Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/zxb1h_Xw2DsmGfhtRdTOzwqL8EE.roa
File:                     zxb1h_Xw2DsmGfhtRdTOzwqL8EE.roa (raw, json)
Hash identifier:          DPz0diWKC/Z5lRhNZMmwYM1YLeo410Gh7yCFj8zZgvc=
Subject key identifier:   CF:16:F5:87:F5:F0:D8:3B:26:19:F8:6D:45:D4:CE:CF:0A:8B:F0:41
Certificate issuer:       /CN=de6ed0579c3fd253597ec82f0939111ba9d8c88d
Certificate serial:       018CC425078D996DE57EB442ECD5A85E913C
Authority key identifier: DE:6E:D0:57:9C:3F:D2:53:59:7E:C8:2F:09:39:11:1B:A9:D8:C8:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3m7QV5w_0lNZfsgvCTkRG6nYyI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/zxb1h_Xw2DsmGfhtRdTOzwqL8EE.roa
Signing time:             Mon 01 Jan 2024 08:30:10 +0000
ROA not before:           Mon 01 Jan 2024 08:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34984
IP address blocks:        185.48.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/3m7QV5w_0lNZfsgvCTkRG6nYyI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/3m7QV5w_0lNZfsgvCTkRG6nYyI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3m7QV5w_0lNZfsgvCTkRG6nYyI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:07:8d:99:6d:e5:7e:b4:42:ec:d5:a8:5e:91:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de6ed0579c3fd253597ec82f0939111ba9d8c88d
        Validity
            Not Before: Jan  1 08:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf16f587f5f0d83b2619f86d45d4cecf0a8bf041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:81:9b:07:3c:d5:95:d0:b3:15:b9:5d:48:85:
                    8c:f5:37:4f:88:b9:59:67:4d:a2:36:3c:20:b5:11:
                    21:74:73:3f:d3:16:f9:70:23:e8:a6:7b:ed:9d:5e:
                    63:1c:6c:fd:9c:34:d4:ec:2c:48:39:15:e5:81:2e:
                    69:f3:a6:9c:a9:f3:92:4b:6c:3c:d7:29:cc:fb:e6:
                    9d:ac:f0:3f:e1:9e:ed:fc:b1:37:3b:03:ea:27:f5:
                    f2:04:ab:4d:c3:cb:cc:43:70:1d:d3:c4:2f:56:79:
                    7e:cd:5d:f9:5f:50:43:69:47:6f:ee:fa:87:a7:4e:
                    6d:2a:a7:d7:1d:18:8b:15:fc:50:2d:6e:c6:c7:ed:
                    b2:c8:8f:bc:a5:92:9c:95:45:d3:76:14:67:e5:01:
                    84:57:df:12:c7:60:31:b0:92:64:b4:f7:11:7b:27:
                    b0:ff:8a:4d:cd:cf:8a:a5:de:b1:28:67:36:ba:76:
                    32:0d:60:6d:e7:d1:bf:a7:83:84:5a:a4:10:52:67:
                    0d:5e:f2:42:ba:bb:cf:0f:60:57:1b:9a:bc:6b:f7:
                    33:24:01:f1:0d:51:61:0b:2e:05:d5:37:ec:85:9c:
                    fe:b9:88:2f:57:eb:ec:d9:58:7c:b7:ef:4c:dd:c0:
                    a2:7e:91:99:95:7c:ff:f3:87:e7:43:88:c1:4e:1e:
                    f9:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:16:F5:87:F5:F0:D8:3B:26:19:F8:6D:45:D4:CE:CF:0A:8B:F0:41
            X509v3 Authority Key Identifier:
