Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/jzXTPTSD_K215cMwmji9Zln3piA.roa
File:                     jzXTPTSD_K215cMwmji9Zln3piA.roa (raw, json)
Hash identifier:          dwRwG+tHI3ydjTnXB6lcJhROeJNPUuHHKZQu6XT1Nu0=
Subject key identifier:   8F:35:D3:3D:34:83:FC:AD:B5:E5:C3:30:9A:38:BD:66:59:F7:A6:20
Certificate issuer:       /CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
Certificate serial:       018CC500D80EF969ACD10C2B143F5629FE5C
Authority key identifier: D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/jzXTPTSD_K215cMwmji9Zln3piA.roa
Signing time:             Mon 01 Jan 2024 12:30:15 +0000
ROA not before:           Mon 01 Jan 2024 12:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59692
IP address blocks:        185.9.185.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:d8:0e:f9:69:ac:d1:0c:2b:14:3f:56:29:fe:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
        Validity
            Not Before: Jan  1 12:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f35d33d3483fcadb5e5c3309a38bd6659f7a620
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:08:91:eb:cd:f3:b7:68:3c:9e:7c:63:c1:c9:
                    c9:70:5b:f8:bd:a4:e2:14:88:bb:49:b0:5a:77:e4:
                    bc:08:17:2e:f0:63:a7:2d:7f:63:fb:15:62:d5:1d:
                    ff:a5:2c:71:70:fc:c0:09:76:89:e6:70:24:60:f5:
                    ae:92:95:bf:e0:71:31:99:29:62:37:e1:b7:a6:ff:
                    39:46:e2:e8:66:f2:88:86:e5:e3:77:06:b1:e9:0b:
                    2c:e5:70:48:69:6f:f9:5a:2d:db:c2:a6:ec:a4:fd:
                    03:f8:3d:c6:52:7b:e6:49:6e:ca:2c:38:50:a8:f5:
                    ab:69:fc:dd:1d:83:f6:58:1c:c8:ba:65:82:94:fc:
                    6f:59:72:4a:86:8e:5b:c1:51:6b:8f:73:7d:99:91:
                    eb:61:01:7b:bc:f0:7a:0b:ef:5a:41:c9:01:ba:d1:
                    54:51:f2:02:2f:b9:4b:6f:eb:0f:4e:0e:93:0c:80:
                    7d:7d:3c:e3:ee:33:8a:56:61:b9:c6:e8:04:f5:d3:
                    a7:4a:fa:73:e5:1c:77:87:d9:d9:86:57:dc:66:af:
                    a0:84:be:17:43:4f:bf:96:51:58:07:5c:0a:a9:b1:
                    32:a2:f2:3d:1a:fb:c7:3e:1d:91:4d:f6:e7:cd:39:
                    6e:c1:62:9c:33:df:68:de:cd:a6:9b:7f:85:fc:11:
                    17:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:35:D3:3D:34:83:FC:AD:B5:E5:C3:30:9A:38:BD:66:59:F7:A6:20
            X509v3 Authority Key Identifier:
                keyid:D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/jzXTPTSD_K215cMwmji9Zln3piA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:0f:9d:85:4e:1c:b8:86:cd:c0:5b:be:28:38:24:f5:8d:96:
         27:30:ad:4f:b9:38:e6:d2:0e:7e:8e:e5:e4:04:d2:44:b0:b6:
         3d:d7:38:72:3a:c0:be:30:c6:2d:3e:b7:6f:ea:f9:9f:22:5a:
         bf:9e:9c:45:c0:60:0b:9e:5c:dd:15:cb:90:57:ab:2e:ef:5f:
         b3:87:73:34:ac:20:16:20:a2:e4:ac:7f:28:29:e1:de:79:ce:
         91:f2:39:6c:fb:db:7a:6d:fc:6c:2e:e5:bb:79:e6:a4:ce:c4:
         3e:da:61:82:e4:80:10:3b:5b:d0:32:6d:b8:c4:73:7c:f1:96:
         43:82:cf:db:b3:f3:ed:c1:58:12:dd:ce:0e:c6:03:5b:2f:b2:
         07:74:c0:72:aa:e8:7d:9e:da:ca:0f:27:61:80:75:59:f7:b3:
         2a:47:0f:62:b1:9c:b7:d1:c4:07:c2:2f:d3:ce:85:20:ff:c7:
         e4:b1:07:38:4a:6c:fb:5b:1a:75:f1:ee:a6:20:80:d6:31:a1:
         a1:6e:2d:3b:1e:9b:a0:f1:f5:ff:9e:06:1d:cf:f5:06:2b:28:
         98:c9:ea:26:1c:94:a1:75:bb:b5:93:e2:76:23:d0:2e:04:d6:
         7d:75:e0:93:5c:21:48:52:8f:60:f5:73:0a:80:e2:fb:cf:81:
         06:3f:30:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFANgO+Wms0QwrFD9WKf5cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZTk3MDMzYTM2YWE5YmNjMGMyZjE2N2U2MjBkN2NhMTQ5
M2NiZWEwHhcNMjQwMTAxMTIzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjM1ZDMzZDM0ODNmY2FkYjVlNWMzMzA5YTM4YmQ2NjU5ZjdhNjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowiR683zt2g8nnxjwcnJcFv4vaTi
FIi7SbBad+S8CBcu8GOnLX9j+xVi1R3/pSxxcPzACXaJ5nAkYPWukpW/4HExmSli
N+G3pv85RuLoZvKIhuXjdwax6Qss5XBIaW/5Wi3bwqbspP0D+D3GUnvmSW7KLDhQ
qPWrafzdHYP2WBzIumWClPxvWXJKho5bwVFrj3N9mZHrYQF7vPB6C+9aQckButFU
UfICL7lLb+sPTg6TDIB9fTzj7jOKVmG5xugE9dOnSvpz5Rx3h9nZhlfcZq+ghL4X
Q0+/llFYB1wKqbEyovI9GvvHPh2RTfbnzTluwWKcM99o3s2mm3+F/BEXywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI810z00g/ytteXDMJo4vWZZ96YgMB8GA1UdIwQY
MBaAFNPpcDOjaqm8wMLxZ+Yg18oUk8vqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMt
ZGJmOWQ0MWYxNzk4LzEvanpYVFBUU0RfSzIxNWNNd21qaTlabG4zcGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMtZGJmOWQ0MWYxNzk4
LzEvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQm5MA0G
CSqGSIb3DQEBCwUAA4IBAQCvD52FThy4hs3AW74oOCT1jZYnMK1PuTjm0g5+juXk
BNJEsLY91zhyOsC+MMYtPrdv6vmfIlq/npxFwGALnlzdFcuQV6su71+zh3M0rCAW
IKLkrH8oKeHeec6R8jls+9t6bfxsLuW7eeakzsQ+2mGC5IAQO1vQMm24xHN88ZZD
gs/bs/PtwVgS3c4OxgNbL7IHdMByquh9ntrKDydhgHVZ97MqRw9isZy30cQHwi/T
zoUg/8fksQc4Smz7Wxp18e6mIIDWMaGhbi07Hpug8fX/ngYdz/UGKyiYyeomHJSh
dbu1k+J2I9AuBNZ9deCTXCFIUo9g9XMKgOL7z4EGPzCY
-----END CERTIFICATE-----