Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/oz5-Kz14wd2B5z1u7EpdNZcRcdY.roa
File:                     oz5-Kz14wd2B5z1u7EpdNZcRcdY.roa (raw, json)
Hash identifier:          MnQzB/6k4845N3POmH4cDQFRvAaBRWCuChq6CA7xzgs=
Subject key identifier:   A3:3E:7E:2B:3D:78:C1:DD:81:E7:3D:6E:EC:4A:5D:35:97:11:71:D6
Certificate issuer:       /CN=f8e826de1070d9d79daa9e415fc432613cc57e57
Certificate serial:       018CC2DB593B1F2095BC33C9477441B90760
Authority key identifier: F8:E8:26:DE:10:70:D9:D7:9D:AA:9E:41:5F:C4:32:61:3C:C5:7E:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Ogm3hBw2dedqp5BX8QyYTzFflc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/oz5-Kz14wd2B5z1u7EpdNZcRcdY.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50622
IP address blocks:        185.47.226.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/1-Ogm3hBw2dedqp5BX8QyYTzFflc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/1-Ogm3hBw2dedqp5BX8QyYTzFflc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Ogm3hBw2dedqp5BX8QyYTzFflc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:59:3b:1f:20:95:bc:33:c9:47:74:41:b9:07:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e826de1070d9d79daa9e415fc432613cc57e57
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a33e7e2b3d78c1dd81e73d6eec4a5d35971171d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ed:fe:52:de:ee:94:35:d8:4e:86:7b:b9:a7:
                    1d:18:61:99:e3:4b:f7:fa:aa:df:63:60:28:d6:75:
                    c1:e6:4f:92:76:3d:00:5a:d6:44:b7:d0:42:49:a9:
                    72:d8:ea:77:f6:44:f1:25:c6:b3:22:8c:78:8f:fd:
                    31:63:ff:04:3e:fc:40:cb:4a:77:26:b0:d3:57:2e:
                    07:af:5e:ec:7d:1f:0f:5c:58:f9:9a:e8:ba:44:7f:
                    89:a1:a3:d6:c3:12:c4:da:f3:2a:1c:c3:d8:7c:2f:
                    51:1e:8b:a0:e2:d0:09:b7:68:6e:03:99:06:6d:da:
                    53:a8:c7:fc:dd:4d:3c:b5:c0:4e:1c:89:89:25:ab:
                    c2:db:1b:d6:c3:33:93:21:2d:f9:33:a8:b0:ef:bb:
                    e8:f4:15:8b:8a:31:49:62:ab:be:44:39:8a:42:d9:
                    be:66:03:31:c8:41:9f:f7:96:d3:f5:58:1d:d5:f2:
                    ea:7b:a6:17:85:e1:1d:ad:03:2a:bc:59:1e:75:18:
                    bf:2e:77:8a:96:58:e7:43:44:2e:f1:e3:dc:ff:42:
                    5f:68:5d:e8:77:98:e8:51:30:92:c9:3b:f0:2e:78:
                    9a:ca:8c:88:84:ae:b4:d1:64:59:b6:c1:96:f2:dd:
                    da:0d:9b:3f:e7:a1:ab:19:f2:3e:91:fd:ca:27:36:
                    2d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:3E:7E:2B:3D:78:C1:DD:81:E7:3D:6E:EC:4A:5D:35:97:11:71:D6
            X509v3 Authority Key Identifier:
