Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/d85bc7-58a6-407a-8acb-7509f7f4c5a6/1/Z5X1p3a4s0ndZCuSM-4yVDfeUhQ.roa
File:                     Z5X1p3a4s0ndZCuSM-4yVDfeUhQ.roa (raw, json)
Hash identifier:          zoOS0mMzuF4j4DqnLeQsCOmgdlXtPzN9Tnv1spdp8t8=
Subject key identifier:   67:95:F5:A7:76:B8:B3:49:DD:64:2B:92:33:EE:32:54:37:DE:52:14
Certificate issuer:       /CN=e8f99cd884fb5cbab3f3b34e17a80a48adec3fe5
Certificate serial:       018CC86EF08E805357093BDC8D157B444630
Authority key identifier: E8:F9:9C:D8:84:FB:5C:BA:B3:F3:B3:4E:17:A8:0A:48:AD:EC:3F:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Pmc2IT7XLqz87NOF6gKSK3sP-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/d85bc7-58a6-407a-8acb-7509f7f4c5a6/1/Z5X1p3a4s0ndZCuSM-4yVDfeUhQ.roa
Signing time:             Tue 02 Jan 2024 04:29:22 +0000
ROA not before:           Tue 02 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        178.175.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/d85bc7-58a6-407a-8acb-7509f7f4c5a6/1/6Pmc2IT7XLqz87NOF6gKSK3sP-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/d85bc7-58a6-407a-8acb-7509f7f4c5a6/1/6Pmc2IT7XLqz87NOF6gKSK3sP-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Pmc2IT7XLqz87NOF6gKSK3sP-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f0:8e:80:53:57:09:3b:dc:8d:15:7b:44:46:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8f99cd884fb5cbab3f3b34e17a80a48adec3fe5
        Validity
            Not Before: Jan  2 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6795f5a776b8b349dd642b9233ee325437de5214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c8:06:35:06:9c:ba:e8:40:af:14:4d:b8:dc:
                    79:66:1a:90:12:90:e9:62:68:33:2f:e1:8d:56:0d:
                    3d:66:98:a3:7c:dd:d6:9d:ff:a6:26:08:87:78:00:
                    08:ab:13:f4:84:9d:0e:0b:8f:59:41:f6:68:70:0c:
                    de:d6:d7:2f:32:b3:d6:66:5a:0b:1e:f0:c1:b4:a1:
                    49:f5:71:55:b6:9d:2b:ed:57:cc:1b:9f:9e:be:89:
                    17:31:53:74:3a:e5:9f:a7:b2:13:cd:ef:47:15:a5:
                    56:6a:71:c6:10:5e:b0:b5:96:31:0c:ee:9f:54:66:
                    22:6d:ef:c0:d1:ed:d6:2a:ec:1e:a9:bb:74:2b:9a:
                    e1:7f:ef:d2:e9:91:11:4d:e7:7e:a8:40:7b:4b:96:
                    6d:e7:80:d6:7a:80:f6:07:4e:e6:51:fb:e2:98:9c:
                    51:77:98:e0:a8:01:cc:4f:9d:a3:cc:e3:fd:0c:2e:
                    83:1b:a8:c9:08:e6:82:62:3c:45:ee:1e:fe:a0:ed:
                    49:a6:89:8d:14:74:20:24:53:b1:04:50:f0:d6:c5:
                    86:7f:dc:2d:87:4b:11:d4:e9:7c:1f:36:50:45:60:
                    b5:a1:fc:37:89:c4:b2:72:2e:d8:da:05:a5:26:84:
                    ae:dc:22:f9:0a:76:96:c9:34:61:c5:ec:2c:2b:79:
                    4b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:95:F5:A7:76:B8:B3:49:DD:64:2B:92:33:EE:32:54:37:DE:52:14
            X509v3 Authority Key Identifier:
                keyid:E8:F9:9C:D8:84:FB:5C:BA:B3:F3:B3:4E:17:A8:0A:48:AD:EC:3F:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Pmc2IT7XLqz87NOF6gKSK3sP-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/d85bc7-58a6-407a-8acb-7509f7f4c5a6/1/Z5X1p3a4s0ndZCuSM-4yVDfeUhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/d85bc7-58a6-407a-8acb-7509f7f4c5a6/1/6Pmc2IT7XLqz87NOF6gKSK3sP-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.175.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:b5:b8:9a:45:a5:e7:fc:85:7f:b4:52:d1:5f:06:84:ba:e5:
         65:cc:7f:99:8f:3b:99:10:a7:0e:b7:a4:30:27:46:25:9c:74:
         03:f4:ee:34:f3:d2:23:b5:ee:ab:94:02:30:ac:4a:cc:1f:00:
         d5:e5:ef:e7:17:cc:33:f9:c6:a1:2e:70:bf:7e:ae:c8:c0:31:
         16:8c:4e:d2:16:41:82:be:07:06:e8:35:be:b0:f8:64:b6:d3:
         5f:e3:33:1a:85:61:92:12:6b:50:0b:79:c5:4e:25:b0:65:9b:
         fc:bd:7d:8c:13:ac:1f:9a:f3:48:11:bd:fc:7e:73:9b:88:76:
         96:71:b8:f5:6f:40:ca:89:94:d0:3d:1f:ab:4c:d8:6c:09:be:
         36:0f:aa:ee:c1:77:90:ff:ae:23:89:57:28:1b:f9:f8:9d:e3:
         3d:54:3a:f4:6d:5c:ad:be:48:42:96:7b:15:c6:2c:f5:79:71:
         19:c7:a6:ba:4b:3e:d4:8b:64:b2:9a:13:30:9d:29:d8:0b:75:
         d4:6e:fe:97:8a:b6:6d:77:ae:27:37:82:33:4f:2b:0c:06:0d:
         c1:91:59:ce:c1:1f:21:55:ed:f8:5a:02:28:b6:b9:c6:94:69:
         e1:45:36:63:5c:75:9d:41:6a:07:4b:c2:69:df:40:c2:e7:32:
         4f:fa:ed:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvCOgFNXCTvcjRV7REYwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4Zjk5Y2Q4ODRmYjVjYmFiM2YzYjM0ZTE3YTgwYTQ4YWRl
YzNmZTUwHhcNMjQwMTAyMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzk1ZjVhNzc2YjhiMzQ5ZGQ2NDJiOTIzM2VlMzI1NDM3ZGU1MjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8gGNQacuuhArxRNuNx5ZhqQEpDp
YmgzL+GNVg09ZpijfN3Wnf+mJgiHeAAIqxP0hJ0OC49ZQfZocAze1tcvMrPWZloL
HvDBtKFJ9XFVtp0r7VfMG5+evokXMVN0OuWfp7ITze9HFaVWanHGEF6wtZYxDO6f
VGYibe/A0e3WKuweqbt0K5rhf+/S6ZERTed+qEB7S5Zt54DWeoD2B07mUfvimJxR
d5jgqAHMT52jzOP9DC6DG6jJCOaCYjxF7h7+oO1JpomNFHQgJFOxBFDw1sWGf9wt
h0sR1Ol8HzZQRWC1ofw3icSyci7Y2gWlJoSu3CL5CnaWyTRhxewsK3lLKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGeV9ad2uLNJ3WQrkjPuMlQ33lIUMB8GA1UdIwQY
MBaAFOj5nNiE+1y6s/OzTheoCkit7D/lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlBtYzJJVDdYTHF6ODdOT0Y2Z0tTSzNzUC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9kODViYzctNThhNi00MDdhLThhY2It
NzUwOWY3ZjRjNWE2LzEvWjVYMXAzYTRzMG5kWkN1U00tNHlWRGZlVWhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9kODViYzctNThhNi00MDdhLThhY2ItNzUwOWY3ZjRjNWE2
LzEvNlBtYzJJVDdYTHF6ODdOT0Y2Z0tTSzNzUC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsq+2MA0G
CSqGSIb3DQEBCwUAA4IBAQBVtbiaRaXn/IV/tFLRXwaEuuVlzH+ZjzuZEKcOt6Qw
J0YlnHQD9O4089Ijte6rlAIwrErMHwDV5e/nF8wz+cahLnC/fq7IwDEWjE7SFkGC
vgcG6DW+sPhkttNf4zMahWGSEmtQC3nFTiWwZZv8vX2ME6wfmvNIEb38fnObiHaW
cbj1b0DKiZTQPR+rTNhsCb42D6ruwXeQ/64jiVcoG/n4neM9VDr0bVytvkhClnsV
xiz1eXEZx6a6Sz7Ui2SymhMwnSnYC3XUbv6XirZtd64nN4IzTysMBg3BkVnOwR8h
Ve34WgIotrnGlGnhRTZjXHWdQWoHS8Jp30DC5zJP+u0r
-----END CERTIFICATE-----