Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/32f453-f797-4019-a086-74b6faa3c877/1/pzJNGuVtTeZ74uSc8rEjlDKHkAo.roa
File:                     pzJNGuVtTeZ74uSc8rEjlDKHkAo.roa (raw, json)
Hash identifier:          HoDwdJIe32MW1tTuxW+BbSgcKAhcvya6iAh7O3HZMYs=
Subject key identifier:   A7:32:4D:1A:E5:6D:4D:E6:7B:E2:E4:9C:F2:B1:23:94:32:87:90:0A
Certificate issuer:       /CN=5a1829ad467b4e73ffe691ec146b56b36909f51a
Certificate serial:       018CC26D525F083FC06B68366E8DCE2ED3AF
Authority key identifier: 5A:18:29:AD:46:7B:4E:73:FF:E6:91:EC:14:6B:56:B3:69:09:F5:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WhgprUZ7TnP_5pHsFGtWs2kJ9Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/32f453-f797-4019-a086-74b6faa3c877/1/pzJNGuVtTeZ74uSc8rEjlDKHkAo.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61064
IP address blocks:        185.183.224.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/32f453-f797-4019-a086-74b6faa3c877/1/WhgprUZ7TnP_5pHsFGtWs2kJ9Ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/32f453-f797-4019-a086-74b6faa3c877/1/WhgprUZ7TnP_5pHsFGtWs2kJ9Ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WhgprUZ7TnP_5pHsFGtWs2kJ9Ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:52:5f:08:3f:c0:6b:68:36:6e:8d:ce:2e:d3:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a1829ad467b4e73ffe691ec146b56b36909f51a
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7324d1ae56d4de67be2e49cf2b123943287900a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2f:84:86:f0:7a:8c:92:99:38:ab:02:0c:e4:
                    18:60:3c:0e:46:53:7b:47:f7:b7:88:a0:4f:a2:ba:
                    b6:ad:b9:32:07:83:91:53:e4:ee:bd:e5:fa:b6:18:
                    fc:15:8d:18:a2:aa:95:38:35:e3:a9:e9:fb:d1:74:
                    9f:16:ef:b6:c2:fa:fa:d5:ec:60:a3:78:a0:cc:b5:
                    00:44:60:52:da:29:60:a3:66:b6:d2:96:92:27:8e:
                    4c:2e:f9:ff:58:1a:5a:06:5e:09:d6:8b:57:49:4a:
                    92:95:dd:47:8f:32:1e:0d:b6:c0:90:fa:c6:59:64:
                    f8:2f:bc:8e:61:8d:91:c0:01:e9:9f:23:2a:1d:8c:
                    f2:5c:d5:49:84:a7:d3:fc:92:61:1a:fc:ec:68:4d:
                    7b:4d:e6:93:4b:61:04:95:45:b5:01:c0:91:5d:35:
                    b7:88:c3:5b:ff:08:ea:a8:2c:a3:20:4b:e8:17:ec:
                    10:06:b7:5d:0d:dc:3d:9f:23:0c:92:11:ad:a9:85:
                    70:b0:03:aa:60:a3:12:11:55:62:e7:b0:18:9f:04:
                    90:a3:14:03:31:d7:fc:72:ef:49:19:ec:86:97:46:
                    56:13:66:26:08:23:ed:06:b0:8d:83:ec:fa:5a:73:
                    98:19:9a:5e:ef:f8:00:7f:2e:d8:41:41:93:64:9f:
                    b4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:32:4D:1A:E5:6D:4D:E6:7B:E2:E4:9C:F2:B1:23:94:32:87:90:0A
            X509v3 Authority Key Identifier:
