Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/29zIcJ5xEqNJTXSn8IWN1Ehy3eY.roa
File:                     29zIcJ5xEqNJTXSn8IWN1Ehy3eY.roa (raw, json)
Hash identifier:          XrKQwTdcNNE4Qjl30eo9rk+TvKlTAI8u1ULF3Scob9I=
Subject key identifier:   DB:DC:C8:70:9E:71:12:A3:49:4D:74:A7:F0:85:8D:D4:48:72:DD:E6
Certificate issuer:       /CN=4e3c01ba0c5cbf20ae3e93ca3d379e62df5c959a
Certificate serial:       018CC3B676CA526F0FF643118F4CFB0E092C
Authority key identifier: 4E:3C:01:BA:0C:5C:BF:20:AE:3E:93:CA:3D:37:9E:62:DF:5C:95:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TjwBugxcvyCuPpPKPTeeYt9clZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/29zIcJ5xEqNJTXSn8IWN1Ehy3eY.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18106
IP address blocks:        185.5.132.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/TjwBugxcvyCuPpPKPTeeYt9clZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/TjwBugxcvyCuPpPKPTeeYt9clZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TjwBugxcvyCuPpPKPTeeYt9clZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:76:ca:52:6f:0f:f6:43:11:8f:4c:fb:0e:09:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e3c01ba0c5cbf20ae3e93ca3d379e62df5c959a
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbdcc8709e7112a3494d74a7f0858dd44872dde6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:cf:af:41:84:79:35:a5:8f:9e:c7:5f:f7:77:
                    f7:e3:5e:9f:e1:2d:50:4e:88:51:df:86:23:ad:3a:
                    36:30:80:41:f0:80:dc:99:90:10:40:ea:64:4f:e9:
                    a9:9e:1e:02:3c:4d:28:e2:50:75:e6:e4:9a:88:77:
                    0a:be:f0:54:c2:8f:6c:c1:4a:7a:0e:8a:e6:7f:6e:
                    fb:dc:95:e5:3f:d5:52:eb:8b:bd:52:13:e2:12:8e:
                    82:20:1a:0e:7a:36:d0:57:da:c7:74:ab:e9:12:10:
                    bc:6c:99:1f:37:02:94:1c:30:6b:f3:4a:77:63:86:
                    ff:d0:d3:26:50:7d:ab:ba:2a:d9:9a:a0:3b:95:7f:
                    ff:3c:48:a5:f6:99:c0:12:8c:86:9d:8f:f0:51:a6:
                    40:6a:40:dd:38:86:dc:db:06:1c:c8:af:5b:b2:b8:
                    10:cd:25:37:8d:52:1c:0d:38:80:4a:8b:a1:4a:86:
                    7a:46:14:d5:e1:51:a4:e0:4a:20:18:7d:b7:47:4d:
                    cb:29:a3:e5:85:00:3c:14:10:27:75:3a:95:a6:25:
                    c1:44:97:84:48:84:16:5c:f3:1d:59:41:b2:e1:87:
                    cb:96:e9:d9:f7:0e:3a:23:41:85:05:8d:e8:cb:f6:
                    fb:d1:00:1e:cd:95:65:d8:2b:ee:ac:1f:2b:50:c0:
                    b1:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:DC:C8:70:9E:71:12:A3:49:4D:74:A7:F0:85:8D:D4:48:72:DD:E6
            X509v3 Authority Key Identifier:
