Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/nzwe5eztfoQ9FYhMhTIzFHHornA.roa
File:                     nzwe5eztfoQ9FYhMhTIzFHHornA.roa (raw, json)
Hash identifier:          glA3LgSxNSS+Dz1GACqw47ONZbOsU2onz2Sf+mparTE=
Subject key identifier:   9F:3C:1E:E5:EC:ED:7E:84:3D:15:88:4C:85:32:33:14:71:E8:AE:70
Certificate issuer:       /CN=e4be8efec1fb03d8af979af1cba13a0845a7b0ba
Certificate serial:       018EA3D6289F4A69DBE99575277CC1EEF3BA
Authority key identifier: E4:BE:8E:FE:C1:FB:03:D8:AF:97:9A:F1:CB:A1:3A:08:45:A7:B0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/nzwe5eztfoQ9FYhMhTIzFHHornA.roa
Signing time:             Wed 03 Apr 2024 12:01:45 +0000
ROA not before:           Wed 03 Apr 2024 12:01:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209817
IP address blocks:        185.253.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:d6:28:9f:4a:69:db:e9:95:75:27:7c:c1:ee:f3:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4be8efec1fb03d8af979af1cba13a0845a7b0ba
        Validity
            Not Before: Apr  3 12:01:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f3c1ee5eced7e843d15884c8532331471e8ae70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:1e:19:61:03:e7:0a:6b:60:15:07:10:3a:a8:
                    eb:bf:a7:57:a3:65:a3:fd:44:9d:e4:66:f0:46:b4:
                    da:0f:99:bd:e9:d9:29:d2:90:19:48:7f:2c:4e:68:
                    2b:c5:1d:14:ae:1d:7d:67:7b:d7:0d:96:08:de:6c:
                    65:bd:71:ab:d2:d0:ce:07:35:ae:50:80:cd:8b:ba:
                    08:21:35:27:18:c3:dc:09:84:2f:7e:a3:c2:0c:39:
                    ff:08:78:68:5c:96:7b:6c:da:39:b5:7a:a0:57:83:
                    da:45:20:de:b8:3f:c3:99:d9:63:bf:ed:26:ad:3c:
                    94:89:0e:15:47:b1:ec:37:95:1b:8d:e3:b7:d7:7a:
                    fd:b8:f8:43:58:7e:0b:51:4b:d3:63:e6:cb:6e:91:
                    5b:75:8f:7a:00:75:f4:21:fb:b8:79:29:b8:9a:0f:
                    68:54:ce:c3:98:c0:51:2c:11:ff:71:31:7f:17:02:
                    8a:3c:b6:16:48:82:c7:cf:da:97:db:a5:63:f4:52:
                    04:b9:40:96:17:07:08:4b:c8:ac:23:8c:bf:b4:e5:
                    c8:d9:30:32:8f:5a:57:3e:c2:f4:80:e6:31:3a:d1:
                    30:6f:71:aa:8e:0b:a8:09:2f:66:dd:fb:7c:cc:95:
                    0a:e1:fb:cd:24:77:03:34:0a:76:d9:0f:67:14:14:
                    1f:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:3C:1E:E5:EC:ED:7E:84:3D:15:88:4C:85:32:33:14:71:E8:AE:70
            X509v3 Authority Key Identifier:
                keyid:E4:BE:8E:FE:C1:FB:03:D8:AF:97:9A:F1:CB:A1:3A:08:45:A7:B0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/nzwe5eztfoQ9FYhMhTIzFHHornA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:e6:05:ba:5a:ed:4c:d5:0d:10:ad:32:a0:92:a3:95:1c:f0:
