Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/510e8f-967f-4137-b4e6-cc75797518a0/1/ZREKvai1vE7XPY5uKX_JAWoL45g.roa
File:                     ZREKvai1vE7XPY5uKX_JAWoL45g.roa (raw, json)
Hash identifier:          dExRJfx898ASyM2l+4kNVhLdSTbrzF3AyffmxIVM1Eo=
Subject key identifier:   65:11:0A:BD:A8:B5:BC:4E:D7:3D:8E:6E:29:7F:C9:01:6A:0B:E3:98
Certificate issuer:       /CN=33ba6c0bcca16c685dc7b9b27f199b42b4beeee9
Certificate serial:       018CC56E65EC21DE7426255048443E68F60A
Authority key identifier: 33:BA:6C:0B:CC:A1:6C:68:5D:C7:B9:B2:7F:19:9B:42:B4:BE:EE:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M7psC8yhbGhdx7myfxmbQrS-7uk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/510e8f-967f-4137-b4e6-cc75797518a0/1/ZREKvai1vE7XPY5uKX_JAWoL45g.roa
Signing time:             Mon 01 Jan 2024 14:29:55 +0000
ROA not before:           Mon 01 Jan 2024 14:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35175
IP address blocks:        193.143.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/510e8f-967f-4137-b4e6-cc75797518a0/1/M7psC8yhbGhdx7myfxmbQrS-7uk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/510e8f-967f-4137-b4e6-cc75797518a0/1/M7psC8yhbGhdx7myfxmbQrS-7uk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M7psC8yhbGhdx7myfxmbQrS-7uk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:65:ec:21:de:74:26:25:50:48:44:3e:68:f6:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33ba6c0bcca16c685dc7b9b27f199b42b4beeee9
        Validity
            Not Before: Jan  1 14:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65110abda8b5bc4ed73d8e6e297fc9016a0be398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:31:b7:bb:ca:50:6b:57:20:55:95:e7:1e:89:
                    9a:48:63:80:06:c1:3b:da:1b:a9:26:cd:78:a6:e0:
                    83:63:35:2b:1c:94:4f:f0:25:cf:7f:48:d3:6e:5d:
                    ae:66:e8:8a:05:2a:12:ef:65:63:b4:a5:a5:2e:20:
                    c1:14:99:d8:ee:b0:c3:d3:30:6f:10:55:f2:ef:20:
                    a4:0f:bc:3a:e0:9b:f7:ce:66:4f:3c:7e:5d:79:19:
                    b0:0b:29:74:44:10:32:4b:8b:25:77:12:70:5d:20:
                    56:5d:58:d6:3b:7c:14:d6:ff:e4:d4:50:fd:82:79:
                    e8:59:57:8e:db:ed:5c:80:b9:de:74:35:1f:f0:0a:
                    77:91:5d:e6:05:1b:c5:8d:f7:4a:56:01:e2:85:76:
                    d8:3d:c9:37:a3:f7:d5:2c:3b:a2:17:2c:bf:24:b1:
                    07:8f:17:37:5a:6d:22:76:c0:a2:38:26:4a:6e:dd:
                    b6:90:7f:ef:7c:47:64:a6:ab:03:30:a4:0d:a0:02:
                    16:93:6d:d7:dc:d7:66:56:44:15:9e:95:dd:93:9b:
                    e9:e8:9b:c1:18:3d:bd:9c:14:cc:8a:f6:1f:39:97:
                    1b:17:45:7f:48:10:b0:4c:00:bd:4e:1c:84:c7:e3:
                    08:71:cc:d0:ab:67:4d:ea:bf:dc:6a:b8:aa:23:1e:
                    7d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:11:0A:BD:A8:B5:BC:4E:D7:3D:8E:6E:29:7F:C9:01:6A:0B:E3:98
            X509v3 Authority Key Identifier:
                keyid:33:BA:6C:0B:CC:A1:6C:68:5D:C7:B9:B2:7F:19:9B:42:B4:BE:EE:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M7psC8yhbGhdx7myfxmbQrS-7uk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/510e8f-967f-4137-b4e6-cc75797518a0/1/ZREKvai1vE7XPY5uKX_JAWoL45g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/510e8f-967f-4137-b4e6-cc75797518a0/1/M7psC8yhbGhdx7myfxmbQrS-7uk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.143.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:3d:7e:72:db:2a:b7:80:02:ba:e1:a9:fd:c4:bd:b1:17:17:
         37:cf:44:49:ff:ff:5a:fa:e5:45:88:ba:4d:7f:d2:d5:37:a1:
         7b:dc:ce:c5:35:8d:52:29:58:09:b8:fa:3c:5c:e0:9a:5f:f8:
         4a:99:f5:a2:04:b2:58:65:a8:36:72:7e:e7:6c:bf:35:f6:18:
         a1:22:9e:d1:cb:ab:0c:69:2f:af:21:7f:08:9d:46:eb:f4:b7:
         7f:6a:89:d0:c4:ba:da:d0:34:f4:c6:a8:0a:02:b1:39:4a:31:
         a7:43:f3:68:25:1b:ca:e9:fd:16:22:13:f2:fe:85:e9:6a:5d:
         3a:64:f1:fe:0c:b9:0b:fe:6e:e6:20:e7:fa:94:c2:e5:32:32:
         1b:9f:89:cb:9d:e8:25:59:64:41:90:df:ae:8b:ea:31:1b:d9:
         2f:6a:db:b0:87:d8:3a:5a:ec:06:57:e9:09:34:06:91:91:4a:
         05:d6:a6:19:3c:44:91:22:2b:d4:0f:3f:ce:4c:37:7f:cc:8d:
         0b:dc:47:69:66:37:89:d6:e1:66:37:53:2f:36:0d:19:b3:94:
         d2:11:72:4b:62:4b:7b:14:73:85:da:31:51:d3:c8:88:98:66:
         68:06:07:bd:e2:f4:f3:fd:21:28:09:00:01:2e:5f:14:18:0d:
         96:0f:0b:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbmXsId50JiVQSEQ+aPYKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYmE2YzBiY2NhMTZjNjg1ZGM3YjliMjdmMTk5YjQyYjRi
ZWVlZTkwHhcNMjQwMTAxMTQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTExMGFiZGE4YjViYzRlZDczZDhlNmUyOTdmYzkwMTZhMGJlMzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTG3u8pQa1cgVZXnHomaSGOABsE7
2hupJs14puCDYzUrHJRP8CXPf0jTbl2uZuiKBSoS72VjtKWlLiDBFJnY7rDD0zBv
EFXy7yCkD7w64Jv3zmZPPH5deRmwCyl0RBAyS4sldxJwXSBWXVjWO3wU1v/k1FD9
gnnoWVeO2+1cgLnedDUf8Ap3kV3mBRvFjfdKVgHihXbYPck3o/fVLDuiFyy/JLEH
jxc3Wm0idsCiOCZKbt22kH/vfEdkpqsDMKQNoAIWk23X3NdmVkQVnpXdk5vp6JvB
GD29nBTMivYfOZcbF0V/SBCwTAC9ThyEx+MIcczQq2dN6r/cariqIx59SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGURCr2otbxO1z2Obil/yQFqC+OYMB8GA1UdIwQY
MBaAFDO6bAvMoWxoXce5sn8Zm0K0vu7pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTdwc0M4eWhiR2hkeDdteWZ4bWJRclMtN3VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi81MTBlOGYtOTY3Zi00MTM3LWI0ZTYt
Y2M3NTc5NzUxOGEwLzEvWlJFS3ZhaTF2RTdYUFk1dUtYX0pBV29MNDVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi81MTBlOGYtOTY3Zi00MTM3LWI0ZTYtY2M3NTc5NzUxOGEw
LzEvTTdwc0M4eWhiR2hkeDdteWZ4bWJRclMtN3VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY9KMA0G
CSqGSIb3DQEBCwUAA4IBAQCnPX5y2yq3gAK64an9xL2xFxc3z0RJ//9a+uVFiLpN
f9LVN6F73M7FNY1SKVgJuPo8XOCaX/hKmfWiBLJYZag2cn7nbL819hihIp7Ry6sM
aS+vIX8InUbr9Ld/aonQxLra0DT0xqgKArE5SjGnQ/NoJRvK6f0WIhPy/oXpal06
ZPH+DLkL/m7mIOf6lMLlMjIbn4nLneglWWRBkN+ui+oxG9kvatuwh9g6WuwGV+kJ
NAaRkUoF1qYZPESRIivUDz/OTDd/zI0L3EdpZjeJ1uFmN1MvNg0Zs5TSEXJLYkt7
FHOF2jFR08iImGZoBge94vTz/SEoCQABLl8UGA2WDwtE
-----END CERTIFICATE-----