                keyid:4E:3C:01:BA:0C:5C:BF:20:AE:3E:93:CA:3D:37:9E:62:DF:5C:95:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TjwBugxcvyCuPpPKPTeeYt9clZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/29zIcJ5xEqNJTXSn8IWN1Ehy3eY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/b8e773-4e71-4d09-b74a-b27f552672e0/1/TjwBugxcvyCuPpPKPTeeYt9clZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:e0:a9:38:21:9c:65:af:55:f9:5d:7c:07:1e:94:50:4a:72:
         47:e6:99:36:0b:cc:6f:5c:c0:84:82:13:8c:98:7d:e7:08:ae:
         40:2b:f9:1c:d5:b9:48:a3:78:93:da:bf:73:82:aa:4f:4c:6c:
         b8:90:c0:da:d0:e0:42:ae:c1:65:78:ca:1e:fd:9e:06:e0:58:
         21:99:a0:42:90:a0:9a:b6:18:c6:b1:60:34:ee:3a:c3:e9:c4:
         65:72:bf:08:e6:11:be:2c:03:f0:de:a2:52:0a:57:42:53:52:
         20:97:56:d6:77:47:37:4d:3e:7f:8c:5a:3c:3c:d2:01:74:0b:
         36:b5:57:ac:37:11:42:94:02:88:81:eb:29:97:6f:43:9b:0e:
         ef:77:cf:60:fb:1f:c2:58:5e:c8:86:ea:6b:39:67:28:c8:38:
         7b:c9:49:69:87:c5:f0:5d:9e:d3:a1:8a:76:53:82:46:c0:78:
         d6:42:5c:17:52:d1:a1:fe:aa:7a:66:20:96:74:cd:41:e7:e7:
         c4:e5:e8:51:10:d7:fa:20:5a:24:1d:09:6b:83:4c:d2:08:ea:
         ca:f9:07:ce:ca:49:02:f2:28:08:18:e4:12:5d:90:ee:bc:cc:
         99:b9:2c:83:d6:41:cf:29:0f:ac:94:b9:d9:72:d2:1c:64:74:
         bf:f8:ab:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnbKUm8P9kMRj0z7DgksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlM2MwMWJhMGM1Y2JmMjBhZTNlOTNjYTNkMzc5ZTYyZGY1
Yzk1OWEwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmRjYzg3MDllNzExMmEzNDk0ZDc0YTdmMDg1OGRkNDQ4NzJkZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8+vQYR5NaWPnsdf93f3416f4S1Q
TohR34YjrTo2MIBB8IDcmZAQQOpkT+mpnh4CPE0o4lB15uSaiHcKvvBUwo9swUp6
Dormf2773JXlP9VS64u9UhPiEo6CIBoOejbQV9rHdKvpEhC8bJkfNwKUHDBr80p3
Y4b/0NMmUH2ruirZmqA7lX//PEil9pnAEoyGnY/wUaZAakDdOIbc2wYcyK9bsrgQ
zSU3jVIcDTiASouhSoZ6RhTV4VGk4EogGH23R03LKaPlhQA8FBAndTqVpiXBRJeE
SIQWXPMdWUGy4YfLlunZ9w46I0GFBY3oy/b70QAezZVl2CvurB8rUMCxOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvcyHCecRKjSU10p/CFjdRIct3mMB8GA1UdIwQY
MBaAFE48AboMXL8grj6Tyj03nmLfXJWaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGp3QnVneGN2eUN1UHBQS1BUZWVZdDljbFpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9iOGU3NzMtNGU3MS00ZDA5LWI3NGEt
YjI3ZjU1MjY3MmUwLzEvMjl6SWNKNXhFcU5KVFhTbjhJV04xRWh5M2VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9iOGU3NzMtNGU3MS00ZDA5LWI3NGEtYjI3ZjU1MjY3MmUw
LzEvVGp3QnVneGN2eUN1UHBQS1BUZWVZdDljbFpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQWEMA0G
CSqGSIb3DQEBCwUAA4IBAQCY4Kk4IZxlr1X5XXwHHpRQSnJH5pk2C8xvXMCEghOM
mH3nCK5AK/kc1blIo3iT2r9zgqpPTGy4kMDa0OBCrsFleMoe/Z4G4FghmaBCkKCa
thjGsWA07jrD6cRlcr8I5hG+LAPw3qJSCldCU1Igl1bWd0c3TT5/jFo8PNIBdAs2
tVesNxFClAKIgespl29Dmw7vd89g+x/CWF7IhuprOWcoyDh7yUlph8XwXZ7ToYp2
U4JGwHjWQlwXUtGh/qp6ZiCWdM1B5+fE5ehRENf6IFokHQlrg0zSCOrK+QfOykkC
8igIGOQSXZDuvMyZuSyD1kHPKQ+slLnZctIcZHS/+KvI
-----END CERTIFICATE-----