Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/e64a2f-fe27-4e47-99de-3680aeb632da/1/5zu43QIKwbmmTxAqjUaDFGhZ4uk.roa
File:                     5zu43QIKwbmmTxAqjUaDFGhZ4uk.roa (raw, json)
Hash identifier:          Yf5xRTt66huNplHIambUzhRKYwLLTVHDlrpZhG22x5s=
Subject key identifier:   E7:3B:B8:DD:02:0A:C1:B9:A6:4F:10:2A:8D:46:83:14:68:59:E2:E9
Certificate issuer:       /CN=2f341807f20b04519c552bb38ce372914b7cc345
Certificate serial:       018CC725BF3D5E010C7253772F924677AB5F
Authority key identifier: 2F:34:18:07:F2:0B:04:51:9C:55:2B:B3:8C:E3:72:91:4B:7C:C3:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LzQYB_ILBFGcVSuzjONykUt8w0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/e64a2f-fe27-4e47-99de-3680aeb632da/1/5zu43QIKwbmmTxAqjUaDFGhZ4uk.roa
Signing time:             Mon 01 Jan 2024 22:29:48 +0000
ROA not before:           Mon 01 Jan 2024 22:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209760
IP address blocks:        192.145.32.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/e64a2f-fe27-4e47-99de-3680aeb632da/1/LzQYB_ILBFGcVSuzjONykUt8w0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/e64a2f-fe27-4e47-99de-3680aeb632da/1/LzQYB_ILBFGcVSuzjONykUt8w0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LzQYB_ILBFGcVSuzjONykUt8w0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:bf:3d:5e:01:0c:72:53:77:2f:92:46:77:ab:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f341807f20b04519c552bb38ce372914b7cc345
        Validity
            Not Before: Jan  1 22:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e73bb8dd020ac1b9a64f102a8d4683146859e2e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:8e:01:d6:25:b0:1f:fe:da:85:e4:90:10:f9:
                    79:48:54:a8:e1:e2:21:3f:6b:44:5a:bc:6e:df:db:
                    b4:33:f6:09:60:e4:7f:e0:69:28:52:63:a1:5a:48:
                    a6:15:14:f8:3a:a9:54:d4:f6:f4:09:8d:0c:37:e7:
                    ad:41:41:41:3b:8d:df:99:c2:9a:c9:fe:6a:9f:eb:
                    d5:73:4b:d0:75:a4:64:66:a0:0e:7e:5f:6e:e0:d6:
                    ab:13:d9:0a:5d:f3:30:13:8c:a5:f2:c5:e1:9c:c9:
                    68:1a:fd:d6:bd:38:a2:71:74:62:d2:be:02:38:47:
                    91:1a:f7:06:4b:6c:7a:08:b0:ab:51:51:3d:38:6c:
                    56:f2:56:4c:09:b2:27:c2:aa:18:10:f3:5a:dd:67:
                    af:65:fb:c5:7a:76:4c:f3:2f:ea:fc:a7:e4:9e:ab:
                    bb:9e:58:12:14:41:14:89:6b:7b:14:39:87:0f:9c:
                    30:5f:d8:e4:88:5f:69:dd:44:72:fe:92:ff:6e:8d:
                    2c:f4:e1:81:d8:61:91:8e:ce:b0:19:13:87:1a:e6:
                    a9:f0:1b:b7:cd:cf:40:8b:08:be:39:80:18:50:65:
                    d5:66:74:55:7a:fc:cd:48:3f:f2:de:ef:cb:c8:1f:
                    6a:d4:b4:ed:8a:92:41:53:0f:7f:bf:61:bf:5c:02:
                    af:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:3B:B8:DD:02:0A:C1:B9:A6:4F:10:2A:8D:46:83:14:68:59:E2:E9
            X509v3 Authority Key Identifier:
                keyid:2F:34:18:07:F2:0B:04:51:9C:55:2B:B3:8C:E3:72:91:4B:7C:C3:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LzQYB_ILBFGcVSuzjONykUt8w0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/e64a2f-fe27-4e47-99de-3680aeb632da/1/5zu43QIKwbmmTxAqjUaDFGhZ4uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/e64a2f-fe27-4e47-99de-3680aeb632da/1/LzQYB_ILBFGcVSuzjONykUt8w0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:cb:f1:69:bd:c1:8e:0b:1c:41:cc:96:20:56:c5:fa:21:ac:
         d6:58:ca:3c:50:1d:02:b6:23:4f:27:39:fe:6d:c5:26:cd:33:
         e4:75:04:6f:39:6c:25:fc:4e:8b:06:81:4a:7e:07:eb:81:49:
         79:4d:3f:a2:31:8f:5c:f2:f3:24:36:01:bb:2e:9b:bd:18:e7:
         3e:3a:4d:b6:91:93:d7:16:ec:95:db:be:c2:95:a7:eb:9e:a4:
         95:d7:47:5f:a1:e4:85:39:07:13:d1:dd:25:1f:87:57:a4:31:
         b6:97:d9:aa:e0:4c:e5:c1:bf:fa:9c:72:74:f3:7a:f5:df:19:
         a4:90:49:6a:d6:d2:b1:20:2a:7c:98:6b:5d:64:a2:6d:60:bf:
         01:c5:75:fe:e3:87:82:36:41:dc:68:ab:a9:7a:36:85:13:a8:
         c2:a9:46:c7:f9:23:b3:1f:13:75:fc:75:a7:1d:c9:ec:e7:3d:
         9b:14:80:db:13:25:30:fe:7b:ce:13:f1:d4:4a:4c:19:9c:f1:
         88:8a:17:6b:4c:0b:51:4d:19:7f:8b:aa:b0:f7:f8:54:4f:54:
         4e:07:25:44:1b:13:5c:17:ac:65:e2:16:0a:ff:df:02:14:9d:
         d1:6e:a4:72:53:8e:a8:a2:e4:5f:5d:8f:39:b5:9c:76:54:25:
         48:cd:f2:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJb89XgEMclN3L5JGd6tfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMzQxODA3ZjIwYjA0NTE5YzU1MmJiMzhjZTM3MjkxNGI3
Y2MzNDUwHhcNMjQwMTAxMjIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzNiYjhkZDAyMGFjMWI5YTY0ZjEwMmE4ZDQ2ODMxNDY4NTllMmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgo4B1iWwH/7aheSQEPl5SFSo4eIh
P2tEWrxu39u0M/YJYOR/4GkoUmOhWkimFRT4OqlU1Pb0CY0MN+etQUFBO43fmcKa
yf5qn+vVc0vQdaRkZqAOfl9u4NarE9kKXfMwE4yl8sXhnMloGv3WvTiicXRi0r4C
OEeRGvcGS2x6CLCrUVE9OGxW8lZMCbInwqoYEPNa3WevZfvFenZM8y/q/Kfknqu7
nlgSFEEUiWt7FDmHD5wwX9jkiF9p3URy/pL/bo0s9OGB2GGRjs6wGROHGuap8Bu3
zc9Aiwi+OYAYUGXVZnRVevzNSD/y3u/LyB9q1LTtipJBUw9/v2G/XAKvsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOc7uN0CCsG5pk8QKo1GgxRoWeLpMB8GA1UdIwQY
MBaAFC80GAfyCwRRnFUrs4zjcpFLfMNFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHpRWUJfSUxCRkdjVlN1empPTnlrVXQ4dzBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9lNjRhMmYtZmUyNy00ZTQ3LTk5ZGUt
MzY4MGFlYjYzMmRhLzEvNXp1NDNRSUt3Ym1tVHhBcWpVYURGR2haNHVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9lNjRhMmYtZmUyNy00ZTQ3LTk5ZGUtMzY4MGFlYjYzMmRh
LzEvTHpRWUJfSUxCRkdjVlN1empPTnlrVXQ4dzBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwJEgMA0G
CSqGSIb3DQEBCwUAA4IBAQBry/FpvcGOCxxBzJYgVsX6IazWWMo8UB0CtiNPJzn+
bcUmzTPkdQRvOWwl/E6LBoFKfgfrgUl5TT+iMY9c8vMkNgG7Lpu9GOc+Ok22kZPX
FuyV277ClafrnqSV10dfoeSFOQcT0d0lH4dXpDG2l9mq4Ezlwb/6nHJ083r13xmk
kElq1tKxICp8mGtdZKJtYL8BxXX+44eCNkHcaKupejaFE6jCqUbH+SOzHxN1/HWn
Hcns5z2bFIDbEyUw/nvOE/HUSkwZnPGIihdrTAtRTRl/i6qw9/hUT1ROByVEGxNc
F6xl4hYK/98CFJ3RbqRyU46oouRfXY85tZx2VCVIzfIc
-----END CERTIFICATE-----