Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/0e19fe-0ad9-48e0-9b7b-452561935031/1/zNN0uo_i9yq7FSluRhWWc4VNpY8.roa
File:                     zNN0uo_i9yq7FSluRhWWc4VNpY8.roa (raw, json)
Hash identifier:          Fu/wKT/5GRuFZfZ9jmBdgI8k93Ap0krxA/X+M2FDf7g=
Subject key identifier:   CC:D3:74:BA:8F:E2:F7:2A:BB:15:29:6E:46:15:96:73:85:4D:A5:8F
Certificate issuer:       /CN=d9e1019bbe11b55114874c961716eb238a11cd4e
Certificate serial:       018CCA9978D7E313FB415F6246FBE5A821F5
Authority key identifier: D9:E1:01:9B:BE:11:B5:51:14:87:4C:96:17:16:EB:23:8A:11:CD:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2eEBm74RtVEUh0yWFxbrI4oRzU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/0e19fe-0ad9-48e0-9b7b-452561935031/1/zNN0uo_i9yq7FSluRhWWc4VNpY8.roa
Signing time:             Tue 02 Jan 2024 14:35:04 +0000
ROA not before:           Tue 02 Jan 2024 14:35:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201133
IP address blocks:        185.148.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/0e19fe-0ad9-48e0-9b7b-452561935031/1/2eEBm74RtVEUh0yWFxbrI4oRzU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/0e19fe-0ad9-48e0-9b7b-452561935031/1/2eEBm74RtVEUh0yWFxbrI4oRzU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2eEBm74RtVEUh0yWFxbrI4oRzU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:78:d7:e3:13:fb:41:5f:62:46:fb:e5:a8:21:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9e1019bbe11b55114874c961716eb238a11cd4e
        Validity
            Not Before: Jan  2 14:35:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccd374ba8fe2f72abb15296e46159673854da58f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:1f:e4:a4:b8:5f:1c:d2:f6:cb:bc:7f:1e:50:
                    88:da:1e:4e:60:7e:66:f1:ac:f0:8b:8f:93:cb:52:
                    28:f5:40:32:34:e0:9e:0c:f1:25:63:47:09:e2:97:
                    d0:2d:d8:55:e0:8b:b3:3b:99:31:fa:48:d2:14:fd:
                    8d:33:29:a3:c6:b3:42:2e:2e:19:80:41:3c:ff:46:
                    42:c2:e2:57:9e:87:97:60:a3:62:03:fd:80:98:81:
                    fa:a2:be:73:ad:7e:0b:dc:be:e5:3f:65:7c:2a:ce:
                    e9:bb:b6:fe:77:b5:1e:e7:0d:25:1d:c6:f7:94:a9:
                    b7:21:68:e7:ed:d5:82:41:58:58:93:cd:fd:7a:93:
                    e0:32:4e:16:3a:50:c6:47:e9:75:a6:2c:a1:a2:79:
                    d2:8c:1a:f6:29:a6:17:e9:ae:c2:8a:e9:70:bf:d2:
                    91:8f:3b:e0:9e:1f:6d:f7:29:e5:a4:5c:68:d0:68:
                    0b:72:ca:c0:08:88:22:64:d1:82:3f:18:76:e1:b8:
                    8f:c2:8b:29:4e:e9:83:c3:be:21:d0:bb:ee:05:c5:
                    1e:e9:5d:90:4e:c3:92:75:c6:20:d2:8b:e0:78:96:
                    f6:c8:19:b9:b8:db:e9:c6:4c:c4:ec:91:6e:87:39:
                    44:ea:41:4b:7c:ca:8b:66:6e:ad:50:83:4e:c4:36:
                    a1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:D3:74:BA:8F:E2:F7:2A:BB:15:29:6E:46:15:96:73:85:4D:A5:8F
            X509v3 Authority Key Identifier:
