Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/2f6652-7466-4a16-83da-c1f1a0e497cc/1/z_puzyIY80Ss701IWZu1J-2_ueg.roa
File:                     z_puzyIY80Ss701IWZu1J-2_ueg.roa (raw, json)
Hash identifier:          /c2FmbwxtsGs8OeiSybZnf3p2GuZpRyLUnsm5fYocIU=
Subject key identifier:   CF:FA:6E:CF:22:18:F3:44:AC:EF:4D:48:59:9B:B5:27:ED:BF:B9:E8
Certificate issuer:       /CN=29424f82c7c82fc5499532e5a6651a74f629c5aa
Certificate serial:       018CC727317C283A91D2CADD345DEB47FD1B
Authority key identifier: 29:42:4F:82:C7:C8:2F:C5:49:95:32:E5:A6:65:1A:74:F6:29:C5:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUJPgsfIL8VJlTLlpmUadPYpxao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/2f6652-7466-4a16-83da-c1f1a0e497cc/1/z_puzyIY80Ss701IWZu1J-2_ueg.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58261
IP address blocks:        185.218.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/2f6652-7466-4a16-83da-c1f1a0e497cc/1/KUJPgsfIL8VJlTLlpmUadPYpxao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/2f6652-7466-4a16-83da-c1f1a0e497cc/1/KUJPgsfIL8VJlTLlpmUadPYpxao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUJPgsfIL8VJlTLlpmUadPYpxao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 22:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:31:7c:28:3a:91:d2:ca:dd:34:5d:eb:47:fd:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29424f82c7c82fc5499532e5a6651a74f629c5aa
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cffa6ecf2218f344acef4d48599bb527edbfb9e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4c:87:7a:5f:4b:da:5e:6f:0b:98:e7:cd:ba:
                    73:42:5e:bf:6d:5f:eb:31:2c:aa:98:a9:46:2c:92:
                    fd:08:a2:4f:a8:9a:39:2a:28:ad:14:0d:d9:fd:74:
                    de:08:e6:19:0d:27:8a:e7:70:05:35:fe:cd:ae:dc:
                    32:dd:2b:4b:cb:15:5c:46:e2:b2:c5:76:69:bc:56:
                    74:61:4f:51:73:22:66:36:c2:c7:a5:2d:dc:ad:af:
                    a0:ca:31:59:0c:2a:af:5e:a3:7c:ec:50:db:b2:0f:
                    42:04:e3:ec:f6:88:e1:bb:f9:8c:cf:97:0e:fa:3e:
                    2c:18:00:25:8e:5f:3c:fe:f0:6f:c6:aa:d0:a9:70:
                    b9:30:06:5d:74:1c:b5:9d:94:ef:31:01:51:45:23:
                    6c:98:e1:78:5d:fe:8e:a2:e2:6d:ae:69:84:e8:4e:
                    84:eb:28:b0:3b:52:dd:0e:b8:af:60:90:eb:29:00:
                    73:f6:6a:e8:d9:9f:2e:c8:7f:46:c9:28:8f:83:06:
                    06:54:68:49:fd:34:e5:13:5a:a5:00:18:10:94:5b:
                    53:49:62:9f:bf:4e:7a:7b:93:b0:79:c0:5e:e5:e3:
                    80:27:da:ba:54:e8:f8:d5:d6:ef:95:c9:7f:3e:2f:
                    30:eb:5a:29:aa:f9:56:b0:38:9a:69:a4:1d:9e:8c:
                    ab:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:FA:6E:CF:22:18:F3:44:AC:EF:4D:48:59:9B:B5:27:ED:BF:B9:E8
            X509v3 Authority Key Identifier:
