Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/fz3EbJBHyemU4_e57MrJtN1LHss.roa
File:                     fz3EbJBHyemU4_e57MrJtN1LHss.roa (raw, json)
Hash identifier:          WWj/timi30rCAuUkutEXzcECw3/kCBTHjq4eWxd8B5Q=
Subject key identifier:   7F:3D:C4:6C:90:47:C9:E9:94:E3:F7:B9:EC:CA:C9:B4:DD:4B:1E:CB
Certificate issuer:       /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial:       018CC3B689C39E9BEBE233ACF5FD5E69099F
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/fz3EbJBHyemU4_e57MrJtN1LHss.roa
Signing time:             Mon 01 Jan 2024 06:29:29 +0000
ROA not before:           Mon 01 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198774
IP address blocks:        128.127.145.0/24 maxlen: 24
                          128.127.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:89:c3:9e:9b:eb:e2:33:ac:f5:fd:5e:69:09:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
        Validity
            Not Before: Jan  1 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f3dc46c9047c9e994e3f7b9eccac9b4dd4b1ecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:af:23:24:51:1d:7c:7c:39:af:fa:9f:0e:e2:
                    9b:0e:79:4a:5c:7b:dc:9d:2c:e2:d5:08:91:27:31:
                    bf:91:5a:2c:f2:85:97:be:52:70:fa:24:4d:83:33:
                    89:9f:08:2a:d4:4b:19:a0:a3:05:a5:4f:7b:cd:93:
                    cc:db:88:9c:ae:b3:c5:82:d0:47:01:e8:61:54:c6:
                    2d:7a:33:ad:72:ed:7e:b0:be:25:cf:b9:da:03:ed:
                    0f:49:41:81:3a:9d:24:b6:c3:75:58:f0:42:cd:f6:
                    65:4e:66:d1:33:79:17:5b:2b:90:3f:ce:f3:7c:1e:
                    8c:a2:89:4f:8b:53:84:dd:24:ac:27:de:8d:d5:3f:
                    e7:6c:b3:51:95:10:52:1f:ee:f3:8b:ad:ee:fe:48:
                    78:1e:b5:cd:b2:90:92:c3:bd:1e:8c:af:f1:82:38:
                    52:42:73:56:03:ac:cd:a6:da:e4:7c:48:a0:5e:71:
                    73:ab:a5:42:c3:53:b4:ee:a8:42:0f:f8:18:a1:45:
                    9f:78:4f:14:82:32:06:da:40:56:d1:32:b7:3b:60:
                    94:5a:75:d5:e3:7f:ed:9b:50:bd:98:36:b6:eb:92:
                    5e:54:c8:0f:29:83:4d:95:07:8e:53:44:3b:b1:3a:
                    5e:cf:9f:8b:a4:07:af:38:a3:9b:b8:8f:ea:2c:db:
                    5a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:3D:C4:6C:90:47:C9:E9:94:E3:F7:B9:EC:CA:C9:B4:DD:4B:1E:CB
            X509v3 Authority Key Identifier:
                keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/fz3EbJBHyemU4_e57MrJtN1LHss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.127.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:fd:f4:65:34:31:5a:64:b2:61:30:2c:45:09:fd:f7:6c:5f:
         4d:60:ed:60:a9:81:e2:e5:7b:b5:42:89:ae:54:cb:11:73:3c:
         35:3c:c2:10:9b:3a:ae:6d:e9:8e:b3:38:0e:88:bb:38:61:7f:
         1b:72:2e:8c:9a:b0:b6:8f:06:8a:4e:ae:39:f0:c1:5f:bc:10:
         ed:97:ed:00:7e:d1:56:3d:1d:5c:df:a0:94:4b:55:88:06:35:
         3e:2c:f8:9a:63:79:7f:27:d2:59:ec:7c:1f:c6:a5:62:d4:e2:
         b2:ee:4d:ed:56:34:cb:fe:05:04:ff:57:6d:7c:82:d7:d0:01:
         58:85:ad:b3:08:18:44:40:8a:80:d8:c5:23:33:f6:25:1f:4a:
         4f:a9:26:ea:e0:fd:f5:4d:14:d2:9f:0a:f0:15:c9:db:9c:b6:
         83:9f:ed:57:3a:09:cd:be:73:86:22:d8:1c:8c:fa:f9:84:7b:
         7c:08:62:84:c1:35:44:cb:86:d1:fa:87:dd:e1:fe:71:70:ae:
         70:55:7d:62:5c:e1:fd:84:fd:3b:3f:cb:36:b5:b8:f4:f9:07:
         a4:34:c4:1f:55:af:c0:ff:c2:89:ef:71:b0:1e:32:2e:90:c5:
         4d:9e:83:9f:4e:ad:95:02:da:99:93:86:67:85:20:f3:ea:3b:
         be:66:c1:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtonDnpvr4jOs9f1eaQmfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjQwMTAxMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjNkYzQ2YzkwNDdjOWU5OTRlM2Y3YjllY2NhYzliNGRkNGIxZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA068jJFEdfHw5r/qfDuKbDnlKXHvc
nSzi1QiRJzG/kVos8oWXvlJw+iRNgzOJnwgq1EsZoKMFpU97zZPM24icrrPFgtBH
AehhVMYtejOtcu1+sL4lz7naA+0PSUGBOp0ktsN1WPBCzfZlTmbRM3kXWyuQP87z
fB6MoolPi1OE3SSsJ96N1T/nbLNRlRBSH+7zi63u/kh4HrXNspCSw70ejK/xgjhS
QnNWA6zNptrkfEigXnFzq6VCw1O07qhCD/gYoUWfeE8UgjIG2kBW0TK3O2CUWnXV
43/tm1C9mDa265JeVMgPKYNNlQeOU0Q7sTpez5+LpAevOKObuI/qLNtaewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH89xGyQR8nplOP3uezKybTdSx7LMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvZnozRWJKQkh5ZW1VNF9lNTdNckp0TjFMSHNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBgH+QMA0G
CSqGSIb3DQEBCwUAA4IBAQCN/fRlNDFaZLJhMCxFCf33bF9NYO1gqYHi5Xu1Qomu
VMsRczw1PMIQmzqubemOszgOiLs4YX8bci6MmrC2jwaKTq458MFfvBDtl+0AftFW
PR1c36CUS1WIBjU+LPiaY3l/J9JZ7HwfxqVi1OKy7k3tVjTL/gUE/1dtfILX0AFY
ha2zCBhEQIqA2MUjM/YlH0pPqSbq4P31TRTSnwrwFcnbnLaDn+1XOgnNvnOGItgc
jPr5hHt8CGKEwTVEy4bR+ofd4f5xcK5wVX1iXOH9hP07P8s2tbj0+QekNMQfVa/A
/8KJ73GwHjIukMVNnoOfTq2VAtqZk4ZnhSDz6ju+ZsHh
-----END CERTIFICATE-----