Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/P-z5fwzH45R_EsNcfky7kntoNZU.roa
File:                     P-z5fwzH45R_EsNcfky7kntoNZU.roa (raw, json)
Hash identifier:          oz4DM9ZZqP27FJbrupYX9EKeV3/ghVB0sW0J5c2flvE=
Subject key identifier:   3F:EC:F9:7F:0C:C7:E3:94:7F:12:C3:5C:7E:4C:BB:92:7B:68:35:95
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       018CCA999F1B2317C5BB948C15379975E5D8
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/P-z5fwzH45R_EsNcfky7kntoNZU.roa
Signing time:             Tue 02 Jan 2024 14:35:14 +0000
ROA not before:           Tue 02 Jan 2024 14:35:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50926
IP address blocks:        217.130.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:9f:1b:23:17:c5:bb:94:8c:15:37:99:75:e5:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Jan  2 14:35:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fecf97f0cc7e3947f12c35c7e4cbb927b683595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0f:00:3c:6e:04:b3:41:90:57:96:d0:7b:30:
                    82:3f:39:99:21:79:1b:ba:de:aa:5a:6b:f6:f3:17:
                    1c:ee:ef:1e:cb:cb:f8:88:b4:b4:ed:7c:a1:66:21:
                    f5:9b:7a:2c:bb:cc:03:cf:53:0a:e0:42:19:ee:b5:
                    e7:72:2b:53:84:2f:0b:3b:fb:ae:3c:b3:1e:ce:9c:
                    93:70:a5:cb:c6:c7:ce:86:50:25:8f:af:8d:b2:6b:
                    a1:53:4b:0d:66:d0:04:7d:f6:ec:99:92:b2:2d:41:
                    41:83:53:8e:7b:08:66:8a:28:b1:7f:2b:6b:ad:c1:
                    3f:79:05:8b:27:e2:f4:89:23:9d:dc:c5:aa:2e:4b:
                    61:ab:1d:dc:53:7e:54:11:9a:85:8b:50:3d:cf:13:
                    03:70:22:ee:ec:70:6b:3c:92:45:54:50:ba:be:a4:
                    d1:13:09:42:fe:f9:a2:5d:fe:29:11:a0:30:34:0c:
                    dd:43:fa:66:6b:2c:8a:31:c6:99:1c:5f:1a:c1:52:
                    98:79:f5:70:dd:53:36:d1:4f:99:8b:1b:8a:66:24:
                    ad:07:70:b4:39:88:fd:96:48:2c:c4:aa:ef:5c:8c:
                    33:42:56:54:c9:dd:18:0e:0f:29:2a:47:09:3e:81:
                    b2:d8:dd:d4:8b:31:26:3e:cc:64:3b:09:1e:60:76:
                    b1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:EC:F9:7F:0C:C7:E3:94:7F:12:C3:5C:7E:4C:BB:92:7B:68:35:95
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/P-z5fwzH45R_EsNcfky7kntoNZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.130.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:a1:87:e4:ba:f6:21:c7:83:75:48:67:7d:29:e1:78:15:6e:
         6e:a6:62:a8:82:3a:4d:ae:18:0c:97:21:9a:2d:e4:73:a5:50:
         68:4e:d7:6a:29:71:d4:f3:f9:33:6f:ac:31:a5:52:74:a8:4a:
         0f:0b:c0:b7:4a:6b:50:b1:96:ba:a4:76:0c:ab:38:a2:17:83:
         57:6d:e5:7a:ed:5d:2d:ca:22:2b:92:56:3d:f2:65:9d:83:68:
         d6:b2:a9:9a:de:d0:18:62:83:4b:50:26:2c:2a:ed:d3:ce:54:
         63:09:7e:fe:a4:7a:dd:8d:4d:48:19:d1:cb:51:13:66:c4:6d:
         a4:bf:20:bc:5c:f1:9b:89:e4:e1:a8:9a:41:bd:ca:9b:85:2e:
         b0:15:aa:fa:5a:c0:72:37:63:75:e0:a3:d7:3e:04:1f:2e:dc:
         1d:68:c0:a8:bd:5a:7e:32:0e:12:be:9c:7a:6d:b1:2a:70:4c:
         6a:7d:82:0b:08:22:d6:d5:6d:11:f8:2f:68:3c:16:38:d3:5a:
         1d:84:37:5b:82:6a:a4:8c:d1:59:52:88:a0:24:81:c2:74:61:
         44:32:ff:62:26:cc:bc:42:1f:30:28:f7:48:66:08:2e:4f:32:
         e4:7e:07:8d:d7:6f:d3:22:83:6d:40:12:62:e2:cd:20:19:f1:
         c9:24:43:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmZ8bIxfFu5SMFTeZdeXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjQwMTAyMTQzNTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmVjZjk3ZjBjYzdlMzk0N2YxMmMzNWM3ZTRjYmI5MjdiNjgzNTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqw8APG4Es0GQV5bQezCCPzmZIXkb
ut6qWmv28xcc7u8ey8v4iLS07XyhZiH1m3osu8wDz1MK4EIZ7rXncitThC8LO/uu
PLMezpyTcKXLxsfOhlAlj6+NsmuhU0sNZtAEffbsmZKyLUFBg1OOewhmiiixfytr
rcE/eQWLJ+L0iSOd3MWqLkthqx3cU35UEZqFi1A9zxMDcCLu7HBrPJJFVFC6vqTR
EwlC/vmiXf4pEaAwNAzdQ/pmayyKMcaZHF8awVKYefVw3VM20U+ZixuKZiStB3C0
OYj9lkgsxKrvXIwzQlZUyd0YDg8pKkcJPoGy2N3UizEmPsxkOwkeYHaxRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/s+X8Mx+OUfxLDXH5Mu5J7aDWVMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvUC16NWZ3ekg0NVJfRXNOY2ZreTdrbnRvTlpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2YL0MA0G
CSqGSIb3DQEBCwUAA4IBAQBVoYfkuvYhx4N1SGd9KeF4FW5upmKogjpNrhgMlyGa
LeRzpVBoTtdqKXHU8/kzb6wxpVJ0qEoPC8C3SmtQsZa6pHYMqziiF4NXbeV67V0t
yiIrklY98mWdg2jWsqma3tAYYoNLUCYsKu3TzlRjCX7+pHrdjU1IGdHLURNmxG2k
vyC8XPGbieThqJpBvcqbhS6wFar6WsByN2N14KPXPgQfLtwdaMCovVp+Mg4Svpx6
bbEqcExqfYILCCLW1W0R+C9oPBY401odhDdbgmqkjNFZUoigJIHCdGFEMv9iJsy8
Qh8wKPdIZgguTzLkfgeN12/TIoNtQBJi4s0gGfHJJEN0
-----END CERTIFICATE-----