Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/q2ze9-U1kECz8iyq2AbbubhVvWg.roa
File:                     q2ze9-U1kECz8iyq2AbbubhVvWg.roa (raw, json)
Hash identifier:          CBGlZ8kdsRN0rWw12tEB6PaZibAzpwmxHUW36m3wHlM=
Subject key identifier:   AB:6C:DE:F7:E5:35:90:40:B3:F2:2C:AA:D8:06:DB:B9:B8:55:BD:68
Certificate issuer:       /CN=53f3590809d187f7b361fb24cd43f93f664b20b3
Certificate serial:       018CC80194E7AB8C64A010723FF79D0E3731
Authority key identifier: 53:F3:59:08:09:D1:87:F7:B3:61:FB:24:CD:43:F9:3F:66:4B:20:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U_NZCAnRh_ezYfskzUP5P2ZLILM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/q2ze9-U1kECz8iyq2AbbubhVvWg.roa
Signing time:             Tue 02 Jan 2024 02:29:56 +0000
ROA not before:           Tue 02 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48355
IP address blocks:        185.1.137.0/24 maxlen: 24
                          2001:7f8:db::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/U_NZCAnRh_ezYfskzUP5P2ZLILM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/U_NZCAnRh_ezYfskzUP5P2ZLILM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U_NZCAnRh_ezYfskzUP5P2ZLILM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:94:e7:ab:8c:64:a0:10:72:3f:f7:9d:0e:37:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53f3590809d187f7b361fb24cd43f93f664b20b3
        Validity
            Not Before: Jan  2 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab6cdef7e5359040b3f22caad806dbb9b855bd68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:00:ed:16:f8:94:c3:3a:28:e3:5b:9a:ce:5d:
                    44:30:53:ee:1e:a0:a2:95:11:c8:5d:a7:ca:e7:f3:
                    4e:71:f0:3b:9b:e2:7d:73:ff:50:8f:83:11:b5:c8:
                    c0:10:d0:ca:eb:22:2e:85:c3:1a:bd:2d:81:29:78:
                    19:ad:5f:f7:b3:53:6f:d7:6c:13:e0:35:d7:90:43:
                    36:df:e4:15:cd:62:b7:fa:8c:e6:60:c3:fc:6b:e7:
                    b9:9b:ed:d6:75:77:f6:91:de:37:ac:63:2d:e5:f7:
                    db:02:2a:63:74:fe:a7:54:df:0f:fd:d7:60:9c:d4:
                    a6:03:c4:1e:b4:e6:8a:ee:72:1a:4d:9b:bf:63:3a:
                    01:eb:74:31:5c:33:06:79:c7:de:f7:57:6a:41:85:
                    bc:a2:91:f1:b8:87:b7:c2:64:80:7b:37:a9:00:4e:
                    90:9c:3a:c0:5a:9f:1e:79:f1:ac:26:4f:26:91:b1:
                    41:3c:9c:d5:ff:0f:be:18:d8:11:02:0c:25:83:b4:
                    60:0d:5d:e5:ae:63:74:a7:f2:f9:c6:b5:6a:30:53:
                    13:76:59:23:de:72:a7:93:1e:b6:5d:7c:cd:a9:4a:
                    a7:fa:3d:15:f7:3d:81:ff:ba:e1:b6:01:62:84:17:
                    f1:d2:75:33:53:29:36:c4:81:02:70:49:0b:a8:a0:
                    50:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:6C:DE:F7:E5:35:90:40:B3:F2:2C:AA:D8:06:DB:B9:B8:55:BD:68
            X509v3 Authority Key Identifier:
