Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/998252-7dab-4479-8eb3-512ebe340f58/1/Qzvu7PtIl1Hwru4XOoi3Ryg2E3Y.roa
File:                     Qzvu7PtIl1Hwru4XOoi3Ryg2E3Y.roa (raw, json)
Hash identifier:          nz5/E4Uk4pl2lKGbKU/CwfwYfs16n7NbnztN54IVwGc=
Subject key identifier:   43:3B:EE:EC:FB:48:97:51:F0:AE:EE:17:3A:88:B7:47:28:36:13:76
Certificate issuer:       /CN=cf3e43bee2711824395a39c91418deea4c1f347b
Certificate serial:       018F778D1559B2C67BF94E6F773730076E46
Authority key identifier: CF:3E:43:BE:E2:71:18:24:39:5A:39:C9:14:18:DE:EA:4C:1F:34:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zz5DvuJxGCQ5WjnJFBje6kwfNHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/998252-7dab-4479-8eb3-512ebe340f58/1/Qzvu7PtIl1Hwru4XOoi3Ryg2E3Y.roa
Signing time:             Tue 14 May 2024 14:41:25 +0000
ROA not before:           Tue 14 May 2024 14:41:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207102
IP address blocks:        185.165.232.0/22 maxlen: 22
                          185.165.232.0/24 maxlen: 24
                          185.165.233.0/24 maxlen: 24
                          185.165.234.0/24 maxlen: 24
                          185.165.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/998252-7dab-4479-8eb3-512ebe340f58/1/zz5DvuJxGCQ5WjnJFBje6kwfNHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/998252-7dab-4479-8eb3-512ebe340f58/1/zz5DvuJxGCQ5WjnJFBje6kwfNHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zz5DvuJxGCQ5WjnJFBje6kwfNHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 17:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:77:8d:15:59:b2:c6:7b:f9:4e:6f:77:37:30:07:6e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf3e43bee2711824395a39c91418deea4c1f347b
        Validity
            Not Before: May 14 14:41:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=433beeecfb489751f0aeee173a88b74728361376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e7:43:f8:a3:7d:d0:8b:b5:47:0c:e0:4b:b4:
                    29:45:a0:09:27:20:5d:da:63:72:a8:7d:45:20:bd:
                    ab:cd:c4:0e:96:24:b1:63:35:dc:58:64:a3:1e:5c:
                    5f:0b:5f:52:80:ad:31:cd:2d:77:6a:72:ac:57:3f:
                    58:00:76:e8:8b:1c:33:83:bf:a7:ae:1e:6d:80:83:
                    24:b0:86:b1:56:aa:e4:16:27:f3:0e:db:d1:59:09:
                    31:bb:93:ca:ce:50:c9:7b:5b:63:94:10:8e:d1:bc:
                    2f:d2:30:d9:f8:53:a1:f2:1d:92:eb:6f:9e:af:ce:
                    77:d4:0b:af:00:2e:06:8f:a7:4e:3a:e9:b7:ba:13:
                    a0:a4:15:0c:b9:87:7c:66:7e:0f:8f:3a:59:25:09:
                    0e:51:56:83:34:23:5d:3a:36:d5:2b:04:42:63:45:
                    ae:1a:75:03:ca:85:fa:25:d8:f4:f3:bc:d9:3e:e0:
                    aa:70:4b:9a:f0:66:a0:33:27:d5:8e:97:02:7f:eb:
                    10:26:64:ce:d4:9f:6c:2f:c3:e2:f8:b6:51:8d:30:
                    ae:10:21:79:7e:d9:d0:bd:ed:63:37:35:24:51:52:
                    f6:ba:c4:72:1b:70:c7:af:84:34:06:af:e5:fa:41:
                    d4:4a:e2:ac:12:a7:a0:7a:f6:3d:e2:64:24:7b:0f:
                    26:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:3B:EE:EC:FB:48:97:51:F0:AE:EE:17:3A:88:B7:47:28:36:13:76
