Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/5c2868-3a27-4df4-8f00-fdd23b43c52e/1/tZ04Wg3HE7P-MrOWA0np4QZlfcw.roa
File:                     tZ04Wg3HE7P-MrOWA0np4QZlfcw.roa (raw, json)
Hash identifier:          +2Y6wXqZ1BrhckfoUVfJAN6ChFzHqkIJXVvZcYqLBGk=
Subject key identifier:   B5:9D:38:5A:0D:C7:13:B3:FE:32:B3:96:03:49:E9:E1:06:65:7D:CC
Certificate issuer:       /CN=03090fac3cc42f1997455a12e643064637c69dc3
Certificate serial:       018CC56EE97B8A1FEF1B7019D793BE7FE175
Authority key identifier: 03:09:0F:AC:3C:C4:2F:19:97:45:5A:12:E6:43:06:46:37:C6:9D:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AwkPrDzELxmXRVoS5kMGRjfGncM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/5c2868-3a27-4df4-8f00-fdd23b43c52e/1/tZ04Wg3HE7P-MrOWA0np4QZlfcw.roa
Signing time:             Mon 01 Jan 2024 14:30:29 +0000
ROA not before:           Mon 01 Jan 2024 14:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34593
IP address blocks:        185.96.112.0/24 maxlen: 24
                          185.96.114.0/24 maxlen: 24
                          185.96.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/5c2868-3a27-4df4-8f00-fdd23b43c52e/1/AwkPrDzELxmXRVoS5kMGRjfGncM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/5c2868-3a27-4df4-8f00-fdd23b43c52e/1/AwkPrDzELxmXRVoS5kMGRjfGncM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AwkPrDzELxmXRVoS5kMGRjfGncM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 17:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e9:7b:8a:1f:ef:1b:70:19:d7:93:be:7f:e1:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03090fac3cc42f1997455a12e643064637c69dc3
        Validity
            Not Before: Jan  1 14:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b59d385a0dc713b3fe32b3960349e9e106657dcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ae:ba:8d:59:f4:3e:cf:7b:e4:be:0a:3e:54:
                    7f:1b:0f:8a:72:cb:00:38:b6:d6:f9:ef:ad:05:f7:
                    70:3e:fe:b9:ce:ef:01:96:1a:c1:13:28:2e:62:62:
                    2f:25:5c:8c:1b:56:12:4c:de:0a:16:d3:28:ba:37:
                    ab:f3:a4:19:25:35:74:00:0a:5f:46:69:61:fe:20:
                    d4:da:aa:68:15:40:25:c9:1b:67:fe:93:b6:68:bf:
                    5d:b4:33:25:9a:31:76:13:53:bf:0e:04:67:9e:54:
                    7e:b0:77:91:67:69:1f:42:07:e5:d9:ac:e2:ff:36:
                    39:32:7d:55:4c:06:66:d8:98:63:fe:fc:71:d0:12:
                    37:47:9e:e3:b6:8b:b5:fd:a5:c4:ad:65:38:04:c8:
                    1d:68:07:24:59:45:27:f7:a3:7d:2a:d4:85:5a:8b:
                    7e:6a:00:92:68:0c:1a:ce:a3:72:2d:e2:7a:46:2e:
                    b3:b4:8e:df:4a:a6:41:60:e9:82:92:b7:f3:f0:e2:
                    ab:5c:17:d8:56:1e:7f:7b:9f:ce:c5:45:ad:c1:a0:
                    4c:cc:38:f5:a4:13:92:9a:a9:7c:7c:90:40:76:48:
                    fe:de:2a:e1:d3:e0:38:4e:52:4e:70:4e:f7:3c:19:
                    a2:b0:f9:5a:1b:de:dd:10:ff:41:dd:26:b3:9f:5e:
                    8f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:9D:38:5A:0D:C7:13:B3:FE:32:B3:96:03:49:E9:E1:06:65:7D:CC
            X509v3 Authority Key Identifier:
