Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/e7d3de-1845-41f3-907a-9e96af6d6a8f/1/33MZhkUBvuIy6EH9F04biBrx2pw.roa
File:                     33MZhkUBvuIy6EH9F04biBrx2pw.roa (raw, json)
Hash identifier:          HpiW7n518CeDN+mGWFdsdYbcmVaJosF5LDx5Rad2sok=
Subject key identifier:   DF:73:19:86:45:01:BE:E2:32:E8:41:FD:17:4E:1B:88:1A:F1:DA:9C
Certificate issuer:       /CN=2c8fa8533dcc820ba1ad6fb2b2f0161010531db9
Certificate serial:       018CC3494FB11F55D68D3B9BF8CA82592CB7
Authority key identifier: 2C:8F:A8:53:3D:CC:82:0B:A1:AD:6F:B2:B2:F0:16:10:10:53:1D:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LI-oUz3MgguhrW-ysvAWEBBTHbk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/e7d3de-1845-41f3-907a-9e96af6d6a8f/1/33MZhkUBvuIy6EH9F04biBrx2pw.roa
Signing time:             Mon 01 Jan 2024 04:30:10 +0000
ROA not before:           Mon 01 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        185.113.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/e7d3de-1845-41f3-907a-9e96af6d6a8f/1/LI-oUz3MgguhrW-ysvAWEBBTHbk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/e7d3de-1845-41f3-907a-9e96af6d6a8f/1/LI-oUz3MgguhrW-ysvAWEBBTHbk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LI-oUz3MgguhrW-ysvAWEBBTHbk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4f:b1:1f:55:d6:8d:3b:9b:f8:ca:82:59:2c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c8fa8533dcc820ba1ad6fb2b2f0161010531db9
        Validity
            Not Before: Jan  1 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df7319864501bee232e841fd174e1b881af1da9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ad:40:16:61:51:b4:a7:ba:8c:46:6e:10:5d:
                    02:8e:75:29:e6:9f:f2:fe:15:b2:bd:9c:d3:20:d8:
                    dd:13:8d:0f:ad:cc:8c:2f:0d:d7:8a:d5:c8:75:6a:
                    8a:9f:0f:8e:2d:fc:d2:36:3c:10:b4:af:02:29:cc:
                    9b:24:d9:e7:2a:28:1f:49:70:62:4d:42:89:4d:e3:
                    4a:c7:74:72:d3:06:df:5a:78:09:94:ff:82:74:e7:
                    8a:b9:39:41:6d:12:ae:77:45:a2:16:8d:05:3e:4b:
                    be:35:53:73:1c:ee:d7:8b:38:fb:f3:14:c6:f4:02:
                    7e:fc:11:05:25:cf:59:1d:70:c4:96:74:f1:ea:65:
                    1a:79:06:7d:84:0c:dd:d6:fd:88:87:f9:b0:2f:e4:
                    70:a8:e2:7d:a3:57:4d:4e:ed:f9:a8:e9:68:80:64:
                    0d:ee:60:c2:84:ae:a4:79:f8:bc:13:c8:0f:48:bd:
                    9a:57:b7:08:5e:c4:42:f8:4b:53:36:ee:1c:60:1b:
                    1f:4a:9a:4d:e5:7b:90:da:7a:d4:ce:6e:56:ff:f6:
                    cc:1b:a5:a5:05:f4:d5:eb:48:db:73:ac:94:78:d9:
                    15:66:3e:ad:84:29:84:8c:af:e7:e0:3a:96:7c:29:
                    eb:01:4b:b5:fd:55:23:ba:3d:5a:45:b4:3f:e5:b6:
                    e9:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:73:19:86:45:01:BE:E2:32:E8:41:FD:17:4E:1B:88:1A:F1:DA:9C
            X509v3 Authority Key Identifier:
                keyid:2C:8F:A8:53:3D:CC:82:0B:A1:AD:6F:B2:B2:F0:16:10:10:53:1D:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LI-oUz3MgguhrW-ysvAWEBBTHbk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/e7d3de-1845-41f3-907a-9e96af6d6a8f/1/33MZhkUBvuIy6EH9F04biBrx2pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/e7d3de-1845-41f3-907a-9e96af6d6a8f/1/LI-oUz3MgguhrW-ysvAWEBBTHbk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:52:25:b6:54:ed:d1:a4:eb:49:c5:d8:98:8d:b8:72:fe:ab:
         79:11:ae:20:56:80:16:e2:ab:fe:ce:12:4d:3f:c0:70:3c:6e:
         ac:e9:db:0c:6d:e6:96:4e:12:53:a0:7e:65:39:df:6f:1d:43:
         c2:23:ca:3f:85:d0:89:77:1e:92:aa:c6:71:7b:d2:de:e5:6b:
         89:04:9c:a9:42:db:09:cd:ab:db:c9:69:f3:a8:9e:45:e1:72:
         7c:bc:72:ac:c0:1f:16:77:ac:63:cc:83:06:ce:99:dc:d6:73:
         b8:4e:0a:4f:f8:f4:49:da:e3:fc:dc:7d:78:10:cc:85:22:59:
         f3:85:cf:ae:96:f4:2e:84:12:10:72:b5:bb:c2:62:ca:d1:b9:
         6f:de:ad:49:85:11:ca:c1:f1:2e:a4:e6:1c:e4:ea:6c:40:8c:
         c7:b3:62:6f:42:d0:a5:45:32:1a:98:3c:3d:7c:49:f6:8b:a3:
         53:c9:69:51:79:02:75:b6:42:07:3e:7b:73:56:4e:14:e1:05:
         a6:9a:e6:13:dd:4e:67:73:6d:a4:63:59:fc:d4:59:43:50:3b:
         a5:1c:4d:55:05:a8:f8:3d:51:dd:56:9c:0f:b0:de:c8:33:34:
         c3:5f:82:26:fc:d6:7b:b6:00:c0:de:fd:7f:ab:38:bf:eb:0d:
         f9:28:72:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSU+xH1XWjTub+MqCWSy3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOGZhODUzM2RjYzgyMGJhMWFkNmZiMmIyZjAxNjEwMTA1
MzFkYjkwHhcNMjQwMTAxMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjczMTk4NjQ1MDFiZWUyMzJlODQxZmQxNzRlMWI4ODFhZjFkYTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsK1AFmFRtKe6jEZuEF0CjnUp5p/y
/hWyvZzTINjdE40PrcyMLw3XitXIdWqKnw+OLfzSNjwQtK8CKcybJNnnKigfSXBi
TUKJTeNKx3Ry0wbfWngJlP+CdOeKuTlBbRKud0WiFo0FPku+NVNzHO7Xizj78xTG
9AJ+/BEFJc9ZHXDElnTx6mUaeQZ9hAzd1v2Ih/mwL+RwqOJ9o1dNTu35qOlogGQN
7mDChK6kefi8E8gPSL2aV7cIXsRC+EtTNu4cYBsfSppN5XuQ2nrUzm5W//bMG6Wl
BfTV60jbc6yUeNkVZj6thCmEjK/n4DqWfCnrAUu1/VUjuj1aRbQ/5bbpZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9zGYZFAb7iMuhB/RdOG4ga8dqcMB8GA1UdIwQY
MBaAFCyPqFM9zIILoa1vsrLwFhAQUx25MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEktb1V6M01nZ3VoclcteXN2QVdFQkJUSGJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9lN2QzZGUtMTg0NS00MWYzLTkwN2Et
OWU5NmFmNmQ2YThmLzEvMzNNWmhrVUJ2dUl5NkVIOUYwNGJpQnJ4MnB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9lN2QzZGUtMTg0NS00MWYzLTkwN2EtOWU5NmFmNmQ2YThm
LzEvTEktb1V6M01nZ3VoclcteXN2QVdFQkJUSGJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXG9MA0G
CSqGSIb3DQEBCwUAA4IBAQBUUiW2VO3RpOtJxdiYjbhy/qt5Ea4gVoAW4qv+zhJN
P8BwPG6s6dsMbeaWThJToH5lOd9vHUPCI8o/hdCJdx6SqsZxe9Le5WuJBJypQtsJ
zavbyWnzqJ5F4XJ8vHKswB8Wd6xjzIMGzpnc1nO4TgpP+PRJ2uP83H14EMyFIlnz
hc+ulvQuhBIQcrW7wmLK0blv3q1JhRHKwfEupOYc5OpsQIzHs2JvQtClRTIamDw9
fEn2i6NTyWlReQJ1tkIHPntzVk4U4QWmmuYT3U5nc22kY1n81FlDUDulHE1VBaj4
PVHdVpwPsN7IMzTDX4Im/NZ7tgDA3v1/qzi/6w35KHKD
-----END CERTIFICATE-----