                keyid:D9:E1:01:9B:BE:11:B5:51:14:87:4C:96:17:16:EB:23:8A:11:CD:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2eEBm74RtVEUh0yWFxbrI4oRzU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/0e19fe-0ad9-48e0-9b7b-452561935031/1/zNN0uo_i9yq7FSluRhWWc4VNpY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/0e19fe-0ad9-48e0-9b7b-452561935031/1/2eEBm74RtVEUh0yWFxbrI4oRzU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:52:a7:48:59:bc:1d:42:25:30:92:b5:db:06:44:64:69:a9:
         97:f7:87:40:07:6f:ad:e9:c9:21:9c:8a:5f:f6:1f:68:50:97:
         44:9f:a1:10:ae:ac:61:07:9e:02:8a:88:b6:de:11:4a:8a:7e:
         5c:e9:a8:9a:29:7e:d9:5a:63:8a:c2:98:f4:0a:1f:96:8c:d0:
         22:3b:d5:64:51:f8:d0:b7:a6:0e:82:0b:4e:96:ef:eb:b1:ca:
         ee:db:c3:14:f7:a8:37:23:2b:53:d5:68:10:96:c1:1c:53:83:
         ea:a4:ce:f7:06:87:22:aa:45:80:88:8a:25:24:24:18:f0:f0:
         77:b2:c2:78:c7:07:4a:64:22:a7:f6:91:44:f5:31:7b:2c:e0:
         e5:83:c6:a9:40:55:3f:54:96:6a:58:87:7e:ca:3d:cb:14:97:
         5d:98:23:ad:c7:5f:29:d0:c2:4a:8f:26:74:7c:f0:35:ca:68:
         2e:d8:35:c2:33:dd:b2:ff:83:7b:aa:b6:73:f6:0f:1d:1d:7f:
         1f:09:76:fb:cb:9e:8c:f0:8a:48:29:d7:dd:25:f5:62:f0:84:
         e0:46:71:96:01:cd:ca:5a:23:c3:11:b1:60:58:d7:80:a3:28:
         a4:b4:14:d3:29:e8:24:dd:09:22:91:96:59:fd:dd:66:37:16:
         4c:75:79:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmXjX4xP7QV9iRvvlqCH1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZTEwMTliYmUxMWI1NTExNDg3NGM5NjE3MTZlYjIzOGEx
MWNkNGUwHhcNMjQwMTAyMTQzNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2QzNzRiYThmZTJmNzJhYmIxNTI5NmU0NjE1OTY3Mzg1NGRhNThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAux/kpLhfHNL2y7x/HlCI2h5OYH5m
8azwi4+Ty1Io9UAyNOCeDPElY0cJ4pfQLdhV4IuzO5kx+kjSFP2NMymjxrNCLi4Z
gEE8/0ZCwuJXnoeXYKNiA/2AmIH6or5zrX4L3L7lP2V8Ks7pu7b+d7Ue5w0lHcb3
lKm3IWjn7dWCQVhYk839epPgMk4WOlDGR+l1piyhonnSjBr2KaYX6a7Ciulwv9KR
jzvgnh9t9ynlpFxo0GgLcsrACIgiZNGCPxh24biPwospTumDw74h0LvuBcUe6V2Q
TsOSdcYg0ovgeJb2yBm5uNvpxkzE7JFuhzlE6kFLfMqLZm6tUINOxDah5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzTdLqP4vcquxUpbkYVlnOFTaWPMB8GA1UdIwQY
MBaAFNnhAZu+EbVRFIdMlhcW6yOKEc1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmVFQm03NFJ0VkVVaDB5V0Z4YnJJNG9SelU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8wZTE5ZmUtMGFkOS00OGUwLTliN2It
NDUyNTYxOTM1MDMxLzEvek5OMHVvX2k5eXE3RlNsdVJoV1djNFZOcFk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8wZTE5ZmUtMGFkOS00OGUwLTliN2ItNDUyNTYxOTM1MDMx
LzEvMmVFQm03NFJ0VkVVaDB5V0Z4YnJJNG9SelU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZSQMA0G
CSqGSIb3DQEBCwUAA4IBAQBRUqdIWbwdQiUwkrXbBkRkaamX94dAB2+t6ckhnIpf
9h9oUJdEn6EQrqxhB54Cioi23hFKin5c6aiaKX7ZWmOKwpj0Ch+WjNAiO9VkUfjQ
t6YOggtOlu/rscru28MU96g3IytT1WgQlsEcU4PqpM73BociqkWAiIolJCQY8PB3
ssJ4xwdKZCKn9pFE9TF7LODlg8apQFU/VJZqWId+yj3LFJddmCOtx18p0MJKjyZ0
fPA1ymgu2DXCM92y/4N7qrZz9g8dHX8fCXb7y56M8IpIKdfdJfVi8ITgRnGWAc3K
WiPDEbFgWNeAoyiktBTTKegk3QkikZZZ/d1mNxZMdXng
-----END CERTIFICATE-----