                keyid:03:09:0F:AC:3C:C4:2F:19:97:45:5A:12:E6:43:06:46:37:C6:9D:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AwkPrDzELxmXRVoS5kMGRjfGncM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/5c2868-3a27-4df4-8f00-fdd23b43c52e/1/tZ04Wg3HE7P-MrOWA0np4QZlfcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/5c2868-3a27-4df4-8f00-fdd23b43c52e/1/AwkPrDzELxmXRVoS5kMGRjfGncM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.112.0-185.96.114.255

    Signature Algorithm: sha256WithRSAEncryption
         37:e3:02:ef:b7:dc:32:67:3b:37:f3:77:42:e7:10:16:ed:52:
         78:41:75:95:31:4b:9b:f7:ad:62:db:bd:49:6d:27:b3:90:f9:
         52:84:ae:ae:4d:bd:b8:44:77:39:ae:27:bf:03:63:44:71:b6:
         f4:5b:ce:59:b9:0a:92:7e:02:f9:65:d4:a8:cb:eb:93:b2:0d:
         5c:50:fa:41:1a:0e:1d:d0:d7:46:03:73:36:4e:51:b9:06:ff:
         32:93:61:6f:dd:8d:a8:24:01:12:64:7c:a1:35:6e:99:6c:26:
         60:5e:72:62:6b:de:d3:74:ad:c9:96:56:5e:b1:d4:18:78:35:
         fc:af:9f:37:a6:ff:de:92:34:0a:17:5e:20:37:cd:01:d7:47:
         87:91:3c:7d:b6:1f:84:e7:59:f2:67:7d:db:7e:3e:09:01:ce:
         4b:7e:3a:ab:9f:03:8b:d9:bc:ba:ca:33:8f:fd:8f:27:cb:2f:
         8e:f1:c6:a4:92:78:78:e9:5e:4c:85:64:1f:af:47:2f:09:0f:
         c8:9d:bd:e9:5d:01:da:7c:5c:3f:75:36:f4:b8:93:ab:5c:d6:
         f1:3d:38:c2:96:9e:73:30:4d:b1:6a:a7:b9:0d:5a:e0:58:ea:
         2a:a0:2e:f7:96:51:c0:37:96:c3:c3:09:82:2e:74:8d:10:7a:
         77:f2:55:f4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFbul7ih/vG3AZ15O+f+F1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMDkwZmFjM2NjNDJmMTk5NzQ1NWExMmU2NDMwNjQ2Mzdj
NjlkYzMwHhcNMjQwMTAxMTQzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTlkMzg1YTBkYzcxM2IzZmUzMmIzOTYwMzQ5ZTllMTA2NjU3ZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApq66jVn0Ps975L4KPlR/Gw+KcssA
OLbW+e+tBfdwPv65zu8BlhrBEyguYmIvJVyMG1YSTN4KFtMoujer86QZJTV0AApf
Rmlh/iDU2qpoFUAlyRtn/pO2aL9dtDMlmjF2E1O/DgRnnlR+sHeRZ2kfQgfl2azi
/zY5Mn1VTAZm2Jhj/vxx0BI3R57jtou1/aXErWU4BMgdaAckWUUn96N9KtSFWot+
agCSaAwazqNyLeJ6Ri6ztI7fSqZBYOmCkrfz8OKrXBfYVh5/e5/OxUWtwaBMzDj1
pBOSmql8fJBAdkj+3irh0+A4TlJOcE73PBmisPlaG97dEP9B3Sazn16PvwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLWdOFoNxxOz/jKzlgNJ6eEGZX3MMB8GA1UdIwQY
MBaAFAMJD6w8xC8Zl0VaEuZDBkY3xp3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXdrUHJEekVMeG1YUlZvUzVrTUdSamZHbmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC81YzI4NjgtM2EyNy00ZGY0LThmMDAt
ZmRkMjNiNDNjNTJlLzEvdFowNFdnM0hFN1AtTXJPV0EwbnA0UVpsZmN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC81YzI4NjgtM2EyNy00ZGY0LThmMDAtZmRkMjNiNDNjNTJl
LzEvQXdrUHJEekVMeG1YUlZvUzVrTUdSamZHbmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAS5YHAD
BAC5YHIwDQYJKoZIhvcNAQELBQADggEBADfjAu+33DJnOzfzd0LnEBbtUnhBdZUx
S5v3rWLbvUltJ7OQ+VKErq5NvbhEdzmuJ78DY0RxtvRbzlm5CpJ+Avll1KjL65Oy
DVxQ+kEaDh3Q10YDczZOUbkG/zKTYW/djagkARJkfKE1bplsJmBecmJr3tN0rcmW
Vl6x1Bh4Nfyvnzem/96SNAoXXiA3zQHXR4eRPH22H4TnWfJnfdt+PgkBzkt+Oquf
A4vZvLrKM4/9jyfLL47xxqSSeHjpXkyFZB+vRy8JD8idveldAdp8XD91NvS4k6tc
1vE9OMKWnnMwTbFqp7kNWuBY6iqgLveWUcA3lsPDCYIudI0QenfyVfQ=
-----END CERTIFICATE-----