Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/e0ddde-cc9f-4807-8fa2-eaf924731218/1/ZLX0sohGwknRnmLsm_moOIjYMBo.roa
File:                     ZLX0sohGwknRnmLsm_moOIjYMBo.roa (raw, json)
Hash identifier:          o/u1AgB1l3ccHn+rOHpOWgjM8zUkMBxpAeDVDZ+rV+I=
Subject key identifier:   64:B5:F4:B2:88:46:C2:49:D1:9E:62:EC:9B:F9:A8:38:88:D8:30:1A
Certificate issuer:       /CN=1704a51d84fba6d0fe218aedca95a894dcce1cd7
Certificate serial:       018CC9BCB59975BD540214559D70FAC32069
Authority key identifier: 17:04:A5:1D:84:FB:A6:D0:FE:21:8A:ED:CA:95:A8:94:DC:CE:1C:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwSlHYT7ptD-IYrtypWolNzOHNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/e0ddde-cc9f-4807-8fa2-eaf924731218/1/ZLX0sohGwknRnmLsm_moOIjYMBo.roa
Signing time:             Tue 02 Jan 2024 10:33:56 +0000
ROA not before:           Tue 02 Jan 2024 10:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202041
IP address blocks:        185.45.158.0/23 maxlen: 23
                          185.45.156.0/22 maxlen: 22
                          185.45.156.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/e0ddde-cc9f-4807-8fa2-eaf924731218/1/FwSlHYT7ptD-IYrtypWolNzOHNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/e0ddde-cc9f-4807-8fa2-eaf924731218/1/FwSlHYT7ptD-IYrtypWolNzOHNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwSlHYT7ptD-IYrtypWolNzOHNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:b5:99:75:bd:54:02:14:55:9d:70:fa:c3:20:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1704a51d84fba6d0fe218aedca95a894dcce1cd7
        Validity
            Not Before: Jan  2 10:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64b5f4b28846c249d19e62ec9bf9a83888d8301a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:dc:97:5f:94:3a:a2:e3:e2:71:8a:b2:74:e2:
                    4a:fe:cc:51:a8:94:24:ee:f8:08:b7:b9:04:84:f7:
                    d6:b5:70:94:33:00:8c:12:7a:ee:91:b6:be:a8:42:
                    6d:97:bd:5c:b1:b5:b8:1e:54:0a:b3:3a:24:d5:8b:
                    4a:b0:2a:cc:16:a8:6a:97:d3:e0:8f:02:aa:9a:b7:
                    15:60:69:1a:48:2a:25:29:d6:39:cf:8f:88:5f:7e:
                    68:fe:d8:46:d1:f6:d1:95:9f:23:a4:2b:0b:38:82:
                    57:20:e9:2f:8f:c0:3e:4c:30:7c:0e:bc:98:cb:53:
                    bc:47:0d:52:14:5d:d8:66:99:b2:0d:75:bf:bc:06:
                    1f:d4:6a:8b:be:6f:e1:fd:96:5b:bf:6a:dd:10:99:
                    2e:d6:f2:0d:04:b5:db:48:e9:83:a1:0a:d4:79:4a:
                    9b:26:81:84:65:bf:47:68:ac:48:9e:30:40:08:d0:
                    a1:3b:6b:b5:9e:67:e3:1e:39:2e:39:e4:1f:62:59:
                    a2:a4:98:5f:9e:d7:d0:7c:5b:e0:90:c0:76:65:fd:
                    39:4b:03:1f:98:79:02:38:7e:b4:46:87:40:fb:ba:
                    5e:90:9a:fb:0d:ea:a8:b9:02:66:ba:73:f4:27:19:
                    67:ab:e6:c0:3c:4e:10:53:2b:40:b8:d3:63:92:78:
                    db:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:B5:F4:B2:88:46:C2:49:D1:9E:62:EC:9B:F9:A8:38:88:D8:30:1A
