Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/mZTcr3OKS6T7zXQVDdUZUUtaBqc.roa
File:                     mZTcr3OKS6T7zXQVDdUZUUtaBqc.roa (raw, json)
Hash identifier:          1/AwDHAO4DYmB9tGvAAU5eBlp+gPRGuOyV5OvY1A+K0=
Subject key identifier:   99:94:DC:AF:73:8A:4B:A4:FB:CD:74:15:0D:D5:19:51:4B:5A:06:A7
Certificate issuer:       /CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
Certificate serial:       01913D87063416FC08DDB74A5ED717121645
Authority key identifier: 81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/mZTcr3OKS6T7zXQVDdUZUUtaBqc.roa
Signing time:             Sat 10 Aug 2024 18:22:24 +0000
ROA not before:           Sat 10 Aug 2024 18:22:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203363
IP address blocks:        185.140.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:3d:87:06:34:16:fc:08:dd:b7:4a:5e:d7:17:12:16:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=816d220b2b5a46fbeb27ef2d969fa21dd338c5b3
        Validity
            Not Before: Aug 10 18:22:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9994dcaf738a4ba4fbcd74150dd519514b5a06a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d1:83:2b:df:08:79:77:c4:1a:88:b8:3d:8f:
                    8f:67:ba:3f:e5:3b:4b:87:57:c6:97:03:a5:ce:07:
                    3d:0b:1a:96:8f:43:03:9a:c8:e8:0a:9a:5e:13:a2:
                    65:c1:1b:54:28:98:cd:0e:51:40:b9:38:f2:83:a3:
                    a1:64:5f:49:10:16:ff:9c:07:f0:37:24:5a:e4:4d:
                    2a:46:ef:46:b7:85:75:93:3f:ab:03:ee:17:7b:06:
                    87:c5:d9:d7:85:ee:24:9f:5f:ad:2c:61:56:f4:e7:
                    53:6f:3b:ea:77:73:5b:96:1c:d9:17:13:d6:2a:fd:
                    e0:d2:6f:97:dc:c5:bd:aa:91:ea:dd:d5:d7:e9:61:
                    3d:01:56:0c:c0:12:61:38:dd:af:05:33:44:f3:76:
                    b7:44:01:53:f0:61:6b:61:1f:18:6e:e3:f8:ff:cc:
                    0b:87:d6:70:1d:79:cb:fc:3e:e5:b7:15:a4:05:24:
                    7e:86:af:ce:55:c0:9a:e0:0e:37:84:25:0a:6b:ea:
                    d5:81:02:e6:70:55:5d:73:1f:7c:3c:1c:88:3d:15:
                    de:c9:84:4e:d8:3b:75:31:47:e5:be:e7:0e:4b:97:
                    70:c8:e9:1b:18:ef:7a:f7:21:db:5b:95:66:f6:44:
                    a6:5e:15:d8:ee:ca:80:f9:0e:fa:c6:bc:28:90:a6:
                    72:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:94:DC:AF:73:8A:4B:A4:FB:CD:74:15:0D:D5:19:51:4B:5A:06:A7
            X509v3 Authority Key Identifier:
                keyid:81:6D:22:0B:2B:5A:46:FB:EB:27:EF:2D:96:9F:A2:1D:D3:38:C5:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gW0iCytaRvvrJ-8tlp-iHdM4xbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/mZTcr3OKS6T7zXQVDdUZUUtaBqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/971311-f47f-46db-8c57-e9782041cc24/1/gW0iCytaRvvrJ-8tlp-iHdM4xbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:47:82:56:f8:ed:37:40:d2:f6:fd:9f:56:cb:65:51:ba:dd:
         dc:e9:52:82:31:83:97:87:69:72:d0:5e:3a:fc:1a:d6:9f:9f:
         41:80:42:14:86:32:10:9a:19:7d:28:c8:a0:92:e2:46:65:22:
         6a:2d:65:fd:e8:30:58:1f:7d:1a:d6:d4:df:75:a2:9e:71:42:
         a3:f7:9e:c3:23:19:6b:98:6d:7f:29:ef:97:2a:4a:8d:fc:94:
         df:b9:47:a4:f4:90:8c:19:de:ed:b5:c7:36:30:b9:1d:42:b4:
         5a:f7:ef:9c:1c:3d:32:6a:99:a8:de:d8:df:68:c9:19:d9:31:
         86:22:52:c6:62:73:87:96:3e:0d:38:4b:8c:ad:44:12:6e:19:
         90:dc:d0:a4:d7:08:37:9c:29:d9:d3:37:e8:83:6f:db:16:cd:
         db:b4:81:55:b6:57:ad:82:58:55:76:ca:61:ca:3f:91:7d:10:
         b1:2c:78:4b:15:60:2f:5a:28:cc:94:0e:20:59:f9:09:9d:dd:
         bb:fc:48:f1:da:fa:76:46:96:ca:93:0c:32:72:8d:d9:ed:e9:
         43:55:de:3a:29:56:8d:79:2c:e8:9a:99:15:39:fe:dd:47:45:
         f5:9b:52:5d:86:78:d3:f5:78:5a:5d:3d:cb:87:77:2f:0e:71:
         4a:17:b7:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZE9hwY0FvwI3bdKXtcXEhZFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNmQyMjBiMmI1YTQ2ZmJlYjI3ZWYyZDk2OWZhMjFkZDMz
OGM1YjMwHhcNMjQwODEwMTgyMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTk0ZGNhZjczOGE0YmE0ZmJjZDc0MTUwZGQ1MTk1MTRiNWEwNmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdGDK98IeXfEGoi4PY+PZ7o/5TtL
h1fGlwOlzgc9CxqWj0MDmsjoCppeE6JlwRtUKJjNDlFAuTjyg6OhZF9JEBb/nAfw
NyRa5E0qRu9Gt4V1kz+rA+4XewaHxdnXhe4kn1+tLGFW9OdTbzvqd3NblhzZFxPW
Kv3g0m+X3MW9qpHq3dXX6WE9AVYMwBJhON2vBTNE83a3RAFT8GFrYR8YbuP4/8wL
h9ZwHXnL/D7ltxWkBSR+hq/OVcCa4A43hCUKa+rVgQLmcFVdcx98PByIPRXeyYRO
2Dt1MUflvucOS5dwyOkbGO969yHbW5Vm9kSmXhXY7sqA+Q76xrwokKZy7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmU3K9zikuk+810FQ3VGVFLWganMB8GA1UdIwQY
MBaAFIFtIgsrWkb76yfvLZafoh3TOMWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTct
ZTk3ODIwNDFjYzI0LzEvbVpUY3IzT0tTNlQ3elhRVkRkVVpVVXRhQnFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC85NzEzMTEtZjQ3Zi00NmRiLThjNTctZTk3ODIwNDFjYzI0
LzEvZ1cwaUN5dGFSdnZySi04dGxwLWlIZE00eGJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYw1MA0G
CSqGSIb3DQEBCwUAA4IBAQAQR4JW+O03QNL2/Z9Wy2VRut3c6VKCMYOXh2ly0F46
/BrWn59BgEIUhjIQmhl9KMigkuJGZSJqLWX96DBYH30a1tTfdaKecUKj957DIxlr
mG1/Ke+XKkqN/JTfuUek9JCMGd7ttcc2MLkdQrRa9++cHD0yapmo3tjfaMkZ2TGG
IlLGYnOHlj4NOEuMrUQSbhmQ3NCk1wg3nCnZ0zfog2/bFs3btIFVtletglhVdsph
yj+RfRCxLHhLFWAvWijMlA4gWfkJnd27/Ejx2vp2RpbKkwwyco3Z7elDVd46KVaN
eSzompkVOf7dR0X1m1JdhnjT9XhaXT3Lh3cvDnFKF7c/
-----END CERTIFICATE-----