         94:d5:0e:10:f1:bf:a1:3f:a9:87:e0:b3:86:d9:76:a2:72:e9:
         67:43:9e:6c:ac:b4:b4:ab:7b:8d:44:3a:8f:9f:cd:e1:ff:1f:
         44:da:2d:c6:54:c3:80:62:e4:08:72:ca:a5:c7:7f:23:49:3c:
         ae:8f:bd:68:12:e1:6d:af:e3:2e:a9:91:b9:58:07:0b:9e:80:
         1d:d5:f1:de:4d:27:f3:03:9a:bf:6c:2e:b1:55:b1:9f:86:8c:
         db:ae:51:d8:fb:8c:a0:4e:35:35:5a:e5:61:28:e5:74:76:fe:
         32:99:98:a3:74:00:2b:41:62:db:be:06:c1:d4:49:e4:19:7f:
         57:40:2a:f8:0c:84:ea:d9:60:08:b0:97:75:e2:e1:b8:3d:49:
         61:36:63:1d:29:cf:a6:89:ee:ba:35:ad:2d:4e:f1:91:dd:29:
         42:8b:d4:d4:af:3c:8a:75:59:61:ac:15:87:cd:15:61:ab:c7:
         3c:85:9e:8f:ac:26:f8:60:6d:52:81:2c:4e:a0:31:da:56:f2:
         f9:67:8e:f9:14:3f:92:ec:5f:92:af:6f:9a:26:f9:09:80:d8:
         dc:85:aa:91:49:09:c6:9c:87:f9:67:03:52:3e:78:b9:07:0b:
         40:1d:81:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6j1iifSmnb6ZV1J3zB7vO6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YmU4ZWZlYzFmYjAzZDhhZjk3OWFmMWNiYTEzYTA4NDVh
N2IwYmEwHhcNMjQwNDAzMTIwMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjNjMWVlNWVjZWQ3ZTg0M2QxNTg4NGM4NTMyMzMxNDcxZThhZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmB4ZYQPnCmtgFQcQOqjrv6dXo2Wj
/USd5GbwRrTaD5m96dkp0pAZSH8sTmgrxR0Urh19Z3vXDZYI3mxlvXGr0tDOBzWu
UIDNi7oIITUnGMPcCYQvfqPCDDn/CHhoXJZ7bNo5tXqgV4PaRSDeuD/Dmdljv+0m
rTyUiQ4VR7HsN5UbjeO313r9uPhDWH4LUUvTY+bLbpFbdY96AHX0Ifu4eSm4mg9o
VM7DmMBRLBH/cTF/FwKKPLYWSILHz9qX26Vj9FIEuUCWFwcIS8isI4y/tOXI2TAy
j1pXPsL0gOYxOtEwb3GqjguoCS9m3ft8zJUK4fvNJHcDNAp22Q9nFBQfTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ88HuXs7X6EPRWITIUyMxRx6K5wMB8GA1UdIwQY
MBaAFOS+jv7B+wPYr5ea8cuhOghFp7C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUw2T19zSDdBOWl2bDVyeHk2RTZDRVduc0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wZjlmMDItYzJhZC00ZWM4LWI0ZDUt
ZGZiZmEzZmNmMDIxLzEvbnp3ZTVlenRmb1E5RlloTWhUSXpGSEhvcm5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wZjlmMDItYzJhZC00ZWM4LWI0ZDUtZGZiZmEzZmNmMDIx
LzEvNUw2T19zSDdBOWl2bDVyeHk2RTZDRVduc0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf3rMA0G
CSqGSIb3DQEBCwUAA4IBAQC25gW6Wu1M1Q0QrTKgkqOVHPCU1Q4Q8b+hP6mH4LOG
2XaiculnQ55srLS0q3uNRDqPn83h/x9E2i3GVMOAYuQIcsqlx38jSTyuj71oEuFt
r+MuqZG5WAcLnoAd1fHeTSfzA5q/bC6xVbGfhozbrlHY+4ygTjU1WuVhKOV0dv4y
mZijdAArQWLbvgbB1EnkGX9XQCr4DITq2WAIsJd14uG4PUlhNmMdKc+mie66Na0t
TvGR3SlCi9TUrzyKdVlhrBWHzRVhq8c8hZ6PrCb4YG1SgSxOoDHaVvL5Z475FD+S
7F+Sr2+aJvkJgNjchaqRSQnGnIf5ZwNSPni5BwtAHYFK
-----END CERTIFICATE-----