                keyid:5A:18:29:AD:46:7B:4E:73:FF:E6:91:EC:14:6B:56:B3:69:09:F5:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WhgprUZ7TnP_5pHsFGtWs2kJ9Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/32f453-f797-4019-a086-74b6faa3c877/1/pzJNGuVtTeZ74uSc8rEjlDKHkAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/32f453-f797-4019-a086-74b6faa3c877/1/WhgprUZ7TnP_5pHsFGtWs2kJ9Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:e1:d8:4e:61:96:24:4e:40:76:7d:67:aa:b5:62:cb:90:68:
         af:8a:71:2e:35:ff:b3:e8:af:20:c9:80:5e:48:53:1e:5e:be:
         fb:30:81:cf:ca:80:b2:6a:cc:95:80:90:c1:c8:8c:2f:f6:cd:
         02:57:6c:de:de:99:a2:cb:ff:73:16:5b:01:95:cf:24:e8:31:
         57:30:d8:0f:de:18:25:a9:9d:62:fc:91:d8:47:d3:f0:6c:86:
         88:0b:b5:f7:59:fb:1f:34:3a:69:9c:dc:4f:bd:5a:dc:77:68:
         82:a8:ca:5f:71:91:26:60:35:4e:59:bd:e2:79:37:a8:9c:09:
         a8:63:a2:bb:77:12:55:88:0f:c9:27:a7:20:a8:cb:78:07:18:
         8d:38:55:2f:69:57:14:ac:7e:c7:c1:cf:e0:b2:d2:04:17:d2:
         92:f6:49:e9:3b:1a:50:ef:90:79:dd:c0:e9:38:17:53:a3:bc:
         fe:2e:11:71:0e:08:a7:c4:78:a9:b2:60:48:25:1f:17:61:ac:
         ef:80:88:d7:5a:c6:a6:b1:21:03:23:b5:b5:00:5f:88:1e:ed:
         95:65:bd:72:09:d5:0e:21:f3:ee:a6:8b:c2:42:01:10:d5:15:
         c0:b8:2c:4e:a8:fa:ec:f6:76:13:6a:ca:ac:f2:b6:b6:e5:95:
         6b:e6:17:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVJfCD/Aa2g2bo3OLtOvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMTgyOWFkNDY3YjRlNzNmZmU2OTFlYzE0NmI1NmIzNjkw
OWY1MWEwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzMyNGQxYWU1NmQ0ZGU2N2JlMmU0OWNmMmIxMjM5NDMyODc5MDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+EhvB6jJKZOKsCDOQYYDwORlN7
R/e3iKBPorq2rbkyB4ORU+TuveX6thj8FY0YoqqVODXjqen70XSfFu+2wvr61exg
o3igzLUARGBS2ilgo2a20paSJ45MLvn/WBpaBl4J1otXSUqSld1HjzIeDbbAkPrG
WWT4L7yOYY2RwAHpnyMqHYzyXNVJhKfT/JJhGvzsaE17TeaTS2EElUW1AcCRXTW3
iMNb/wjqqCyjIEvoF+wQBrddDdw9nyMMkhGtqYVwsAOqYKMSEVVi57AYnwSQoxQD
Mdf8cu9JGeyGl0ZWE2YmCCPtBrCNg+z6WnOYGZpe7/gAfy7YQUGTZJ+0ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcyTRrlbU3me+LknPKxI5Qyh5AKMB8GA1UdIwQY
MBaAFFoYKa1Ge05z/+aR7BRrVrNpCfUaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2hncHJVWjdUblBfNXBIc0ZHdFdzMmtKOVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMmY0NTMtZjc5Ny00MDE5LWEwODYt
NzRiNmZhYTNjODc3LzEvcHpKTkd1VnRUZVo3NHVTYzhyRWpsREtIa0FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMmY0NTMtZjc5Ny00MDE5LWEwODYtNzRiNmZhYTNjODc3
LzEvV2hncHJVWjdUblBfNXBIc0ZHdFdzMmtKOVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubfgMA0G
CSqGSIb3DQEBCwUAA4IBAQBR4dhOYZYkTkB2fWeqtWLLkGivinEuNf+z6K8gyYBe
SFMeXr77MIHPyoCyasyVgJDByIwv9s0CV2ze3pmiy/9zFlsBlc8k6DFXMNgP3hgl
qZ1i/JHYR9PwbIaIC7X3WfsfNDppnNxPvVrcd2iCqMpfcZEmYDVOWb3ieTeonAmo
Y6K7dxJViA/JJ6cgqMt4BxiNOFUvaVcUrH7Hwc/gstIEF9KS9knpOxpQ75B53cDp
OBdTo7z+LhFxDginxHipsmBIJR8XYazvgIjXWsamsSEDI7W1AF+IHu2VZb1yCdUO
IfPupovCQgEQ1RXAuCxOqPrs9nYTasqs8ra25ZVr5hek
-----END CERTIFICATE-----