                keyid:DE:6E:D0:57:9C:3F:D2:53:59:7E:C8:2F:09:39:11:1B:A9:D8:C8:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3m7QV5w_0lNZfsgvCTkRG6nYyI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/zxb1h_Xw2DsmGfhtRdTOzwqL8EE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/f13f98-4e7a-435d-b1b0-8386e70bdc58/1/3m7QV5w_0lNZfsgvCTkRG6nYyI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:70:52:84:d3:31:51:8d:59:b9:d2:07:60:93:03:68:e1:e2:
         86:8e:57:3e:ec:e6:dc:2d:d5:1e:db:84:c5:6b:3e:0c:92:01:
         96:8c:6e:dc:90:57:81:35:68:91:08:98:82:11:2d:9d:f7:be:
         f8:8c:49:98:18:d1:a9:d8:4b:d6:3e:75:a8:56:df:5d:23:02:
         c5:8e:19:01:6c:2d:ed:e4:f0:98:35:03:6d:13:53:11:f3:d1:
         49:51:85:a4:1b:c7:3c:7b:c9:21:cd:72:db:69:11:ad:cc:c4:
         24:69:0a:bb:06:c7:f3:2a:be:49:44:09:34:58:10:5e:a0:11:
         d1:29:57:64:6f:2c:83:95:87:fa:6c:2b:7c:ec:dc:2a:4d:90:
         0f:5d:51:18:d9:24:28:d1:67:e5:42:6f:4f:ca:d1:2d:6a:8e:
         82:92:18:85:5a:03:30:ef:6b:f3:f3:0a:84:a3:d8:8d:86:89:
         c5:32:9a:57:4f:83:2d:b0:b7:57:01:3e:87:36:83:23:87:34:
         aa:89:5f:7a:be:c3:17:89:ca:ad:fa:29:6f:60:e3:ec:69:30:
         b8:27:9d:2b:f5:6c:c3:aa:8c:db:47:93:b3:fa:cf:d9:6c:e2:
         4f:8a:b1:fc:78:46:40:bc:a6:8d:0f:0f:93:56:71:95:2e:e0:
         f2:17:8b:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQeNmW3lfrRC7NWoXpE8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNmVkMDU3OWMzZmQyNTM1OTdlYzgyZjA5MzkxMTFiYTlk
OGM4OGQwHhcNMjQwMTAxMDgzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjE2ZjU4N2Y1ZjBkODNiMjYxOWY4NmQ0NWQ0Y2VjZjBhOGJmMDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYGbBzzVldCzFbldSIWM9TdPiLlZ
Z02iNjwgtREhdHM/0xb5cCPopnvtnV5jHGz9nDTU7CxIORXlgS5p86acqfOSS2w8
1ynM++adrPA/4Z7t/LE3OwPqJ/XyBKtNw8vMQ3Ad08QvVnl+zV35X1BDaUdv7vqH
p05tKqfXHRiLFfxQLW7Gx+2yyI+8pZKclUXTdhRn5QGEV98Sx2AxsJJktPcReyew
/4pNzc+Kpd6xKGc2unYyDWBt59G/p4OEWqQQUmcNXvJCurvPD2BXG5q8a/czJAHx
DVFhCy4F1TfshZz+uYgvV+vs2Vh8t+9M3cCifpGZlXz/84fnQ4jBTh75BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8W9Yf18Ng7Jhn4bUXUzs8Ki/BBMB8GA1UdIwQY
MBaAFN5u0FecP9JTWX7ILwk5ERup2MiNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM203UVY1d18wbE5aZnNndkNUa1JHNm5ZeUkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9mMTNmOTgtNGU3YS00MzVkLWIxYjAt
ODM4NmU3MGJkYzU4LzEvenhiMWhfWHcyRHNtR2ZodFJkVE96d3FMOEVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9mMTNmOTgtNGU3YS00MzVkLWIxYjAtODM4NmU3MGJkYzU4
LzEvM203UVY1d18wbE5aZnNndkNUa1JHNm5ZeUkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTAbMA0G
CSqGSIb3DQEBCwUAA4IBAQBacFKE0zFRjVm50gdgkwNo4eKGjlc+7ObcLdUe24TF
az4MkgGWjG7ckFeBNWiRCJiCES2d9774jEmYGNGp2EvWPnWoVt9dIwLFjhkBbC3t
5PCYNQNtE1MR89FJUYWkG8c8e8khzXLbaRGtzMQkaQq7BsfzKr5JRAk0WBBeoBHR
KVdkbyyDlYf6bCt87NwqTZAPXVEY2SQo0WflQm9PytEtao6CkhiFWgMw72vz8wqE
o9iNhonFMppXT4MtsLdXAT6HNoMjhzSqiV96vsMXicqt+ilvYOPsaTC4J50r9WzD
qozbR5Oz+s/ZbOJPirH8eEZAvKaNDw+TVnGVLuDyF4up
-----END CERTIFICATE-----