Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/31c3bd-e35c-481d-8588-fc60fb125573/1/Z4UlxfpxDDJeeCZ4NXFupGhZ4VI.roa
File:                     Z4UlxfpxDDJeeCZ4NXFupGhZ4VI.roa (raw, json)
Hash identifier:          SP/VmFJNcsbYvNxARfyNNSyTIXE1Ln/1yY0CDeHYCSY=
Subject key identifier:   67:85:25:C5:FA:71:0C:32:5E:78:26:78:35:71:6E:A4:68:59:E1:52
Certificate issuer:       /CN=e5fe02f2aa76c402b7d76a114dc7735d5f935b88
Certificate serial:       018CC348FA4B610581AE788BCF3C2E14FFF7
Authority key identifier: E5:FE:02:F2:AA:76:C4:02:B7:D7:6A:11:4D:C7:73:5D:5F:93:5B:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5f4C8qp2xAK312oRTcdzXV-TW4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/31c3bd-e35c-481d-8588-fc60fb125573/1/Z4UlxfpxDDJeeCZ4NXFupGhZ4VI.roa
Signing time:             Mon 01 Jan 2024 04:29:48 +0000
ROA not before:           Mon 01 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9121
IP address blocks:        93.155.104.0/22 maxlen: 24
                          2a00:1d30::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/31c3bd-e35c-481d-8588-fc60fb125573/1/5f4C8qp2xAK312oRTcdzXV-TW4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/31c3bd-e35c-481d-8588-fc60fb125573/1/5f4C8qp2xAK312oRTcdzXV-TW4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5f4C8qp2xAK312oRTcdzXV-TW4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fa:4b:61:05:81:ae:78:8b:cf:3c:2e:14:ff:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5fe02f2aa76c402b7d76a114dc7735d5f935b88
        Validity
            Not Before: Jan  1 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=678525c5fa710c325e78267835716ea46859e152
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:18:57:fd:c1:62:f9:b8:8b:81:65:6b:00:71:
                    88:57:de:6b:5b:45:ab:1d:4b:4a:c3:82:e5:88:c3:
                    6e:a0:44:a8:52:6b:5a:fa:16:32:e2:6c:1a:d8:24:
                    5c:9a:cf:f6:f3:44:60:61:aa:2a:73:26:36:c9:18:
                    31:d9:0f:cc:cf:a4:24:ae:db:34:31:bd:68:83:a5:
                    81:db:96:8a:2f:27:e9:8f:ad:f1:5b:9c:30:3b:fe:
                    de:b9:ab:ad:83:b9:e4:a8:86:42:b8:88:fa:1c:ac:
                    b0:20:3b:11:68:53:74:bb:8c:cc:9c:05:2b:b1:d7:
                    a6:4d:86:2a:b8:2a:b4:f4:b3:64:a7:93:26:4d:7e:
                    7d:72:fe:74:66:3f:6f:11:f2:5a:f9:a3:ec:4d:15:
                    26:3d:1d:be:95:1f:4a:65:32:2f:ab:27:23:76:e8:
                    2a:69:a1:0b:43:6a:d5:97:01:47:82:c4:bb:b8:1b:
                    7d:57:01:74:0c:74:97:51:6b:fc:80:1c:e0:09:08:
                    21:0e:02:41:d0:e7:ec:34:9f:aa:60:c3:c2:ce:75:
                    05:bb:de:5f:ec:c4:74:e4:92:a4:99:4a:2d:2a:85:
                    38:f7:c5:57:5d:c5:78:1a:79:ca:10:ba:91:9e:1a:
                    bf:60:06:b1:57:cf:81:00:86:fd:39:74:00:92:da:
                    71:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:85:25:C5:FA:71:0C:32:5E:78:26:78:35:71:6E:A4:68:59:E1:52
            X509v3 Authority Key Identifier:
                keyid:E5:FE:02:F2:AA:76:C4:02:B7:D7:6A:11:4D:C7:73:5D:5F:93:5B:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f4C8qp2xAK312oRTcdzXV-TW4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/31c3bd-e35c-481d-8588-fc60fb125573/1/Z4UlxfpxDDJeeCZ4NXFupGhZ4VI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/31c3bd-e35c-481d-8588-fc60fb125573/1/5f4C8qp2xAK312oRTcdzXV-TW4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.155.104.0/22
                IPv6:
                  2a00:1d30::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:80:bf:3d:b9:00:70:e3:07:e4:f3:8a:b8:95:92:40:56:40:
         1e:f5:53:25:0c:3e:25:d7:1d:e1:dd:4d:78:0f:d2:1b:87:f2:
         a5:06:7f:d4:80:8e:a4:da:7b:3a:60:35:11:aa:7e:c9:7b:74:
         cc:4b:59:03:94:0c:44:fe:94:11:77:da:23:c0:4e:6f:c1:40:
         8e:37:e9:cd:74:4c:7c:6a:dd:e4:8f:8e:83:c6:de:a8:f9:e8:
         aa:6b:2e:6b:af:45:3d:35:22:2d:32:3c:95:17:72:6c:3a:a7:
         4a:54:10:b3:af:b9:64:8f:1d:ea:fa:d5:a9:83:f6:53:af:68:
         94:3d:02:1a:4a:55:c5:1d:64:35:84:44:7b:35:7f:ab:e0:aa:
         2f:fd:ab:f9:d9:86:e8:da:4c:bc:5f:da:d5:8d:db:68:33:c7:
         ba:f1:c6:75:de:f2:3a:6a:c1:11:6c:89:4a:85:03:74:6b:25:
         9c:7a:28:b0:cf:03:48:ed:7d:6c:0a:5d:c9:38:31:24:02:a3:
         dd:91:f1:c8:44:bc:8e:a7:64:de:5f:28:84:78:1f:90:50:eb:
         c2:39:3e:aa:51:c7:43:42:a5:96:71:db:9c:85:84:56:a1:37:
         7c:d0:46:8b:d2:e4:ed:f6:94:48:97:00:9f:f6:cb:d8:ac:c6:
         93:51:ee:23
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSPpLYQWBrniLzzwuFP/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZmUwMmYyYWE3NmM0MDJiN2Q3NmExMTRkYzc3MzVkNWY5
MzViODgwHhcNMjQwMTAxMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzg1MjVjNWZhNzEwYzMyNWU3ODI2NzgzNTcxNmVhNDY4NTllMTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRhX/cFi+biLgWVrAHGIV95rW0Wr
HUtKw4LliMNuoESoUmta+hYy4mwa2CRcms/280RgYaoqcyY2yRgx2Q/Mz6Qkrts0
Mb1og6WB25aKLyfpj63xW5wwO/7euautg7nkqIZCuIj6HKywIDsRaFN0u4zMnAUr
sdemTYYquCq09LNkp5MmTX59cv50Zj9vEfJa+aPsTRUmPR2+lR9KZTIvqycjdugq
aaELQ2rVlwFHgsS7uBt9VwF0DHSXUWv8gBzgCQghDgJB0OfsNJ+qYMPCznUFu95f
7MR05JKkmUotKoU498VXXcV4GnnKELqRnhq/YAaxV8+BAIb9OXQAktpxbwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGeFJcX6cQwyXngmeDVxbqRoWeFSMB8GA1UdIwQY
MBaAFOX+AvKqdsQCt9dqEU3Hc11fk1uIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWY0QzhxcDJ4QUszMTJvUlRjZHpYVi1UVzRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8zMWMzYmQtZTM1Yy00ODFkLTg1ODgt
ZmM2MGZiMTI1NTczLzEvWjRVbHhmcHhEREplZUNaNE5YRnVwR2haNFZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8zMWMzYmQtZTM1Yy00ODFkLTg1ODgtZmM2MGZiMTI1NTcz
LzEvNWY0QzhxcDJ4QUszMTJvUlRjZHpYVi1UVzRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCXZtoMA0E
AgACMAcDBQMqAB0wMA0GCSqGSIb3DQEBCwUAA4IBAQBkgL89uQBw4wfk84q4lZJA
VkAe9VMlDD4l1x3h3U14D9Ibh/KlBn/UgI6k2ns6YDURqn7Je3TMS1kDlAxE/pQR
d9ojwE5vwUCON+nNdEx8at3kj46Dxt6o+eiqay5rr0U9NSItMjyVF3JsOqdKVBCz
r7lkjx3q+tWpg/ZTr2iUPQIaSlXFHWQ1hER7NX+r4Kov/av52Ybo2ky8X9rVjdto
M8e68cZ13vI6asERbIlKhQN0ayWceiiwzwNI7X1sCl3JODEkAqPdkfHIRLyOp2Te
XyiEeB+QUOvCOT6qUcdDQqWWcduchYRWoTd80EaL0uTt9pRIlwCf9svYrMaTUe4j
-----END CERTIFICATE-----