Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/SznUuWQXY42y86-2y9O4J3VaL9E.roa
File:                     SznUuWQXY42y86-2y9O4J3VaL9E.roa (raw, json)
Hash identifier:          DKAxOfGUZHljgYta1c/W9dzKmlbhy9oxWOvCTaV2SYE=
Subject key identifier:   4B:39:D4:B9:64:17:63:8D:B2:F3:AF:B6:CB:D3:B8:27:75:5A:2F:D1
Certificate issuer:       /CN=dd640339e59addc75fd978101b40082b5d2b8796
Certificate serial:       018CC50126C6E2F615D9E192DF36539BE113
Authority key identifier: DD:64:03:39:E5:9A:DD:C7:5F:D9:78:10:1B:40:08:2B:5D:2B:87:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/SznUuWQXY42y86-2y9O4J3VaL9E.roa
Signing time:             Mon 01 Jan 2024 12:30:36 +0000
ROA not before:           Mon 01 Jan 2024 12:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        185.191.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:26:c6:e2:f6:15:d9:e1:92:df:36:53:9b:e1:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd640339e59addc75fd978101b40082b5d2b8796
        Validity
            Not Before: Jan  1 12:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b39d4b96417638db2f3afb6cbd3b827755a2fd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:40:30:3b:e8:b0:69:dd:a2:fe:b4:e3:79:7c:
                    78:20:25:14:70:ce:b3:28:79:64:bf:db:16:b4:ca:
                    62:f4:da:b5:74:2a:c8:46:f3:1a:ec:78:63:99:32:
                    28:a4:cc:5d:88:64:1f:2c:f5:e5:45:90:68:90:a2:
                    0d:1a:64:52:92:9e:db:31:bb:90:90:cc:74:21:d9:
                    43:51:a8:f1:02:2a:b7:fe:17:ec:56:96:26:65:ee:
                    68:1e:14:78:12:ff:82:ce:1b:20:e4:6e:5f:3b:ef:
                    a9:db:b1:27:30:07:a6:4e:0e:c5:52:0c:68:e8:44:
                    fa:a7:8c:ba:69:c6:ac:81:a3:8e:bd:0d:57:dd:3a:
                    11:1c:50:05:76:ac:d4:b3:94:03:c1:43:4a:fb:f1:
                    9a:17:a2:e7:a5:10:88:cb:42:97:f9:10:c4:b9:02:
                    5f:0c:ec:03:1a:23:de:78:3e:9e:c2:bf:f0:ea:93:
                    68:be:b6:0e:e9:df:94:e2:ba:f4:fa:26:d1:f5:94:
                    cb:cf:b0:99:51:15:b8:3d:a4:28:6b:62:7f:49:89:
                    cb:d6:1f:f9:8c:8a:b5:b6:5f:df:55:2c:0f:11:0a:
                    97:6c:11:07:e7:02:84:e5:07:e2:d0:c5:ce:3d:9c:
                    71:54:1e:2d:f0:ce:f9:58:2a:99:6c:89:b5:54:35:
                    ce:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:39:D4:B9:64:17:63:8D:B2:F3:AF:B6:CB:D3:B8:27:75:5A:2F:D1
            X509v3 Authority Key Identifier:
                keyid:DD:64:03:39:E5:9A:DD:C7:5F:D9:78:10:1B:40:08:2B:5D:2B:87:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/SznUuWQXY42y86-2y9O4J3VaL9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:37:a5:e8:a1:82:e2:6a:ce:ae:c2:cf:9a:e3:73:9a:02:70:
         03:72:e9:cf:6b:24:cf:69:98:19:5d:bb:65:98:74:43:9c:c6:
         fe:fb:5c:0f:5b:2f:1b:3d:9d:5f:b8:d8:06:d8:23:a9:41:b8:
         f7:07:97:55:f3:e1:b1:57:be:c2:f2:84:49:91:80:53:40:a4:
         ae:a2:b1:ef:6c:02:2f:30:4b:1c:a7:bf:a8:1f:44:a0:b3:75:
         af:ee:4e:c3:01:fe:fd:86:8a:80:66:6a:e4:65:7a:35:b4:0f:
         27:fe:01:53:00:1d:ad:98:b2:e4:30:51:d7:47:94:77:bf:96:
         01:d3:b4:df:27:64:88:74:27:cd:ae:e6:f7:52:34:7a:a2:28:
         a7:1a:c6:22:42:f9:c1:c5:e3:0a:a6:50:35:af:c3:f8:6d:80:
         51:27:ae:b9:a0:54:44:fc:30:af:d2:d0:87:9f:24:eb:13:fc:
         8c:5a:2f:5e:14:57:fe:e5:29:3b:6f:39:36:a9:40:cc:48:46:
         55:e8:d0:10:c5:3a:1d:54:14:49:63:c9:44:bd:18:92:6f:56:
         21:28:d4:f8:54:18:a8:d0:bd:4d:48:89:c8:e9:35:42:fc:c1:
         d1:c5:74:c0:07:dd:0d:c7:fe:f6:ab:05:7b:b8:28:80:29:d8:
         3f:3c:e3:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASbG4vYV2eGS3zZTm+ETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNjQwMzM5ZTU5YWRkYzc1ZmQ5NzgxMDFiNDAwODJiNWQy
Yjg3OTYwHhcNMjQwMTAxMTIzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjM5ZDRiOTY0MTc2MzhkYjJmM2FmYjZjYmQzYjgyNzc1NWEyZmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEAwO+iwad2i/rTjeXx4ICUUcM6z
KHlkv9sWtMpi9Nq1dCrIRvMa7HhjmTIopMxdiGQfLPXlRZBokKINGmRSkp7bMbuQ
kMx0IdlDUajxAiq3/hfsVpYmZe5oHhR4Ev+Czhsg5G5fO++p27EnMAemTg7FUgxo
6ET6p4y6acasgaOOvQ1X3ToRHFAFdqzUs5QDwUNK+/GaF6LnpRCIy0KX+RDEuQJf
DOwDGiPeeD6ewr/w6pNovrYO6d+U4rr0+ibR9ZTLz7CZURW4PaQoa2J/SYnL1h/5
jIq1tl/fVSwPEQqXbBEH5wKE5Qfi0MXOPZxxVB4t8M75WCqZbIm1VDXOoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEs51LlkF2ONsvOvtsvTuCd1Wi/RMB8GA1UdIwQY
MBaAFN1kAznlmt3HX9l4EBtACCtdK4eWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1dRRE9lV2EzY2RmMlhnUUcwQUlLMTByaDVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83NjE2ZTUtYThjYy00NWQxLWIzZDAt
NjFiNzMzNTRhYmRiLzEvU3puVXVXUVhZNDJ5ODYtMnk5TzRKM1ZhTDlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83NjE2ZTUtYThjYy00NWQxLWIzZDAtNjFiNzMzNTRhYmRi
LzEvM1dRRE9lV2EzY2RmMlhnUUcwQUlLMTByaDVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub+TMA0G
CSqGSIb3DQEBCwUAA4IBAQATN6XooYLias6uws+a43OaAnADcunPayTPaZgZXbtl
mHRDnMb++1wPWy8bPZ1fuNgG2COpQbj3B5dV8+GxV77C8oRJkYBTQKSuorHvbAIv
MEscp7+oH0Sgs3Wv7k7DAf79hoqAZmrkZXo1tA8n/gFTAB2tmLLkMFHXR5R3v5YB
07TfJ2SIdCfNrub3UjR6oiinGsYiQvnBxeMKplA1r8P4bYBRJ665oFRE/DCv0tCH
nyTrE/yMWi9eFFf+5Sk7bzk2qUDMSEZV6NAQxTodVBRJY8lEvRiSb1YhKNT4VBio
0L1NSInI6TVC/MHRxXTAB90Nx/72qwV7uCiAKdg/PON3
-----END CERTIFICATE-----