Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/5aa05a-720e-4d56-a3a8-a01c37b88728/1/L5zZZs0MQAmEI_mUwqixF24R8DE.roa
File:                     L5zZZs0MQAmEI_mUwqixF24R8DE.roa (raw, json)
Hash identifier:          BL3jL1fDNlqIL3I91WM6mHYcl682XCh5yYPHL3xw1RM=
Subject key identifier:   2F:9C:D9:66:CD:0C:40:09:84:23:F9:94:C2:A8:B1:17:6E:11:F0:31
Certificate issuer:       /CN=3b3a05dbb9c77fa16ed10469747a5c6e6eab88de
Certificate serial:       018CF3FE55E0761303CB9B24B67FD0E1AB9C
Authority key identifier: 3B:3A:05:DB:B9:C7:7F:A1:6E:D1:04:69:74:7A:5C:6E:6E:AB:88:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OzoF27nHf6Fu0QRpdHpcbm6riN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/5aa05a-720e-4d56-a3a8-a01c37b88728/1/L5zZZs0MQAmEI_mUwqixF24R8DE.roa
Signing time:             Wed 10 Jan 2024 15:29:40 +0000
ROA not before:           Wed 10 Jan 2024 15:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58224
IP address blocks:        185.133.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/5aa05a-720e-4d56-a3a8-a01c37b88728/1/OzoF27nHf6Fu0QRpdHpcbm6riN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/5aa05a-720e-4d56-a3a8-a01c37b88728/1/OzoF27nHf6Fu0QRpdHpcbm6riN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OzoF27nHf6Fu0QRpdHpcbm6riN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:fe:55:e0:76:13:03:cb:9b:24:b6:7f:d0:e1:ab:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b3a05dbb9c77fa16ed10469747a5c6e6eab88de
        Validity
            Not Before: Jan 10 15:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f9cd966cd0c40098423f994c2a8b1176e11f031
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:2f:91:e4:08:24:f8:dd:a1:4e:49:e0:8e:4f:
                    41:23:a4:fb:8c:f8:06:9f:a9:99:55:b4:a3:d5:52:
                    bb:30:f3:06:da:c5:7c:b0:e6:47:e9:43:75:9a:e2:
                    9e:c7:bf:83:7f:ea:d9:76:0d:be:f7:2b:36:49:5f:
                    f7:4b:52:32:20:d3:0d:a7:99:ff:25:8b:18:54:d7:
                    cf:e9:62:35:41:65:71:15:d1:19:fe:15:b1:9a:77:
                    df:57:fd:77:c0:7b:e5:c4:41:86:79:a2:0e:45:ef:
                    e4:6e:d1:dd:91:44:1f:db:28:e1:7b:a8:ba:db:cc:
                    98:98:ca:10:de:44:77:60:89:03:90:65:65:ea:58:
                    d7:c5:f7:fa:ea:79:82:16:f3:6e:e1:b3:fb:14:c4:
                    d4:a5:c0:b3:f2:5d:63:a6:9d:ad:56:ee:82:ab:48:
                    6e:ff:73:c3:90:3f:27:52:0e:0b:5d:54:f8:e9:28:
                    ca:6e:04:65:1d:17:e6:73:0b:fc:f2:55:b7:37:6d:
                    b5:70:e6:f3:1e:1d:a1:9a:fa:e2:2f:6e:8a:25:d1:
                    ee:38:ef:77:31:cc:22:a0:81:3b:da:a1:94:4d:8d:
                    9a:83:ea:95:25:f4:95:b7:63:87:19:9a:dd:e3:04:
                    ef:72:71:a9:18:32:fc:ab:f6:e9:04:da:a3:81:ea:
                    73:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:9C:D9:66:CD:0C:40:09:84:23:F9:94:C2:A8:B1:17:6E:11:F0:31
            X509v3 Authority Key Identifier:
                keyid:3B:3A:05:DB:B9:C7:7F:A1:6E:D1:04:69:74:7A:5C:6E:6E:AB:88:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OzoF27nHf6Fu0QRpdHpcbm6riN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/5aa05a-720e-4d56-a3a8-a01c37b88728/1/L5zZZs0MQAmEI_mUwqixF24R8DE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/5aa05a-720e-4d56-a3a8-a01c37b88728/1/OzoF27nHf6Fu0QRpdHpcbm6riN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:01:9a:b4:29:c9:3d:ed:b8:15:78:97:c8:07:d4:8f:ec:50:
         80:19:5d:22:7c:d4:c9:fd:78:0f:10:fc:6b:dc:c8:dd:ae:bb:
         f2:e0:e8:7e:ab:67:da:66:83:d3:f0:d9:fe:5b:8d:ba:25:ba:
         c7:6c:d2:cc:7c:7c:5b:b0:d7:cf:55:ed:24:e3:59:95:db:47:
         d5:6a:34:c6:83:8a:46:d3:4c:37:cf:41:c0:13:26:44:58:b9:
         b7:97:01:03:21:0c:89:57:2f:11:6c:7e:cd:ef:a8:e8:ed:e3:
         9a:a6:ea:fa:85:12:38:76:db:6a:8c:5b:83:80:22:0d:a2:22:
         fb:18:e7:fe:d9:27:dc:38:d0:6c:dc:fc:f2:80:9f:ef:fa:b8:
         52:27:f0:44:78:aa:29:9f:37:71:23:fd:4a:ee:93:52:bf:e3:
         a4:99:13:c0:d2:d4:fd:14:a1:0a:59:60:d9:d2:e3:a3:a9:93:
         3d:36:88:66:61:38:65:97:47:c2:af:26:dd:4a:58:84:ec:21:
         3f:68:c8:3a:ac:eb:5c:2a:0c:b8:c9:4f:d1:f9:79:18:ce:3f:
         f5:68:b3:98:9a:15:5e:aa:ec:ac:a7:d0:82:43:d9:07:b2:fe:
         c7:cc:ec:fb:33:f7:42:6a:17:23:87:90:12:0b:2a:57:6d:b4:
         72:6d:c0:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzz/lXgdhMDy5sktn/Q4aucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiM2EwNWRiYjljNzdmYTE2ZWQxMDQ2OTc0N2E1YzZlNmVh
Yjg4ZGUwHhcNMjQwMTEwMTUyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjljZDk2NmNkMGM0MDA5ODQyM2Y5OTRjMmE4YjExNzZlMTFmMDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0y+R5Agk+N2hTkngjk9BI6T7jPgG
n6mZVbSj1VK7MPMG2sV8sOZH6UN1muKex7+Df+rZdg2+9ys2SV/3S1IyINMNp5n/
JYsYVNfP6WI1QWVxFdEZ/hWxmnffV/13wHvlxEGGeaIORe/kbtHdkUQf2yjhe6i6
28yYmMoQ3kR3YIkDkGVl6ljXxff66nmCFvNu4bP7FMTUpcCz8l1jpp2tVu6Cq0hu
/3PDkD8nUg4LXVT46SjKbgRlHRfmcwv88lW3N221cObzHh2hmvriL26KJdHuOO93
McwioIE72qGUTY2ag+qVJfSVt2OHGZrd4wTvcnGpGDL8q/bpBNqjgepzgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC+c2WbNDEAJhCP5lMKosRduEfAxMB8GA1UdIwQY
MBaAFDs6Bdu5x3+hbtEEaXR6XG5uq4jeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3pvRjI3bkhmNkZ1MFFScGRIcGNibTZyaU40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS81YWEwNWEtNzIwZS00ZDU2LWEzYTgt
YTAxYzM3Yjg4NzI4LzEvTDV6WlpzME1RQW1FSV9tVXdxaXhGMjRSOERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS81YWEwNWEtNzIwZS00ZDU2LWEzYTgtYTAxYzM3Yjg4NzI4
LzEvT3pvRjI3bkhmNkZ1MFFScGRIcGNibTZyaU40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYV9MA0G
CSqGSIb3DQEBCwUAA4IBAQB2AZq0Kck97bgVeJfIB9SP7FCAGV0ifNTJ/XgPEPxr
3Mjdrrvy4Oh+q2faZoPT8Nn+W426JbrHbNLMfHxbsNfPVe0k41mV20fVajTGg4pG
00w3z0HAEyZEWLm3lwEDIQyJVy8RbH7N76jo7eOapur6hRI4dttqjFuDgCINoiL7
GOf+2SfcONBs3PzygJ/v+rhSJ/BEeKopnzdxI/1K7pNSv+OkmRPA0tT9FKEKWWDZ
0uOjqZM9NohmYThll0fCrybdSliE7CE/aMg6rOtcKgy4yU/R+XkYzj/1aLOYmhVe
quysp9CCQ9kHsv7HzOz7M/dCahcjh5ASCypXbbRybcCD
-----END CERTIFICATE-----