                keyid:F8:E8:26:DE:10:70:D9:D7:9D:AA:9E:41:5F:C4:32:61:3C:C5:7E:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Ogm3hBw2dedqp5BX8QyYTzFflc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/oz5-Kz14wd2B5z1u7EpdNZcRcdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/1-Ogm3hBw2dedqp5BX8QyYTzFflc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.47.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:c6:b1:b5:39:5f:d4:7b:65:59:aa:2a:f7:6e:f9:57:f6:8b:
         84:2b:7a:f7:9d:9a:f1:91:56:fe:cc:cf:50:a6:34:8f:08:dd:
         4b:9b:e4:1a:29:0d:7a:2b:52:fc:a2:2d:cb:00:1e:fc:cd:3d:
         a1:f5:8c:83:fc:b5:1f:2e:a7:47:6d:15:09:d1:76:47:a2:70:
         b5:4b:d5:da:88:60:0c:0d:93:8b:97:34:bd:79:e9:0b:a5:e3:
         28:90:00:d9:bc:e4:21:11:5f:aa:14:6c:f2:5a:24:b9:ca:e5:
         99:70:7b:52:7b:26:67:8c:44:de:95:c8:c1:c4:79:c9:e5:9f:
         dc:2c:2f:13:9b:28:ef:39:fe:d3:f1:71:4e:bb:13:f1:9a:cc:
         5f:c2:ed:d7:32:5b:07:a5:d1:55:f5:23:ec:bd:c6:c4:52:82:
         43:4d:1a:2a:5a:d7:c3:2b:a1:ee:ab:82:9b:47:37:7f:61:46:
         a4:c1:92:d5:a5:3c:50:22:71:d4:13:ac:aa:08:78:8e:17:7e:
         3c:ea:d5:e2:87:a9:65:5b:39:ef:60:d2:a5:f2:df:e2:fb:af:
         fb:ce:51:5f:ca:f7:a8:cd:0e:af:ee:31:c8:64:5b:4e:05:2f:
         d0:1f:bd:10:ff:35:9f:77:0d:4b:6d:8f:78:8a:ab:e0:02:37:
         56:f6:03:dd
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzC21k7HyCVvDPJR3RBuQdgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTgyNmRlMTA3MGQ5ZDc5ZGFhOWU0MTVmYzQzMjYxM2Nj
NTdlNTcwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzNlN2UyYjNkNzhjMWRkODFlNzNkNmVlYzRhNWQzNTk3MTE3MWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArO3+Ut7ulDXYToZ7uacdGGGZ40v3
+qrfY2Ao1nXB5k+Sdj0AWtZEt9BCSaly2Op39kTxJcazIox4j/0xY/8EPvxAy0p3
JrDTVy4Hr17sfR8PXFj5mui6RH+JoaPWwxLE2vMqHMPYfC9RHoug4tAJt2huA5kG
bdpTqMf83U08tcBOHImJJavC2xvWwzOTIS35M6iw77vo9BWLijFJYqu+RDmKQtm+
ZgMxyEGf95bT9Vgd1fLqe6YXheEdrQMqvFkedRi/LneKlljnQ0Qu8ePc/0JfaF3o
d5joUTCSyTvwLniayoyIhK600WRZtsGW8t3aDZs/56GrGfI+kf3KJzYtvQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKM+fis9eMHdgec9buxKXTWXEXHWMB8GA1UdIwQY
MBaAFPjoJt4QcNnXnaqeQV/EMmE8xX5XMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PZ20zaEJ3MmRlZHFwNUJYOFF5WVR6RmZsYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWQvNzNkYjc3LTBhNmItNGY5Yi1hOGU4
LWVhZWRiNzA5ZWZiZi8xL296NS1LejE0d2QyQjV6MXU3RXBkTlpjUmNkWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWQvNzNkYjc3LTBhNmItNGY5Yi1hOGU4LWVhZWRiNzA5ZWZi
Zi8xLzEtT2dtM2hCdzJkZWRxcDVCWDhReVlUekZmbGMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5L+Iw
DQYJKoZIhvcNAQELBQADggEBABzGsbU5X9R7ZVmqKvdu+Vf2i4QrevedmvGRVv7M
z1CmNI8I3Uub5BopDXorUvyiLcsAHvzNPaH1jIP8tR8up0dtFQnRdkeicLVL1dqI
YAwNk4uXNL156Qul4yiQANm85CERX6oUbPJaJLnK5Zlwe1J7JmeMRN6VyMHEecnl
n9wsLxObKO85/tPxcU67E/GazF/C7dcyWwel0VX1I+y9xsRSgkNNGipa18Mroe6r
gptHN39hRqTBktWlPFAicdQTrKoIeI4Xfjzq1eKHqWVbOe9g0qXy3+L7r/vOUV/K
96jNDq/uMchkW04FL9AfvRD/NZ93DUttj3iKq+ACN1b2A90=
-----END CERTIFICATE-----