342C46BCE81DDA24189E2A
Authority key identifier: A5:C2:49:EB:6F:A6:B5:DB:AF:6A:B9:DE:B3:A7:77:8E:E0:EB:34:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcJJ62-mtduvarnes6d3juDrNIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/453199-6343-4c67-b87e-32eb3a4ead43/1/ZmTv6PoYY--aJPG20SaemnUbI5E.roa
Signing time:             Sat 02 Mar 2024 20:52:48 +0000
ROA not before:           Sat 02 Mar 2024 20:52:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        170.237.6.0/23 maxlen: 24
                          170.237.8.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/453199-6343-4c67-b87e-32eb3a4ead43/1/pcJJ62-mtduvarnes6d3juDrNIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/453199-6343-4c67-b87e-32eb3a4ead43/1/pcJJ62-mtduvarnes6d3juDrNIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcJJ62-mtduvarnes6d3juDrNIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:00:f0:da:88:86:34:2c:46:bc:e8:1d:da:24:18:9e:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5c249eb6fa6b5dbaf6ab9deb3a7778ee0eb3487
        Validity
            Not Before: Mar  2 20:52:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6664efe8fa1863ef9a24f1b6d1269e9a751b2391
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:be:e2:ee:58:b9:a8:23:d2:51:dd:34:d7:39:
                    1c:6a:c7:ee:ee:69:da:c6:32:d0:34:dd:d9:2a:44:
                    38:e4:f4:59:8b:57:e7:d2:24:ed:e2:dd:17:70:51:
                    1a:9e:1c:1c:58:ca:93:c5:11:90:2e:83:fe:3a:89:
                    ef:9f:ce:02:8f:bd:66:34:dd:da:57:76:85:70:2f:
                    c9:12:ea:e7:fa:8b:eb:bc:1d:53:0a:a6:fa:99:b3:
                    b8:4d:03:15:ec:5b:48:9d:96:2d:e4:3e:68:df:8c:
                    7a:e2:31:90:67:ac:5f:89:ea:7d:5a:63:15:20:63:
                    67:50:1c:b4:61:6f:52:dd:47:93:8b:be:24:dc:df:
                    d3:a0:75:83:4a:7b:fe:49:5e:4c:3e:f4:b2:27:b1:
                    b3:ca:88:ad:97:27:8d:e1:55:80:21:df:4c:8f:7c:
                    cf:ba:10:db:f0:95:8b:15:ab:2d:c0:7d:1a:14:4c:
                    1d:17:94:80:9e:4d:65:0a:c8:0a:f7:5b:28:e2:4d:
                    e8:d0:a5:88:dd:cd:2c:22:08:b9:45:f0:43:2b:35:
                    8f:20:e0:ab:fb:bb:87:3e:b8:36:84:2a:04:56:bc:
                    d4:94:53:02:5c:91:cf:37:07:36:53:81:b4:a0:a4:
                    b5:50:ab:dc:38:e4:22:48:70:2c:29:8b:13:0e:52:
                    f3:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:64:EF:E8:FA:18:63:EF:9A:24:F1:B6:D1:26:9E:9A:75:1B:23:91
            X509v3 Authority Key Identifier:
                keyid:A5:C2:49:EB:6F:A6:B5:DB:AF:6A:B9:DE:B3:A7:77:8E:E0:EB:34:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcJJ62-mtduvarnes6d3juDrNIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/453199-6343-4c67-b87e-32eb3a4ead43/1/ZmTv6PoYY--aJPG20SaemnUbI5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/453199-6343-4c67-b87e-32eb3a4ead43/1/pcJJ62-mtduvarnes6d3juDrNIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.237.6.0-170.237.9.255

