Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/zneQI4_yfpV5iWYtFQaa-BEtUAM.roa
File:                     zneQI4_yfpV5iWYtFQaa-BEtUAM.roa (raw, json)
Hash identifier:          5sGuzZJ4nlLMpVxSU4ETtQzU4XhhUpJUFNGFw+A3LZw=
Subject key identifier:   CE:77:90:23:8F:F2:7E:95:79:89:66:2D:15:06:9A:F8:11:2D:50:03
Certificate issuer:       /CN=55fad96dd05af8c2d26192c841131f2f97459fed
Certificate serial:       018CC424848191079BA22522CD2AFCDB50EA
Authority key identifier: 55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/zneQI4_yfpV5iWYtFQaa-BEtUAM.roa
Signing time:             Mon 01 Jan 2024 08:29:36 +0000
ROA not before:           Mon 01 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52179
IP address blocks:        185.138.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:84:81:91:07:9b:a2:25:22:cd:2a:fc:db:50:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55fad96dd05af8c2d26192c841131f2f97459fed
        Validity
            Not Before: Jan  1 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce7790238ff27e957989662d15069af8112d5003
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:46:09:0a:b9:83:96:8b:e8:f7:8d:f6:f8:0e:
                    e5:51:4b:d0:da:7f:68:cf:d3:ae:21:eb:3d:67:4c:
                    b9:dc:71:0f:dc:35:d1:13:d2:1a:5f:47:d3:00:4a:
                    b2:e4:46:20:98:33:85:68:68:b7:35:11:1a:d5:86:
                    d8:7b:4c:42:13:e0:08:a1:bc:34:3a:c1:3e:be:fa:
                    22:a9:41:40:ea:e6:1d:ef:a9:7b:b5:d0:4f:aa:fb:
                    d0:9b:a1:04:b8:c4:32:77:73:61:90:70:4c:2e:b0:
                    9a:18:9a:8c:a3:f9:71:49:93:78:4c:6e:58:40:56:
                    da:f3:8c:af:7a:6a:8d:38:17:50:79:b6:22:ff:30:
                    3e:b5:95:c0:72:6c:02:73:a6:9e:c8:bf:4c:96:02:
                    10:5c:55:9c:47:56:03:97:15:31:52:53:7e:9c:c4:
                    21:82:74:75:12:91:dc:8f:5f:1e:39:f8:4d:f6:7e:
                    f4:95:e7:d7:0a:8f:a1:1e:e0:4e:28:5b:10:3e:bd:
                    15:7e:a4:bb:5c:a4:c6:fa:28:7a:25:c5:3a:57:da:
                    67:38:4f:40:34:e2:72:54:12:63:12:5e:79:ff:18:
                    1f:ec:96:db:44:78:cb:0c:2f:a5:5b:4f:fe:a2:e6:
                    39:d4:a6:df:1e:bc:25:2f:de:63:a1:c4:dd:84:8f:
                    a0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:77:90:23:8F:F2:7E:95:79:89:66:2D:15:06:9A:F8:11:2D:50:03
            X509v3 Authority Key Identifier:
                keyid:55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/zneQI4_yfpV5iWYtFQaa-BEtUAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:33:79:2a:2c:8e:05:14:e1:07:a7:0c:d4:ac:43:11:8e:4f:
         8e:ca:e0:49:85:4c:1b:7f:d4:c0:cb:6f:d2:03:c4:3e:0e:3f:
         85:c3:31:d8:28:87:30:c9:57:94:c5:81:fc:50:5a:59:fe:24:
         28:fd:ed:cc:8f:ff:9e:8b:60:bd:50:de:b4:48:24:ba:31:a4:
         1b:13:c5:59:e6:8a:e3:83:9e:77:d0:92:4e:fe:29:08:c0:64:
         bf:ad:2f:1c:c3:d0:1d:fb:66:b4:ff:6b:e3:2d:6d:03:d1:92:
         c3:07:26:97:07:f7:19:92:19:f2:f6:65:99:66:cc:14:11:01:
         ab:21:83:42:33:d9:5a:96:01:19:4c:5f:e7:b6:b7:68:9e:e7:
         5b:f8:07:7a:49:07:c9:39:8c:50:5e:ee:5f:9a:88:e1:45:1f:
         a0:52:f8:49:68:69:5b:65:bc:b2:d2:da:5c:ac:a8:bf:df:37:
         a0:ea:8a:c7:82:2c:9b:78:4d:53:80:c5:2b:2d:9b:f8:17:9a:
         74:9f:f3:82:5c:d7:27:76:a3:e6:06:ca:3d:b7:3a:61:d3:ca:
         75:82:95:1a:2c:80:ba:a8:1f:2a:b3:2d:03:ac:4b:85:97:c2:
         f2:73:56:8d:77:36:a8:c2:4c:03:90:f5:47:e2:b4:98:d7:4b:
         c9:42:1a:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJISBkQeboiUizSr821DqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZmFkOTZkZDA1YWY4YzJkMjYxOTJjODQxMTMxZjJmOTc0
NTlmZWQwHhcNMjQwMTAxMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTc3OTAyMzhmZjI3ZTk1Nzk4OTY2MmQxNTA2OWFmODExMmQ1MDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukYJCrmDlovo9432+A7lUUvQ2n9o
z9OuIes9Z0y53HEP3DXRE9IaX0fTAEqy5EYgmDOFaGi3NREa1YbYe0xCE+AIobw0
OsE+vvoiqUFA6uYd76l7tdBPqvvQm6EEuMQyd3NhkHBMLrCaGJqMo/lxSZN4TG5Y
QFba84yvemqNOBdQebYi/zA+tZXAcmwCc6aeyL9MlgIQXFWcR1YDlxUxUlN+nMQh
gnR1EpHcj18eOfhN9n70lefXCo+hHuBOKFsQPr0VfqS7XKTG+ih6JcU6V9pnOE9A
NOJyVBJjEl55/xgf7JbbRHjLDC+lW0/+ouY51KbfHrwlL95jocTdhI+giQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM53kCOP8n6VeYlmLRUGmvgRLVADMB8GA1UdIwQY
MBaAFFX62W3QWvjC0mGSyEETHy+XRZ/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAt
MzBmZjJjODNmMDAxLzEvem5lUUk0X3lmcFY1aVdZdEZRYWEtQkV0VUFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAtMzBmZjJjODNmMDAx
LzEvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYrlMA0G
CSqGSIb3DQEBCwUAA4IBAQCIM3kqLI4FFOEHpwzUrEMRjk+OyuBJhUwbf9TAy2/S
A8Q+Dj+FwzHYKIcwyVeUxYH8UFpZ/iQo/e3Mj/+ei2C9UN60SCS6MaQbE8VZ5orj
g5530JJO/ikIwGS/rS8cw9Ad+2a0/2vjLW0D0ZLDByaXB/cZkhny9mWZZswUEQGr
IYNCM9lalgEZTF/ntrdonudb+Ad6SQfJOYxQXu5fmojhRR+gUvhJaGlbZbyy0tpc
rKi/3zeg6orHgiybeE1TgMUrLZv4F5p0n/OCXNcndqPmBso9tzph08p1gpUaLIC6
qB8qsy0DrEuFl8Lyc1aNdzaowkwDkPVH4rSY10vJQhr+
-----END CERTIFICATE-----