Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/1ba419-acbe-4d71-8c0e-6a1a368aa62f/1/mzpE5QIUDk2HkeVCYpwXV3rlGnA.roa
File:                     mzpE5QIUDk2HkeVCYpwXV3rlGnA.roa (raw, json)
Hash identifier:          d8vnw+4MmaDVPudrpNRptJYRV49C3VHXYHCAqK6C48k=
Subject key identifier:   9B:3A:44:E5:02:14:0E:4D:87:91:E5:42:62:9C:17:57:7A:E5:1A:70
Certificate issuer:       /CN=dca102b5a4a86bf47ff04e8ea6b20ecd0be23826
Certificate serial:       018CC801B01CFA992A2AC1DD54895996ED75
Authority key identifier: DC:A1:02:B5:A4:A8:6B:F4:7F:F0:4E:8E:A6:B2:0E:CD:0B:E2:38:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3KECtaSoa_R_8E6OprIOzQviOCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/1ba419-acbe-4d71-8c0e-6a1a368aa62f/1/mzpE5QIUDk2HkeVCYpwXV3rlGnA.roa
Signing time:             Tue 02 Jan 2024 02:30:02 +0000
ROA not before:           Tue 02 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48551
IP address blocks:        185.63.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/1ba419-acbe-4d71-8c0e-6a1a368aa62f/1/3KECtaSoa_R_8E6OprIOzQviOCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/1ba419-acbe-4d71-8c0e-6a1a368aa62f/1/3KECtaSoa_R_8E6OprIOzQviOCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3KECtaSoa_R_8E6OprIOzQviOCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:b0:1c:fa:99:2a:2a:c1:dd:54:89:59:96:ed:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dca102b5a4a86bf47ff04e8ea6b20ecd0be23826
        Validity
            Not Before: Jan  2 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b3a44e502140e4d8791e542629c17577ae51a70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4b:fd:d6:78:56:9d:b9:8c:e2:25:d1:cc:89:
                    34:b0:b4:0f:32:86:c7:29:22:4d:7d:2e:53:59:b7:
                    33:6e:d3:76:8f:d4:f0:43:24:3e:72:e8:31:3c:9e:
                    53:95:1a:e7:d5:d8:7e:de:6b:98:99:48:94:75:48:
                    70:51:78:a9:04:28:bc:c2:9b:54:da:73:4a:8d:e3:
                    c9:c2:24:7d:74:19:09:cd:6f:83:69:ac:39:83:a9:
                    7f:81:06:69:3a:ab:a4:94:16:dd:3e:87:a2:de:82:
                    10:29:db:59:3a:52:86:85:f5:18:54:69:64:6a:03:
                    43:39:d7:8c:6e:51:f3:34:f1:14:34:be:32:1a:7f:
                    82:5e:90:37:cb:e0:e0:dd:44:14:64:58:1c:97:e0:
                    61:a0:8f:e8:5e:82:25:96:e1:e8:86:68:7b:f5:05:
                    42:6a:1f:ba:11:7a:57:90:64:0d:1c:37:81:63:71:
                    b2:ec:94:b4:c1:44:0d:4b:bd:87:b9:45:be:fb:31:
                    88:45:61:3a:43:90:17:e9:51:d5:ec:75:c2:f1:09:
                    40:2c:6b:e3:40:7d:28:cb:7e:4e:a2:a9:f7:d5:26:
                    01:0a:00:1e:49:73:08:6d:3c:dc:df:39:00:0f:62:
                    2b:4d:2a:88:9f:76:88:0d:9a:98:4f:1d:c5:22:b2:
                    a6:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:3A:44:E5:02:14:0E:4D:87:91:E5:42:62:9C:17:57:7A:E5:1A:70
            X509v3 Authority Key Identifier:
                keyid:DC:A1:02:B5:A4:A8:6B:F4:7F:F0:4E:8E:A6:B2:0E:CD:0B:E2:38:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3KECtaSoa_R_8E6OprIOzQviOCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/1ba419-acbe-4d71-8c0e-6a1a368aa62f/1/mzpE5QIUDk2HkeVCYpwXV3rlGnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/1ba419-acbe-4d71-8c0e-6a1a368aa62f/1/3KECtaSoa_R_8E6OprIOzQviOCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:01:10:48:55:d4:34:e7:95:df:c4:25:f2:8f:15:db:c6:eb:
         58:6b:17:db:92:7f:bc:d3:bb:da:56:03:a0:8b:a7:09:9f:58:
         45:86:7d:fe:dc:8d:30:61:35:19:d5:c1:5e:24:8c:da:ab:88:
         84:1f:fe:74:51:05:8f:4a:db:d9:eb:6e:46:c2:d9:37:2e:1a:
         eb:5e:b4:66:2b:b3:2f:09:da:fc:3c:f4:00:59:a2:fd:a4:77:
         0e:88:3c:ee:e9:3e:8f:a1:98:ea:ed:07:e9:d8:8c:bc:66:eb:
         62:bf:8e:d3:6a:2c:98:99:db:0c:1a:90:ec:ea:16:5d:2a:1d:
         cb:12:3f:28:88:97:ef:47:20:18:be:31:7c:33:91:77:4d:57:
         7f:25:77:89:6a:38:88:51:b3:c8:3a:75:1d:d1:4b:91:e6:54:
         6e:59:cb:b4:d7:93:68:e8:8d:fc:0b:c1:3e:f6:e7:71:3a:7e:
         0e:28:f2:b2:ed:6f:f6:02:77:4c:b9:33:34:5f:aa:d6:8c:fb:
         f9:a8:ef:bb:47:79:76:35:5e:a5:59:6a:d0:3e:1a:f8:19:42:
         b9:e1:53:e6:9c:cb:49:f5:71:61:a0:da:c3:a3:b9:c5:d8:9a:
         25:74:53:81:d9:eb:3c:0a:a2:4a:dc:66:e1:ad:99:a5:b8:61:
         b6:db:08:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAbAc+pkqKsHdVIlZlu11MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYTEwMmI1YTRhODZiZjQ3ZmYwNGU4ZWE2YjIwZWNkMGJl
MjM4MjYwHhcNMjQwMTAyMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjNhNDRlNTAyMTQwZTRkODc5MWU1NDI2MjljMTc1NzdhZTUxYTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkv91nhWnbmM4iXRzIk0sLQPMobH
KSJNfS5TWbczbtN2j9TwQyQ+cugxPJ5TlRrn1dh+3muYmUiUdUhwUXipBCi8wptU
2nNKjePJwiR9dBkJzW+Daaw5g6l/gQZpOquklBbdPoei3oIQKdtZOlKGhfUYVGlk
agNDOdeMblHzNPEUNL4yGn+CXpA3y+Dg3UQUZFgcl+BhoI/oXoIlluHohmh79QVC
ah+6EXpXkGQNHDeBY3Gy7JS0wUQNS72HuUW++zGIRWE6Q5AX6VHV7HXC8QlALGvj
QH0oy35Ooqn31SYBCgAeSXMIbTzc3zkAD2IrTSqIn3aIDZqYTx3FIrKmFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJs6ROUCFA5Nh5HlQmKcF1d65RpwMB8GA1UdIwQY
MBaAFNyhArWkqGv0f/BOjqayDs0L4jgmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0tFQ3RhU29hX1JfOEU2T3BySU96UXZpT0NZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8xYmE0MTktYWNiZS00ZDcxLThjMGUt
NmExYTM2OGFhNjJmLzEvbXpwRTVRSVVEazJIa2VWQ1lwd1hWM3JsR25BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8xYmE0MTktYWNiZS00ZDcxLThjMGUtNmExYTM2OGFhNjJm
LzEvM0tFQ3RhU29hX1JfOEU2T3BySU96UXZpT0NZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT9yMA0G
CSqGSIb3DQEBCwUAA4IBAQCNARBIVdQ055XfxCXyjxXbxutYaxfbkn+807vaVgOg
i6cJn1hFhn3+3I0wYTUZ1cFeJIzaq4iEH/50UQWPStvZ625Gwtk3LhrrXrRmK7Mv
Cdr8PPQAWaL9pHcOiDzu6T6PoZjq7Qfp2Iy8Zutiv47TaiyYmdsMGpDs6hZdKh3L
Ej8oiJfvRyAYvjF8M5F3TVd/JXeJajiIUbPIOnUd0UuR5lRuWcu015No6I38C8E+
9udxOn4OKPKy7W/2AndMuTM0X6rWjPv5qO+7R3l2NV6lWWrQPhr4GUK54VPmnMtJ
9XFhoNrDo7nF2JoldFOB2es8CqJK3GbhrZmluGG22whO
-----END CERTIFICATE-----