Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/2399d2-8e24-48f2-be88-f371f98a753b/1/1ZhvohqJa0haJF59cBkamXwUyuU.roa
File:                     1ZhvohqJa0haJF59cBkamXwUyuU.roa (raw, json)
Hash identifier:          rUega7rZ2RAsTeGHrogjaNxjs4yKk/fYdC7luGAJYFE=
Subject key identifier:   D5:98:6F:A2:1A:89:6B:48:5A:24:5E:7D:70:19:1A:99:7C:14:CA:E5
Certificate issuer:       /CN=12b1674bbf0d118f2554f80cafd3ef1b39d8ae3f
Certificate serial:       018CC4255D50A321466F16E1989E74A3E423
Authority key identifier: 12:B1:67:4B:BF:0D:11:8F:25:54:F8:0C:AF:D3:EF:1B:39:D8:AE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ErFnS78NEY8lVPgMr9PvGznYrj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/2399d2-8e24-48f2-be88-f371f98a753b/1/1ZhvohqJa0haJF59cBkamXwUyuU.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203694
IP address blocks:        185.132.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/2399d2-8e24-48f2-be88-f371f98a753b/1/ErFnS78NEY8lVPgMr9PvGznYrj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/2399d2-8e24-48f2-be88-f371f98a753b/1/ErFnS78NEY8lVPgMr9PvGznYrj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ErFnS78NEY8lVPgMr9PvGznYrj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5d:50:a3:21:46:6f:16:e1:98:9e:74:a3:e4:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12b1674bbf0d118f2554f80cafd3ef1b39d8ae3f
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5986fa21a896b485a245e7d70191a997c14cae5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d5:28:0a:2b:80:c6:46:e9:45:30:0a:07:51:
                    10:83:0d:ab:6d:65:0e:c5:4a:96:69:1c:dc:31:23:
                    bc:3c:ea:c6:ef:1a:9e:cd:ac:ec:e5:e4:2e:9b:17:
                    52:e6:0f:45:8a:70:73:2d:50:49:e6:ac:3f:3c:ef:
                    9a:d5:40:f1:bf:ba:f1:47:99:02:5b:b0:00:ed:56:
                    aa:3c:0b:39:b3:50:43:ee:e1:32:5b:5b:c8:56:78:
                    20:c6:64:e3:b9:53:0d:33:a0:67:c8:38:35:99:8f:
                    83:ad:53:6e:69:8a:9d:c1:d5:21:8d:9a:dc:0a:5c:
                    39:8d:c9:6f:bd:9a:24:89:16:41:8b:aa:dc:59:59:
                    1f:4b:ee:b4:db:3e:39:da:2a:c7:1f:47:7d:b3:82:
                    bf:86:cf:28:ac:69:d5:10:82:92:d4:71:81:12:d2:
                    24:3d:c7:5f:89:1b:8b:a8:69:f8:cc:7e:e0:a5:61:
                    d0:44:a0:67:00:31:ec:fd:f1:e0:2a:29:5c:18:a3:
                    a6:2c:f6:09:10:56:27:ae:95:2d:75:2d:9e:d6:84:
                    c3:fd:c6:1d:ec:75:9e:96:c4:c6:51:73:76:e2:41:
                    3c:58:69:af:c5:f6:53:93:4c:76:7b:59:fd:a5:c8:
                    93:ef:04:be:df:8c:7c:82:1c:b9:de:73:8c:66:83:
                    bb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:98:6F:A2:1A:89:6B:48:5A:24:5E:7D:70:19:1A:99:7C:14:CA:E5
            X509v3 Authority Key Identifier:
