Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/70de80-50e9-4c1d-a7b4-e904318342ee/1/IZoznliVtjVIYkEcgrXIXJKiizY.roa
File:                     IZoznliVtjVIYkEcgrXIXJKiizY.roa (raw, json)
Hash identifier:          yHcwTtYvKUCq71UZTrraFcP1X2JvhkVWNBqzF0x1JwY=
Subject key identifier:   21:9A:33:9E:58:95:B6:35:48:62:41:1C:82:B5:C8:5C:92:A2:8B:36
Certificate issuer:       /CN=b5473128de54976db62d9bd1614e77c43dee39b5
Certificate serial:       018CC2DB491C9A8F695C69C41A1F1796C221
Authority key identifier: B5:47:31:28:DE:54:97:6D:B6:2D:9B:D1:61:4E:77:C4:3D:EE:39:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tUcxKN5Ul222LZvRYU53xD3uObU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/70de80-50e9-4c1d-a7b4-e904318342ee/1/IZoznliVtjVIYkEcgrXIXJKiizY.roa
Signing time:             Mon 01 Jan 2024 02:30:00 +0000
ROA not before:           Mon 01 Jan 2024 02:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39526
IP address blocks:        193.111.29.0/24 maxlen: 32
                          2001:67c:2124::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/70de80-50e9-4c1d-a7b4-e904318342ee/1/tUcxKN5Ul222LZvRYU53xD3uObU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/70de80-50e9-4c1d-a7b4-e904318342ee/1/tUcxKN5Ul222LZvRYU53xD3uObU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tUcxKN5Ul222LZvRYU53xD3uObU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:49:1c:9a:8f:69:5c:69:c4:1a:1f:17:96:c2:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5473128de54976db62d9bd1614e77c43dee39b5
        Validity
            Not Before: Jan  1 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=219a339e5895b6354862411c82b5c85c92a28b36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e4:70:42:d4:dd:85:f2:f4:4a:a9:7e:a5:8e:
                    8d:f1:16:e8:6e:65:50:ff:16:7f:c2:bb:7a:0f:f2:
                    9c:d9:31:3e:c3:5e:96:4f:54:2a:21:a7:99:40:97:
                    00:05:a1:52:2b:3f:d3:e3:f4:57:57:55:41:36:76:
                    39:3a:f6:46:2d:c6:62:fd:c4:5c:88:bd:da:85:e1:
                    de:11:52:dd:be:b4:4c:93:9a:28:42:8f:7c:51:c9:
                    23:8a:82:69:b8:60:5e:43:d3:59:39:ff:0c:55:f5:
                    d1:42:f4:e2:7c:37:22:3f:9a:88:d0:6f:ff:6d:bb:
                    90:ca:27:6a:71:b6:86:25:59:17:4a:40:c2:45:71:
                    d3:e9:8b:e2:ca:e9:1c:0a:bb:e5:5e:73:db:d5:ae:
                    05:bd:c9:6d:f7:b5:ec:6c:79:02:36:af:dd:28:46:
                    18:15:81:19:ce:74:dd:dc:85:7b:61:46:a7:52:6b:
                    e8:9b:78:da:0e:0d:ee:89:b7:ef:90:19:1a:eb:06:
                    43:eb:27:a2:94:3f:45:97:d6:d9:a6:60:68:ba:c6:
                    25:83:ab:48:e2:2e:93:dd:b2:68:7d:90:7f:ff:17:
                    75:bf:94:4d:a8:fa:19:30:f7:ba:2a:94:8e:63:d4:
                    c3:33:25:7c:f7:0b:6a:6c:49:85:d6:84:b6:fe:90:
                    86:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:9A:33:9E:58:95:B6:35:48:62:41:1C:82:B5:C8:5C:92:A2:8B:36
            X509v3 Authority Key Identifier:
                keyid:B5:47:31:28:DE:54:97:6D:B6:2D:9B:D1:61:4E:77:C4:3D:EE:39:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tUcxKN5Ul222LZvRYU53xD3uObU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/70de80-50e9-4c1d-a7b4-e904318342ee/1/IZoznliVtjVIYkEcgrXIXJKiizY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/70de80-50e9-4c1d-a7b4-e904318342ee/1/tUcxKN5Ul222LZvRYU53xD3uObU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.29.0/24
                IPv6:
                  2001:67c:2124::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:d8:ff:4f:e2:83:64:97:5f:33:ee:c7:86:28:b2:b7:61:91:
         f5:31:16:9b:0a:6a:89:0a:12:89:36:4c:eb:45:0b:57:54:ad:
         1e:cb:8e:a8:e1:66:ba:ed:49:c3:71:c5:1b:ed:51:f6:25:4c:
         fb:01:86:d5:fd:26:96:46:c0:05:de:b2:b8:a2:0d:60:12:4b:
         db:9c:60:ba:fa:83:3a:db:b3:3a:35:34:d9:90:d2:f0:71:4c:
         d4:33:46:78:63:3d:47:fa:3f:b2:76:81:c9:ed:e7:c2:b6:9b:
         71:7b:56:d6:f7:d7:e7:f3:b4:4a:de:b6:c3:a8:c1:17:0d:65:
         78:4c:a9:5c:00:4c:97:b1:42:d5:46:77:7d:7f:65:68:b8:7e:
         e9:5e:56:4a:5c:4d:00:9d:a3:15:56:97:7e:b6:10:b7:ea:2e:
         ff:02:3e:7f:bf:c7:c2:b1:fb:24:5b:c0:93:c6:fa:6e:66:f8:
         e2:e1:c1:d2:43:87:35:d8:1e:21:39:55:53:55:9e:ea:8d:d4:
         6c:2a:bb:06:bf:7c:ce:1b:8d:4d:4b:6d:eb:35:03:29:55:cc:
         45:f6:2d:42:b3:f1:36:fb:43:66:be:d1:4d:ed:c0:3c:d8:bc:
         47:6f:46:77:27:47:2d:7a:62:c0:6d:4a:53:72:f6:f3:e2:b0:
         0a:f0:95:c4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC20kcmo9pXGnEGh8XlsIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NDczMTI4ZGU1NDk3NmRiNjJkOWJkMTYxNGU3N2M0M2Rl
ZTM5YjUwHhcNMjQwMTAxMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTlhMzM5ZTU4OTViNjM1NDg2MjQxMWM4MmI1Yzg1YzkyYTI4YjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxORwQtTdhfL0Sql+pY6N8RbobmVQ
/xZ/wrt6D/Kc2TE+w16WT1QqIaeZQJcABaFSKz/T4/RXV1VBNnY5OvZGLcZi/cRc
iL3aheHeEVLdvrRMk5ooQo98UckjioJpuGBeQ9NZOf8MVfXRQvTifDciP5qI0G//
bbuQyidqcbaGJVkXSkDCRXHT6YviyukcCrvlXnPb1a4Fvclt97XsbHkCNq/dKEYY
FYEZznTd3IV7YUanUmvom3jaDg3uibfvkBka6wZD6yeilD9Fl9bZpmBousYlg6tI
4i6T3bJofZB//xd1v5RNqPoZMPe6KpSOY9TDMyV89wtqbEmF1oS2/pCGLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCGaM55YlbY1SGJBHIK1yFySoos2MB8GA1UdIwQY
MBaAFLVHMSjeVJdtti2b0WFOd8Q97jm1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFVjeEtONVVsMjIyTFp2UllVNTN4RDN1T2JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MGRlODAtNTBlOS00YzFkLWE3YjQt
ZTkwNDMxODM0MmVlLzEvSVpvem5saVZ0alZJWWtFY2dyWElYSktpaXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MGRlODAtNTBlOS00YzFkLWE3YjQtZTkwNDMxODM0MmVl
LzEvdFVjeEtONVVsMjIyTFp2UllVNTN4RDN1T2JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwW8dMA8E
AgACMAkDBwAgAQZ8ISQwDQYJKoZIhvcNAQELBQADggEBAIvY/0/ig2SXXzPux4Yo
srdhkfUxFpsKaokKEok2TOtFC1dUrR7LjqjhZrrtScNxxRvtUfYlTPsBhtX9JpZG
wAXesriiDWASS9ucYLr6gzrbszo1NNmQ0vBxTNQzRnhjPUf6P7J2gcnt58K2m3F7
Vtb31+fztEretsOowRcNZXhMqVwATJexQtVGd31/ZWi4fuleVkpcTQCdoxVWl362
ELfqLv8CPn+/x8Kx+yRbwJPG+m5m+OLhwdJDhzXYHiE5VVNVnuqN1Gwquwa/fM4b
jU1Lbes1AylVzEX2LUKz8Tb7Q2a+0U3twDzYvEdvRncnRy16YsBtSlNy9vPisArw
lcQ=
-----END CERTIFICATE-----