Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/_ZHX-Y48ZiSGxdFdjlU5hz3zgds.roa
File:                     _ZHX-Y48ZiSGxdFdjlU5hz3zgds.roa (raw, json)
Hash identifier:          0ebihoJypkCsn2GUaJYU/VChaIgTkq/zlmG+fQmjYho=
Subject key identifier:   FD:91:D7:F9:8E:3C:66:24:86:C5:D1:5D:8E:55:39:87:3D:F3:81:DB
Certificate issuer:       /CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
Certificate serial:       018CC50017FA9F7CD7851E3B1CFE31E69B98
Authority key identifier: 27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/_ZHX-Y48ZiSGxdFdjlU5hz3zgds.roa
Signing time:             Mon 01 Jan 2024 12:29:26 +0000
ROA not before:           Mon 01 Jan 2024 12:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396362
IP address blocks:        185.129.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:17:fa:9f:7c:d7:85:1e:3b:1c:fe:31:e6:9b:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
        Validity
            Not Before: Jan  1 12:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd91d7f98e3c662486c5d15d8e5539873df381db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:74:2c:db:2e:bf:fe:7d:0f:b6:8e:2e:50:ad:
                    da:df:0b:7e:4f:5a:89:2d:bb:05:5d:45:be:5b:5c:
                    cb:48:89:a0:31:dd:81:bd:8a:18:2d:88:ee:cc:00:
                    9a:64:43:ed:68:ff:a5:ff:85:79:a4:d6:c8:d9:da:
                    f5:58:13:2c:62:58:64:bb:e9:f8:d0:fb:39:99:dc:
                    da:a2:c4:1c:7b:9c:2a:95:28:94:69:ea:7b:46:5e:
                    c3:c9:03:57:41:be:a3:d4:08:aa:ce:0a:1d:19:f1:
                    09:fe:17:4a:cd:5b:f8:a4:65:21:05:0a:82:b0:45:
                    3e:18:7a:05:00:de:65:e4:6f:36:bc:7e:4b:1a:3a:
                    1f:ec:18:85:a2:08:8b:18:c8:19:ea:ab:85:b7:ef:
                    b6:0c:b3:eb:59:48:13:1c:2b:80:2e:b6:89:b8:8d:
                    a0:9d:6a:7e:16:50:8b:fb:59:b3:dd:5b:1f:0c:45:
                    43:6d:79:62:a2:a3:54:d7:29:fb:56:55:d4:06:57:
                    c7:7b:d1:4e:97:ec:ce:9e:d8:93:7f:9e:38:b9:81:
                    0b:47:f3:c8:bd:ed:01:fe:3d:f9:62:fe:b6:a6:9e:
                    0c:f6:db:b4:c9:08:af:57:e8:b5:d4:86:70:f0:eb:
                    48:13:81:cf:38:dd:33:5f:01:f6:70:a8:1b:04:7e:
                    d3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:91:D7:F9:8E:3C:66:24:86:C5:D1:5D:8E:55:39:87:3D:F3:81:DB
            X509v3 Authority Key Identifier:
                keyid:27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/_ZHX-Y48ZiSGxdFdjlU5hz3zgds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:1d:b2:05:eb:31:bf:c8:16:ca:34:78:c0:a5:73:58:aa:fa:
         e6:86:06:80:db:9f:65:c2:b1:38:18:bb:4c:21:15:bc:54:47:
         6d:41:22:d7:60:c6:e2:1a:de:7c:4f:32:d1:c0:ff:a3:b6:f6:
         8a:bb:39:3d:e6:73:d4:dc:8f:31:1d:41:f6:19:3d:cd:56:a7:
         04:50:73:34:0d:c5:cb:9a:99:91:fc:7f:67:93:44:c3:a1:3c:
         af:ad:97:81:75:01:8b:18:eb:b9:7d:7a:0c:da:aa:f8:36:60:
         30:b4:41:0f:72:d9:e4:20:7e:36:24:eb:9d:8c:f1:b8:65:0b:
         f1:e2:82:b3:ec:41:c6:72:22:56:f7:03:ed:c5:53:ae:3f:e8:
         fd:ab:a8:87:22:7d:e2:de:c0:a8:28:a4:6e:f7:9a:41:ae:c4:
         6a:26:21:f1:9b:47:a2:2b:16:dd:c6:ce:7a:36:35:ad:f2:cf:
         f8:23:00:46:2a:11:85:d8:55:11:d1:eb:6d:f2:55:25:62:e8:
         4d:57:56:e6:12:d4:69:4a:fa:80:dc:95:89:f2:b3:9e:83:9b:
         01:34:55:99:02:5a:a9:0a:08:bf:63:3b:28:11:c4:77:b7:a1:
         48:20:cd:3a:00:aa:e6:ab:e5:d0:4d:53:03:aa:20:c7:3d:7f:
         2f:0a:6a:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABf6n3zXhR47HP4x5puYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTY2OTU3OWIzY2U2MWVlOGVlN2Q2YWY3ZTMxNGIwZjcy
NjM2MWYwHhcNMjQwMTAxMTIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDkxZDdmOThlM2M2NjI0ODZjNWQxNWQ4ZTU1Mzk4NzNkZjM4MWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03Qs2y6//n0Pto4uUK3a3wt+T1qJ
LbsFXUW+W1zLSImgMd2BvYoYLYjuzACaZEPtaP+l/4V5pNbI2dr1WBMsYlhku+n4
0Ps5mdzaosQce5wqlSiUaep7Rl7DyQNXQb6j1AiqzgodGfEJ/hdKzVv4pGUhBQqC
sEU+GHoFAN5l5G82vH5LGjof7BiFogiLGMgZ6quFt++2DLPrWUgTHCuALraJuI2g
nWp+FlCL+1mz3VsfDEVDbXlioqNU1yn7VlXUBlfHe9FOl+zOntiTf544uYELR/PI
ve0B/j35Yv62pp4M9tu0yQivV+i11IZw8OtIE4HPON0zXwH2cKgbBH7TWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2R1/mOPGYkhsXRXY5VOYc984HbMB8GA1UdIwQY
MBaAFCeWaVebPOYe6O59avfjFLD3JjYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEt
NGRlMWI1MjBhNTk0LzEvX1pIWC1ZNDhaaVNHeGRGZGpsVTVoejN6Z2RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEtNGRlMWI1MjBhNTk0
LzEvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYF7MA0G
CSqGSIb3DQEBCwUAA4IBAQCcHbIF6zG/yBbKNHjApXNYqvrmhgaA259lwrE4GLtM
IRW8VEdtQSLXYMbiGt58TzLRwP+jtvaKuzk95nPU3I8xHUH2GT3NVqcEUHM0DcXL
mpmR/H9nk0TDoTyvrZeBdQGLGOu5fXoM2qr4NmAwtEEPctnkIH42JOudjPG4ZQvx
4oKz7EHGciJW9wPtxVOuP+j9q6iHIn3i3sCoKKRu95pBrsRqJiHxm0eiKxbdxs56
NjWt8s/4IwBGKhGF2FUR0ett8lUlYuhNV1bmEtRpSvqA3JWJ8rOeg5sBNFWZAlqp
Cgi/YzsoEcR3t6FIIM06AKrmq+XQTVMDqiDHPX8vCmol
-----END CERTIFICATE-----