                keyid:12:B1:67:4B:BF:0D:11:8F:25:54:F8:0C:AF:D3:EF:1B:39:D8:AE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ErFnS78NEY8lVPgMr9PvGznYrj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/2399d2-8e24-48f2-be88-f371f98a753b/1/1ZhvohqJa0haJF59cBkamXwUyuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/2399d2-8e24-48f2-be88-f371f98a753b/1/ErFnS78NEY8lVPgMr9PvGznYrj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.132.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:78:4e:4e:13:df:7b:5b:c6:74:66:4f:6f:21:9d:60:dc:83:
         a5:60:cd:14:b9:04:4d:7d:df:02:e2:d5:f3:ce:04:87:64:14:
         4f:26:6e:ec:de:f3:db:4c:7b:91:27:fa:4f:66:93:5e:fe:56:
         bf:4d:7d:7c:c9:1c:cc:6b:16:8a:f2:36:f2:0c:8e:cd:1e:37:
         a3:91:2b:08:87:70:0d:54:46:e1:d5:fb:47:90:80:a5:9d:6d:
         0b:0e:df:70:b4:87:3b:76:19:f2:2e:b5:63:88:3a:3e:e2:19:
         45:9a:95:33:24:c7:36:58:39:47:95:5e:3b:53:fa:c6:81:e1:
         35:ac:41:9f:3e:07:41:72:f3:fa:80:62:07:67:03:bb:05:1e:
         2d:ba:08:ed:e7:ba:4d:68:af:62:67:e9:61:3a:4b:99:b8:1e:
         80:bd:68:e0:2f:da:68:a0:d5:73:d6:88:e4:78:6a:9c:f8:fe:
         61:25:c2:a8:d8:1f:a4:bf:37:ca:17:94:d1:a3:ff:ac:3f:26:
         22:69:2a:c5:25:4e:3e:69:9a:e6:44:71:7a:12:e7:a7:3f:46:
         85:2f:e8:1e:e2:d5:75:5c:11:fd:28:b7:31:fb:4b:59:6e:b7:
         74:15:4a:c3:80:fc:14:00:9b:b3:f4:66:8f:11:16:93:ba:8c:
         30:4a:4c:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJV1QoyFGbxbhmJ50o+QjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYjE2NzRiYmYwZDExOGYyNTU0ZjgwY2FmZDNlZjFiMzlk
OGFlM2YwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTk4NmZhMjFhODk2YjQ4NWEyNDVlN2Q3MDE5MWE5OTdjMTRjYWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltUoCiuAxkbpRTAKB1EQgw2rbWUO
xUqWaRzcMSO8POrG7xqezazs5eQumxdS5g9FinBzLVBJ5qw/PO+a1UDxv7rxR5kC
W7AA7VaqPAs5s1BD7uEyW1vIVnggxmTjuVMNM6BnyDg1mY+DrVNuaYqdwdUhjZrc
Clw5jclvvZokiRZBi6rcWVkfS+602z452irHH0d9s4K/hs8orGnVEIKS1HGBEtIk
PcdfiRuLqGn4zH7gpWHQRKBnADHs/fHgKilcGKOmLPYJEFYnrpUtdS2e1oTD/cYd
7HWelsTGUXN24kE8WGmvxfZTk0x2e1n9pciT7wS+34x8ghy53nOMZoO7XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWYb6IaiWtIWiRefXAZGpl8FMrlMB8GA1UdIwQY
MBaAFBKxZ0u/DRGPJVT4DK/T7xs52K4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXJGblM3OE5FWThsVlBnTXI5UHZHem5Zcmo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8yMzk5ZDItOGUyNC00OGYyLWJlODgt
ZjM3MWY5OGE3NTNiLzEvMVpodm9ocUphMGhhSkY1OWNCa2FtWHdVeXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8yMzk5ZDItOGUyNC00OGYyLWJlODgtZjM3MWY5OGE3NTNi
LzEvRXJGblM3OE5FWThsVlBnTXI5UHZHem5Zcmo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYR8MA0G
CSqGSIb3DQEBCwUAA4IBAQBseE5OE997W8Z0Zk9vIZ1g3IOlYM0UuQRNfd8C4tXz
zgSHZBRPJm7s3vPbTHuRJ/pPZpNe/la/TX18yRzMaxaK8jbyDI7NHjejkSsIh3AN
VEbh1ftHkIClnW0LDt9wtIc7dhnyLrVjiDo+4hlFmpUzJMc2WDlHlV47U/rGgeE1
rEGfPgdBcvP6gGIHZwO7BR4tugjt57pNaK9iZ+lhOkuZuB6AvWjgL9pooNVz1ojk
eGqc+P5hJcKo2B+kvzfKF5TRo/+sPyYiaSrFJU4+aZrmRHF6EuenP0aFL+ge4tV1
XBH9KLcx+0tZbrd0FUrDgPwUAJuz9GaPERaTuowwSkyE
-----END CERTIFICATE-----