Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/PKZAmbK8WewUu0-0Oc5bzK6MNHA.roa
File:                     PKZAmbK8WewUu0-0Oc5bzK6MNHA.roa (raw, json)
Hash identifier:          BsQFa7rx7m/uCZd9HwAWecqU6spq4kIC8ID7utDdoPE=
Subject key identifier:   3C:A6:40:99:B2:BC:59:EC:14:BB:4F:B4:39:CE:5B:CC:AE:8C:34:70
Certificate issuer:       /CN=296016ad64c22600acf3049f8758f53ebb1e57c4
Certificate serial:       0191FBC30A4EE19273CB0C37C6A0963A8758
Authority key identifier: 29:60:16:AD:64:C2:26:00:AC:F3:04:9F:87:58:F5:3E:BB:1E:57:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWAWrWTCJgCs8wSfh1j1PrseV8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/PKZAmbK8WewUu0-0Oc5bzK6MNHA.roa
Signing time:             Mon 16 Sep 2024 16:55:48 +0000
ROA not before:           Mon 16 Sep 2024 16:55:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199415
IP address blocks:        216.87.54.0/24 maxlen: 24
                          2001:678:204::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/KWAWrWTCJgCs8wSfh1j1PrseV8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/KWAWrWTCJgCs8wSfh1j1PrseV8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWAWrWTCJgCs8wSfh1j1PrseV8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fb:c3:0a:4e:e1:92:73:cb:0c:37:c6:a0:96:3a:87:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296016ad64c22600acf3049f8758f53ebb1e57c4
        Validity
            Not Before: Sep 16 16:55:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ca64099b2bc59ec14bb4fb439ce5bccae8c3470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fd:17:6b:12:ff:ca:b1:9f:00:bb:fc:2a:3f:
                    2d:24:62:a2:fc:9c:68:e5:2d:44:4e:a9:46:2a:0a:
                    64:6b:6a:3a:9d:41:e1:22:9e:ee:3d:ff:7a:29:dd:
                    e6:63:fa:60:bc:8d:84:64:54:cb:50:5f:4e:8b:7d:
                    98:98:6a:c4:20:93:56:21:ef:da:a0:08:3d:94:cd:
                    13:df:f2:20:fb:6b:75:dc:24:31:30:83:a5:68:dc:
                    9e:87:00:4e:e7:cb:09:bb:70:39:a1:74:2a:58:86:
                    a3:ca:5b:1b:a3:f4:f0:64:65:27:03:0b:45:a7:f0:
                    72:a6:9b:14:85:8e:9d:29:c3:74:b9:80:01:95:b7:
                    52:cd:8a:0e:d3:c3:33:31:60:c3:7d:cf:79:15:96:
                    1a:d9:92:8f:d5:3e:11:ad:15:15:1d:5f:d7:c5:50:
                    49:cb:4a:f8:52:7c:e3:ee:d6:fb:d6:da:96:39:bd:
                    5c:71:12:65:8d:2e:64:06:5b:27:99:de:06:f6:04:
                    d7:3c:20:1a:59:b2:ed:83:c3:f6:57:dc:f9:66:8e:
                    8f:56:db:c1:90:91:5c:5b:c3:b3:4c:d0:38:96:0f:
                    a3:c3:14:96:49:0f:a0:df:34:77:28:b1:83:f8:07:
                    0a:de:d7:78:68:3a:b7:15:03:d3:a4:3a:12:1a:f0:
                    1d:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:A6:40:99:B2:BC:59:EC:14:BB:4F:B4:39:CE:5B:CC:AE:8C:34:70
            X509v3 Authority Key Identifier:
                keyid:29:60:16:AD:64:C2:26:00:AC:F3:04:9F:87:58:F5:3E:BB:1E:57:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWAWrWTCJgCs8wSfh1j1PrseV8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/PKZAmbK8WewUu0-0Oc5bzK6MNHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b33481-6634-4d09-bf12-ab7f14daae4f/1/KWAWrWTCJgCs8wSfh1j1PrseV8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.87.54.0/24
                IPv6:
                  2001:678:204::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:49:ba:ed:10:2f:57:2a:23:e2:ec:19:10:e6:25:62:92:ef:
         e7:a0:e1:1d:81:fb:bd:af:98:03:fb:65:05:f7:8b:94:91:c6:
         69:a2:ef:63:f4:c1:8e:7e:6b:59:43:ba:48:f3:9f:0b:ab:d5:
         59:5f:b1:53:2b:1e:de:c8:25:b8:7e:62:7e:8b:a4:fe:f1:e3:
         9d:9b:b3:f5:5d:5b:e4:63:73:6c:5f:8e:f2:64:84:a3:a9:80:
         25:88:a1:34:eb:f6:f9:5f:f3:72:be:f0:eb:45:2a:29:6a:ee:
         18:08:97:08:33:4c:52:59:03:c1:89:56:a7:39:f7:71:11:81:
         c4:21:4b:53:e0:31:ef:e4:30:af:ac:f9:3a:aa:7c:1f:73:d3:
         08:13:e4:a9:d2:54:37:23:ca:10:29:74:ca:77:8e:5d:69:96:
         05:79:93:c5:3e:aa:e8:8f:b0:d8:86:ab:f0:d0:29:a7:30:91:
         0d:fa:5f:58:c4:71:78:18:be:5f:0f:b1:ca:15:83:8f:e4:bf:
         71:0b:75:fa:1e:ae:80:ff:b5:bf:2b:2a:6b:ae:c4:5e:53:38:
         c0:1e:73:2d:dd:a3:3a:53:c1:09:53:a2:92:5d:e7:e6:46:77:
         dd:f7:23:e4:3e:e1:7d:3e:81:b0:26:e0:a1:0e:b4:16:c5:52:
         1c:02:19:6b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZH7wwpO4ZJzyww3xqCWOodYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjAxNmFkNjRjMjI2MDBhY2YzMDQ5Zjg3NThmNTNlYmIx
ZTU3YzQwHhcNMjQwOTE2MTY1NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2E2NDA5OWIyYmM1OWVjMTRiYjRmYjQzOWNlNWJjY2FlOGMzNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/0XaxL/yrGfALv8Kj8tJGKi/Jxo
5S1ETqlGKgpka2o6nUHhIp7uPf96Kd3mY/pgvI2EZFTLUF9Oi32YmGrEIJNWIe/a
oAg9lM0T3/Ig+2t13CQxMIOlaNyehwBO58sJu3A5oXQqWIajylsbo/TwZGUnAwtF
p/ByppsUhY6dKcN0uYABlbdSzYoO08MzMWDDfc95FZYa2ZKP1T4RrRUVHV/XxVBJ
y0r4Unzj7tb71tqWOb1ccRJljS5kBlsnmd4G9gTXPCAaWbLtg8P2V9z5Zo6PVtvB
kJFcW8OzTNA4lg+jwxSWSQ+g3zR3KLGD+AcK3td4aDq3FQPTpDoSGvAdtwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDymQJmyvFnsFLtPtDnOW8yujDRwMB8GA1UdIwQY
MBaAFClgFq1kwiYArPMEn4dY9T67HlfEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dBV3JXVENKZ0NzOHdTZmgxajFQcnNlVjhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMzM0ODEtNjYzNC00ZDA5LWJmMTIt
YWI3ZjE0ZGFhZTRmLzEvUEtaQW1iSzhXZXdVdTAtME9jNWJ6SzZNTkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMzM0ODEtNjYzNC00ZDA5LWJmMTItYWI3ZjE0ZGFhZTRm
LzEvS1dBV3JXVENKZ0NzOHdTZmgxajFQcnNlVjhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA2Fc2MA8E
AgACMAkDBwAgAQZ4AgQwDQYJKoZIhvcNAQELBQADggEBAHRJuu0QL1cqI+LsGRDm
JWKS7+eg4R2B+72vmAP7ZQX3i5SRxmmi72P0wY5+a1lDukjznwur1VlfsVMrHt7I
Jbh+Yn6LpP7x452bs/VdW+Rjc2xfjvJkhKOpgCWIoTTr9vlf83K+8OtFKilq7hgI
lwgzTFJZA8GJVqc593ERgcQhS1PgMe/kMK+s+TqqfB9z0wgT5KnSVDcjyhApdMp3
jl1plgV5k8U+quiPsNiGq/DQKacwkQ36X1jEcXgYvl8PscoVg4/kv3ELdfoeroD/
tb8rKmuuxF5TOMAecy3dozpTwQlTopJd5+ZGd933I+Q+4X0+gbAm4KEOtBbFUhwC
GWs=
-----END CERTIFICATE-----