Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/ZVsEcdv49ncHDzzfV4Q2PktA35M.roa
File:                     ZVsEcdv49ncHDzzfV4Q2PktA35M.roa (raw, json)
Hash identifier:          1T7xwsvMJa6+SPAms6k+oweNQlGFZAgCBX5HTzBwmTY=
Subject key identifier:   65:5B:04:71:DB:F8:F6:77:07:0F:3C:DF:57:84:36:3E:4B:40:DF:93
Certificate issuer:       /CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
Certificate serial:       018DE2D8B131CFFC640BC79753DB19C85F6D
Authority key identifier: 3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/ZVsEcdv49ncHDzzfV4Q2PktA35M.roa
Signing time:             Mon 26 Feb 2024 00:37:48 +0000
ROA not before:           Mon 26 Feb 2024 00:37:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.71.228.0/24 maxlen: 24
                          185.71.229.0/24 maxlen: 24
                          193.0.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e2:d8:b1:31:cf:fc:64:0b:c7:97:53:db:19:c8:5f:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e24c7ecfa37d2487152fb9bbbab50be79de2619
        Validity
            Not Before: Feb 26 00:37:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=655b0471dbf8f677070f3cdf5784363e4b40df93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:1e:9d:41:60:04:79:d8:01:46:41:d4:cb:7c:
                    32:19:a4:af:3a:9b:f1:46:16:8d:ce:a2:23:73:ab:
                    bb:ac:04:98:33:19:b0:5d:f5:3c:31:61:d1:64:2e:
                    2c:20:12:59:84:fc:30:0e:27:77:90:eb:73:40:9c:
                    38:bc:67:68:fa:9b:41:d5:6e:3c:8d:62:75:5e:c8:
                    18:21:dd:29:ef:d2:f0:3e:6f:c3:9d:66:81:6b:43:
                    e5:ac:12:3c:ed:b9:d2:10:fb:3e:81:55:4e:97:5a:
                    53:80:68:d0:65:fd:22:a4:3d:4b:fe:cd:3a:7b:03:
                    31:57:9c:9b:08:72:04:14:f4:d1:be:a3:67:d1:12:
                    e3:b3:e8:2d:ec:f1:4d:eb:68:8d:5d:d0:76:13:76:
                    50:fd:70:a8:cf:7b:0a:e9:31:c5:6f:69:89:f2:4f:
                    c6:d6:a3:3f:e8:5a:84:5d:b8:67:bb:2b:56:f3:bb:
                    5f:3a:7c:c9:ab:8e:d1:ad:6a:f3:a9:6b:f0:e0:36:
                    7b:d5:52:86:38:3b:e8:bb:30:73:22:71:1c:81:96:
                    c6:f6:3a:c1:37:85:a8:62:af:d9:b5:1e:d1:6c:d1:
                    d7:5b:5e:f1:01:c6:04:80:50:fe:d8:75:b6:29:da:
                    8a:5a:e1:d2:42:15:71:e2:ed:0f:5f:3e:d4:05:be:
                    a6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:5B:04:71:DB:F8:F6:77:07:0F:3C:DF:57:84:36:3E:4B:40:DF:93
            X509v3 Authority Key Identifier:
                keyid:3E:24:C7:EC:FA:37:D2:48:71:52:FB:9B:BB:AB:50:BE:79:DE:26:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PiTH7Po30khxUvubu6tQvnneJhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/ZVsEcdv49ncHDzzfV4Q2PktA35M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/39a5fc-d26e-4d53-91e3-493d774aa1ff/1/PiTH7Po30khxUvubu6tQvnneJhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.228.0/23
