Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/48a8ba-dc61-42bd-943a-c31fa71e2635/1/Z0P5zgLP1nE9kdWL54jNDy7Jd2Y.roa
File:                     Z0P5zgLP1nE9kdWL54jNDy7Jd2Y.roa (raw, json)
Hash identifier:          APBcBBHqwwL7hsBuUTHlF+wttk4SnW6CcnsIwpY/Lk8=
Subject key identifier:   67:43:F9:CE:02:CF:D6:71:3D:91:D5:8B:E7:88:CD:0F:2E:C9:77:66
Certificate issuer:       /CN=e695cfb36fe5a1f384cc778ae299acab81c27bfa
Certificate serial:       018CC2DB276EA31ADF9A4B5E10FE79FC68F9
Authority key identifier: E6:95:CF:B3:6F:E5:A1:F3:84:CC:77:8A:E2:99:AC:AB:81:C2:7B:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5pXPs2_lofOEzHeK4pmsq4HCe_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/48a8ba-dc61-42bd-943a-c31fa71e2635/1/Z0P5zgLP1nE9kdWL54jNDy7Jd2Y.roa
Signing time:             Mon 01 Jan 2024 02:29:51 +0000
ROA not before:           Mon 01 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60237
IP address blocks:        185.34.44.0/22 maxlen: 22
                          2a00:d5e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/48a8ba-dc61-42bd-943a-c31fa71e2635/1/5pXPs2_lofOEzHeK4pmsq4HCe_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/48a8ba-dc61-42bd-943a-c31fa71e2635/1/5pXPs2_lofOEzHeK4pmsq4HCe_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5pXPs2_lofOEzHeK4pmsq4HCe_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:27:6e:a3:1a:df:9a:4b:5e:10:fe:79:fc:68:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e695cfb36fe5a1f384cc778ae299acab81c27bfa
        Validity
            Not Before: Jan  1 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6743f9ce02cfd6713d91d58be788cd0f2ec97766
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0e:86:62:12:0d:44:42:36:5d:5d:41:17:05:
                    01:8c:6e:26:c0:c0:89:40:75:b9:c1:44:f2:03:fd:
                    82:9d:07:59:e4:34:a2:49:ad:bc:05:04:09:e3:3e:
                    44:da:e5:67:bb:0b:d9:b2:0f:fc:5f:c4:5a:70:cf:
                    28:36:a0:19:1c:7c:a7:7a:48:81:88:de:c7:f6:b8:
                    b8:74:fb:1a:b0:66:a0:16:62:58:c8:56:8f:59:29:
                    1d:39:0b:68:7d:50:ac:ff:97:42:3a:29:80:b1:84:
                    66:0f:62:57:eb:2c:9e:ee:47:e8:75:f2:82:e3:b4:
                    e1:78:88:7b:6c:22:a8:45:c1:2e:4b:b3:c5:3b:07:
                    b2:e7:3b:e2:97:44:86:70:21:ce:24:c2:c3:77:09:
                    b2:b7:0c:a0:39:98:0b:b3:73:7e:b9:38:c7:85:d9:
                    7d:ed:fa:e0:be:03:0a:56:33:71:aa:61:05:53:51:
                    b4:23:83:21:3f:b4:7c:e8:68:b8:03:8c:70:de:98:
                    09:cc:7f:8d:d7:61:2e:a0:f4:0a:34:e3:89:10:4a:
                    f7:19:f9:9a:46:41:f3:14:e2:bd:94:72:67:49:0f:
                    21:28:57:bb:73:94:b3:70:ad:04:16:18:e5:59:e5:
                    df:a6:e7:a8:43:f8:f8:12:d0:de:a2:9c:28:89:c2:
                    a6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:43:F9:CE:02:CF:D6:71:3D:91:D5:8B:E7:88:CD:0F:2E:C9:77:66
            X509v3 Authority Key Identifier:
                keyid:E6:95:CF:B3:6F:E5:A1:F3:84:CC:77:8A:E2:99:AC:AB:81:C2:7B:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5pXPs2_lofOEzHeK4pmsq4HCe_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/48a8ba-dc61-42bd-943a-c31fa71e2635/1/Z0P5zgLP1nE9kdWL54jNDy7Jd2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/48a8ba-dc61-42bd-943a-c31fa71e2635/1/5pXPs2_lofOEzHeK4pmsq4HCe_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.44.0/22
                IPv6:
                  2a00:d5e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:4e:02:09:d2:11:02:38:ac:2f:ff:5c:59:03:c4:f2:bd:22:
         6e:ae:02:eb:0f:dd:93:6f:d3:44:e8:39:ee:56:f0:81:0c:3c:
         75:c0:c7:66:67:4a:95:52:2c:13:dc:a1:f3:16:e5:eb:fd:73:
         8c:79:54:4d:19:c4:be:32:18:ac:2e:1a:da:ee:ef:6b:82:15:
         20:f1:c5:47:3d:1a:4d:8e:a6:df:15:3b:03:02:57:12:b1:14:
         12:c1:73:83:5f:dd:02:f5:5a:85:1d:19:21:b7:2e:68:bb:3a:
         4f:63:cb:5b:3c:04:b5:1f:49:91:d5:63:12:c7:bc:76:c6:b4:
         ad:44:f9:5f:71:8e:df:ae:99:2b:ef:7e:f1:cc:07:da:d8:57:
         34:57:45:4e:b1:64:02:bf:ae:b1:29:82:37:b6:59:6b:a7:27:
         92:b1:bc:51:10:26:42:a7:4c:68:de:ef:d0:5c:2c:cd:8f:7c:
         9a:98:1c:65:6c:fd:e5:61:9f:bd:d1:e4:6b:8b:69:ca:44:3b:
         14:b3:b5:18:92:7e:67:1f:dc:ef:37:62:d6:5b:b0:46:3b:b1:
         77:89:c5:e2:26:bf:96:8a:53:07:dc:2d:24:85:a7:74:30:15:
         d5:48:a9:02:f8:a4:97:19:4f:75:09:d6:73:11:11:42:a7:99:
         52:a1:09:f7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2yduoxrfmkteEP55/Gj5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2OTVjZmIzNmZlNWExZjM4NGNjNzc4YWUyOTlhY2FiODFj
MjdiZmEwHhcNMjQwMTAxMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQzZjljZTAyY2ZkNjcxM2Q5MWQ1OGJlNzg4Y2QwZjJlYzk3NzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAog6GYhINREI2XV1BFwUBjG4mwMCJ
QHW5wUTyA/2CnQdZ5DSiSa28BQQJ4z5E2uVnuwvZsg/8X8RacM8oNqAZHHynekiB
iN7H9ri4dPsasGagFmJYyFaPWSkdOQtofVCs/5dCOimAsYRmD2JX6yye7kfodfKC
47TheIh7bCKoRcEuS7PFOwey5zvil0SGcCHOJMLDdwmytwygOZgLs3N+uTjHhdl9
7frgvgMKVjNxqmEFU1G0I4MhP7R86Gi4A4xw3pgJzH+N12EuoPQKNOOJEEr3Gfma
RkHzFOK9lHJnSQ8hKFe7c5SzcK0EFhjlWeXfpueoQ/j4EtDeopwoicKmgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGdD+c4Cz9ZxPZHVi+eIzQ8uyXdmMB8GA1UdIwQY
MBaAFOaVz7Nv5aHzhMx3iuKZrKuBwnv6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXBYUHMyX2xvZk9FekhlSzRwbXNxNEhDZV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi80OGE4YmEtZGM2MS00MmJkLTk0M2Et
YzMxZmE3MWUyNjM1LzEvWjBQNXpnTFAxbkU5a2RXTDU0ak5EeTdKZDJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi80OGE4YmEtZGM2MS00MmJkLTk0M2EtYzMxZmE3MWUyNjM1
LzEvNXBYUHMyX2xvZk9FekhlSzRwbXNxNEhDZV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSIsMA0E
AgACMAcDBQAqANXgMA0GCSqGSIb3DQEBCwUAA4IBAQAFTgIJ0hECOKwv/1xZA8Ty
vSJurgLrD92Tb9NE6DnuVvCBDDx1wMdmZ0qVUiwT3KHzFuXr/XOMeVRNGcS+Mhis
Lhra7u9rghUg8cVHPRpNjqbfFTsDAlcSsRQSwXODX90C9VqFHRkhty5ouzpPY8tb
PAS1H0mR1WMSx7x2xrStRPlfcY7frpkr737xzAfa2Fc0V0VOsWQCv66xKYI3tllr
pyeSsbxRECZCp0xo3u/QXCzNj3yamBxlbP3lYZ+90eRri2nKRDsUs7UYkn5nH9zv
N2LWW7BGO7F3icXiJr+WilMH3C0khad0MBXVSKkC+KSXGU91CdZzERFCp5lSoQn3
-----END CERTIFICATE-----