            X509v3 Authority Key Identifier:
                keyid:CF:3E:43:BE:E2:71:18:24:39:5A:39:C9:14:18:DE:EA:4C:1F:34:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zz5DvuJxGCQ5WjnJFBje6kwfNHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/998252-7dab-4479-8eb3-512ebe340f58/1/Qzvu7PtIl1Hwru4XOoi3Ryg2E3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/998252-7dab-4479-8eb3-512ebe340f58/1/zz5DvuJxGCQ5WjnJFBje6kwfNHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:ba:ea:cc:d5:51:92:39:1d:da:06:b0:d0:22:03:07:aa:83:
         6f:50:f1:bf:89:b5:7d:bb:26:b8:71:30:d1:03:86:62:d8:f7:
         5a:9a:ca:81:5d:60:a0:b7:3c:80:74:eb:2f:43:65:ed:e8:58:
         19:3b:2b:0a:6a:d0:41:91:68:b7:29:46:9a:63:e6:64:32:8b:
         bc:51:04:f2:ee:e9:51:b8:65:85:a1:2a:ea:b7:cf:a4:18:01:
         0b:6d:8e:fe:3b:00:c6:08:04:2c:51:57:11:a1:ea:cd:1e:51:
         5a:0b:3a:b8:73:f3:da:4f:94:ed:ef:f3:0b:63:a5:4a:2f:9f:
         cc:6d:01:83:04:24:c6:59:7a:89:b0:e8:ab:7d:d5:60:70:6c:
         3d:1b:71:84:d2:75:13:1f:b4:d9:b6:b9:fd:91:0b:e3:3f:b8:
         26:e1:f9:c0:a7:4c:23:d9:7b:ff:83:a6:c2:8e:ca:17:86:32:
         51:0e:68:4d:9c:1b:53:18:6e:0e:c5:7c:72:31:e5:a7:b7:52:
         a7:fa:e1:e3:5d:27:5b:7d:db:99:33:37:44:58:0b:4e:95:7f:
         8f:3a:22:26:23:c4:b3:72:a5:1f:3c:25:5b:99:35:80:03:4d:
         f5:6e:d3:11:49:9e:09:b3:5a:a0:14:4b:23:b6:44:c4:58:68:
         89:3c:e6:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY93jRVZssZ7+U5vdzcwB25GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmM2U0M2JlZTI3MTE4MjQzOTVhMzljOTE0MThkZWVhNGMx
ZjM0N2IwHhcNMjQwNTE0MTQ0MTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzNiZWVlY2ZiNDg5NzUxZjBhZWVlMTczYTg4Yjc0NzI4MzYxMzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+dD+KN90Iu1RwzgS7QpRaAJJyBd
2mNyqH1FIL2rzcQOliSxYzXcWGSjHlxfC19SgK0xzS13anKsVz9YAHboixwzg7+n
rh5tgIMksIaxVqrkFifzDtvRWQkxu5PKzlDJe1tjlBCO0bwv0jDZ+FOh8h2S62+e
r8531AuvAC4Gj6dOOum3uhOgpBUMuYd8Zn4PjzpZJQkOUVaDNCNdOjbVKwRCY0Wu
GnUDyoX6Jdj087zZPuCqcEua8GagMyfVjpcCf+sQJmTO1J9sL8Pi+LZRjTCuECF5
ftnQve1jNzUkUVL2usRyG3DHr4Q0Bq/l+kHUSuKsEqegevY94mQkew8mXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEM77uz7SJdR8K7uFzqIt0coNhN2MB8GA1UdIwQY
MBaAFM8+Q77icRgkOVo5yRQY3upMHzR7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveno1RHZ1SnhHQ1E1V2puSkZCamU2a3dmTkhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS85OTgyNTItN2RhYi00NDc5LThlYjMt
NTEyZWJlMzQwZjU4LzEvUXp2dTdQdElsMUh3cnU0WE9vaTNSeWcyRTNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS85OTgyNTItN2RhYi00NDc5LThlYjMtNTEyZWJlMzQwZjU4
LzEveno1RHZ1SnhHQ1E1V2puSkZCamU2a3dmTkhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaXoMA0G
CSqGSIb3DQEBCwUAA4IBAQBruurM1VGSOR3aBrDQIgMHqoNvUPG/ibV9uya4cTDR
A4Zi2PdamsqBXWCgtzyAdOsvQ2Xt6FgZOysKatBBkWi3KUaaY+ZkMou8UQTy7ulR
uGWFoSrqt8+kGAELbY7+OwDGCAQsUVcRoerNHlFaCzq4c/PaT5Tt7/MLY6VKL5/M
bQGDBCTGWXqJsOirfdVgcGw9G3GE0nUTH7TZtrn9kQvjP7gm4fnAp0wj2Xv/g6bC
jsoXhjJRDmhNnBtTGG4OxXxyMeWnt1Kn+uHjXSdbfduZMzdEWAtOlX+POiImI8Sz
cqUfPCVbmTWAA031btMRSZ4Js1qgFEsjtkTEWGiJPOZE
-----END CERTIFICATE-----