Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/sz6vsd806CfOUlgLUEuCeBWLVuk.roa
File:                     sz6vsd806CfOUlgLUEuCeBWLVuk.roa (raw, json)
Hash identifier:          BNMKNXkfxc/EhbofBk2OG48Zze/bfmIOxbYCblayCvI=
Subject key identifier:   B3:3E:AF:B1:DF:34:E8:27:CE:52:58:0B:50:4B:82:78:15:8B:56:E9
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       0192D1FC7914798ED4238F39684505B71F12
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/sz6vsd806CfOUlgLUEuCeBWLVuk.roa
Signing time:             Mon 28 Oct 2024 07:17:17 +0000
ROA not before:           Mon 28 Oct 2024 07:17:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     140641
IP address blocks:        110.172.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d1:fc:79:14:79:8e:d4:23:8f:39:68:45:05:b7:1f:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Oct 28 07:17:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b33eafb1df34e827ce52580b504b8278158b56e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:85:88:4a:98:4d:08:33:6a:c1:c6:8a:81:d3:
                    25:67:64:77:0c:57:1c:9b:24:2c:9a:56:46:1e:84:
                    f3:44:5b:80:93:5d:25:a4:36:14:e2:d8:c7:b2:ce:
                    65:2f:20:85:bf:f6:ff:a7:07:2c:71:6b:17:1b:bb:
                    e8:ce:a6:2d:e1:49:e2:0f:2e:52:72:0d:8b:87:f5:
                    c6:8e:14:68:f6:53:aa:f3:fa:6b:b6:b7:1b:cb:57:
                    57:22:da:aa:f6:52:d8:4c:e7:9a:a5:07:68:c4:39:
                    b3:b4:f0:da:97:b8:3b:71:34:f4:61:13:c2:40:10:
                    0a:3f:11:e3:cb:d0:c2:a6:ad:23:ac:6a:3a:bd:0e:
                    81:3d:f0:1f:99:da:7b:35:e1:b2:61:63:77:87:34:
                    79:7c:5c:f0:ad:15:fa:66:dd:25:4a:9b:11:b5:f5:
                    5b:a9:27:3b:b3:a7:9e:66:e8:9d:c1:1a:5a:e2:89:
                    a1:a4:fd:96:3f:53:3c:9a:59:ce:75:bf:c4:86:0b:
                    1e:2c:8b:ca:1c:03:cf:ab:ea:22:29:5b:ad:bd:55:
                    ed:0e:ea:6f:93:81:58:32:73:7c:e7:f0:c1:38:a8:
                    5e:e4:cf:7f:49:d7:71:b7:8b:f5:c4:c4:83:0f:31:
                    66:d8:7b:ec:0f:6f:74:dc:e4:ee:8c:f6:6d:d5:11:
                    78:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:3E:AF:B1:DF:34:E8:27:CE:52:58:0B:50:4B:82:78:15:8B:56:E9
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/sz6vsd806CfOUlgLUEuCeBWLVuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.172.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:3b:c1:78:e6:6c:5c:0a:69:be:db:6a:bb:6b:51:a4:b0:f2:
         8d:eb:e2:8b:5f:50:3b:4b:34:da:9d:a5:fb:bb:11:83:73:0f:
         c3:8b:7c:c4:83:32:06:10:a7:52:db:22:cc:73:9c:23:1e:d9:
         5d:b9:66:d1:a5:a7:fc:0c:75:9d:3b:11:31:4e:59:60:8a:c6:
         0c:8b:3a:0c:1a:5a:75:55:ea:96:59:e3:5d:bc:22:28:35:77:
         8c:fd:fb:b9:a5:d1:7b:21:7b:fd:ca:fa:2f:32:10:d4:d8:33:
         c2:e9:27:ca:d6:42:c3:05:3b:29:4c:ae:0c:d4:94:fc:2f:7d:
         d1:c0:23:d7:23:00:98:9e:50:e1:52:1b:d2:dd:55:62:0c:5f:
         66:9e:f0:8c:e6:3d:25:9c:51:b1:cc:b4:4b:cf:ee:4c:2e:fc:
         c2:53:ed:a8:e6:66:c2:78:65:09:f1:f5:09:6c:c9:55:db:7d:
         49:92:6f:a0:f8:31:e7:ee:3d:7e:b4:2a:a9:c7:ad:96:d8:ee:
         2a:6c:4e:e0:78:a8:3e:69:d1:fa:5d:3c:8c:20:c1:5b:56:d3:
         9a:85:04:38:6b:fc:25:49:74:ff:7c:7b:85:f9:2f:02:b1:dd:
         e8:cd:fb:83:fd:a5:7f:ae:28:07:a0:44:b3:90:c8:14:d1:3e:
         e4:52:50:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLR/HkUeY7UI485aEUFtx8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjQxMDI4MDcxNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzNlYWZiMWRmMzRlODI3Y2U1MjU4MGI1MDRiODI3ODE1OGI1NmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoWISphNCDNqwcaKgdMlZ2R3DFcc
myQsmlZGHoTzRFuAk10lpDYU4tjHss5lLyCFv/b/pwcscWsXG7vozqYt4UniDy5S
cg2Lh/XGjhRo9lOq8/prtrcby1dXItqq9lLYTOeapQdoxDmztPDal7g7cTT0YRPC
QBAKPxHjy9DCpq0jrGo6vQ6BPfAfmdp7NeGyYWN3hzR5fFzwrRX6Zt0lSpsRtfVb
qSc7s6eeZuidwRpa4omhpP2WP1M8mlnOdb/EhgseLIvKHAPPq+oiKVutvVXtDupv
k4FYMnN85/DBOKhe5M9/Sddxt4v1xMSDDzFm2HvsD2903OTujPZt1RF4oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLM+r7HfNOgnzlJYC1BLgngVi1bpMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvc3o2dnNkODA2Q2ZPVWxnTFVFdUNlQldMVnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbqy+MA0G
CSqGSIb3DQEBCwUAA4IBAQAeO8F45mxcCmm+22q7a1GksPKN6+KLX1A7SzTanaX7
uxGDcw/Di3zEgzIGEKdS2yLMc5wjHtlduWbRpaf8DHWdOxExTllgisYMizoMGlp1
VeqWWeNdvCIoNXeM/fu5pdF7IXv9yvovMhDU2DPC6SfK1kLDBTspTK4M1JT8L33R
wCPXIwCYnlDhUhvS3VViDF9mnvCM5j0lnFGxzLRLz+5MLvzCU+2o5mbCeGUJ8fUJ
bMlV231Jkm+g+DHn7j1+tCqpx62W2O4qbE7geKg+adH6XTyMIMFbVtOahQQ4a/wl
SXT/fHuF+S8Csd3ozfuD/aV/rigHoESzkMgU0T7kUlBe
-----END CERTIFICATE-----