Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/981176-4d10-4859-ba0f-1d22b02b9b1b/1/Zusxov0H-soOSLvL_KNsAd50NUw.roa
File:                     Zusxov0H-soOSLvL_KNsAd50NUw.roa (raw, json)
Hash identifier:          oPOFMAoOi4yeDubjtUQUeEwC78DfGF5yzAXT9uu2Jzo=
Subject key identifier:   66:EB:31:A2:FD:07:FA:CA:0E:48:BB:CB:FC:A3:6C:01:DE:74:35:4C
Certificate issuer:       /CN=b74f63fd0dc197e52ad272276c40d3ee4bb1d799
Certificate serial:       018CC424B1DDA6538025602ED3E4E8BDBA14
Authority key identifier: B7:4F:63:FD:0D:C1:97:E5:2A:D2:72:27:6C:40:D3:EE:4B:B1:D7:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t09j_Q3Bl-Uq0nInbEDT7kux15k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/981176-4d10-4859-ba0f-1d22b02b9b1b/1/Zusxov0H-soOSLvL_KNsAd50NUw.roa
Signing time:             Mon 01 Jan 2024 08:29:48 +0000
ROA not before:           Mon 01 Jan 2024 08:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204108
IP address blocks:        185.114.136.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/981176-4d10-4859-ba0f-1d22b02b9b1b/1/t09j_Q3Bl-Uq0nInbEDT7kux15k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/981176-4d10-4859-ba0f-1d22b02b9b1b/1/t09j_Q3Bl-Uq0nInbEDT7kux15k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t09j_Q3Bl-Uq0nInbEDT7kux15k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:03:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:b1:dd:a6:53:80:25:60:2e:d3:e4:e8:bd:ba:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b74f63fd0dc197e52ad272276c40d3ee4bb1d799
        Validity
            Not Before: Jan  1 08:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66eb31a2fd07faca0e48bbcbfca36c01de74354c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:b7:48:5a:8e:ee:24:3e:df:62:72:b0:b3:a5:
                    4b:5b:00:9a:6c:05:b9:ed:17:0c:df:71:c5:44:cb:
                    bc:4e:7f:b1:fb:1a:86:0e:63:53:06:b2:13:c4:94:
                    8f:a5:b7:49:c7:53:a3:20:3c:e6:18:44:60:08:d1:
                    ff:17:69:18:79:16:a6:93:7d:97:7c:c4:02:53:1e:
                    83:97:e1:3c:da:5e:74:d4:90:cc:56:30:0a:81:ee:
                    d9:bf:46:a8:a0:ac:59:34:82:8c:e9:03:0f:a4:e1:
                    fb:94:27:6d:43:35:62:94:3c:5b:ce:21:9b:f1:6e:
                    7b:11:10:36:8c:65:fc:fb:c5:dd:d5:f6:1a:4b:b1:
                    7f:c0:e6:59:5a:3e:36:17:ad:ae:26:fd:b3:fb:cd:
                    78:6f:b9:26:7d:ff:85:ec:78:a6:39:a5:28:ac:00:
                    0a:1d:19:11:40:26:7a:f1:e0:08:2a:4b:bf:5e:62:
                    d0:06:16:e7:71:13:a4:3c:28:39:41:50:13:8a:2a:
                    91:c5:ca:6a:24:94:9e:dc:14:35:83:a9:4f:02:8f:
                    e0:8c:cc:83:ec:24:5d:b4:4d:78:38:b7:f0:f5:43:
                    6e:1b:1e:5f:99:ed:ba:f0:7d:c0:cc:22:ba:cc:5f:
                    f2:61:a6:a8:b6:41:73:f8:cc:f7:26:c9:8e:12:e7:
                    1c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:EB:31:A2:FD:07:FA:CA:0E:48:BB:CB:FC:A3:6C:01:DE:74:35:4C
            X509v3 Authority Key Identifier:
                keyid:B7:4F:63:FD:0D:C1:97:E5:2A:D2:72:27:6C:40:D3:EE:4B:B1:D7:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t09j_Q3Bl-Uq0nInbEDT7kux15k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/981176-4d10-4859-ba0f-1d22b02b9b1b/1/Zusxov0H-soOSLvL_KNsAd50NUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/981176-4d10-4859-ba0f-1d22b02b9b1b/1/t09j_Q3Bl-Uq0nInbEDT7kux15k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:78:36:16:0e:5e:ba:31:1c:0f:7b:7a:e7:67:63:ca:76:d6:
         c9:e0:04:78:32:36:4f:fe:cc:99:f5:b0:38:2d:46:f4:71:9f:
         83:fd:47:2c:7e:b1:13:a9:18:9c:b4:cb:9e:95:bf:63:d9:73:
         4f:33:1a:0e:10:a7:9c:4f:3f:93:48:f6:a0:35:cc:af:be:9b:
         1a:33:62:be:fd:ee:07:06:bc:7c:bc:87:61:66:32:48:a4:2d:
         7e:b3:93:83:76:24:1e:10:ad:17:ca:78:9b:5e:4e:50:63:f0:
         99:c7:de:19:3b:a3:70:ad:ae:6f:fc:28:90:83:d9:9c:8b:19:
         79:7b:76:61:64:4d:24:a0:3b:73:99:e7:2b:55:cc:77:d4:dd:
         1c:82:66:7b:10:2b:19:db:c5:4e:7c:0a:f8:27:c9:f2:c2:c7:
         d1:3a:0c:95:2e:56:21:39:7c:f0:39:48:d0:0d:8e:6c:f2:b5:
         5e:8b:da:1e:04:19:ab:4f:c3:ec:74:6e:4a:03:b2:60:98:26:
         1a:ec:af:3a:e1:fb:0d:76:3c:cb:5f:03:44:80:67:a3:69:4e:
         70:7b:61:44:2b:45:ee:61:82:f3:94:1d:d0:15:08:09:0a:89:
         f7:37:c0:75:f1:64:1c:f2:42:fd:a4:a4:86:e4:e2:1c:88:4a:
         ed:62:5d:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJLHdplOAJWAu0+TovboUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NGY2M2ZkMGRjMTk3ZTUyYWQyNzIyNzZjNDBkM2VlNGJi
MWQ3OTkwHhcNMjQwMTAxMDgyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmViMzFhMmZkMDdmYWNhMGU0OGJiY2JmY2EzNmMwMWRlNzQzNTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4bdIWo7uJD7fYnKws6VLWwCabAW5
7RcM33HFRMu8Tn+x+xqGDmNTBrITxJSPpbdJx1OjIDzmGERgCNH/F2kYeRamk32X
fMQCUx6Dl+E82l501JDMVjAKge7Zv0aooKxZNIKM6QMPpOH7lCdtQzVilDxbziGb
8W57ERA2jGX8+8Xd1fYaS7F/wOZZWj42F62uJv2z+814b7kmff+F7HimOaUorAAK
HRkRQCZ68eAIKku/XmLQBhbncROkPCg5QVATiiqRxcpqJJSe3BQ1g6lPAo/gjMyD
7CRdtE14OLfw9UNuGx5fme268H3AzCK6zF/yYaaotkFz+Mz3JsmOEuccQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbrMaL9B/rKDki7y/yjbAHedDVMMB8GA1UdIwQY
MBaAFLdPY/0NwZflKtJyJ2xA0+5LsdeZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDA5al9RM0JsLVVxMG5JbmJFRFQ3a3V4MTVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85ODExNzYtNGQxMC00ODU5LWJhMGYt
MWQyMmIwMmI5YjFiLzEvWnVzeG92MEgtc29PU0x2TF9LTnNBZDUwTlV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85ODExNzYtNGQxMC00ODU5LWJhMGYtMWQyMmIwMmI5YjFi
LzEvdDA5al9RM0JsLVVxMG5JbmJFRFQ3a3V4MTVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXKIMA0G
CSqGSIb3DQEBCwUAA4IBAQCpeDYWDl66MRwPe3rnZ2PKdtbJ4AR4MjZP/syZ9bA4
LUb0cZ+D/UcsfrETqRictMuelb9j2XNPMxoOEKecTz+TSPagNcyvvpsaM2K+/e4H
Brx8vIdhZjJIpC1+s5ODdiQeEK0XynibXk5QY/CZx94ZO6Nwra5v/CiQg9mcixl5
e3ZhZE0koDtzmecrVcx31N0cgmZ7ECsZ28VOfAr4J8nywsfROgyVLlYhOXzwOUjQ
DY5s8rVei9oeBBmrT8PsdG5KA7JgmCYa7K864fsNdjzLXwNEgGejaU5we2FEK0Xu
YYLzlB3QFQgJCon3N8B18WQc8kL9pKSG5OIciErtYl3D
-----END CERTIFICATE-----