Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/077f64-b843-469f-8547-dd20bb208bba/1/_kz3z_VRhm7dyVtAzGoJc4SUA3U.roa
File:                     _kz3z_VRhm7dyVtAzGoJc4SUA3U.roa (raw, json)
Hash identifier:          8GICgT8R2xZQkDD/ZnywihX7XVgfwF4tqY+MPTv9hAw=
Subject key identifier:   FE:4C:F7:CF:F5:51:86:6E:DD:C9:5B:40:CC:6A:09:73:84:94:03:75
Certificate issuer:       /CN=5f1a427072b31d44784c375dfae42278e71fa836
Certificate serial:       018CCA29267C8E6460A2ED6D7C9BA0828087
Authority key identifier: 5F:1A:42:70:72:B3:1D:44:78:4C:37:5D:FA:E4:22:78:E7:1F:A8:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XxpCcHKzHUR4TDdd-uQieOcfqDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/077f64-b843-469f-8547-dd20bb208bba/1/_kz3z_VRhm7dyVtAzGoJc4SUA3U.roa
Signing time:             Tue 02 Jan 2024 12:32:23 +0000
ROA not before:           Tue 02 Jan 2024 12:32:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272713
IP address blocks:        185.236.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/077f64-b843-469f-8547-dd20bb208bba/1/XxpCcHKzHUR4TDdd-uQieOcfqDY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/077f64-b843-469f-8547-dd20bb208bba/1/XxpCcHKzHUR4TDdd-uQieOcfqDY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XxpCcHKzHUR4TDdd-uQieOcfqDY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:26:7c:8e:64:60:a2:ed:6d:7c:9b:a0:82:80:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f1a427072b31d44784c375dfae42278e71fa836
        Validity
            Not Before: Jan  2 12:32:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe4cf7cff551866eddc95b40cc6a097384940375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:02:a6:39:85:42:65:46:3e:8e:9c:06:fb:67:
                    dc:10:69:61:e8:4c:c4:e0:d9:ed:ae:5c:72:81:9e:
                    d4:9f:0c:97:bf:4b:7a:93:4e:4b:8e:d7:51:5d:1a:
                    4e:cd:c5:57:62:f3:ce:a0:4f:7e:62:b3:c4:65:d4:
                    38:60:9b:08:41:d1:e4:f7:21:06:2c:35:48:ba:48:
                    de:de:fa:66:7a:53:e8:85:c0:72:04:3e:64:34:ff:
                    91:d7:cc:d3:b9:c7:0b:92:59:72:d8:2c:08:b0:cb:
                    1d:f7:1e:29:86:9c:7c:97:50:f8:8b:87:96:c2:3c:
                    3d:0c:e7:39:47:ba:91:15:a8:bc:1e:9d:0b:7e:bf:
                    d7:11:b6:b2:68:58:de:76:ad:25:c1:2d:cd:ff:75:
                    5e:6d:30:e4:8e:ef:57:4a:40:2c:23:18:33:4b:ca:
                    9a:0a:72:2c:c3:66:f2:97:62:20:8f:f0:c8:85:37:
                    c6:4d:f8:bb:fb:a2:4a:a9:a4:a5:be:4b:3e:31:5f:
                    4f:ca:9a:56:d7:af:d3:ca:7a:e3:c7:55:d6:7d:92:
                    e8:03:51:aa:02:e4:b2:06:d8:aa:ea:3e:4a:06:f6:
                    80:54:72:60:5b:6d:28:4c:d2:97:48:47:a3:7b:90:
                    f2:21:50:0f:0a:b2:2d:0e:e9:58:58:7d:82:78:5f:
                    81:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:4C:F7:CF:F5:51:86:6E:DD:C9:5B:40:CC:6A:09:73:84:94:03:75
            X509v3 Authority Key Identifier:
                keyid:5F:1A:42:70:72:B3:1D:44:78:4C:37:5D:FA:E4:22:78:E7:1F:A8:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XxpCcHKzHUR4TDdd-uQieOcfqDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/077f64-b843-469f-8547-dd20bb208bba/1/_kz3z_VRhm7dyVtAzGoJc4SUA3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/077f64-b843-469f-8547-dd20bb208bba/1/XxpCcHKzHUR4TDdd-uQieOcfqDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:68:de:14:89:7a:75:3e:1a:65:38:e6:9d:80:ad:11:5a:25:
         a3:86:9e:23:4b:60:40:da:d4:0d:82:4f:6d:03:8d:b2:ca:e7:
         b6:2a:46:83:d3:34:27:66:6f:d0:99:50:c5:a8:77:a4:0f:72:
         60:64:76:06:5d:94:7d:2c:63:bf:13:7b:49:2b:b7:da:28:43:
         b5:b6:0e:e5:2f:ea:c1:e5:1b:80:95:bf:5d:3b:c7:da:f1:83:
         61:74:ce:41:b7:6d:74:c7:9b:f0:48:04:74:09:1c:15:c5:18:
         02:04:86:8b:24:ee:26:93:ed:0b:e3:98:68:6b:ba:37:34:2d:
         26:a7:ec:97:ce:bd:77:89:ff:54:33:20:79:af:11:87:20:7b:
         26:b1:a5:17:86:48:e3:43:e3:55:dc:b7:db:ed:b6:dc:e0:8f:
         59:7e:9b:4b:c8:de:3b:fb:2d:f1:1f:de:de:92:2a:ca:63:ff:
         03:67:86:c6:21:e6:0c:80:6f:d1:4c:e8:1e:2c:46:1d:72:0a:
         93:28:c4:5f:24:27:ad:11:22:72:24:1d:fe:5e:0a:2d:a4:b7:
         38:cf:14:50:7c:90:5f:ba:b2:eb:c3:4c:4e:3f:2c:0a:bf:58:
         8e:e3:84:77:14:da:4d:52:c1:33:02:7f:6b:b6:30:a6:54:c0:
         c8:2a:33:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKSZ8jmRgou1tfJuggoCHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWE0MjcwNzJiMzFkNDQ3ODRjMzc1ZGZhZTQyMjc4ZTcx
ZmE4MzYwHhcNMjQwMTAyMTIzMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTRjZjdjZmY1NTE4NjZlZGRjOTViNDBjYzZhMDk3Mzg0OTQwMzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwKmOYVCZUY+jpwG+2fcEGlh6EzE
4NntrlxygZ7UnwyXv0t6k05LjtdRXRpOzcVXYvPOoE9+YrPEZdQ4YJsIQdHk9yEG
LDVIukje3vpmelPohcByBD5kNP+R18zTuccLklly2CwIsMsd9x4phpx8l1D4i4eW
wjw9DOc5R7qRFai8Hp0Lfr/XEbayaFjedq0lwS3N/3VebTDkju9XSkAsIxgzS8qa
CnIsw2byl2Igj/DIhTfGTfi7+6JKqaSlvks+MV9PyppW16/Tynrjx1XWfZLoA1Gq
AuSyBtiq6j5KBvaAVHJgW20oTNKXSEeje5DyIVAPCrItDulYWH2CeF+BvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5M98/1UYZu3clbQMxqCXOElAN1MB8GA1UdIwQY
MBaAFF8aQnBysx1EeEw3XfrkInjnH6g2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHhwQ2NIS3pIVVI0VERkZC11UWllT2NmcURZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8wNzdmNjQtYjg0My00NjlmLTg1NDct
ZGQyMGJiMjA4YmJhLzEvX2t6M3pfVlJobTdkeVZ0QXpHb0pjNFNVQTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8wNzdmNjQtYjg0My00NjlmLTg1NDctZGQyMGJiMjA4YmJh
LzEvWHhwQ2NIS3pIVVI0VERkZC11UWllT2NmcURZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuey3MA0G
CSqGSIb3DQEBCwUAA4IBAQBUaN4UiXp1PhplOOadgK0RWiWjhp4jS2BA2tQNgk9t
A42yyue2KkaD0zQnZm/QmVDFqHekD3JgZHYGXZR9LGO/E3tJK7faKEO1tg7lL+rB
5RuAlb9dO8fa8YNhdM5Bt210x5vwSAR0CRwVxRgCBIaLJO4mk+0L45hoa7o3NC0m
p+yXzr13if9UMyB5rxGHIHsmsaUXhkjjQ+NV3Lfb7bbc4I9ZfptLyN47+y3xH97e
kirKY/8DZ4bGIeYMgG/RTOgeLEYdcgqTKMRfJCetESJyJB3+XgotpLc4zxRQfJBf
urLrw0xOPywKv1iO44R3FNpNUsEzAn9rtjCmVMDIKjO+
-----END CERTIFICATE-----