            X509v3 Authority Key Identifier:
                keyid:17:04:A5:1D:84:FB:A6:D0:FE:21:8A:ED:CA:95:A8:94:DC:CE:1C:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwSlHYT7ptD-IYrtypWolNzOHNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/e0ddde-cc9f-4807-8fa2-eaf924731218/1/ZLX0sohGwknRnmLsm_moOIjYMBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/e0ddde-cc9f-4807-8fa2-eaf924731218/1/FwSlHYT7ptD-IYrtypWolNzOHNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:1f:ce:05:d6:18:5f:95:fc:88:a8:4a:8e:d7:ee:af:90:e1:
         eb:e9:67:52:36:16:b1:19:18:89:9c:d3:16:ed:cd:51:7b:c3:
         09:f4:53:9e:2b:04:02:ba:34:6e:a6:b4:0f:98:ae:68:5a:76:
         e2:a4:d3:ba:36:fe:96:68:74:d3:c2:d0:be:24:2a:00:02:2b:
         d4:4e:ae:30:0d:4f:47:37:5b:6a:a5:f8:ab:13:62:f6:8d:47:
         91:99:8b:0b:da:d9:c9:61:ce:9a:35:ff:a0:64:d2:cf:06:3b:
         e8:59:ba:a9:61:14:ad:bf:50:25:d6:c2:a8:a8:fd:96:e6:66:
         d9:ec:e8:54:e3:63:2c:fa:df:66:82:d4:1c:1b:f4:1d:fe:71:
         22:87:e9:2b:3a:ff:97:9b:0a:5b:14:13:ba:49:cb:20:98:5b:
         fe:8c:27:4b:d4:cb:e3:67:09:a8:48:e4:15:9b:7b:78:e6:1e:
         ce:f1:45:33:b9:c8:81:2f:f1:ab:2c:44:7e:1e:0e:60:6b:2f:
         e4:43:0c:10:46:e8:3c:2e:b1:ce:11:63:ad:21:57:ee:f7:de:
         b4:e1:ae:7a:0f:87:8a:9e:4c:4e:66:7b:ba:68:eb:24:56:72:
         d0:b4:8d:b5:1e:aa:4f:ea:48:f6:1f:f6:c3:11:72:7b:0c:b0:
         de:1d:df:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvLWZdb1UAhRVnXD6wyBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDRhNTFkODRmYmE2ZDBmZTIxOGFlZGNhOTVhODk0ZGNj
ZTFjZDcwHhcNMjQwMTAyMTAzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGI1ZjRiMjg4NDZjMjQ5ZDE5ZTYyZWM5YmY5YTgzODg4ZDgzMDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtyXX5Q6ouPicYqydOJK/sxRqJQk
7vgIt7kEhPfWtXCUMwCMEnrukba+qEJtl71csbW4HlQKszok1YtKsCrMFqhql9Pg
jwKqmrcVYGkaSColKdY5z4+IX35o/thG0fbRlZ8jpCsLOIJXIOkvj8A+TDB8DryY
y1O8Rw1SFF3YZpmyDXW/vAYf1GqLvm/h/ZZbv2rdEJku1vINBLXbSOmDoQrUeUqb
JoGEZb9HaKxInjBACNChO2u1nmfjHjkuOeQfYlmipJhfntfQfFvgkMB2Zf05SwMf
mHkCOH60RodA+7pekJr7DeqouQJmunP0Jxlnq+bAPE4QUytAuNNjknjbpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGS19LKIRsJJ0Z5i7Jv5qDiI2DAaMB8GA1UdIwQY
MBaAFBcEpR2E+6bQ/iGK7cqVqJTczhzXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndTbEhZVDdwdEQtSVlydHlwV29sTnpPSE5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9lMGRkZGUtY2M5Zi00ODA3LThmYTIt
ZWFmOTI0NzMxMjE4LzEvWkxYMHNvaEd3a25Sbm1Mc21fbW9PSWpZTUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9lMGRkZGUtY2M5Zi00ODA3LThmYTItZWFmOTI0NzMxMjE4
LzEvRndTbEhZVDdwdEQtSVlydHlwV29sTnpPSE5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS2cMA0G
CSqGSIb3DQEBCwUAA4IBAQCPH84F1hhflfyIqEqO1+6vkOHr6WdSNhaxGRiJnNMW
7c1Re8MJ9FOeKwQCujRuprQPmK5oWnbipNO6Nv6WaHTTwtC+JCoAAivUTq4wDU9H
N1tqpfirE2L2jUeRmYsL2tnJYc6aNf+gZNLPBjvoWbqpYRStv1Al1sKoqP2W5mbZ
7OhU42Ms+t9mgtQcG/Qd/nEih+krOv+XmwpbFBO6ScsgmFv+jCdL1MvjZwmoSOQV
m3t45h7O8UUzuciBL/GrLER+Hg5gay/kQwwQRug8LrHOEWOtIVfu99604a56D4eK
nkxOZnu6aOskVnLQtI21HqpP6kj2H/bDEXJ7DLDeHd8t
-----END CERTIFICATE-----