                keyid:53:F3:59:08:09:D1:87:F7:B3:61:FB:24:CD:43:F9:3F:66:4B:20:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U_NZCAnRh_ezYfskzUP5P2ZLILM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/q2ze9-U1kECz8iyq2AbbubhVvWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/de6383-4ad5-457b-953c-a776fede9905/1/U_NZCAnRh_ezYfskzUP5P2ZLILM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.137.0/24
                IPv6:
                  2001:7f8:db::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:a5:d2:5a:ae:59:57:a1:a6:88:67:d7:75:95:45:2c:78:8f:
         1f:d4:26:e4:96:e2:a1:e5:f4:14:00:9c:c8:cd:ad:97:63:09:
         14:a5:01:0b:e1:b4:31:a7:cc:32:c3:89:c3:ed:b3:cc:fa:5c:
         53:02:01:bc:e8:82:fd:4e:da:4c:ec:51:82:35:ad:4d:f8:bc:
         aa:58:ee:03:3f:32:e6:3e:ca:b6:4f:6b:73:19:83:d1:6a:4c:
         4f:18:1f:99:38:4a:e1:1f:14:09:60:90:57:12:7e:1a:75:92:
         06:be:a7:4a:f5:cc:f7:33:16:6d:1f:02:13:ef:6f:bb:48:a2:
         5e:47:45:22:e1:03:9b:99:4d:af:ec:36:ee:a7:ee:79:ec:27:
         12:5e:77:96:ca:44:16:d8:5a:30:01:bf:32:de:5b:a5:f9:8b:
         d6:fb:d6:61:ea:d0:2a:38:d2:f0:3a:75:57:67:31:5a:fa:35:
         e6:99:01:6e:48:78:b5:dd:eb:e5:3b:00:43:03:13:40:bb:2d:
         22:aa:ee:64:f6:19:14:a1:c9:fa:a7:d3:2c:6c:b9:42:04:11:
         51:56:4b:42:54:3d:2e:3b:79:96:2b:ad:d7:e8:02:21:2d:46:
         70:0c:86:a5:b6:84:f8:38:f7:f7:da:77:49:be:a9:49:96:b4:
         76:2d:6e:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAZTnq4xkoBByP/edDjcxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZjM1OTA4MDlkMTg3ZjdiMzYxZmIyNGNkNDNmOTNmNjY0
YjIwYjMwHhcNMjQwMTAyMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjZjZGVmN2U1MzU5MDQwYjNmMjJjYWFkODA2ZGJiOWI4NTViZDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiADtFviUwzoo41uazl1EMFPuHqCi
lRHIXafK5/NOcfA7m+J9c/9Qj4MRtcjAENDK6yIuhcMavS2BKXgZrV/3s1Nv12wT
4DXXkEM23+QVzWK3+ozmYMP8a+e5m+3WdXf2kd43rGMt5ffbAipjdP6nVN8P/ddg
nNSmA8QetOaK7nIaTZu/YzoB63QxXDMGecfe91dqQYW8opHxuIe3wmSAezepAE6Q
nDrAWp8eefGsJk8mkbFBPJzV/w++GNgRAgwlg7RgDV3lrmN0p/L5xrVqMFMTdlkj
3nKnkx62XXzNqUqn+j0V9z2B/7rhtgFihBfx0nUzUyk2xIECcEkLqKBQDwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKts3vflNZBAs/IsqtgG27m4Vb1oMB8GA1UdIwQY
MBaAFFPzWQgJ0Yf3s2H7JM1D+T9mSyCzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVV9OWkNBblJoX2V6WWZza3pVUDVQMlpMSUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9kZTYzODMtNGFkNS00NTdiLTk1M2Mt
YTc3NmZlZGU5OTA1LzEvcTJ6ZTktVTFrRUN6OGl5cTJBYmJ1YmhWdldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9kZTYzODMtNGFkNS00NTdiLTk1M2MtYTc3NmZlZGU5OTA1
LzEvVV9OWkNBblJoX2V6WWZza3pVUDVQMlpMSUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQGJMA8E
AgACMAkDBwAgAQf4ANswDQYJKoZIhvcNAQELBQADggEBAFal0lquWVehpohn13WV
RSx4jx/UJuSW4qHl9BQAnMjNrZdjCRSlAQvhtDGnzDLDicPts8z6XFMCAbzogv1O
2kzsUYI1rU34vKpY7gM/MuY+yrZPa3MZg9FqTE8YH5k4SuEfFAlgkFcSfhp1kga+
p0r1zPczFm0fAhPvb7tIol5HRSLhA5uZTa/sNu6n7nnsJxJed5bKRBbYWjABvzLe
W6X5i9b71mHq0Co40vA6dVdnMVr6NeaZAW5IeLXd6+U7AEMDE0C7LSKq7mT2GRSh
yfqn0yxsuUIEEVFWS0JUPS47eZYrrdfoAiEtRnAMhqW2hPg49/fad0m+qUmWtHYt
bh0=
-----END CERTIFICATE-----