Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/CzOwLbdXJjvUUKwORQXooStwtJU.roa
File:                     CzOwLbdXJjvUUKwORQXooStwtJU.roa (raw, json)
Hash identifier:          5rfUmI9uA4ZOBfIj2W0igcciwedHZGUGltjhC3OZZgg=
Subject key identifier:   0B:33:B0:2D:B7:57:26:3B:D4:50:AC:0E:45:05:E8:A1:2B:70:B4:95
Certificate issuer:       /CN=21e86ff9973c93abe6398f031966c29d75a3ba86
Certificate serial:       018CC79422BA25B967091626C1175670B9BD
Authority key identifier: 21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/CzOwLbdXJjvUUKwORQXooStwtJU.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55163
IP address blocks:        144.2.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:22:ba:25:b9:67:09:16:26:c1:17:56:70:b9:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21e86ff9973c93abe6398f031966c29d75a3ba86
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b33b02db757263bd450ac0e4505e8a12b70b495
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f8:95:08:c0:79:a5:7c:01:02:7d:34:a0:20:
                    c9:ab:92:cc:55:a0:5b:92:3f:70:c4:dc:e6:c0:3b:
                    4d:b3:47:71:bd:f8:65:55:a9:d5:f4:be:80:7a:f4:
                    35:e6:09:da:ec:33:ed:ee:76:04:13:37:31:2b:fb:
                    b9:8b:77:a3:df:c6:96:f7:3a:31:87:92:28:dd:9a:
                    54:a1:43:3e:35:c2:90:cc:9a:da:a4:1f:b7:f2:5c:
                    c7:25:ac:be:2f:23:66:4e:8d:09:cc:f1:b5:be:30:
                    80:35:3a:21:8c:5b:73:b3:42:bd:74:cf:29:bd:c5:
                    da:38:9a:d9:ee:7e:e2:1f:82:65:c3:97:53:03:d5:
                    4f:0f:4a:95:84:a6:78:21:6d:2d:7e:bd:02:45:ea:
                    99:ef:9c:fd:0d:da:1c:8f:dd:70:5f:08:a0:24:0a:
                    17:cc:93:b1:be:d0:05:05:e6:5a:56:cd:e6:ba:d4:
                    ec:89:ba:ff:aa:9d:71:eb:48:31:38:e9:d5:ef:c3:
                    0c:f1:aa:ad:a5:69:cb:75:cc:d9:a0:43:57:2c:b7:
                    3b:5d:7a:53:98:f1:fe:cc:a1:87:ba:a2:24:94:66:
                    d4:15:6f:1d:b9:d3:9a:db:3f:cc:f8:6f:b3:81:a7:
                    2c:b6:8f:16:54:c6:f4:a2:b2:33:f5:b4:e5:41:eb:
                    b3:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:33:B0:2D:B7:57:26:3B:D4:50:AC:0E:45:05:E8:A1:2B:70:B4:95
            X509v3 Authority Key Identifier:
                keyid:21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/CzOwLbdXJjvUUKwORQXooStwtJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.2.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:4e:41:be:13:bb:9c:69:de:f9:1d:03:36:6a:4e:58:de:ce:
         15:c8:64:95:d4:32:c5:83:a2:95:b3:92:d2:65:82:56:f7:a4:
         32:30:40:ee:f3:e5:79:87:eb:bc:30:bd:7f:b2:20:48:ec:80:
         6d:f7:25:52:fc:c9:a3:fb:05:d3:ec:c7:1b:c6:ac:d0:e0:63:
         87:0c:4c:e0:94:dc:d3:99:74:47:c1:cd:88:2c:79:69:2a:54:
         e7:d9:1c:be:6c:16:d7:b9:b8:eb:f6:72:b9:6b:a9:36:22:d9:
         a7:33:65:29:71:fe:22:b8:11:ad:f9:ca:5f:ab:70:03:9d:5a:
         94:b5:a1:48:01:32:8b:6c:f6:71:1c:cc:55:29:fe:8a:dc:53:
         3f:13:a1:ab:d3:b4:0d:36:fa:58:58:a0:14:84:52:93:cc:97:
         4a:a2:5e:08:22:8b:c1:b9:6d:ef:0b:db:94:12:1c:ef:bc:65:
         58:22:83:15:86:f6:ef:ba:0f:c9:52:8d:18:75:01:66:a3:3b:
         2a:b8:b4:f4:ad:d9:d0:8b:3d:c8:46:71:15:36:97:f6:da:4d:
         ab:9b:24:30:6e:68:66:07:8e:d0:a7:50:0e:20:5a:f2:66:f3:
         f9:3f:c2:c3:23:0b:ad:e7:42:66:f3:84:9a:f8:8b:6f:6c:8c:
         b7:7b:f7:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlCK6JblnCRYmwRdWcLm9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZTg2ZmY5OTczYzkzYWJlNjM5OGYwMzE5NjZjMjlkNzVh
M2JhODYwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjMzYjAyZGI3NTcyNjNiZDQ1MGFjMGU0NTA1ZThhMTJiNzBiNDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfiVCMB5pXwBAn00oCDJq5LMVaBb
kj9wxNzmwDtNs0dxvfhlVanV9L6AevQ15gna7DPt7nYEEzcxK/u5i3ej38aW9zox
h5Io3ZpUoUM+NcKQzJrapB+38lzHJay+LyNmTo0JzPG1vjCANTohjFtzs0K9dM8p
vcXaOJrZ7n7iH4Jlw5dTA9VPD0qVhKZ4IW0tfr0CReqZ75z9Ddocj91wXwigJAoX
zJOxvtAFBeZaVs3mutTsibr/qp1x60gxOOnV78MM8aqtpWnLdczZoENXLLc7XXpT
mPH+zKGHuqIklGbUFW8dudOa2z/M+G+zgacsto8WVMb0orIz9bTlQeuzJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAszsC23VyY71FCsDkUF6KErcLSVMB8GA1UdIwQY
MBaAFCHob/mXPJOr5jmPAxlmwp11o7qGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWIt
MzJmZWViNTY2ZWU2LzEvQ3pPd0xiZFhKanZVVUt3T1JRWG9vU3R3dEpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWItMzJmZWViNTY2ZWU2
LzEvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkAISMA0G
CSqGSIb3DQEBCwUAA4IBAQAuTkG+E7ucad75HQM2ak5Y3s4VyGSV1DLFg6KVs5LS
ZYJW96QyMEDu8+V5h+u8ML1/siBI7IBt9yVS/Mmj+wXT7McbxqzQ4GOHDEzglNzT
mXRHwc2ILHlpKlTn2Ry+bBbXubjr9nK5a6k2ItmnM2Upcf4iuBGt+cpfq3ADnVqU
taFIATKLbPZxHMxVKf6K3FM/E6Gr07QNNvpYWKAUhFKTzJdKol4IIovBuW3vC9uU
EhzvvGVYIoMVhvbvug/JUo0YdQFmozsquLT0rdnQiz3IRnEVNpf22k2rmyQwbmhm
B47Qp1AOIFryZvP5P8LDIwut50Jm84Sa+ItvbIy3e/d9
-----END CERTIFICATE-----