Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/vzABXDGryhPruJDzz69xyEnMs5A.roa
File:                     vzABXDGryhPruJDzz69xyEnMs5A.roa (raw, json)
Hash identifier:          hzBNpnkrz+OQUbJEyerHfwFpveacKFwUD9HhRkZSDsA=
Subject key identifier:   BF:30:01:5C:31:AB:CA:13:EB:B8:90:F3:CF:AF:71:C8:49:CC:B3:90
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019210D72794F3CF133855D00BACDCD6C62A
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/vzABXDGryhPruJDzz69xyEnMs5A.roa
Signing time:             Fri 20 Sep 2024 19:09:48 +0000
ROA not before:           Fri 20 Sep 2024 19:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214221
IP address blocks:        192.109.253.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:10:d7:27:94:f3:cf:13:38:55:d0:0b:ac:dc:d6:c6:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Sep 20 19:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf30015c31abca13ebb890f3cfaf71c849ccb390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a9:d0:d5:e4:4b:3a:f4:ae:44:f4:10:10:5d:
                    69:84:11:50:1e:37:04:fa:21:72:14:73:b6:9c:d2:
                    69:7c:7c:ed:2d:17:1f:a7:b4:4f:28:0d:e7:b2:e2:
                    04:3e:ab:1e:78:49:3a:9a:6b:47:18:36:68:59:61:
                    6a:53:c1:9f:05:63:df:c5:36:55:da:c7:36:53:83:
                    32:ad:5a:6e:85:37:51:7f:d2:96:49:ff:b4:1f:e7:
                    61:2d:9c:25:83:84:0c:6a:51:2b:74:b2:a6:5b:1e:
                    e4:77:d5:ee:d8:72:d5:9b:f2:e4:a7:d3:45:4b:6f:
                    95:ff:ec:81:42:0c:a8:a5:84:23:83:69:6f:e5:7c:
                    5a:e1:5f:86:74:f8:88:2a:0e:97:43:14:de:9a:e7:
                    85:a2:ad:27:d0:de:69:8d:9f:7b:44:ef:c1:51:87:
                    87:8c:d5:b0:4f:c9:da:ce:51:07:28:78:bc:0d:be:
                    83:a7:48:ba:3a:11:f7:d2:4c:23:17:80:d1:87:e8:
                    15:b9:15:d5:88:1d:83:d2:5f:f9:52:31:8e:19:b1:
                    aa:14:60:18:cd:20:96:a9:f4:2c:fd:ef:16:14:63:
                    31:a6:da:7a:31:15:26:9c:80:12:b7:96:24:ff:6b:
                    eb:a4:a2:2a:79:53:b6:54:3a:89:3d:80:de:fc:94:
                    8b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:30:01:5C:31:AB:CA:13:EB:B8:90:F3:CF:AF:71:C8:49:CC:B3:90
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/vzABXDGryhPruJDzz69xyEnMs5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:4c:ad:d5:a5:71:b9:0d:d5:a2:f3:e0:97:05:52:1c:d8:20:
         d7:27:87:ed:f4:b4:61:9c:1f:5a:8c:b2:39:5b:a4:4e:fb:e9:
         3e:4e:d8:5d:af:84:68:9b:60:3c:82:75:fe:de:30:a4:5f:24:
         a7:8e:66:66:55:8a:9a:23:4b:60:18:19:19:80:f3:89:ec:99:
         81:fc:70:72:1c:0b:84:99:1f:3c:69:3b:64:83:4a:c6:de:83:
         b0:2b:4a:fe:45:be:e5:6f:90:25:73:1f:c8:a3:dd:7f:4d:00:
         cb:14:57:13:b2:4c:bd:ca:d0:16:4a:48:09:e0:f3:72:0f:09:
         cd:d9:65:11:bf:57:59:67:ac:5a:30:42:2d:22:4c:71:5b:ec:
         b1:93:f1:db:63:f5:e1:e3:05:0b:72:95:99:1d:4b:c8:b0:61:
         dc:8f:83:de:14:41:c9:ec:41:57:1b:34:fd:b3:0d:d4:7f:ba:
         29:d3:9f:b8:2a:3f:d7:c5:6e:9e:1a:21:a4:47:2d:f4:a2:2a:
         df:97:68:54:c2:aa:f1:9f:06:d1:4a:76:c6:22:79:75:a7:23:
         82:6e:8c:3f:17:4c:04:c0:ee:62:43:0f:23:0e:98:93:d2:e4:
         22:6e:4c:74:25:78:62:7f:35:09:82:96:b3:79:1f:c3:4f:a4:
         82:f3:8c:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIQ1yeU888TOFXQC6zc1sYqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjQwOTIwMTkwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjMwMDE1YzMxYWJjYTEzZWJiODkwZjNjZmFmNzFjODQ5Y2NiMzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0anQ1eRLOvSuRPQQEF1phBFQHjcE
+iFyFHO2nNJpfHztLRcfp7RPKA3nsuIEPqseeEk6mmtHGDZoWWFqU8GfBWPfxTZV
2sc2U4MyrVpuhTdRf9KWSf+0H+dhLZwlg4QMalErdLKmWx7kd9Xu2HLVm/Lkp9NF
S2+V/+yBQgyopYQjg2lv5Xxa4V+GdPiIKg6XQxTemueFoq0n0N5pjZ97RO/BUYeH
jNWwT8nazlEHKHi8Db6Dp0i6OhH30kwjF4DRh+gVuRXViB2D0l/5UjGOGbGqFGAY
zSCWqfQs/e8WFGMxptp6MRUmnIASt5Yk/2vrpKIqeVO2VDqJPYDe/JSLsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL8wAVwxq8oT67iQ88+vcchJzLOQMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvdnpBQlhER3J5aFBydUpEeno2OXh5RW5NczVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG39MA0G
CSqGSIb3DQEBCwUAA4IBAQA+TK3VpXG5DdWi8+CXBVIc2CDXJ4ft9LRhnB9ajLI5
W6RO++k+Tthdr4Rom2A8gnX+3jCkXySnjmZmVYqaI0tgGBkZgPOJ7JmB/HByHAuE
mR88aTtkg0rG3oOwK0r+Rb7lb5Alcx/Io91/TQDLFFcTsky9ytAWSkgJ4PNyDwnN
2WURv1dZZ6xaMEItIkxxW+yxk/HbY/Xh4wULcpWZHUvIsGHcj4PeFEHJ7EFXGzT9
sw3Uf7op05+4Kj/XxW6eGiGkRy30oirfl2hUwqrxnwbRSnbGInl1pyOCbow/F0wE
wO5iQw8jDpiT0uQibkx0JXhifzUJgpazeR/DT6SC84yH
-----END CERTIFICATE-----