Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/MzO_hlzRIGdrXRD8ZJKWdDZawto.roa
File:                     MzO_hlzRIGdrXRD8ZJKWdDZawto.roa (raw, json)
Hash identifier:          S+LPw8pYzFvsU5te2LsbQ0TJgTDz89il1/yD+/tgtlE=
Subject key identifier:   33:33:BF:86:5C:D1:20:67:6B:5D:10:FC:64:92:96:74:36:5A:C2:DA
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       018CC794F7333941C840016ECF526C9D0F38
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/MzO_hlzRIGdrXRD8ZJKWdDZawto.roa
Signing time:             Tue 02 Jan 2024 00:31:17 +0000
ROA not before:           Tue 02 Jan 2024 00:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        185.104.13.0/24 maxlen: 24
                          85.208.44.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 11:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:f7:33:39:41:c8:40:01:6e:cf:52:6c:9d:0f:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: Jan  2 00:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3333bf865cd120676b5d10fc64929674365ac2da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c0:a2:e1:06:6e:b6:06:11:e9:b6:f2:9d:7a:
                    fe:f9:de:49:3c:92:0e:cc:4e:19:21:ff:55:23:b3:
                    2b:f3:12:c2:1a:c8:d1:86:da:37:d7:1a:33:4b:05:
                    1e:e2:25:5b:4a:90:b8:0f:84:a3:30:dd:6d:be:15:
                    ae:e7:06:fc:b9:30:05:3b:68:a2:fe:5c:6b:8e:60:
                    f7:35:1e:db:33:87:cb:c4:95:79:e4:3e:ac:71:fd:
                    7c:11:2d:d9:2c:fb:29:a7:34:ee:81:ee:f6:01:be:
                    aa:f6:ef:8a:c6:1f:4a:98:a5:ff:b7:6a:86:3f:13:
                    f0:35:9e:75:1e:09:ba:48:26:56:35:64:06:01:23:
                    67:82:dd:7c:bb:af:9f:d2:27:54:ff:37:0c:d6:88:
                    34:4f:3e:a2:23:3b:25:c7:81:9f:9e:de:4a:fb:4f:
                    6f:65:74:9c:b8:42:03:11:8b:b6:bd:72:0b:a0:c2:
                    53:b9:1f:74:0f:6c:3a:50:4b:bd:7f:cb:73:33:9b:
                    a1:fd:75:9b:71:6d:92:2d:0c:a2:e7:44:6a:95:1c:
                    67:77:27:a9:92:3e:51:a1:77:13:6b:f1:b5:fd:e0:
                    aa:46:fe:1b:33:02:1a:93:93:a6:45:58:5e:91:0e:
                    06:d0:05:ef:80:a5:04:db:16:c9:18:4e:09:de:14:
                    2e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:33:BF:86:5C:D1:20:67:6B:5D:10:FC:64:92:96:74:36:5A:C2:DA
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/MzO_hlzRIGdrXRD8ZJKWdDZawto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.44.0/23
                  185.104.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:8f:b0:f0:d4:bb:32:58:cf:b8:95:56:1e:4c:e5:f0:ce:10:
         12:db:44:27:39:c7:f4:86:04:f0:f9:7b:72:87:f8:0f:52:3d:
         a9:ce:8a:64:d5:df:5a:a4:6f:ec:3f:b8:2f:9e:01:09:63:9a:
         b8:fc:38:37:f2:59:38:dc:5e:51:c2:6e:b7:ec:65:ec:c6:05:
         ac:02:82:77:5a:ed:c5:b7:72:a1:9e:19:91:cf:b6:7c:b3:6b:
         ee:da:2b:af:42:71:4b:6f:36:54:2d:a9:bc:12:d8:6d:f6:02:
         d9:4b:c7:84:3f:47:c1:b9:b7:c6:07:b8:29:37:95:4e:c6:c0:
         09:3d:21:bf:39:a7:a0:3b:f8:89:11:47:68:7e:9c:32:02:10:
         1e:dd:40:19:d8:74:6a:ad:e4:41:bb:0b:04:37:96:24:40:2f:
         64:7c:11:11:5d:39:e2:b0:90:9d:02:59:f6:73:15:25:3f:e6:
         56:5c:d4:0f:1f:c2:e9:01:19:a3:b6:e2:10:76:6b:f1:0f:75:
         dc:ce:9c:fe:e1:7a:49:8e:50:f4:3c:00:89:47:ba:9e:f6:67:
         9b:11:e5:c7:3b:d4:c4:97:86:a0:b0:82:ac:fa:a1:bc:9a:0d:
         c7:1a:0e:8d:7e:b9:5e:ff:91:7b:64:b7:d5:94:4f:d5:84:b7:
         e5:cb:89:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlPczOUHIQAFuz1JsnQ84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjQwMTAyMDAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzMzYmY4NjVjZDEyMDY3NmI1ZDEwZmM2NDkyOTY3NDM2NWFjMmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMCi4QZutgYR6bbynXr++d5JPJIO
zE4ZIf9VI7Mr8xLCGsjRhto31xozSwUe4iVbSpC4D4SjMN1tvhWu5wb8uTAFO2ii
/lxrjmD3NR7bM4fLxJV55D6scf18ES3ZLPsppzTuge72Ab6q9u+Kxh9KmKX/t2qG
PxPwNZ51Hgm6SCZWNWQGASNngt18u6+f0idU/zcM1og0Tz6iIzslx4Gfnt5K+09v
ZXScuEIDEYu2vXILoMJTuR90D2w6UEu9f8tzM5uh/XWbcW2SLQyi50RqlRxndyep
kj5RoXcTa/G1/eCqRv4bMwIak5OmRVhekQ4G0AXvgKUE2xbJGE4J3hQuVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDMzv4Zc0SBna10Q/GSSlnQ2WsLaMB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvTXpPX2hselJJR2RyWFJEOFpKS1dkRFphd3RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVdAsAwQA
uWgNMA0GCSqGSIb3DQEBCwUAA4IBAQCLj7Dw1LsyWM+4lVYeTOXwzhAS20QnOcf0
hgTw+Xtyh/gPUj2pzopk1d9apG/sP7gvngEJY5q4/Dg38lk43F5Rwm637GXsxgWs
AoJ3Wu3Ft3KhnhmRz7Z8s2vu2iuvQnFLbzZULam8Etht9gLZS8eEP0fBubfGB7gp
N5VOxsAJPSG/OaegO/iJEUdofpwyAhAe3UAZ2HRqreRBuwsEN5YkQC9kfBERXTni
sJCdAln2cxUlP+ZWXNQPH8LpARmjtuIQdmvxD3Xczpz+4XpJjlD0PACJR7qe9meb
EeXHO9TEl4agsIKs+qG8mg3HGg6Nfrle/5F7ZLfVlE/VhLfly4mu
-----END CERTIFICATE-----