                  193.0.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:10:22:48:0a:e8:c5:bb:53:e4:00:0a:5f:ce:a0:cc:99:1c:
         c4:ee:85:51:a9:bb:f4:dc:a8:12:d2:e4:da:56:62:c1:b8:57:
         75:d6:15:92:0a:24:ac:8a:b4:ee:c2:52:45:89:f1:f4:db:02:
         2b:a7:77:4e:d9:9f:b8:ad:85:bd:29:de:4b:18:02:f5:14:a8:
         9b:26:95:d9:57:b7:ed:cf:c6:b4:21:f0:b8:68:cb:76:bd:e1:
         9b:58:98:9e:e3:0a:dd:cd:94:6a:82:ab:f8:17:3d:f2:c9:bc:
         c3:e6:9a:9e:2f:57:4e:5e:91:a5:68:f1:c0:da:98:30:e0:6c:
         b2:c5:10:28:89:c8:f4:6f:f6:89:ff:10:f5:7d:25:f5:d6:c0:
         c7:c7:bc:dc:5c:ef:42:8e:75:3d:ea:ed:8b:cf:84:bd:97:be:
         d2:6d:cc:fe:f1:69:b9:e3:1b:77:62:0c:31:43:18:64:2b:90:
         ea:cc:d6:f6:f9:d4:fb:4e:e4:4e:ff:fc:e8:20:01:f4:2a:55:
         a3:09:ba:5d:c0:41:58:d7:9f:cd:2d:19:00:77:80:a4:db:64:
         47:44:26:35:3d:6e:89:22:73:82:dd:11:a1:88:ae:aa:b3:89:
         9d:7d:ab:aa:3d:e8:c2:f9:75:21:af:01:50:70:93:f0:f1:c6:
         f0:83:dd:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3i2LExz/xkC8eXU9sZyF9tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMjRjN2VjZmEzN2QyNDg3MTUyZmI5YmJiYWI1MGJlNzlk
ZTI2MTkwHhcNMjQwMjI2MDAzNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTViMDQ3MWRiZjhmNjc3MDcwZjNjZGY1Nzg0MzYzZTRiNDBkZjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1B6dQWAEedgBRkHUy3wyGaSvOpvx
RhaNzqIjc6u7rASYMxmwXfU8MWHRZC4sIBJZhPwwDid3kOtzQJw4vGdo+ptB1W48
jWJ1XsgYId0p79LwPm/DnWaBa0PlrBI87bnSEPs+gVVOl1pTgGjQZf0ipD1L/s06
ewMxV5ybCHIEFPTRvqNn0RLjs+gt7PFN62iNXdB2E3ZQ/XCoz3sK6THFb2mJ8k/G
1qM/6FqEXbhnuytW87tfOnzJq47RrWrzqWvw4DZ71VKGODvouzBzInEcgZbG9jrB
N4WoYq/ZtR7RbNHXW17xAcYEgFD+2HW2KdqKWuHSQhVx4u0PXz7UBb6mbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGVbBHHb+PZ3Bw8831eENj5LQN+TMB8GA1UdIwQY
MBaAFD4kx+z6N9JIcVL7m7urUL553iYZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMt
NDkzZDc3NGFhMWZmLzEvWlZzRWNkdjQ5bmNIRHp6ZlY0UTJQa3RBMzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zOWE1ZmMtZDI2ZS00ZDUzLTkxZTMtNDkzZDc3NGFhMWZm
LzEvUGlUSDdQbzMwa2h4VXZ1YnU2dFF2bm5lSmhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuUfkAwQA
wQC1MA0GCSqGSIb3DQEBCwUAA4IBAQAmECJICujFu1PkAApfzqDMmRzE7oVRqbv0
3KgS0uTaVmLBuFd11hWSCiSsirTuwlJFifH02wIrp3dO2Z+4rYW9Kd5LGAL1FKib
JpXZV7ftz8a0IfC4aMt2veGbWJie4wrdzZRqgqv4Fz3yybzD5pqeL1dOXpGlaPHA
2pgw4GyyxRAoicj0b/aJ/xD1fSX11sDHx7zcXO9CjnU96u2Lz4S9l77Sbcz+8Wm5
4xt3YgwxQxhkK5DqzNb2+dT7TuRO//zoIAH0KlWjCbpdwEFY15/NLRkAd4Ck22RH
RCY1PW6JInOC3RGhiK6qs4mdfauqPejC+XUhrwFQcJPw8cbwg900
-----END CERTIFICATE-----