Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/ZRUwK2XWR-TC90aHW5UPPwGJipQ.roa
File:                     ZRUwK2XWR-TC90aHW5UPPwGJipQ.roa (raw, json)
Hash identifier:          AhcQPYgV3tl0xqf59GUspuTVEz2Lb+fTg4gYU09Q0f8=
Subject key identifier:   65:15:30:2B:65:D6:47:E4:C2:F7:46:87:5B:95:0F:3F:01:89:8A:94
Certificate issuer:       /CN=1a4dd11554247bd2bd301cea43ff5180372c38e4
Certificate serial:       018CC425352400B38044C7F159F62836C355
Authority key identifier: 1A:4D:D1:15:54:24:7B:D2:BD:30:1C:EA:43:FF:51:80:37:2C:38:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/ZRUwK2XWR-TC90aHW5UPPwGJipQ.roa
Signing time:             Mon 01 Jan 2024 08:30:21 +0000
ROA not before:           Mon 01 Jan 2024 08:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17767
IP address blocks:        185.192.56.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:35:24:00:b3:80:44:c7:f1:59:f6:28:36:c3:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4dd11554247bd2bd301cea43ff5180372c38e4
        Validity
            Not Before: Jan  1 08:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6515302b65d647e4c2f746875b950f3f01898a94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:40:53:77:08:4e:e6:8f:03:e3:5a:a7:0c:98:
                    b3:7e:55:18:db:05:dc:38:32:c5:99:6d:e0:38:37:
                    a0:27:fa:b2:34:1b:37:e1:8c:c7:22:aa:e7:b5:67:
                    7a:a2:76:98:bb:ca:09:43:d2:3f:f9:23:b5:c1:c4:
                    71:20:34:fa:31:ac:d2:23:e9:74:84:bc:df:da:68:
                    2f:c6:2f:f5:02:1b:07:5e:40:20:64:4c:fc:b2:95:
                    13:06:21:7e:5c:26:96:27:ff:dd:91:85:5f:a0:f4:
                    b0:c2:ff:68:f8:23:91:cf:70:6b:f8:59:94:cb:29:
                    f7:76:b7:ae:3c:d9:21:dd:a9:d3:53:0b:4d:8d:87:
                    bf:ea:eb:95:ed:e7:b6:21:06:9e:ab:45:65:6f:b8:
                    14:17:94:c3:6f:dd:be:47:1f:a2:c0:7b:51:30:d9:
                    02:77:12:6f:f5:ad:4d:1a:58:9f:96:c7:a0:e7:11:
                    6c:61:87:f6:76:d2:44:69:9f:a0:4f:8c:12:09:62:
                    7e:89:92:c3:4c:96:68:d1:c9:52:1a:d2:b3:cc:ff:
                    09:fa:fb:ea:e6:00:cb:c1:e2:5a:a2:66:5e:db:3d:
                    a2:73:51:55:40:f8:89:74:14:40:51:5d:74:4a:60:
                    dd:14:bb:ae:3d:f5:b4:a5:54:37:fc:6d:ab:30:fa:
                    99:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:15:30:2B:65:D6:47:E4:C2:F7:46:87:5B:95:0F:3F:01:89:8A:94
            X509v3 Authority Key Identifier:
                keyid:1A:4D:D1:15:54:24:7B:D2:BD:30:1C:EA:43:FF:51:80:37:2C:38:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/ZRUwK2XWR-TC90aHW5UPPwGJipQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/7bddda-0c6c-4a5e-b1c5-3ba5f30caabf/1/Gk3RFVQke9K9MBzqQ_9RgDcsOOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:1e:b0:f6:c1:f1:63:57:39:13:c8:7d:3d:9c:5c:ad:b5:19:
         c5:ab:db:a4:47:95:12:94:c6:89:fe:22:f7:e1:94:d8:73:34:
         ae:de:6c:0f:d3:b1:f6:a3:1c:8c:35:b4:0d:a2:61:36:ca:19:
         c4:36:d3:3b:ff:4b:69:e8:79:49:54:e6:50:ef:7d:b1:44:ce:
         69:85:32:74:91:62:ce:35:b9:23:b7:73:e2:61:b9:67:f1:22:
         84:a1:be:01:0b:1f:fb:c2:65:5b:e9:a0:72:59:7a:74:a4:23:
         ab:36:0f:b1:5c:12:98:f1:5a:2d:78:8c:2f:0f:5d:da:76:b7:
         f5:73:85:2b:34:b4:8a:f0:46:6e:c3:b0:37:41:80:fe:d3:0d:
         6f:00:d8:06:96:83:63:e7:86:b8:bf:3d:46:d1:aa:a7:2b:ea:
         17:99:15:e1:89:33:5a:f2:3d:a1:91:5c:ab:6e:6d:58:e1:fd:
         af:65:02:f5:46:7e:85:a6:e4:ee:0a:9f:4a:a8:5b:ec:98:ff:
         e6:6c:69:f3:7c:d4:31:66:3a:30:98:44:66:30:12:a1:de:77:
         09:da:42:a7:93:f8:64:29:71:14:12:77:71:f0:a4:7f:ca:d6:
         33:8a:e1:fc:d8:6e:3b:a7:78:9b:14:df:88:ff:a2:2b:42:90:
         84:ca:4b:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTUkALOARMfxWfYoNsNVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGRkMTE1NTQyNDdiZDJiZDMwMWNlYTQzZmY1MTgwMzcy
YzM4ZTQwHhcNMjQwMTAxMDgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTE1MzAyYjY1ZDY0N2U0YzJmNzQ2ODc1Yjk1MGYzZjAxODk4YTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUBTdwhO5o8D41qnDJizflUY2wXc
ODLFmW3gODegJ/qyNBs34YzHIqrntWd6onaYu8oJQ9I/+SO1wcRxIDT6MazSI+l0
hLzf2mgvxi/1AhsHXkAgZEz8spUTBiF+XCaWJ//dkYVfoPSwwv9o+CORz3Br+FmU
yyn3dreuPNkh3anTUwtNjYe/6uuV7ee2IQaeq0Vlb7gUF5TDb92+Rx+iwHtRMNkC
dxJv9a1NGliflseg5xFsYYf2dtJEaZ+gT4wSCWJ+iZLDTJZo0clSGtKzzP8J+vvq
5gDLweJaomZe2z2ic1FVQPiJdBRAUV10SmDdFLuuPfW0pVQ3/G2rMPqZHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUVMCtl1kfkwvdGh1uVDz8BiYqUMB8GA1UdIwQY
MBaAFBpN0RVUJHvSvTAc6kP/UYA3LDjkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2szUkZWUWtlOUs5TUJ6cVFfOVJnRGNzT09RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS83YmRkZGEtMGM2Yy00YTVlLWIxYzUt
M2JhNWYzMGNhYWJmLzEvWlJVd0syWFdSLVRDOTBhSFc1VVBQd0dKaXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS83YmRkZGEtMGM2Yy00YTVlLWIxYzUtM2JhNWYzMGNhYWJm
LzEvR2szUkZWUWtlOUs5TUJ6cVFfOVJnRGNzT09RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucA4MA0G
CSqGSIb3DQEBCwUAA4IBAQACHrD2wfFjVzkTyH09nFyttRnFq9ukR5USlMaJ/iL3
4ZTYczSu3mwP07H2oxyMNbQNomE2yhnENtM7/0tp6HlJVOZQ732xRM5phTJ0kWLO
Nbkjt3PiYbln8SKEob4BCx/7wmVb6aByWXp0pCOrNg+xXBKY8VoteIwvD13adrf1
c4UrNLSK8EZuw7A3QYD+0w1vANgGloNj54a4vz1G0aqnK+oXmRXhiTNa8j2hkVyr
bm1Y4f2vZQL1Rn6FpuTuCp9KqFvsmP/mbGnzfNQxZjowmERmMBKh3ncJ2kKnk/hk
KXEUEndx8KR/ytYziuH82G47p3ibFN+I/6IrQpCEyksp
-----END CERTIFICATE-----