Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/a27a03-f645-462b-94e7-66c5ae8a36b4/1/sz2P-SxUUCWW9YivRyhCNlZQhtg.roa
File:                     sz2P-SxUUCWW9YivRyhCNlZQhtg.roa (raw, json)
Hash identifier:          H5+tDQKBXhPR9K/0kCNp3/JYblbOqJXLArptublX1VQ=
Subject key identifier:   B3:3D:8F:F9:2C:54:50:25:96:F5:88:AF:47:28:42:36:56:50:86:D8
Certificate issuer:       /CN=5c791a1ba09b9d4d358ef05aaded7f0e85e881b6
Certificate serial:       018CC8DEDE6D4AFE9EFAEC5747754D205E26
Authority key identifier: 5C:79:1A:1B:A0:9B:9D:4D:35:8E:F0:5A:AD:ED:7F:0E:85:E8:81:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XHkaG6CbnU01jvBare1_DoXogbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/a27a03-f645-462b-94e7-66c5ae8a36b4/1/sz2P-SxUUCWW9YivRyhCNlZQhtg.roa
Signing time:             Tue 02 Jan 2024 06:31:38 +0000
ROA not before:           Tue 02 Jan 2024 06:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44640
IP address blocks:        185.56.116.0/22 maxlen: 24
                          91.202.44.0/22 maxlen: 24
                          2a04:c340::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/a27a03-f645-462b-94e7-66c5ae8a36b4/1/XHkaG6CbnU01jvBare1_DoXogbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/a27a03-f645-462b-94e7-66c5ae8a36b4/1/XHkaG6CbnU01jvBare1_DoXogbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XHkaG6CbnU01jvBare1_DoXogbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:de:6d:4a:fe:9e:fa:ec:57:47:75:4d:20:5e:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c791a1ba09b9d4d358ef05aaded7f0e85e881b6
        Validity
            Not Before: Jan  2 06:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b33d8ff92c54502596f588af47284236565086d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8a:8d:47:b3:dd:db:58:46:db:13:3b:92:ca:
                    98:da:c3:21:b7:11:75:9f:61:06:b7:f4:cb:86:d1:
                    67:2f:7c:b0:1f:c3:f5:9c:ee:97:ac:ab:3d:ed:17:
                    d0:02:7e:94:0f:e3:a7:fb:50:e9:cd:99:3a:6f:94:
                    73:bd:fb:7c:5a:5d:88:b9:7d:66:f7:88:27:5e:e1:
                    fc:bb:29:6b:fe:0a:a9:38:f1:b3:3e:3f:63:31:c4:
                    2e:69:86:1f:5a:cd:98:cf:9f:46:e1:d1:2d:12:d5:
                    bc:60:d5:c2:8a:eb:1d:64:81:5b:00:b6:1b:c3:f3:
                    6b:89:cc:b2:67:a6:2e:f9:8d:44:d6:a6:ab:17:85:
                    21:8b:4e:e8:0c:12:29:a1:96:63:d8:1b:58:4f:36:
                    e9:74:9d:23:1d:1c:1d:22:e1:e5:ab:ba:29:13:78:
                    63:ea:1c:a5:e6:b1:82:00:17:26:98:79:24:7d:c7:
                    7e:0a:fc:ff:0e:b5:58:ee:33:7c:f0:ad:7f:1b:0a:
                    1b:4a:47:9b:78:4a:b3:3c:cf:14:38:d7:91:77:50:
                    01:fa:06:64:70:80:15:a3:e2:42:5e:c5:69:7c:fa:
                    6c:a9:1a:46:89:49:38:bd:7a:a2:f2:62:96:88:50:
                    9e:c9:22:b5:6d:e8:14:2b:0a:40:be:5e:46:1c:e1:
                    cd:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:3D:8F:F9:2C:54:50:25:96:F5:88:AF:47:28:42:36:56:50:86:D8
            X509v3 Authority Key Identifier:
                keyid:5C:79:1A:1B:A0:9B:9D:4D:35:8E:F0:5A:AD:ED:7F:0E:85:E8:81:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XHkaG6CbnU01jvBare1_DoXogbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/a27a03-f645-462b-94e7-66c5ae8a36b4/1/sz2P-SxUUCWW9YivRyhCNlZQhtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/a27a03-f645-462b-94e7-66c5ae8a36b4/1/XHkaG6CbnU01jvBare1_DoXogbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.44.0/22
                  185.56.116.0/22
                IPv6:
                  2a04:c340::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:34:73:4a:b4:bf:75:1d:c4:5d:5d:b2:5d:55:76:f1:ab:78:
         58:ee:64:e3:e8:e0:d8:6d:7c:a3:4f:b3:27:bd:e4:7b:79:43:
         d1:58:41:94:61:01:f3:0e:44:8b:3b:d2:e8:5a:29:0b:c2:13:
         df:1c:7f:a3:45:a8:ab:14:49:2e:b5:9c:96:69:e7:be:48:91:
         f1:5b:3b:09:00:cc:58:fe:84:01:7e:aa:e5:f7:de:1f:e5:1f:
         15:40:76:54:63:81:0d:67:9c:ba:d3:23:b1:13:d6:0e:56:86:
         25:e3:48:54:83:a7:77:9b:5f:87:46:85:cf:2f:bc:b3:c1:80:
         cb:24:20:82:dd:22:e9:b7:2e:77:cc:32:11:16:fa:d2:cb:9b:
         92:dc:87:f0:ba:88:92:ab:3f:8a:47:fd:f9:2e:ff:15:96:f7:
         c8:bb:7a:60:f5:f1:ec:1c:7c:72:43:8c:b2:88:a4:b6:b7:ec:
         ca:5c:95:4e:52:e9:c4:9c:bf:4b:b1:9f:b1:1b:3f:86:cb:e0:
         7e:61:70:0f:37:a2:8a:e2:0e:f8:bf:ad:95:d4:28:0b:c8:00:
         b8:df:05:4c:e2:0b:74:74:26:f2:78:7b:10:88:bb:15:2f:13:
         4d:b9:6f:64:a0:9a:f3:2a:1f:e3:e6:80:ad:81:76:ab:df:06:
         79:b8:53:0d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzI3t5tSv6e+uxXR3VNIF4mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNzkxYTFiYTA5YjlkNGQzNThlZjA1YWFkZWQ3ZjBlODVl
ODgxYjYwHhcNMjQwMTAyMDYzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzNkOGZmOTJjNTQ1MDI1OTZmNTg4YWY0NzI4NDIzNjU2NTA4NmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIqNR7Pd21hG2xM7ksqY2sMhtxF1
n2EGt/TLhtFnL3ywH8P1nO6XrKs97RfQAn6UD+On+1DpzZk6b5Rzvft8Wl2IuX1m
94gnXuH8uylr/gqpOPGzPj9jMcQuaYYfWs2Yz59G4dEtEtW8YNXCiusdZIFbALYb
w/NricyyZ6Yu+Y1E1qarF4Uhi07oDBIpoZZj2BtYTzbpdJ0jHRwdIuHlq7opE3hj
6hyl5rGCABcmmHkkfcd+Cvz/DrVY7jN88K1/GwobSkebeEqzPM8UONeRd1AB+gZk
cIAVo+JCXsVpfPpsqRpGiUk4vXqi8mKWiFCeySK1begUKwpAvl5GHOHNrwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLM9j/ksVFAllvWIr0coQjZWUIbYMB8GA1UdIwQY
MBaAFFx5Ghugm51NNY7wWq3tfw6F6IG2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEhrYUc2Q2JuVTAxanZCYXJlMV9Eb1hvZ2JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9hMjdhMDMtZjY0NS00NjJiLTk0ZTct
NjZjNWFlOGEzNmI0LzEvc3oyUC1TeFVVQ1dXOVlpdlJ5aENObFpRaHRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9hMjdhMDMtZjY0NS00NjJiLTk0ZTctNjZjNWFlOGEzNmI0
LzEvWEhrYUc2Q2JuVTAxanZCYXJlMV9Eb1hvZ2JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW8osAwQC
uTh0MA0EAgACMAcDBQMqBMNAMA0GCSqGSIb3DQEBCwUAA4IBAQBONHNKtL91HcRd
XbJdVXbxq3hY7mTj6ODYbXyjT7MnveR7eUPRWEGUYQHzDkSLO9LoWikLwhPfHH+j
RairFEkutZyWaee+SJHxWzsJAMxY/oQBfqrl994f5R8VQHZUY4ENZ5y60yOxE9YO
VoYl40hUg6d3m1+HRoXPL7yzwYDLJCCC3SLpty53zDIRFvrSy5uS3IfwuoiSqz+K
R/35Lv8VlvfIu3pg9fHsHHxyQ4yyiKS2t+zKXJVOUunEnL9LsZ+xGz+Gy+B+YXAP
N6KK4g74v62V1CgLyAC43wVM4gt0dCbyeHsQiLsVLxNNuW9koJrzKh/j5oCtgXar
3wZ5uFMN
-----END CERTIFICATE-----