    Signature Algorithm: sha256WithRSAEncryption
         04:8a:04:10:31:b1:84:6a:9c:7f:e4:14:b1:a4:03:2e:2d:2c:
         82:b1:e7:d0:98:4e:4c:63:9b:c0:cf:29:9a:c1:0b:f4:c0:73:
         89:c8:d9:01:91:82:bf:3b:d0:42:15:ee:13:e9:81:68:c4:40:
         b6:a9:2f:8c:a4:3f:fa:dc:9b:78:fa:34:d5:b5:32:f8:26:9f:
         11:02:85:9c:85:d3:f9:39:5d:63:6f:19:b2:ce:15:8c:d5:e2:
         da:b7:5a:2f:23:c2:98:cd:2b:28:45:fc:55:8e:61:08:72:fe:
         41:17:0d:9b:81:c7:8a:09:92:44:bc:c1:e9:cd:12:6e:a2:74:
         47:5f:dd:14:12:f3:7e:8e:7f:86:81:da:cb:cf:37:ff:fe:73:
         6f:3b:9b:9d:17:02:55:df:42:c0:47:32:ae:09:e1:a5:58:09:
         2e:d2:ff:52:7c:76:fa:c8:2b:31:7e:91:58:04:3c:08:66:51:
         a2:e6:0e:40:52:8f:5d:64:4f:03:cc:3a:8b:12:b1:68:9d:f2:
         6e:38:8b:ba:57:e0:68:01:31:3e:1d:a8:16:25:ed:e2:df:bf:
         a2:ec:72:3f:a8:fe:3f:75:24:f4:c3:43:f7:eb:a3:a0:c7:ac:
         b6:1e:2b:6f:bf:26:a1:76:e6:61:55:cc:19:65:53:ee:4d:d4:
         09:21:78:a9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY4A8NqIhjQsRrzoHdokGJ4qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YzI0OWViNmZhNmI1ZGJhZjZhYjlkZWIzYTc3NzhlZTBl
YjM0ODcwHhcNMjQwMzAyMjA1MjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjY0ZWZlOGZhMTg2M2VmOWEyNGYxYjZkMTI2OWU5YTc1MWIyMzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArr7i7li5qCPSUd001zkcasfu7mna
xjLQNN3ZKkQ45PRZi1fn0iTt4t0XcFEanhwcWMqTxRGQLoP+Oonvn84Cj71mNN3a
V3aFcC/JEurn+ovrvB1TCqb6mbO4TQMV7FtInZYt5D5o34x64jGQZ6xfiep9WmMV
IGNnUBy0YW9S3UeTi74k3N/ToHWDSnv+SV5MPvSyJ7GzyoitlyeN4VWAId9Mj3zP
uhDb8JWLFastwH0aFEwdF5SAnk1lCsgK91so4k3o0KWI3c0sIgi5RfBDKzWPIOCr
+7uHPrg2hCoEVrzUlFMCXJHPNwc2U4G0oKS1UKvcOOQiSHAsKYsTDlLzeQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGZk7+j6GGPvmiTxttEmnpp1GyORMB8GA1UdIwQY
MBaAFKXCSetvprXbr2q53rOnd47g6zSHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGNKSjYyLW10ZHV2YXJuZXM2ZDNqdURyTkljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi80NTMxOTktNjM0My00YzY3LWI4N2Ut
MzJlYjNhNGVhZDQzLzEvWm1UdjZQb1lZLS1hSlBHMjBTYWVtblViSTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi80NTMxOTktNjM0My00YzY3LWI4N2UtMzJlYjNhNGVhZDQz
LzEvcGNKSjYyLW10ZHV2YXJuZXM2ZDNqdURyTkljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAGq7QYD
BAGq7QgwDQYJKoZIhvcNAQELBQADggEBAASKBBAxsYRqnH/kFLGkAy4tLIKx59CY
Tkxjm8DPKZrBC/TAc4nI2QGRgr870EIV7hPpgWjEQLapL4ykP/rcm3j6NNW1Mvgm
nxEChZyF0/k5XWNvGbLOFYzV4tq3Wi8jwpjNKyhF/FWOYQhy/kEXDZuBx4oJkkS8
wenNEm6idEdf3RQS836Of4aB2svPN//+c287m50XAlXfQsBHMq4J4aVYCS7S/1J8
dvrIKzF+kVgEPAhmUaLmDkBSj11kTwPMOosSsWid8m44i7pX4GgBMT4dqBYl7eLf
v6Lscj+o/j91JPTDQ/fro6DHrLYeK2+/JqF25mFVzBllU+5N1AkheKk=
-----END CERTIFICATE-----