Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/SiZaYt7rSGsO9YdJTbeLZ6mWVgc.roa
File:                     SiZaYt7rSGsO9YdJTbeLZ6mWVgc.roa (raw, json)
Hash identifier:          vzUqFIxh88sLz4QGG3Mjf4WvuS14NIQH/8Hcxq1aryU=
Subject key identifier:   4A:26:5A:62:DE:EB:48:6B:0E:F5:87:49:4D:B7:8B:67:A9:96:56:07
Certificate issuer:       /CN=2b003e583bdb2511ff57ab7a32fce741334b343b
Certificate serial:       018CCA9986606E81ACA2523E0747DA6E3BAB
Authority key identifier: 2B:00:3E:58:3B:DB:25:11:FF:57:AB:7A:32:FC:E7:41:33:4B:34:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KwA-WDvbJRH_V6t6MvznQTNLNDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/SiZaYt7rSGsO9YdJTbeLZ6mWVgc.roa
Signing time:             Tue 02 Jan 2024 14:35:08 +0000
ROA not before:           Tue 02 Jan 2024 14:35:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200989
IP address blocks:        185.83.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/KwA-WDvbJRH_V6t6MvznQTNLNDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/KwA-WDvbJRH_V6t6MvznQTNLNDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KwA-WDvbJRH_V6t6MvznQTNLNDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:86:60:6e:81:ac:a2:52:3e:07:47:da:6e:3b:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b003e583bdb2511ff57ab7a32fce741334b343b
        Validity
            Not Before: Jan  2 14:35:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a265a62deeb486b0ef587494db78b67a9965607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3b:5e:88:1a:9e:28:27:2c:b3:49:c0:9a:50:
                    56:18:7d:dc:39:48:cd:55:35:06:c4:54:17:4c:c8:
                    7d:ae:01:8f:5c:03:88:45:e4:85:e3:d9:29:8e:1e:
                    76:b8:56:28:c5:a4:86:14:9b:d0:38:a2:c2:4a:20:
                    fb:7e:c5:da:6b:cd:09:9b:c8:91:91:ee:b5:38:99:
                    5a:56:c0:64:bb:9a:32:6b:6e:25:74:6c:ae:1d:14:
                    de:3b:3a:81:6c:f6:e2:a3:50:70:e5:ba:9e:12:67:
                    41:d5:db:62:5c:5c:31:2e:6c:60:bf:a6:54:af:e7:
                    20:c9:75:c7:22:72:cc:fb:dc:f3:27:67:4b:87:27:
                    d3:cf:21:86:8f:f8:22:35:98:65:51:a2:26:8a:4d:
                    cb:b3:9b:27:a3:58:19:d8:f9:4d:bd:1b:65:40:80:
                    95:6b:25:34:a1:87:83:f7:9b:16:f4:d8:66:52:35:
                    3c:e6:a5:7e:1d:2a:cf:e2:f9:55:44:26:8b:8e:3d:
                    4e:75:dd:d9:a8:61:88:d6:1f:ae:10:8c:e4:85:b0:
                    f8:32:64:19:6f:55:a4:72:08:47:b3:4f:f2:8a:db:
                    3a:be:e8:c8:aa:9d:6d:e0:3f:da:ae:89:94:7b:35:
                    fb:6a:43:36:79:87:91:23:f4:a5:48:2e:0a:6d:2b:
                    6c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:26:5A:62:DE:EB:48:6B:0E:F5:87:49:4D:B7:8B:67:A9:96:56:07
            X509v3 Authority Key Identifier:
                keyid:2B:00:3E:58:3B:DB:25:11:FF:57:AB:7A:32:FC:E7:41:33:4B:34:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KwA-WDvbJRH_V6t6MvznQTNLNDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/SiZaYt7rSGsO9YdJTbeLZ6mWVgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/194f22-8689-4fdb-9c41-058bbf9d5e27/1/KwA-WDvbJRH_V6t6MvznQTNLNDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:5d:f7:0b:ff:35:29:7b:4b:e2:76:ac:ae:9d:f8:75:00:88:
         bc:d0:f9:bb:c6:04:17:68:f4:8e:09:40:94:53:44:f5:fe:27:
         f6:bf:d8:27:f5:45:ab:ea:35:02:e9:b9:79:ab:7c:6a:bd:a7:
         ff:80:24:cb:c6:69:6c:90:13:1a:fa:40:6b:03:c3:2b:be:48:
         30:25:70:ea:da:c3:dc:70:84:27:b1:1c:cf:63:b8:d4:77:a7:
         cd:f9:cd:e1:b6:a8:1f:ba:bc:d6:66:7f:4b:de:13:6d:ab:72:
         be:b4:ec:1d:1e:e2:c9:6b:4f:95:4a:d9:94:ca:b8:7b:f0:9f:
         6f:75:c0:03:f9:f9:4c:ed:8b:94:fa:87:9b:fb:aa:06:02:f7:
         26:e0:28:39:18:98:23:66:61:57:10:51:48:dc:b8:97:be:03:
         a1:3b:bc:b3:b3:f6:21:a3:76:31:06:48:34:20:e2:29:26:d3:
         18:61:51:09:a6:ba:3c:57:42:86:df:f3:f9:b7:18:6d:27:a4:
         5a:d5:32:e3:51:d3:c3:99:99:f7:e5:a7:7a:86:73:fd:a0:47:
         f3:70:c5:ff:bc:34:3a:46:3c:2f:7d:87:da:20:eb:6b:2d:a9:
         a0:80:67:73:1e:30:9c:ab:20:41:07:4c:9c:d8:1d:51:77:50:
         32:5c:58:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmYZgboGsolI+B0fabjurMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMDAzZTU4M2JkYjI1MTFmZjU3YWI3YTMyZmNlNzQxMzM0
YjM0M2IwHhcNMjQwMTAyMTQzNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTI2NWE2MmRlZWI0ODZiMGVmNTg3NDk0ZGI3OGI2N2E5OTY1NjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDteiBqeKCcss0nAmlBWGH3cOUjN
VTUGxFQXTMh9rgGPXAOIReSF49kpjh52uFYoxaSGFJvQOKLCSiD7fsXaa80Jm8iR
ke61OJlaVsBku5oya24ldGyuHRTeOzqBbPbio1Bw5bqeEmdB1dtiXFwxLmxgv6ZU
r+cgyXXHInLM+9zzJ2dLhyfTzyGGj/giNZhlUaImik3Ls5sno1gZ2PlNvRtlQICV
ayU0oYeD95sW9NhmUjU85qV+HSrP4vlVRCaLjj1Odd3ZqGGI1h+uEIzkhbD4MmQZ
b1WkcghHs0/yits6vujIqp1t4D/aromUezX7akM2eYeRI/SlSC4KbSts7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEomWmLe60hrDvWHSU23i2epllYHMB8GA1UdIwQY
MBaAFCsAPlg72yUR/1erejL850EzSzQ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3dBLVdEdmJKUkhfVjZ0Nk12em5RVE5MTkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8xOTRmMjItODY4OS00ZmRiLTljNDEt
MDU4YmJmOWQ1ZTI3LzEvU2laYVl0N3JTR3NPOVlkSlRiZUxaNm1XVmdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8xOTRmMjItODY4OS00ZmRiLTljNDEtMDU4YmJmOWQ1ZTI3
LzEvS3dBLVdEdmJKUkhfVjZ0Nk12em5RVE5MTkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVMFMA0G
CSqGSIb3DQEBCwUAA4IBAQBzXfcL/zUpe0vidqyunfh1AIi80Pm7xgQXaPSOCUCU
U0T1/if2v9gn9UWr6jUC6bl5q3xqvaf/gCTLxmlskBMa+kBrA8MrvkgwJXDq2sPc
cIQnsRzPY7jUd6fN+c3htqgfurzWZn9L3hNtq3K+tOwdHuLJa0+VStmUyrh78J9v
dcAD+flM7YuU+oeb+6oGAvcm4Cg5GJgjZmFXEFFI3LiXvgOhO7yzs/Yho3YxBkg0
IOIpJtMYYVEJpro8V0KG3/P5txhtJ6Ra1TLjUdPDmZn35ad6hnP9oEfzcMX/vDQ6
RjwvfYfaIOtrLamggGdzHjCcqyBBB0yc2B1Rd1AyXFgJ
-----END CERTIFICATE-----