Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/Rzkz5hRGsYcEBsQcQ9aUlp6boPA.roa
File:                     Rzkz5hRGsYcEBsQcQ9aUlp6boPA.roa (raw, json)
Hash identifier:          et0PCpNv1VzKRTryavaM8CX2sUM08BdSuEiCDkznEK0=
Subject key identifier:   47:39:33:E6:14:46:B1:87:04:06:C4:1C:43:D6:94:96:9E:9B:A0:F0
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       018CCA99A37B561ACE967D5D68067B0C3114
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/Rzkz5hRGsYcEBsQcQ9aUlp6boPA.roa
Signing time:             Tue 02 Jan 2024 14:35:15 +0000
ROA not before:           Tue 02 Jan 2024 14:35:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211717
IP address blocks:        188.85.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:a3:7b:56:1a:ce:96:7d:5d:68:06:7b:0c:31:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Jan  2 14:35:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=473933e61446b1870406c41c43d694969e9ba0f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3d:d5:83:c6:d8:77:ec:e4:9a:b0:ae:0f:04:
                    2c:6a:73:1c:5e:8f:2b:0f:7c:7d:61:8c:76:d1:38:
                    c6:2e:ed:1a:2f:4e:8f:e5:eb:6d:71:c4:1d:6f:31:
                    6b:68:41:07:cb:30:a5:78:a0:5d:16:85:06:f5:fd:
                    f5:48:8b:20:fe:3c:59:0d:9a:a1:fa:9f:2d:27:af:
                    aa:2e:c8:df:f6:d8:b2:f1:ec:cf:39:16:a2:51:16:
                    80:90:50:c3:10:6d:a7:87:e2:d1:45:53:89:de:75:
                    38:2a:41:30:8a:fe:e9:20:d5:95:b6:27:80:b3:6e:
                    2c:8d:6e:8c:a9:c1:44:f6:59:80:b9:af:07:fb:9a:
                    fd:c5:f5:e8:6a:ba:d9:63:9d:c3:f5:08:66:72:22:
                    61:99:80:fa:c9:47:2d:9d:78:28:bc:12:dd:24:4d:
                    73:ba:be:aa:31:ed:60:6c:95:fb:04:ac:28:5c:cf:
                    18:d8:40:35:72:99:fe:07:f9:9b:e6:8d:bd:87:ae:
                    12:81:65:fe:e7:cf:05:2e:c3:48:36:b7:e0:5e:8b:
                    d9:9d:94:13:96:d9:eb:a4:47:d0:08:3b:77:2b:dd:
                    c9:77:24:60:d0:f7:a3:a4:b2:5d:f4:da:58:60:54:
                    13:cc:ce:35:30:46:55:10:8b:c7:0c:ed:15:87:67:
                    35:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:39:33:E6:14:46:B1:87:04:06:C4:1C:43:D6:94:96:9E:9B:A0:F0
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/Rzkz5hRGsYcEBsQcQ9aUlp6boPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.85.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:1d:27:b0:82:6d:11:ed:1b:f8:fe:9a:51:ca:3c:9a:0d:8b:
         80:70:77:25:ed:40:af:9e:4d:36:c3:00:3c:2d:33:8a:91:74:
         61:87:0a:24:57:a9:ac:11:5b:29:85:fd:79:34:bd:e3:a4:fe:
         7c:58:3a:32:d3:10:6e:e1:cc:5c:b0:32:71:55:88:cc:21:84:
         ca:63:1b:74:43:a8:00:08:86:00:86:52:86:ed:41:7a:37:21:
         84:9d:20:6d:5c:19:3a:27:1a:b1:18:37:a7:ce:b3:b0:31:38:
         ad:59:f6:84:8c:de:1b:ec:8e:0d:6f:31:d2:3f:5a:0a:59:74:
         81:66:96:ac:9c:cc:f0:2b:c8:9d:1e:0f:47:a5:41:57:47:e9:
         47:8a:a3:c4:8e:6f:94:41:33:b6:a6:0f:0b:89:8d:70:57:40:
         16:2e:a3:72:81:93:fc:e3:31:81:92:e8:74:b0:bf:ff:0e:2f:
         ac:54:a4:28:90:43:35:cd:85:c3:33:23:04:12:93:48:e9:55:
         34:a3:fe:38:5b:bf:72:42:39:dd:08:08:5c:7b:11:12:3e:5f:
         fe:fa:b4:92:38:30:63:95:e1:01:95:0a:44:47:dc:d4:2d:d2:
         9d:fe:6f:60:6c:b4:bb:f4:58:07:ba:81:6e:7a:98:c4:13:71:
         d1:56:02:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmaN7VhrOln1daAZ7DDEUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjQwMTAyMTQzNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzM5MzNlNjE0NDZiMTg3MDQwNmM0MWM0M2Q2OTQ5NjllOWJhMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuz3Vg8bYd+zkmrCuDwQsanMcXo8r
D3x9YYx20TjGLu0aL06P5ettccQdbzFraEEHyzCleKBdFoUG9f31SIsg/jxZDZqh
+p8tJ6+qLsjf9tiy8ezPORaiURaAkFDDEG2nh+LRRVOJ3nU4KkEwiv7pINWVtieA
s24sjW6MqcFE9lmAua8H+5r9xfXoarrZY53D9QhmciJhmYD6yUctnXgovBLdJE1z
ur6qMe1gbJX7BKwoXM8Y2EA1cpn+B/mb5o29h64SgWX+588FLsNINrfgXovZnZQT
ltnrpEfQCDt3K93JdyRg0PejpLJd9NpYYFQTzM41MEZVEIvHDO0Vh2c1dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEc5M+YURrGHBAbEHEPWlJaem6DwMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvUnprejVoUkdzWWNFQnNRY1E5YVVscDZib1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvFWZMA0G
CSqGSIb3DQEBCwUAA4IBAQARHSewgm0R7Rv4/ppRyjyaDYuAcHcl7UCvnk02wwA8
LTOKkXRhhwokV6msEVsphf15NL3jpP58WDoy0xBu4cxcsDJxVYjMIYTKYxt0Q6gA
CIYAhlKG7UF6NyGEnSBtXBk6JxqxGDenzrOwMTitWfaEjN4b7I4NbzHSP1oKWXSB
ZpasnMzwK8idHg9HpUFXR+lHiqPEjm+UQTO2pg8LiY1wV0AWLqNygZP84zGBkuh0
sL//Di+sVKQokEM1zYXDMyMEEpNI6VU0o/44W79yQjndCAhcexESPl/++rSSODBj
leEBlQpER9zULdKd/m9gbLS79FgHuoFuepjEE3HRVgLD
-----END CERTIFICATE-----