Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/hzB5pmwX56_ByZMLWxNfB0qu4Lg.roa
File:                     hzB5pmwX56_ByZMLWxNfB0qu4Lg.roa (raw, json)
Hash identifier:          tAFBPGIhkQ11PPyYxBSRWdrzwaxcEEecz63vuT668/o=
Subject key identifier:   87:30:79:A6:6C:17:E7:AF:C1:C9:93:0B:5B:13:5F:07:4A:AE:E0:B8
Certificate issuer:       /CN=68cc325c8ad9769a1b54da296305fe0c36573775
Certificate serial:       018E582D44F83F4DBE9E88812311039F7812
Authority key identifier: 68:CC:32:5C:8A:D9:76:9A:1B:54:DA:29:63:05:FE:0C:36:57:37:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/hzB5pmwX56_ByZMLWxNfB0qu4Lg.roa
Signing time:             Tue 19 Mar 2024 19:25:45 +0000
ROA not before:           Tue 19 Mar 2024 19:25:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213224
IP address blocks:        85.235.158.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:58:2d:44:f8:3f:4d:be:9e:88:81:23:11:03:9f:78:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68cc325c8ad9769a1b54da296305fe0c36573775
        Validity
            Not Before: Mar 19 19:25:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=873079a66c17e7afc1c9930b5b135f074aaee0b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ca:76:6c:7f:4b:56:9e:dc:1a:dd:38:f0:49:
                    4b:c2:86:eb:b2:9d:72:b0:31:cf:cb:a3:88:13:fc:
                    84:a5:bc:4e:0b:ff:4e:90:ed:5c:3b:74:57:1f:40:
                    42:c4:4b:e2:ab:ef:c3:ef:b9:9a:40:b1:1c:7f:a5:
                    d6:89:0b:c2:9e:6e:9f:65:9f:67:ab:ca:d4:53:21:
                    7a:1a:2b:25:99:aa:6b:03:38:4b:95:82:ca:45:f1:
                    70:35:db:98:1b:96:26:6a:61:66:be:e3:57:c0:0d:
                    7d:93:91:f3:69:f9:b9:b9:51:57:05:c7:15:55:70:
                    99:a2:d0:83:53:7e:38:c9:cb:f9:ab:db:57:93:11:
                    04:f7:9d:66:e2:d9:87:01:52:5f:e9:a7:10:6d:f5:
                    ee:16:59:94:9a:fa:e1:38:f1:47:f9:bf:47:83:9e:
                    9b:7e:0b:e5:a4:2c:f1:00:04:ee:2c:89:55:db:ed:
                    7d:d5:df:f3:05:ef:84:2f:7e:a9:35:bd:ea:f0:cb:
                    88:ea:89:18:85:5b:c5:08:ce:2a:de:93:e6:34:98:
                    6f:16:ba:80:3b:a6:40:3f:a3:89:21:31:db:bb:07:
                    a4:64:e0:c3:81:08:0b:52:c7:01:bf:0f:13:92:1b:
                    2b:fd:ca:18:97:2f:ea:9a:dd:1c:1c:43:2f:5b:f2:
                    c9:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:30:79:A6:6C:17:E7:AF:C1:C9:93:0B:5B:13:5F:07:4A:AE:E0:B8
            X509v3 Authority Key Identifier:
                keyid:68:CC:32:5C:8A:D9:76:9A:1B:54:DA:29:63:05:FE:0C:36:57:37:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMwyXIrZdpobVNopYwX-DDZXN3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/hzB5pmwX56_ByZMLWxNfB0qu4Lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/617778-9f31-475b-84fa-74c979a6536e/1/aMwyXIrZdpobVNopYwX-DDZXN3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:4c:66:36:d8:27:93:9b:27:6f:6f:32:62:29:60:ff:11:e6:
         dc:92:a2:9e:53:a2:50:5f:5c:d7:15:0b:0a:cf:cc:c2:20:9f:
         bc:2f:6f:e0:65:81:75:ac:83:a7:97:88:ff:f9:2d:e4:51:b7:
         14:fb:54:13:31:19:46:76:0b:60:93:48:0e:95:af:0a:51:14:
         3b:49:23:a8:bf:ba:35:16:06:53:46:b2:4d:bb:ff:de:ca:c3:
         ad:65:2a:b1:e0:c5:61:40:21:4f:82:22:46:e4:4f:88:e2:cb:
         86:2f:d4:b3:16:2c:e2:14:5d:67:20:aa:f9:d7:e2:d1:e6:ba:
         fb:e1:57:f5:cb:39:a6:dc:ba:34:ca:5d:5b:83:43:15:55:14:
         3c:5a:22:a0:33:c5:24:74:a6:4d:76:78:e8:87:49:85:1b:3c:
         e8:0b:78:d5:a6:a1:af:95:c8:70:05:13:24:39:1f:60:78:49:
         27:48:da:90:2c:4c:2c:ce:44:bd:a4:ea:42:04:75:0a:c0:f8:
         72:41:83:3b:23:9a:65:c1:ba:fb:6f:7d:39:98:3d:ca:bb:77:
         c5:72:46:bd:71:ca:34:f4:98:01:67:4c:59:61:df:5a:8f:dc:
         17:8a:1b:53:05:82:e1:31:c1:3c:a7:2c:1f:5e:88:ef:f1:87:
         fc:85:63:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5YLUT4P02+noiBIxEDn3gSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4Y2MzMjVjOGFkOTc2OWExYjU0ZGEyOTYzMDVmZTBjMzY1
NzM3NzUwHhcNMjQwMzE5MTkyNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzMwNzlhNjZjMTdlN2FmYzFjOTkzMGI1YjEzNWYwNzRhYWVlMGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsp2bH9LVp7cGt048ElLwobrsp1y
sDHPy6OIE/yEpbxOC/9OkO1cO3RXH0BCxEviq+/D77maQLEcf6XWiQvCnm6fZZ9n
q8rUUyF6GislmaprAzhLlYLKRfFwNduYG5YmamFmvuNXwA19k5Hzafm5uVFXBccV
VXCZotCDU344ycv5q9tXkxEE951m4tmHAVJf6acQbfXuFlmUmvrhOPFH+b9Hg56b
fgvlpCzxAATuLIlV2+191d/zBe+EL36pNb3q8MuI6okYhVvFCM4q3pPmNJhvFrqA
O6ZAP6OJITHbuwekZODDgQgLUscBvw8Tkhsr/coYly/qmt0cHEMvW/LJLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcweaZsF+evwcmTC1sTXwdKruC4MB8GA1UdIwQY
MBaAFGjMMlyK2XaaG1TaKWMF/gw2Vzd1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU13eVhJclpkcG9iVk5vcFl3WC1ERFpYTjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi82MTc3NzgtOWYzMS00NzViLTg0ZmEt
NzRjOTc5YTY1MzZlLzEvaHpCNXBtd1g1Nl9CeVpNTFd4TmZCMHF1NExnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi82MTc3NzgtOWYzMS00NzViLTg0ZmEtNzRjOTc5YTY1MzZl
LzEvYU13eVhJclpkcG9iVk5vcFl3WC1ERFpYTjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVeueMA0G
CSqGSIb3DQEBCwUAA4IBAQBtTGY22CeTmydvbzJiKWD/EebckqKeU6JQX1zXFQsK
z8zCIJ+8L2/gZYF1rIOnl4j/+S3kUbcU+1QTMRlGdgtgk0gOla8KURQ7SSOov7o1
FgZTRrJNu//eysOtZSqx4MVhQCFPgiJG5E+I4suGL9SzFiziFF1nIKr51+LR5rr7
4Vf1yzmm3Lo0yl1bg0MVVRQ8WiKgM8UkdKZNdnjoh0mFGzzoC3jVpqGvlchwBRMk
OR9geEknSNqQLEwszkS9pOpCBHUKwPhyQYM7I5plwbr7b305mD3Ku3fFcka9cco0
9JgBZ0xZYd9aj9wXihtTBYLhMcE8pywfXojv8Yf8hWMs
-----END CERTIFICATE-----