Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/3Z0h51qcLhwftAEURDD-Zc54bK8.roa
File:                     3Z0h51qcLhwftAEURDD-Zc54bK8.roa (raw, json)
Hash identifier:          cuQJwD0A/O7XVFt+F4ZmEiCJZiVt9YoZqzzr2TbLTOQ=
Subject key identifier:   DD:9D:21:E7:5A:9C:2E:1C:1F:B4:01:14:44:30:FE:65:CE:78:6C:AF
Certificate issuer:       /CN=6735a8295a30d7dfcac2a570b8decb25c4652140
Certificate serial:       018CC3493B77A41BA6FB13632FBBCBEEF1C9
Authority key identifier: 67:35:A8:29:5A:30:D7:DF:CA:C2:A5:70:B8:DE:CB:25:C4:65:21:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZzWoKVow19_KwqVwuN7LJcRlIUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/3Z0h51qcLhwftAEURDD-Zc54bK8.roa
Signing time:             Mon 01 Jan 2024 04:30:05 +0000
ROA not before:           Mon 01 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205512
IP address blocks:        185.233.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/ZzWoKVow19_KwqVwuN7LJcRlIUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/ZzWoKVow19_KwqVwuN7LJcRlIUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZzWoKVow19_KwqVwuN7LJcRlIUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:3b:77:a4:1b:a6:fb:13:63:2f:bb:cb:ee:f1:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6735a8295a30d7dfcac2a570b8decb25c4652140
        Validity
            Not Before: Jan  1 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd9d21e75a9c2e1c1fb401144430fe65ce786caf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:5f:c0:c3:25:ed:e4:13:fc:17:91:1c:a2:53:
                    dc:66:08:c0:fd:d3:72:c8:1d:ec:18:0a:a6:30:0e:
                    e9:d9:f5:c3:c9:ff:a9:7a:59:5f:cb:85:d7:1c:1d:
                    13:ed:52:cc:18:66:db:87:32:9a:88:83:4c:75:3d:
                    ec:f3:51:21:96:59:d9:df:00:1f:d0:9e:96:6d:80:
                    bf:00:a9:ad:d9:9d:39:b0:5f:af:cb:b2:fd:d0:e6:
                    99:fd:ea:49:a9:84:59:f2:3b:cd:f2:45:24:cb:28:
                    ec:28:d8:97:95:21:3c:ee:24:10:ab:5d:92:ac:ed:
                    7a:06:3c:e7:b0:8e:8d:d4:1d:94:b5:ca:a2:56:5e:
                    26:ff:d6:86:8b:d9:f4:1e:5f:7d:18:0e:7f:23:bd:
                    30:4c:21:3d:fe:77:3b:c1:3b:b3:1a:82:97:f5:86:
                    3f:69:dd:da:bd:0d:20:dc:1f:0f:11:fe:91:53:ff:
                    25:34:5d:60:8e:ff:77:80:5b:32:bc:c1:90:1e:2a:
                    a7:9f:6b:04:d6:a2:a5:44:04:f1:c9:c6:ed:18:43:
                    b8:07:f3:eb:1a:3a:53:ce:bb:77:08:60:3d:b5:63:
                    e5:d2:8a:fc:d4:07:e4:44:25:5f:50:b6:3d:fe:55:
                    bd:91:f9:8e:f6:6e:73:ee:b0:ef:42:54:06:8f:c7:
                    76:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:9D:21:E7:5A:9C:2E:1C:1F:B4:01:14:44:30:FE:65:CE:78:6C:AF
            X509v3 Authority Key Identifier:
                keyid:67:35:A8:29:5A:30:D7:DF:CA:C2:A5:70:B8:DE:CB:25:C4:65:21:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZzWoKVow19_KwqVwuN7LJcRlIUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/3Z0h51qcLhwftAEURDD-Zc54bK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/10b0ec-7055-4ebc-96fc-18e18d659d8f/1/ZzWoKVow19_KwqVwuN7LJcRlIUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.233.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:e4:49:0f:20:88:59:6b:37:5e:9e:00:c8:ac:a8:63:ee:af:
         44:eb:7e:d4:bb:d4:ee:0c:7d:55:94:bc:f5:c2:c2:12:8c:9f:
         6b:45:91:e3:44:fb:92:cc:31:8f:b8:00:dd:92:d0:3e:8f:07:
         f2:2f:70:5a:aa:6c:ca:25:0a:be:3d:b9:63:f4:31:03:1a:0b:
         79:c8:4c:3c:93:41:bc:75:b1:2e:54:b8:1a:92:ca:37:08:31:
         22:4e:7f:c9:5d:48:62:f0:ec:f2:d0:6f:90:de:fe:cf:ea:df:
         48:77:49:9d:1e:b9:85:ea:be:b6:9d:d4:f5:1f:82:e0:3d:13:
         80:19:91:3a:fd:d8:bf:4b:5e:2e:99:68:08:23:38:25:f5:59:
         95:56:89:85:5c:a0:0f:aa:4a:fb:27:26:b1:df:9d:45:32:ae:
         5d:14:98:1b:76:1c:fe:7d:fa:8f:52:2a:24:29:67:fd:a9:46:
         ac:1f:3f:7b:4f:65:83:e6:d4:10:4d:a0:f2:fe:05:aa:da:31:
         9a:c3:cb:5a:e8:9a:f3:5f:d7:18:0f:b2:88:e1:7d:5a:7e:a4:
         a3:97:e0:c1:e7:61:5d:2d:6f:7f:60:19:c0:d7:8a:86:68:c4:
         92:3d:d7:a5:a2:db:9f:53:b7:8f:43:71:2b:d3:c5:2f:d1:d8:
         f0:36:66:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSTt3pBum+xNjL7vL7vHJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3MzVhODI5NWEzMGQ3ZGZjYWMyYTU3MGI4ZGVjYjI1YzQ2
NTIxNDAwHhcNMjQwMTAxMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDlkMjFlNzVhOWMyZTFjMWZiNDAxMTQ0NDMwZmU2NWNlNzg2Y2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6F/AwyXt5BP8F5EcolPcZgjA/dNy
yB3sGAqmMA7p2fXDyf+pellfy4XXHB0T7VLMGGbbhzKaiINMdT3s81EhllnZ3wAf
0J6WbYC/AKmt2Z05sF+vy7L90OaZ/epJqYRZ8jvN8kUkyyjsKNiXlSE87iQQq12S
rO16BjznsI6N1B2UtcqiVl4m/9aGi9n0Hl99GA5/I70wTCE9/nc7wTuzGoKX9YY/
ad3avQ0g3B8PEf6RU/8lNF1gjv93gFsyvMGQHiqnn2sE1qKlRATxycbtGEO4B/Pr
GjpTzrt3CGA9tWPl0or81AfkRCVfULY9/lW9kfmO9m5z7rDvQlQGj8d2uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2dIedanC4cH7QBFEQw/mXOeGyvMB8GA1UdIwQY
MBaAFGc1qClaMNffysKlcLjeyyXEZSFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnpXb0tWb3cxOV9Ld3FWd3VON0xKY1JsSVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMGIwZWMtNzA1NS00ZWJjLTk2ZmMt
MThlMThkNjU5ZDhmLzEvM1owaDUxcWNMaHdmdEFFVVJERC1aYzU0Yks4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMGIwZWMtNzA1NS00ZWJjLTk2ZmMtMThlMThkNjU5ZDhm
LzEvWnpXb0tWb3cxOV9Ld3FWd3VON0xKY1JsSVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuenqMA0G
CSqGSIb3DQEBCwUAA4IBAQBt5EkPIIhZazdengDIrKhj7q9E637Uu9TuDH1VlLz1
wsISjJ9rRZHjRPuSzDGPuADdktA+jwfyL3BaqmzKJQq+Pblj9DEDGgt5yEw8k0G8
dbEuVLgakso3CDEiTn/JXUhi8Ozy0G+Q3v7P6t9Id0mdHrmF6r62ndT1H4LgPROA
GZE6/di/S14umWgIIzgl9VmVVomFXKAPqkr7Jyax351FMq5dFJgbdhz+ffqPUiok
KWf9qUasHz97T2WD5tQQTaDy/gWq2jGaw8ta6JrzX9cYD7KI4X1afqSjl+DB52Fd
LW9/YBnA14qGaMSSPdelotufU7ePQ3Er08Uv0djwNmZI
-----END CERTIFICATE-----