Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/ZXMm-kyuB3sdWdOsEVd4jJ5di-U.roa
File:                     ZXMm-kyuB3sdWdOsEVd4jJ5di-U.roa (raw, json)
Hash identifier:          JQNEEFBlq0ZgxzqfOTANND5jqygO2Z/oyOeqPBhhWkI=
Subject key identifier:   65:73:26:FA:4C:AE:07:7B:1D:59:D3:AC:11:57:78:8C:9E:5D:8B:E5
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC1C375EA1FEF8C2D7D5CB59329629
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/ZXMm-kyuB3sdWdOsEVd4jJ5di-U.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39885
IP address blocks:        212.183.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1c:37:5e:a1:fe:f8:c2:d7:d5:cb:59:32:96:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=657326fa4cae077b1d59d3ac1157788c9e5d8be5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:db:dd:92:70:95:f5:6e:92:06:73:a5:7a:85:
                    03:3e:44:57:bb:67:98:c5:5c:5d:b4:f7:4d:53:96:
                    25:5d:44:e1:31:74:c2:76:61:79:f8:84:52:bc:54:
                    ca:53:a1:aa:9f:a9:8c:40:59:b3:e7:a6:db:d1:0f:
                    53:87:df:55:aa:b8:92:29:25:5c:85:b3:c6:53:91:
                    5e:fb:1c:0f:c0:52:70:28:21:9a:b2:8f:6b:c8:c4:
                    80:85:4b:f7:35:22:2a:09:ca:02:a6:b1:7a:58:80:
                    c9:6b:43:65:5f:0c:b6:37:36:77:af:7a:4f:71:cc:
                    d4:4a:e2:e2:fe:ee:f7:74:b3:03:da:02:4f:89:73:
                    ea:df:ec:a7:df:99:98:72:f9:32:7a:0e:f2:23:06:
                    b7:08:b0:3f:e1:8f:54:76:1f:55:26:08:18:f6:d9:
                    38:fb:03:42:3a:0a:af:cf:aa:34:76:34:6f:17:e2:
                    68:43:9b:8c:f3:bd:e7:84:59:77:3e:fd:18:50:0a:
                    03:f2:90:79:0e:2b:5d:36:32:9d:2f:d4:7b:1d:af:
                    92:4f:32:4f:58:0c:e0:07:29:d5:5f:8e:cc:e6:e7:
                    ce:e0:77:51:cb:6f:c8:8f:b7:73:a1:cd:30:24:e1:
                    e9:cf:8c:84:b4:e7:0e:77:e3:34:e4:67:8a:2d:85:
                    e7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:73:26:FA:4C:AE:07:7B:1D:59:D3:AC:11:57:78:8C:9E:5D:8B:E5
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/ZXMm-kyuB3sdWdOsEVd4jJ5di-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.183.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:8e:c2:5c:60:a5:63:9e:95:d6:06:de:9c:44:7d:9a:f3:54:
         1b:73:d8:4c:4d:0a:12:59:6b:c3:c1:9a:6b:ab:e9:b3:d4:1d:
         30:b8:3e:a7:fc:79:d4:e8:22:14:1b:b7:9a:09:28:83:7f:62:
         5e:17:5c:4d:99:5d:61:f8:c4:5f:f7:fc:cb:de:7a:a4:f0:e0:
         f8:3d:63:2d:34:3d:5c:bf:13:c9:65:f0:fa:c7:49:85:cf:f9:
         31:f6:36:ff:f3:21:a4:42:de:b1:6b:2b:83:80:f3:0f:6d:34:
         ac:76:1c:ee:1a:6a:a6:d4:6e:5a:6e:be:4a:96:68:59:7f:1f:
         52:31:2c:4c:81:62:e5:8c:6e:09:c2:10:03:94:b6:82:57:9c:
         a0:e1:05:64:f7:0b:67:be:ee:db:5c:f5:4b:f9:04:12:f3:33:
         96:ff:57:64:40:b1:a9:67:98:3f:b9:6f:36:40:4b:73:39:99:
         ba:17:08:9b:98:cb:e9:60:85:c1:92:ed:20:c7:9d:f5:a2:51:
         2b:c1:fa:16:a9:5a:39:f4:b3:55:6e:fd:dd:27:e5:17:2b:17:
         8c:d0:b3:c0:8d:25:ca:3c:d5:fe:1c:ee:e7:4d:7a:84:ac:5e:
         fd:c9:5c:05:b4:3e:42:b3:1e:53:66:f5:78:1e:97:fd:00:73:
         c3:c6:4c:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Bw3XqH++MLX1ctZMpYpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTczMjZmYTRjYWUwNzdiMWQ1OWQzYWMxMTU3Nzg4YzllNWQ4YmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9vdknCV9W6SBnOleoUDPkRXu2eY
xVxdtPdNU5YlXUThMXTCdmF5+IRSvFTKU6Gqn6mMQFmz56bb0Q9Th99VqriSKSVc
hbPGU5Fe+xwPwFJwKCGaso9ryMSAhUv3NSIqCcoCprF6WIDJa0NlXwy2NzZ3r3pP
cczUSuLi/u73dLMD2gJPiXPq3+yn35mYcvkyeg7yIwa3CLA/4Y9Udh9VJggY9tk4
+wNCOgqvz6o0djRvF+JoQ5uM873nhFl3Pv0YUAoD8pB5DitdNjKdL9R7Ha+STzJP
WAzgBynVX47M5ufO4HdRy2/Ij7dzoc0wJOHpz4yEtOcOd+M05GeKLYXneQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVzJvpMrgd7HVnTrBFXeIyeXYvlMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvWlhNbS1reXVCM3NkV2RPc0VWZDRqSjVkaS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1LcXMA0G
CSqGSIb3DQEBCwUAA4IBAQBBjsJcYKVjnpXWBt6cRH2a81Qbc9hMTQoSWWvDwZpr
q+mz1B0wuD6n/HnU6CIUG7eaCSiDf2JeF1xNmV1h+MRf9/zL3nqk8OD4PWMtND1c
vxPJZfD6x0mFz/kx9jb/8yGkQt6xayuDgPMPbTSsdhzuGmqm1G5abr5KlmhZfx9S
MSxMgWLljG4JwhADlLaCV5yg4QVk9wtnvu7bXPVL+QQS8zOW/1dkQLGpZ5g/uW82
QEtzOZm6FwibmMvpYIXBku0gx531olErwfoWqVo59LNVbv3dJ+UXKxeM0LPAjSXK
PNX+HO7nTXqErF79yVwFtD5Csx5TZvV4Hpf9AHPDxkxd
-----END CERTIFICATE-----