Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/6cdb63-9cfd-4984-877e-09210212714c/1/nZvZwSn5iFyaC8Yp3FAjjusnblc.roa
File:                     nZvZwSn5iFyaC8Yp3FAjjusnblc.roa (raw, json)
Hash identifier:          u/4S40KQdpZS6v0v8C7Ngo2Y3BfFpYAApd1jpIHWq/U=
Subject key identifier:   9D:9B:D9:C1:29:F9:88:5C:9A:0B:C6:29:DC:50:23:8E:EB:27:6E:57
Certificate issuer:       /CN=195997a8bfc698b8eb9e8728ecaf12a527b357df
Certificate serial:       018CC4247C44883395F74A5F6790CE141BAF
Authority key identifier: 19:59:97:A8:BF:C6:98:B8:EB:9E:87:28:EC:AF:12:A5:27:B3:57:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GVmXqL_GmLjrnoco7K8SpSezV98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/6cdb63-9cfd-4984-877e-09210212714c/1/nZvZwSn5iFyaC8Yp3FAjjusnblc.roa
Signing time:             Mon 01 Jan 2024 08:29:34 +0000
ROA not before:           Mon 01 Jan 2024 08:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202869
IP address blocks:        185.152.52.0/22 maxlen: 22
                          2a07:7f00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/6cdb63-9cfd-4984-877e-09210212714c/1/GVmXqL_GmLjrnoco7K8SpSezV98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/6cdb63-9cfd-4984-877e-09210212714c/1/GVmXqL_GmLjrnoco7K8SpSezV98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GVmXqL_GmLjrnoco7K8SpSezV98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7c:44:88:33:95:f7:4a:5f:67:90:ce:14:1b:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=195997a8bfc698b8eb9e8728ecaf12a527b357df
        Validity
            Not Before: Jan  1 08:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d9bd9c129f9885c9a0bc629dc50238eeb276e57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:88:0e:57:99:ed:3b:18:58:3d:d1:bb:db:a1:
                    1e:54:1b:b1:3a:c4:d7:e2:40:5e:4e:b8:83:7f:ed:
                    f2:b8:d9:19:d3:bd:93:3d:af:c1:a3:8e:f7:ab:87:
                    aa:fd:a9:81:97:8c:8a:99:d7:4b:e6:17:13:1d:5f:
                    39:0f:09:ad:b5:90:57:74:bf:3e:b9:f8:92:d2:c8:
                    9a:53:0d:1e:ab:ca:63:81:87:74:24:50:a5:b8:8e:
                    06:18:8b:b7:51:d5:9c:b2:f1:15:d6:ad:05:56:0c:
                    23:c8:b5:84:c6:aa:4c:5f:9b:98:8c:36:98:6c:d4:
                    6b:da:ae:91:9f:30:f7:67:f0:7a:86:23:13:8e:2a:
                    06:1b:5f:07:88:1e:31:f8:45:f8:49:31:b9:94:dd:
                    a2:d7:9b:65:7b:74:00:39:e5:7a:af:7c:26:36:f8:
                    29:7a:b2:af:53:2d:2f:32:6a:22:ea:d2:b9:66:ef:
                    32:d6:6c:c7:18:bd:9a:c1:69:75:7a:32:c1:6a:5f:
                    33:52:7e:51:99:03:ae:93:95:87:15:69:b9:e0:7f:
                    cc:10:a7:5e:8c:07:42:2b:31:11:f5:12:17:f1:2c:
                    d1:fe:b6:86:91:ff:30:7b:40:e5:da:ff:38:5a:d8:
                    27:fa:42:f0:57:a0:f3:10:81:88:ea:e0:6a:38:0b:
                    8b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:9B:D9:C1:29:F9:88:5C:9A:0B:C6:29:DC:50:23:8E:EB:27:6E:57
            X509v3 Authority Key Identifier:
                keyid:19:59:97:A8:BF:C6:98:B8:EB:9E:87:28:EC:AF:12:A5:27:B3:57:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GVmXqL_GmLjrnoco7K8SpSezV98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/6cdb63-9cfd-4984-877e-09210212714c/1/nZvZwSn5iFyaC8Yp3FAjjusnblc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/6cdb63-9cfd-4984-877e-09210212714c/1/GVmXqL_GmLjrnoco7K8SpSezV98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.52.0/22
                IPv6:
                  2a07:7f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         c3:9a:55:f4:d6:aa:42:13:e3:f5:81:5d:2b:80:88:7e:44:1c:
         14:51:ee:3e:23:9b:e7:b4:0e:b1:ba:79:9e:60:aa:fe:fe:35:
         5a:0c:3c:5d:47:f8:7b:15:14:e5:ef:e9:9b:b9:9b:d3:8d:c0:
         8c:d9:58:4e:6c:2d:5f:22:91:2e:45:9d:c0:38:99:5b:2d:3f:
         01:de:1d:00:70:a4:82:13:43:d8:f8:3d:3c:ef:62:e8:75:4b:
         d7:f1:47:76:90:8a:62:28:67:53:83:67:45:d7:6a:10:b9:0d:
         f6:86:e0:65:26:be:64:90:24:07:03:de:86:9b:b7:52:03:58:
         3a:44:53:53:9c:aa:fb:fd:50:0d:b2:ac:2b:b1:cd:e5:93:2f:
         69:e4:f5:93:d4:bf:4d:ea:f1:ca:b1:db:3a:56:c7:b6:7b:9a:
         ba:4e:0d:e5:d5:d2:dd:17:dc:a6:d9:27:cc:96:86:82:f6:c7:
         57:71:d0:23:1f:e9:33:af:31:fe:ad:1d:63:55:58:ce:07:9c:
         e7:6d:1a:fd:46:27:ef:07:7a:65:c9:29:c2:24:b9:3b:5a:2f:
         13:89:1f:ee:58:9f:8e:e1:14:df:d2:f9:20:e6:26:9e:71:07:
         c5:1c:bf:e8:25:90:91:4f:45:d0:14:e4:25:cd:98:31:e0:8d:
         dc:f2:2e:0d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJHxEiDOV90pfZ5DOFBuvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NTk5N2E4YmZjNjk4YjhlYjllODcyOGVjYWYxMmE1Mjdi
MzU3ZGYwHhcNMjQwMTAxMDgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDliZDljMTI5Zjk4ODVjOWEwYmM2MjlkYzUwMjM4ZWViMjc2ZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYgOV5ntOxhYPdG726EeVBuxOsTX
4kBeTriDf+3yuNkZ072TPa/Bo473q4eq/amBl4yKmddL5hcTHV85DwmttZBXdL8+
ufiS0siaUw0eq8pjgYd0JFCluI4GGIu3UdWcsvEV1q0FVgwjyLWExqpMX5uYjDaY
bNRr2q6RnzD3Z/B6hiMTjioGG18HiB4x+EX4STG5lN2i15tle3QAOeV6r3wmNvgp
erKvUy0vMmoi6tK5Zu8y1mzHGL2awWl1ejLBal8zUn5RmQOuk5WHFWm54H/MEKde
jAdCKzER9RIX8SzR/raGkf8we0Dl2v84Wtgn+kLwV6DzEIGI6uBqOAuLqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ2b2cEp+YhcmgvGKdxQI47rJ25XMB8GA1UdIwQY
MBaAFBlZl6i/xpi4656HKOyvEqUns1ffMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1ZtWHFMX0dtTGpybm9jbzdLOFNwU2V6Vjk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi82Y2RiNjMtOWNmZC00OTg0LTg3N2Ut
MDkyMTAyMTI3MTRjLzEvblp2WndTbjVpRnlhQzhZcDNGQWpqdXNuYmxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi82Y2RiNjMtOWNmZC00OTg0LTg3N2UtMDkyMTAyMTI3MTRj
LzEvR1ZtWHFMX0dtTGpybm9jbzdLOFNwU2V6Vjk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZg0MA0E
AgACMAcDBQMqB38AMA0GCSqGSIb3DQEBCwUAA4IBAQDDmlX01qpCE+P1gV0rgIh+
RBwUUe4+I5vntA6xunmeYKr+/jVaDDxdR/h7FRTl7+mbuZvTjcCM2VhObC1fIpEu
RZ3AOJlbLT8B3h0AcKSCE0PY+D0872LodUvX8Ud2kIpiKGdTg2dF12oQuQ32huBl
Jr5kkCQHA96Gm7dSA1g6RFNTnKr7/VANsqwrsc3lky9p5PWT1L9N6vHKsds6Vse2
e5q6Tg3l1dLdF9ym2SfMloaC9sdXcdAjH+kzrzH+rR1jVVjOB5znbRr9RifvB3pl
ySnCJLk7Wi8TiR/uWJ+O4RTf0vkg5iaecQfFHL/oJZCRT0XQFOQlzZgx4I3c8i4N
-----END CERTIFICATE-----