                keyid:29:42:4F:82:C7:C8:2F:C5:49:95:32:E5:A6:65:1A:74:F6:29:C5:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUJPgsfIL8VJlTLlpmUadPYpxao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/2f6652-7466-4a16-83da-c1f1a0e497cc/1/z_puzyIY80Ss701IWZu1J-2_ueg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/2f6652-7466-4a16-83da-c1f1a0e497cc/1/KUJPgsfIL8VJlTLlpmUadPYpxao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:e0:e1:96:5f:c9:a1:8d:e5:6f:c9:a6:e8:8e:9a:30:f3:b3:
         54:4a:5a:1b:7a:67:82:08:32:1d:d0:3e:f8:ed:90:b8:f5:5b:
         c9:c8:fa:1d:45:b6:eb:0b:af:f8:a1:1c:a7:05:63:6b:e3:d5:
         dd:f9:8c:63:14:9e:05:70:7f:4c:6c:77:4f:e3:90:dc:03:3d:
         43:e8:60:b1:11:b8:5c:a3:0a:68:7a:05:00:e3:ee:0b:4e:d4:
         61:f3:2d:ee:d7:b1:bd:5b:5c:a1:2e:0e:63:80:98:c2:71:cb:
         6c:62:47:cc:d8:3d:62:34:63:3e:12:dd:43:ff:30:b5:cb:f0:
         37:ef:83:b2:2e:70:d1:6f:87:19:a0:73:e5:63:59:c4:51:2f:
         a8:2e:64:2c:db:f3:83:23:2f:dc:4f:ea:aa:bf:e3:81:10:38:
         9c:20:97:76:74:ee:f1:b5:a5:3f:e0:ac:a2:b5:43:a8:1f:e3:
         a0:6c:d0:a4:15:66:90:9b:f0:4d:e6:22:9c:3c:cb:5b:5f:07:
         b0:f4:f3:91:9b:6d:76:80:79:45:06:0e:c6:2e:f5:7e:86:14:
         a4:02:a7:8e:e0:86:b4:13:50:79:91:3f:a6:6e:7c:e2:96:dc:
         48:e2:eb:eb:2b:11:8c:e5:0a:58:a1:e1:1f:d8:86:e5:28:0a:
         88:e7:1b:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzF8KDqR0srdNF3rR/0bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDI0ZjgyYzdjODJmYzU0OTk1MzJlNWE2NjUxYTc0ZjYy
OWM1YWEwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmZhNmVjZjIyMThmMzQ0YWNlZjRkNDg1OTliYjUyN2VkYmZiOWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUyHel9L2l5vC5jnzbpzQl6/bV/r
MSyqmKlGLJL9CKJPqJo5KiitFA3Z/XTeCOYZDSeK53AFNf7Nrtwy3StLyxVcRuKy
xXZpvFZ0YU9RcyJmNsLHpS3cra+gyjFZDCqvXqN87FDbsg9CBOPs9ojhu/mMz5cO
+j4sGAAljl88/vBvxqrQqXC5MAZddBy1nZTvMQFRRSNsmOF4Xf6OouJtrmmE6E6E
6yiwO1LdDrivYJDrKQBz9mro2Z8uyH9GySiPgwYGVGhJ/TTlE1qlABgQlFtTSWKf
v056e5OwecBe5eOAJ9q6VOj41dbvlcl/Pi8w61opqvlWsDiaaaQdnoyr1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/6bs8iGPNErO9NSFmbtSftv7noMB8GA1UdIwQY
MBaAFClCT4LHyC/FSZUy5aZlGnT2KcWqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VKUGdzZklMOFZKbFRMbHBtVWFkUFlweGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8yZjY2NTItNzQ2Ni00YTE2LTgzZGEt
YzFmMWEwZTQ5N2NjLzEvel9wdXp5SVk4MFNzNzAxSVdadTFKLTJfdWVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8yZjY2NTItNzQ2Ni00YTE2LTgzZGEtYzFmMWEwZTQ5N2Nj
LzEvS1VKUGdzZklMOFZKbFRMbHBtVWFkUFlweGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudqNMA0G
CSqGSIb3DQEBCwUAA4IBAQCO4OGWX8mhjeVvyabojpow87NUSlobemeCCDId0D74
7ZC49VvJyPodRbbrC6/4oRynBWNr49Xd+YxjFJ4FcH9MbHdP45DcAz1D6GCxEbhc
owpoegUA4+4LTtRh8y3u17G9W1yhLg5jgJjCcctsYkfM2D1iNGM+Et1D/zC1y/A3
74OyLnDRb4cZoHPlY1nEUS+oLmQs2/ODIy/cT+qqv+OBEDicIJd2dO7xtaU/4Kyi
tUOoH+OgbNCkFWaQm/BN5iKcPMtbXwew9PORm212gHlFBg7GLvV+hhSkAqeO4Ia0
E1B5kT+mbnziltxI4uvrKxGM5QpYoeEf2IblKAqI5xtx
-----END CERTIFICATE-----