Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/PZxWWIGVupSG-zORK2A7-r1Gexc.roa
File:                     PZxWWIGVupSG-zORK2A7-r1Gexc.roa (raw, json)
Hash identifier:          vglvQcMumzAD9XenLJ2rLjwN5HqmfFMO8pGzxsmeYR8=
Subject key identifier:   3D:9C:56:58:81:95:BA:94:86:FB:33:91:2B:60:3B:FA:BD:46:7B:17
Certificate issuer:       /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial:       018CCA2A3C736B7E1BF4BBD1C151C3DD96D9
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/PZxWWIGVupSG-zORK2A7-r1Gexc.roa
Signing time:             Tue 02 Jan 2024 12:33:34 +0000
ROA not before:           Tue 02 Jan 2024 12:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        185.142.99.0/24 maxlen: 24
                          194.187.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 01:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3c:73:6b:7e:1b:f4:bb:d1:c1:51:c3:dd:96:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
        Validity
            Not Before: Jan  2 12:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d9c56588195ba9486fb33912b603bfabd467b17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:87:89:fe:f0:5c:1f:00:87:33:6e:65:09:00:
                    ec:12:80:8e:7e:cb:96:7d:03:ec:43:45:7e:33:83:
                    a3:d3:a3:a9:16:22:a8:3a:98:48:79:98:97:2d:ef:
                    cc:36:ba:9f:90:1c:79:2e:95:cd:91:56:e2:8f:82:
                    18:21:db:33:f3:38:ec:f2:2e:3c:a5:bc:c7:38:2f:
                    aa:ae:1b:92:6a:25:93:a4:ed:1e:39:56:df:b6:41:
                    e0:d4:12:dd:32:53:67:c0:d7:12:5a:b9:10:60:72:
                    da:84:05:02:f3:ee:f3:20:0a:4a:c9:27:6b:76:0e:
                    4f:cd:7d:e4:e7:b9:95:28:f9:40:a5:81:7f:62:33:
                    02:a2:00:74:c1:de:e4:70:5b:d4:0f:89:38:49:d8:
                    19:5d:bd:32:f7:4f:31:6a:ff:37:5f:07:6c:12:8b:
                    11:4a:d7:24:95:d0:af:e0:cd:6c:52:06:ca:b1:81:
                    98:66:56:5f:41:23:28:59:d0:64:5a:f9:5c:77:7f:
                    ce:49:c6:49:82:9e:23:04:ad:89:1e:28:25:4a:a7:
                    cd:cf:52:7f:5b:88:08:53:83:1a:4f:21:20:75:7b:
                    8c:c3:96:74:19:41:aa:d8:6b:e4:fe:41:55:75:f8:
                    61:ba:15:cd:4e:28:5b:ca:9a:38:06:e1:ec:41:9e:
                    51:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:9C:56:58:81:95:BA:94:86:FB:33:91:2B:60:3B:FA:BD:46:7B:17
            X509v3 Authority Key Identifier:
                keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/PZxWWIGVupSG-zORK2A7-r1Gexc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.99.0/24
                  194.187.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:dc:bc:38:bf:4c:c7:95:53:7c:ef:df:f8:2f:b4:f6:4b:9d:
         c6:a1:ef:9d:5d:bb:67:d1:03:97:ea:a5:0f:53:fa:18:e6:82:
         9f:c1:35:68:eb:96:4f:d8:52:57:c5:67:45:c1:ca:cd:f4:e4:
         dd:23:eb:0d:f0:02:39:15:06:4a:80:68:87:fa:a5:3b:57:75:
         f7:3b:a6:c5:03:c9:df:85:0f:d2:82:90:f8:8a:a0:a6:ec:4a:
         e5:6d:db:b3:77:57:47:14:b4:79:b0:97:d5:b0:a2:28:3d:06:
         73:8b:f4:aa:6b:ec:fa:8a:49:53:79:55:57:d7:4e:aa:44:f3:
         52:c8:81:2e:d5:2e:2f:39:12:0c:8f:f7:e4:24:95:a6:c7:1e:
         cf:59:84:31:49:be:74:46:ca:6c:ec:2c:49:ee:b8:70:d2:cd:
         12:ad:94:3f:f2:ab:d8:ef:b0:17:2c:78:9e:c2:4c:23:f2:c8:
         3a:2a:78:67:39:ba:c5:02:08:bd:fd:70:ae:6a:fa:44:63:cd:
         2b:42:de:82:b1:62:41:fd:eb:56:bb:cb:8e:a0:3b:5d:08:c2:
         ee:63:13:f0:d9:c0:bc:9e:11:47:0b:c7:31:1c:82:00:c5:f1:
         8e:5f:9c:bd:d7:18:b4:b7:d8:f2:e6:76:1a:c9:e6:1e:df:39:
         c4:b2:c8:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKjxza34b9LvRwVHD3ZbZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjQwMTAyMTIzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDljNTY1ODgxOTViYTk0ODZmYjMzOTEyYjYwM2JmYWJkNDY3YjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4eJ/vBcHwCHM25lCQDsEoCOfsuW
fQPsQ0V+M4Oj06OpFiKoOphIeZiXLe/MNrqfkBx5LpXNkVbij4IYIdsz8zjs8i48
pbzHOC+qrhuSaiWTpO0eOVbftkHg1BLdMlNnwNcSWrkQYHLahAUC8+7zIApKySdr
dg5PzX3k57mVKPlApYF/YjMCogB0wd7kcFvUD4k4SdgZXb0y908xav83XwdsEosR
StckldCv4M1sUgbKsYGYZlZfQSMoWdBkWvlcd3/OScZJgp4jBK2JHiglSqfNz1J/
W4gIU4MaTyEgdXuMw5Z0GUGq2Gvk/kFVdfhhuhXNTihbypo4BuHsQZ5RlwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD2cVliBlbqUhvszkStgO/q9RnsXMB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvUFp4V1dJR1Z1cFNHLXpPUksyQTctcjFHZXhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuY5jAwQA
wrt5MA0GCSqGSIb3DQEBCwUAA4IBAQAM3Lw4v0zHlVN879/4L7T2S53Goe+dXbtn
0QOX6qUPU/oY5oKfwTVo65ZP2FJXxWdFwcrN9OTdI+sN8AI5FQZKgGiH+qU7V3X3
O6bFA8nfhQ/SgpD4iqCm7Erlbduzd1dHFLR5sJfVsKIoPQZzi/Sqa+z6iklTeVVX
106qRPNSyIEu1S4vORIMj/fkJJWmxx7PWYQxSb50Rsps7CxJ7rhw0s0SrZQ/8qvY
77AXLHiewkwj8sg6KnhnObrFAgi9/XCuavpEY80rQt6CsWJB/etWu8uOoDtdCMLu
YxPw2cC8nhFHC8cxHIIAxfGOX5y91xi0t9jy5nYayeYe3znEsshY
-----END CERTIFICATE-----