Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/zglQdQdERZsjXYbJD_uh2jlLSbY.roa
File:                     zglQdQdERZsjXYbJD_uh2jlLSbY.roa (raw, json)
Hash identifier:          PXOe/KaBadbYY2e7Ta7WlTKgdALk40sgFLPFSDD5rAQ=
Subject key identifier:   CE:09:50:75:07:44:45:9B:23:5D:86:C9:0F:FB:A1:DA:39:4B:49:B6
Certificate issuer:       /CN=a5a975239fdd443b7d3d82e392a9e4ae39218ef6
Certificate serial:       018CC64A791C9A10C592342F02C922AF1B94
Authority key identifier: A5:A9:75:23:9F:DD:44:3B:7D:3D:82:E3:92:A9:E4:AE:39:21:8E:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pal1I5_dRDt9PYLjkqnkrjkhjvY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/zglQdQdERZsjXYbJD_uh2jlLSbY.roa
Signing time:             Mon 01 Jan 2024 18:30:18 +0000
ROA not before:           Mon 01 Jan 2024 18:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.36.67.0/24 maxlen: 24
                          193.36.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/pal1I5_dRDt9PYLjkqnkrjkhjvY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/pal1I5_dRDt9PYLjkqnkrjkhjvY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pal1I5_dRDt9PYLjkqnkrjkhjvY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:79:1c:9a:10:c5:92:34:2f:02:c9:22:af:1b:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5a975239fdd443b7d3d82e392a9e4ae39218ef6
        Validity
            Not Before: Jan  1 18:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce0950750744459b235d86c90ffba1da394b49b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:33:77:3b:ba:78:8a:71:57:46:58:31:78:bc:
                    b4:ea:e2:87:b8:b9:8f:87:82:41:c1:33:71:08:0e:
                    3c:60:fb:e2:b3:2a:c9:56:e6:73:2a:d2:ab:7e:45:
                    36:5d:c9:34:ac:aa:7b:56:c8:e7:93:2b:61:9b:25:
                    e3:45:29:af:e9:62:19:d0:b6:ba:45:be:6c:06:5d:
                    f3:9e:1e:7f:1a:1a:10:1b:cf:2e:88:5a:80:97:56:
                    11:32:5a:f4:cc:95:c4:0b:59:6a:76:10:a9:d0:fb:
                    49:e9:3d:98:17:d6:d3:48:30:2c:ac:41:e9:c1:64:
                    57:62:2e:79:e2:b4:b6:34:e6:e3:bc:37:88:9a:80:
                    18:a2:de:45:bb:72:23:37:1c:c3:23:b1:e8:33:73:
                    5a:8f:57:02:0a:3b:f5:55:e9:02:2f:c0:ed:ce:73:
                    f1:72:4e:e5:ad:88:40:a6:ef:7b:0e:bc:d9:d7:b9:
                    97:c8:96:2d:83:6a:88:7b:93:f7:52:6f:ec:16:5d:
                    f2:57:eb:ed:73:f7:f0:a8:47:ed:53:77:6f:da:68:
                    c5:9e:97:65:79:84:de:40:c8:c8:44:03:ab:b7:e4:
                    c3:16:41:29:b0:1f:54:f0:62:53:91:f0:da:96:80:
                    d3:6a:a9:1e:c7:d5:75:da:a9:0f:86:55:26:2a:e3:
                    36:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:09:50:75:07:44:45:9B:23:5D:86:C9:0F:FB:A1:DA:39:4B:49:B6
            X509v3 Authority Key Identifier:
                keyid:A5:A9:75:23:9F:DD:44:3B:7D:3D:82:E3:92:A9:E4:AE:39:21:8E:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pal1I5_dRDt9PYLjkqnkrjkhjvY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/zglQdQdERZsjXYbJD_uh2jlLSbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/pal1I5_dRDt9PYLjkqnkrjkhjvY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:67:d4:ae:3a:85:6d:2d:17:2d:ed:00:dd:0e:61:87:0c:6a:
         e1:9c:f2:1d:5c:fd:89:7e:b0:a8:16:40:23:34:52:be:20:e4:
         c2:60:ed:4c:96:cb:f7:1a:a4:27:d5:26:c6:6c:b3:54:12:ae:
         65:c6:26:1c:52:1a:b1:b4:ed:d4:98:fe:5f:64:fe:f0:b0:a8:
         e8:02:80:14:77:49:ff:7e:13:57:7b:a6:5a:ba:43:b4:2a:83:
         be:d9:af:09:bf:13:fe:43:18:17:4e:1c:28:1e:c4:1d:e0:13:
         06:40:db:6d:81:2d:50:ed:c2:d8:3c:52:23:23:47:24:1d:ff:
         85:dd:70:c4:95:ff:e2:be:57:e1:5a:73:3a:65:7f:6f:59:8a:
         4e:34:fb:84:0c:b4:24:d4:45:f7:7a:62:be:25:f2:fd:2f:51:
         a8:14:1c:a9:e4:73:b7:9b:b2:1d:8d:99:92:3b:48:ec:8f:92:
         85:e1:09:ad:80:44:b9:a7:7d:14:8a:d6:a9:5b:b3:3f:ba:fc:
         4e:3c:03:9f:99:81:dd:ea:b7:46:05:3f:fb:76:18:e9:da:66:
         59:fe:58:d3:a6:26:78:a4:a7:6d:fe:f1:8a:d1:ad:92:8a:ae:
         4c:3a:31:d3:79:03:da:1e:a3:b0:cb:5c:03:59:fb:44:9d:0c:
         f8:e6:4a:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSnkcmhDFkjQvAskirxuUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YTk3NTIzOWZkZDQ0M2I3ZDNkODJlMzkyYTllNGFlMzky
MThlZjYwHhcNMjQwMTAxMTgzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTA5NTA3NTA3NDQ0NTliMjM1ZDg2YzkwZmZiYTFkYTM5NGI0OWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTN3O7p4inFXRlgxeLy06uKHuLmP
h4JBwTNxCA48YPvisyrJVuZzKtKrfkU2Xck0rKp7VsjnkythmyXjRSmv6WIZ0La6
Rb5sBl3znh5/GhoQG88uiFqAl1YRMlr0zJXEC1lqdhCp0PtJ6T2YF9bTSDAsrEHp
wWRXYi554rS2NObjvDeImoAYot5Fu3IjNxzDI7HoM3Naj1cCCjv1VekCL8DtznPx
ck7lrYhApu97DrzZ17mXyJYtg2qIe5P3Um/sFl3yV+vtc/fwqEftU3dv2mjFnpdl
eYTeQMjIRAOrt+TDFkEpsB9U8GJTkfDaloDTaqkex9V12qkPhlUmKuM2QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4JUHUHREWbI12GyQ/7odo5S0m2MB8GA1UdIwQY
MBaAFKWpdSOf3UQ7fT2C45Kp5K45IY72MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGFsMUk1X2RSRHQ5UFlMamtxbmtyamtoanZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mMjcwMGItOTg1My00MTcyLTlhNjEt
YTY5MTQ0OGIyZWM0LzEvemdsUWRRZEVSWnNqWFliSkRfdWgyamxMU2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mMjcwMGItOTg1My00MTcyLTlhNjEtYTY5MTQ0OGIyZWM0
LzEvcGFsMUk1X2RSRHQ5UFlMamtxbmtyamtoanZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSRCMA0G
CSqGSIb3DQEBCwUAA4IBAQBOZ9SuOoVtLRct7QDdDmGHDGrhnPIdXP2JfrCoFkAj
NFK+IOTCYO1Mlsv3GqQn1SbGbLNUEq5lxiYcUhqxtO3UmP5fZP7wsKjoAoAUd0n/
fhNXe6ZaukO0KoO+2a8JvxP+QxgXThwoHsQd4BMGQNttgS1Q7cLYPFIjI0ckHf+F
3XDElf/ivlfhWnM6ZX9vWYpONPuEDLQk1EX3emK+JfL9L1GoFByp5HO3m7IdjZmS
O0jsj5KF4QmtgES5p30UitapW7M/uvxOPAOfmYHd6rdGBT/7dhjp2mZZ/ljTpiZ4
pKdt/vGK0a2Siq5MOjHTeQPaHqOwy1wDWftEnQz45kqQ
-----END CERTIFICATE-----