Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/pZNFDPvdBTd3WIPSHy9o_ma5-Xo.roa
File:                     pZNFDPvdBTd3WIPSHy9o_ma5-Xo.roa (raw, json)
Hash identifier:          nZ0LseT+QyB8bcYymgQ8yg2WxZFkMnazj9d4sxL1Mc8=
Subject key identifier:   A5:93:45:0C:FB:DD:05:37:77:58:83:D2:1F:2F:68:FE:66:B9:F9:7A
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFA568C5DAF9801A34CC319B3C034D
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/pZNFDPvdBTd3WIPSHy9o_ma5-Xo.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201670
IP address blocks:        185.229.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a5:68:c5:da:f9:80:1a:34:cc:31:9b:3c:03:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a593450cfbdd0537775883d21f2f68fe66b9f97a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:be:3d:a7:6c:c9:00:0d:58:97:fd:5f:85:5c:
                    dd:d6:9e:a9:d0:8f:4a:83:81:68:06:82:cb:a4:e2:
                    15:b2:57:91:c6:89:1d:fa:66:84:7e:be:81:44:e6:
                    4b:6a:db:09:35:f2:cb:e3:40:66:35:92:f8:80:2c:
                    be:7f:14:51:31:af:e2:4e:3d:63:75:96:e7:9e:2f:
                    91:d7:a1:7a:32:a4:c6:c2:b5:05:54:4b:8e:e5:3d:
                    1a:fc:59:bf:06:44:b6:7e:c1:f1:cf:5c:1a:ea:cd:
                    5a:5c:8e:ed:c6:fc:95:f2:f4:50:2b:d2:8e:af:39:
                    49:d5:ac:c9:2b:58:eb:48:95:2c:63:ff:25:23:fb:
                    82:c8:e5:7f:af:1d:0f:c4:4e:75:91:9d:22:bc:20:
                    74:df:9e:db:d1:25:cb:71:5e:f1:90:3c:4c:5d:ec:
                    3a:24:55:9a:15:b9:c7:ba:75:bf:b5:b1:46:9c:f1:
                    55:9d:52:1b:ad:60:77:a7:11:4e:52:48:ba:f0:64:
                    25:89:29:87:f4:6c:45:5f:95:ee:d8:65:1c:d1:40:
                    14:30:68:d9:b3:ba:06:7f:15:0e:66:fb:c7:38:e1:
                    fc:16:6c:4d:73:67:8b:ed:b1:1c:ec:3a:27:95:17:
                    01:36:cd:79:8e:3c:30:c5:68:8a:ec:f5:82:44:4e:
                    4e:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:93:45:0C:FB:DD:05:37:77:58:83:D2:1F:2F:68:FE:66:B9:F9:7A
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/pZNFDPvdBTd3WIPSHy9o_ma5-Xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:77:e8:1a:1a:49:00:82:de:73:f5:3c:ea:4b:98:ca:d6:d9:
         23:01:31:2f:84:b2:9d:bb:1d:92:8f:ed:d5:23:b2:fc:25:ca:
         0b:70:6e:07:70:ab:26:74:59:bc:39:af:3a:ae:4a:11:4d:bd:
         ec:5a:4f:3a:99:a5:25:df:4e:63:84:45:d5:bb:5c:07:8f:b3:
         a7:25:38:5e:b5:7c:65:d1:78:c2:1f:72:f4:d1:8d:e0:f6:bf:
         cb:52:ef:ae:d6:41:a3:a0:0c:78:ef:00:8a:34:b4:e3:2b:73:
         62:42:0b:f3:fd:ca:e5:ac:9d:7a:94:03:e5:59:70:e7:73:80:
         05:3c:63:1e:ab:ef:1a:03:00:08:4b:48:a5:0f:ba:81:13:16:
         6f:c6:b2:46:a2:d4:bf:e5:64:ab:a2:7f:bc:58:8b:14:6a:ba:
         3b:ef:db:70:3c:b1:2a:7a:8d:17:ad:c4:f7:d0:ef:3c:c8:94:
         b6:3d:d7:6c:1f:4c:50:4d:35:af:2b:ac:8e:b8:e1:d2:14:5a:
         03:46:38:fa:81:54:16:bc:2b:c6:15:7d:83:c6:18:95:ed:01:
         f4:82:93:b3:1f:c4:ed:9f:25:9c:66:d0:8c:a9:22:23:8d:81:
         8a:76:62:3b:21:3c:6d:70:92:35:12:02:60:cb:b6:c3:a4:35:
         e9:51:41:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36Voxdr5gBo0zDGbPANNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTkzNDUwY2ZiZGQwNTM3Nzc1ODgzZDIxZjJmNjhmZTY2YjlmOTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn749p2zJAA1Yl/1fhVzd1p6p0I9K
g4FoBoLLpOIVsleRxokd+maEfr6BROZLatsJNfLL40BmNZL4gCy+fxRRMa/iTj1j
dZbnni+R16F6MqTGwrUFVEuO5T0a/Fm/BkS2fsHxz1wa6s1aXI7txvyV8vRQK9KO
rzlJ1azJK1jrSJUsY/8lI/uCyOV/rx0PxE51kZ0ivCB0357b0SXLcV7xkDxMXew6
JFWaFbnHunW/tbFGnPFVnVIbrWB3pxFOUki68GQliSmH9GxFX5Xu2GUc0UAUMGjZ
s7oGfxUOZvvHOOH8FmxNc2eL7bEc7DonlRcBNs15jjwwxWiK7PWCRE5OzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKWTRQz73QU3d1iD0h8vaP5mufl6MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvcFpORkRQdmRCVGQzV0lQU0h5OW9fbWE1LVhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueVAMA0G
CSqGSIb3DQEBCwUAA4IBAQBDd+gaGkkAgt5z9TzqS5jK1tkjATEvhLKdux2Sj+3V
I7L8JcoLcG4HcKsmdFm8Oa86rkoRTb3sWk86maUl305jhEXVu1wHj7OnJThetXxl
0XjCH3L00Y3g9r/LUu+u1kGjoAx47wCKNLTjK3NiQgvz/crlrJ16lAPlWXDnc4AF
PGMeq+8aAwAIS0ilD7qBExZvxrJGotS/5WSron+8WIsUaro779twPLEqeo0XrcT3
0O88yJS2PddsH0xQTTWvK6yOuOHSFFoDRjj6gVQWvCvGFX2DxhiV7QH0gpOzH8Tt
nyWcZtCMqSIjjYGKdmI7ITxtcJI1EgJgy7bDpDXpUUHG
-----END CERTIFICATE-----