Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/z6-BtRj1uOz9k7zFvgnrAeiIVKM.roa
File:                     z6-BtRj1uOz9k7zFvgnrAeiIVKM.roa (raw, json)
Hash identifier:          uzZdhQUpLDX21HM9QF7KVhcfSTnvZuV381bNviEeWKo=
Subject key identifier:   CF:AF:81:B5:18:F5:B8:EC:FD:93:BC:C5:BE:09:EB:01:E8:88:54:A3
Certificate issuer:       /CN=e5c78fa1993d4512fe2436b8ceda8bfc929d657d
Certificate serial:       0190180143E9C7984A30ABFE94D308F31359
Authority key identifier: E5:C7:8F:A1:99:3D:45:12:FE:24:36:B8:CE:DA:8B:FC:92:9D:65:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5cePoZk9RRL-JDa4ztqL_JKdZX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/z6-BtRj1uOz9k7zFvgnrAeiIVKM.roa
Signing time:             Fri 14 Jun 2024 18:27:34 +0000
ROA not before:           Fri 14 Jun 2024 18:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214798
IP address blocks:        185.164.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/5cePoZk9RRL-JDa4ztqL_JKdZX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/5cePoZk9RRL-JDa4ztqL_JKdZX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5cePoZk9RRL-JDa4ztqL_JKdZX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 12:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:18:01:43:e9:c7:98:4a:30:ab:fe:94:d3:08:f3:13:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5c78fa1993d4512fe2436b8ceda8bfc929d657d
        Validity
            Not Before: Jun 14 18:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfaf81b518f5b8ecfd93bcc5be09eb01e88854a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:0e:74:78:4f:d5:17:88:ed:04:25:78:93:df:
                    aa:6c:4a:97:25:0c:78:a7:86:62:7f:6b:8e:7f:0b:
                    bc:21:7c:dc:8e:30:f2:72:9f:35:6d:d3:c5:b0:2d:
                    05:e8:d2:50:9d:b0:3b:00:75:48:8e:07:14:7d:04:
                    70:70:17:3f:98:1c:88:aa:58:28:d1:9e:e2:9c:af:
                    e5:46:8b:4e:43:db:4b:cf:e5:09:eb:ff:4c:91:ca:
                    eb:06:7e:59:5b:d6:4a:92:1b:e1:ca:e1:45:3a:e8:
                    05:57:e3:af:2c:f9:4b:bb:eb:fa:60:6b:70:d8:ac:
                    a9:e6:58:c2:93:76:dc:93:52:15:44:2a:b8:61:0a:
                    9a:d7:d6:06:8d:a0:72:60:a9:e7:4e:e8:8b:f3:df:
                    06:93:33:6c:0b:96:77:0f:f7:f3:86:af:58:38:7a:
                    87:1f:d5:36:e1:7b:7f:e9:09:ec:de:37:3c:b5:b9:
                    99:29:48:9f:cc:0b:f4:c1:14:a6:33:0d:25:35:6c:
                    1d:6a:94:9d:9b:52:83:4f:46:3c:2b:25:cb:e4:8f:
                    c9:75:ef:a0:3e:63:04:68:ce:de:2e:67:dd:3b:8b:
                    68:7b:76:03:94:82:a5:7c:78:19:31:74:5f:b1:f8:
                    76:ee:5d:de:98:c9:b3:e6:6c:bf:0e:b2:42:d0:de:
                    02:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:AF:81:B5:18:F5:B8:EC:FD:93:BC:C5:BE:09:EB:01:E8:88:54:A3
            X509v3 Authority Key Identifier:
                keyid:E5:C7:8F:A1:99:3D:45:12:FE:24:36:B8:CE:DA:8B:FC:92:9D:65:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5cePoZk9RRL-JDa4ztqL_JKdZX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/z6-BtRj1uOz9k7zFvgnrAeiIVKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/5cePoZk9RRL-JDa4ztqL_JKdZX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:bf:79:c3:27:0e:2c:2f:34:2d:01:89:3e:2d:99:bc:21:40:
         ff:89:c0:6a:52:86:42:e8:bd:e8:53:fd:22:10:9c:42:38:91:
         86:21:16:45:f9:e6:57:60:21:db:5e:5c:97:b1:3b:c5:7c:fe:
         5c:14:9c:69:d1:88:c1:06:b6:41:11:e1:0f:4c:06:3b:27:cd:
         97:5b:02:ed:4f:60:6b:87:0e:b3:55:30:fb:e3:08:26:c6:45:
         ec:53:59:37:b8:84:1a:c0:f0:fa:0b:d4:2b:d7:be:70:f0:6b:
         a2:f2:a6:61:87:3e:fd:75:e9:69:7d:04:d0:29:71:e1:12:e0:
         07:ae:9a:05:da:fc:42:bd:d5:06:70:40:91:4c:e7:d3:ad:f6:
         2f:e0:50:e5:8a:1c:b7:64:b4:fc:ed:18:8b:e1:e0:0a:5b:16:
         f1:a5:dc:cf:44:db:52:29:e4:92:5d:fd:53:64:7f:93:92:91:
         e4:e2:d1:34:71:40:ee:1b:3c:57:d1:f3:a1:e2:f9:c0:ed:3c:
         30:c1:c8:f0:70:e8:91:f4:e8:11:da:3f:21:e3:af:3f:80:1c:
         6d:e5:45:87:cb:bb:09:a0:07:03:32:ab:4c:10:94:8b:1a:97:
         46:06:c5:a6:44:ca:77:c7:28:08:e3:e2:ff:bc:34:cb:34:06:
         34:16:02:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAYAUPpx5hKMKv+lNMI8xNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1Yzc4ZmExOTkzZDQ1MTJmZTI0MzZiOGNlZGE4YmZjOTI5
ZDY1N2QwHhcNMjQwNjE0MTgyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmFmODFiNTE4ZjViOGVjZmQ5M2JjYzViZTA5ZWIwMWU4ODg1NGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhw50eE/VF4jtBCV4k9+qbEqXJQx4
p4Zif2uOfwu8IXzcjjDycp81bdPFsC0F6NJQnbA7AHVIjgcUfQRwcBc/mByIqlgo
0Z7inK/lRotOQ9tLz+UJ6/9MkcrrBn5ZW9ZKkhvhyuFFOugFV+OvLPlLu+v6YGtw
2Kyp5ljCk3bck1IVRCq4YQqa19YGjaByYKnnTuiL898GkzNsC5Z3D/fzhq9YOHqH
H9U24Xt/6Qns3jc8tbmZKUifzAv0wRSmMw0lNWwdapSdm1KDT0Y8KyXL5I/Jde+g
PmMEaM7eLmfdO4toe3YDlIKlfHgZMXRfsfh27l3emMmz5my/DrJC0N4CaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+vgbUY9bjs/ZO8xb4J6wHoiFSjMB8GA1UdIwQY
MBaAFOXHj6GZPUUS/iQ2uM7ai/ySnWV9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWNlUG9aazlSUkwtSkRhNHp0cUxfSktkWlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy81YmIxZDAtNjM0ZS00NmZjLWE3NWEt
MGM5YWE2Njk2YjQ5LzEvejYtQnRSajF1T3o5azd6RnZnbnJBZWlJVktNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy81YmIxZDAtNjM0ZS00NmZjLWE3NWEtMGM5YWE2Njk2YjQ5
LzEvNWNlUG9aazlSUkwtSkRhNHp0cUxfSktkWlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaSjMA0G
CSqGSIb3DQEBCwUAA4IBAQAZv3nDJw4sLzQtAYk+LZm8IUD/icBqUoZC6L3oU/0i
EJxCOJGGIRZF+eZXYCHbXlyXsTvFfP5cFJxp0YjBBrZBEeEPTAY7J82XWwLtT2Br
hw6zVTD74wgmxkXsU1k3uIQawPD6C9Qr175w8Gui8qZhhz79delpfQTQKXHhEuAH
rpoF2vxCvdUGcECRTOfTrfYv4FDlihy3ZLT87RiL4eAKWxbxpdzPRNtSKeSSXf1T
ZH+TkpHk4tE0cUDuGzxX0fOh4vnA7TwwwcjwcOiR9OgR2j8h468/gBxt5UWHy7sJ
oAcDMqtMEJSLGpdGBsWmRMp3xygI4+L/vDTLNAY0FgKq
-----END CERTIFICATE-----