Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/afd70f-c300-49cb-b729-72ab5987f609/1/zZQhoXvJ8-CB6DP26iEvXrYXKRk.roa
File:                     zZQhoXvJ8-CB6DP26iEvXrYXKRk.roa (raw, json)
Hash identifier:          BbqAVxnNX5NuyXPK+MfwsV0mxcwontXLtXt4Pb6yO1U=
Subject key identifier:   CD:94:21:A1:7B:C9:F3:E0:81:E8:33:F6:EA:21:2F:5E:B6:17:29:19
Certificate issuer:       /CN=86b22303de4b0a870fcfe7b6556c024f75c76a34
Certificate serial:       018CC56DED2C031804C9A7F3AE57BB154768
Authority key identifier: 86:B2:23:03:DE:4B:0A:87:0F:CF:E7:B6:55:6C:02:4F:75:C7:6A:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hrIjA95LCocPz-e2VWwCT3XHajQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/afd70f-c300-49cb-b729-72ab5987f609/1/zZQhoXvJ8-CB6DP26iEvXrYXKRk.roa
Signing time:             Mon 01 Jan 2024 14:29:24 +0000
ROA not before:           Mon 01 Jan 2024 14:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25591
IP address blocks:        185.140.134.0/23 maxlen: 23
                          92.118.200.0/22 maxlen: 22
                          5.183.68.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/afd70f-c300-49cb-b729-72ab5987f609/1/hrIjA95LCocPz-e2VWwCT3XHajQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/afd70f-c300-49cb-b729-72ab5987f609/1/hrIjA95LCocPz-e2VWwCT3XHajQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hrIjA95LCocPz-e2VWwCT3XHajQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ed:2c:03:18:04:c9:a7:f3:ae:57:bb:15:47:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86b22303de4b0a870fcfe7b6556c024f75c76a34
        Validity
            Not Before: Jan  1 14:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd9421a17bc9f3e081e833f6ea212f5eb6172919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a0:b8:de:a5:f3:0d:88:7f:ed:26:d5:1f:11:
                    ec:9a:a2:49:af:d4:8a:bc:2a:96:4b:39:a3:d4:aa:
                    59:11:d1:ac:0e:92:13:0e:b2:eb:20:00:1f:ff:14:
                    13:9f:dc:6f:ba:8f:8d:35:ce:de:3d:6f:5d:e7:22:
                    8e:66:2e:83:29:a5:f6:5b:55:f2:04:9a:83:21:66:
                    f9:04:73:aa:7b:ab:d8:23:32:62:a5:8a:17:56:17:
                    17:a3:be:0f:cd:8d:6b:9a:ad:24:27:de:d3:46:a1:
                    18:a4:87:f8:f5:2e:3d:17:81:69:24:59:02:55:b7:
                    7a:ea:a4:27:28:2e:7e:ba:dc:2d:f9:7c:fe:90:9c:
                    57:f6:b8:22:d4:60:e3:7f:1d:eb:44:d1:55:fd:9d:
                    b4:27:67:76:0c:84:63:e6:47:03:4b:5c:b1:a7:69:
                    9d:39:63:c8:e9:38:38:2d:26:8d:68:56:b6:22:e3:
                    3e:d8:e7:36:88:e2:0d:0a:a6:03:14:a8:dc:73:85:
                    e0:2f:86:a8:7b:51:76:b8:3f:87:aa:7c:87:9c:b5:
                    0f:4b:7f:6b:a3:65:6a:8c:a2:72:63:e2:98:30:4f:
                    ad:0f:e9:e7:4d:87:ee:fb:96:33:66:a0:51:2d:43:
                    aa:b2:d0:db:bf:a7:c9:a4:b6:d6:0b:67:12:13:d6:
                    0e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:94:21:A1:7B:C9:F3:E0:81:E8:33:F6:EA:21:2F:5E:B6:17:29:19
            X509v3 Authority Key Identifier:
                keyid:86:B2:23:03:DE:4B:0A:87:0F:CF:E7:B6:55:6C:02:4F:75:C7:6A:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hrIjA95LCocPz-e2VWwCT3XHajQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/afd70f-c300-49cb-b729-72ab5987f609/1/zZQhoXvJ8-CB6DP26iEvXrYXKRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/afd70f-c300-49cb-b729-72ab5987f609/1/hrIjA95LCocPz-e2VWwCT3XHajQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.68.0/22
                  92.118.200.0/22
                  185.140.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:e4:90:67:35:53:a7:99:3d:f2:0d:c7:a6:61:7f:e1:67:7d:
         7a:ef:1d:6a:a7:d3:2e:12:20:8f:d4:f3:f4:5c:89:81:8a:33:
         22:d1:67:c0:8d:33:a1:45:35:42:8a:28:15:bc:55:87:e0:81:
         3b:d4:21:4a:df:27:28:4f:14:5d:59:3a:3a:de:52:72:97:4c:
         e6:c9:dc:fe:bf:09:9d:19:8c:bb:2b:b3:ad:4b:ad:e3:54:48:
         a5:13:4a:84:99:03:b7:2d:ff:a9:27:a7:cc:10:56:cd:c1:54:
         e2:1d:b1:08:35:b9:6b:6d:72:8c:56:7b:f3:ce:96:56:2b:0f:
         72:f7:1c:28:88:08:71:1a:1d:15:d8:58:c7:d9:c5:a8:47:23:
         bb:21:a0:ac:68:c2:58:ea:b9:51:fb:03:bc:f3:53:f7:d8:1c:
         4d:c2:86:43:df:fc:92:5e:49:82:9c:56:08:23:dc:64:ed:42:
         58:6a:a4:14:eb:aa:8c:b2:c8:7b:e6:b2:09:d6:6b:91:3b:07:
         e1:3d:29:43:65:a0:fa:5b:fb:82:b6:5b:cf:ad:a8:67:23:61:
         a5:55:14:60:ac:24:5b:6e:c1:a4:93:b8:03:31:e7:7c:6b:63:
         51:3b:47:aa:7f:c4:7c:8b:cf:b4:68:27:9f:b0:7b:14:3d:d4:
         02:db:a4:89
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbe0sAxgEyafzrle7FUdoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2YjIyMzAzZGU0YjBhODcwZmNmZTdiNjU1NmMwMjRmNzVj
NzZhMzQwHhcNMjQwMTAxMTQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDk0MjFhMTdiYzlmM2UwODFlODMzZjZlYTIxMmY1ZWI2MTcyOTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6C43qXzDYh/7SbVHxHsmqJJr9SK
vCqWSzmj1KpZEdGsDpITDrLrIAAf/xQTn9xvuo+NNc7ePW9d5yKOZi6DKaX2W1Xy
BJqDIWb5BHOqe6vYIzJipYoXVhcXo74PzY1rmq0kJ97TRqEYpIf49S49F4FpJFkC
Vbd66qQnKC5+utwt+Xz+kJxX9rgi1GDjfx3rRNFV/Z20J2d2DIRj5kcDS1yxp2md
OWPI6Tg4LSaNaFa2IuM+2Oc2iOINCqYDFKjcc4XgL4aoe1F2uD+HqnyHnLUPS39r
o2VqjKJyY+KYME+tD+nnTYfu+5YzZqBRLUOqstDbv6fJpLbWC2cSE9YOvwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM2UIaF7yfPggegz9uohL162FykZMB8GA1UdIwQY
MBaAFIayIwPeSwqHD8/ntlVsAk91x2o0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHJJakE5NUxDb2NQei1lMlZXd0NUM1hIYWpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9hZmQ3MGYtYzMwMC00OWNiLWI3Mjkt
NzJhYjU5ODdmNjA5LzEvelpRaG9Ydko4LUNCNkRQMjZpRXZYcllYS1JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9hZmQ3MGYtYzMwMC00OWNiLWI3MjktNzJhYjU5ODdmNjA5
LzEvaHJJakE5NUxDb2NQei1lMlZXd0NUM1hIYWpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCBbdEAwQC
XHbIAwQBuYyGMA0GCSqGSIb3DQEBCwUAA4IBAQBX5JBnNVOnmT3yDcemYX/hZ316
7x1qp9MuEiCP1PP0XImBijMi0WfAjTOhRTVCiigVvFWH4IE71CFK3ycoTxRdWTo6
3lJyl0zmydz+vwmdGYy7K7OtS63jVEilE0qEmQO3Lf+pJ6fMEFbNwVTiHbEINblr
bXKMVnvzzpZWKw9y9xwoiAhxGh0V2FjH2cWoRyO7IaCsaMJY6rlR+wO881P32BxN
woZD3/ySXkmCnFYII9xk7UJYaqQU66qMssh75rIJ1muROwfhPSlDZaD6W/uCtlvP
rahnI2GlVRRgrCRbbsGkk7gDMed8a2NRO0eqf8R8i8+0aCefsHsUPdQC26SJ
-----END CERTIFICATE-----