Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/tZvf94bSVkxHRpKHhvGCobQS5Vc.roa
File:                     tZvf94bSVkxHRpKHhvGCobQS5Vc.roa (raw, json)
Hash identifier:          pMl6rFvwsM6IsKVEzQGc8S7Wg3WPHGJwav8CaMX1ZKU=
Subject key identifier:   B5:9B:DF:F7:86:D2:56:4C:47:46:92:87:86:F1:82:A1:B4:12:E5:57
Certificate issuer:       /CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
Certificate serial:       018CC9BB951F61A8D6037FBAB2BAEC1680C2
Authority key identifier: D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/tZvf94bSVkxHRpKHhvGCobQS5Vc.roa
Signing time:             Tue 02 Jan 2024 10:32:42 +0000
ROA not before:           Tue 02 Jan 2024 10:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50327
IP address blocks:        185.60.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 02:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:95:1f:61:a8:d6:03:7f:ba:b2:ba:ec:16:80:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
        Validity
            Not Before: Jan  2 10:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b59bdff786d2564c4746928786f182a1b412e557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:fb:58:da:bb:4a:ce:76:4b:c4:80:19:d9:ed:
                    fe:55:64:6d:87:0d:48:5d:c2:db:d5:f3:f1:2c:0e:
                    c2:16:b8:a1:70:50:3e:d6:75:42:92:5e:bf:54:e5:
                    8e:88:41:49:31:98:48:71:1b:23:1e:b8:0a:0d:c7:
                    a8:cc:78:a0:34:d5:57:c7:4f:49:1f:82:31:de:a8:
                    07:ca:c6:58:97:c6:10:8f:7c:1c:a4:3e:4d:d2:cd:
                    a6:6a:a9:68:29:9e:48:bc:89:b6:fb:87:12:8b:18:
                    98:b4:c7:8c:e9:10:b3:0f:c0:30:a4:97:5c:f9:63:
                    23:7e:ec:7d:38:28:88:9e:50:61:78:38:96:37:79:
                    19:b0:91:c4:ff:55:9c:ef:e6:9f:69:e1:17:3f:21:
                    ad:0e:dd:b9:50:79:ea:cc:c3:e7:a3:5b:f6:41:53:
                    18:0f:f2:6d:fe:e0:83:83:6c:c5:38:16:b7:d9:65:
                    3c:d2:db:1d:bd:26:25:37:28:be:54:a1:57:6c:55:
                    f1:be:8f:d9:44:cb:b8:1f:44:b8:12:49:af:a3:de:
                    db:2c:9c:af:f5:ed:ff:6f:1b:07:1b:c0:06:7b:c3:
                    f4:a3:1b:be:4c:7f:77:b6:ea:6f:b8:1c:14:5e:bb:
                    81:69:2d:92:cf:c5:b9:57:8a:0f:6d:be:5c:4c:78:
                    56:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:9B:DF:F7:86:D2:56:4C:47:46:92:87:86:F1:82:A1:B4:12:E5:57
            X509v3 Authority Key Identifier:
                keyid:D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/tZvf94bSVkxHRpKHhvGCobQS5Vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:b3:c1:e1:2d:1a:43:13:b0:04:c7:95:1b:62:dc:08:19:2d:
         fe:54:8e:77:76:73:33:37:cb:6f:b8:9f:f0:4d:7c:44:cd:fc:
         65:75:41:9f:b9:54:ac:af:b0:5f:10:bc:e1:70:a4:4d:d6:83:
         d8:eb:33:33:f2:bb:98:c4:c3:9f:a0:ff:66:a9:c9:54:dd:a7:
         56:5c:12:43:57:83:fa:a0:b9:d2:a7:d8:f5:b8:43:ad:3b:f2:
         a4:c8:30:0b:18:95:04:aa:a9:67:19:e0:c6:cc:20:34:a4:41:
         d7:16:39:9c:ed:71:20:4a:60:bf:1e:c8:cc:1a:fd:08:3c:b6:
         96:65:d6:02:e9:f9:7d:58:45:5a:4f:c3:31:35:e2:70:27:01:
         c4:a0:1d:12:4d:1b:27:7e:cc:49:f3:59:f7:d4:89:ed:28:b2:
         a0:e3:1f:ca:08:8d:6a:b5:f1:08:2f:05:ba:13:ea:6d:b3:33:
         57:3f:a6:cd:cb:dc:90:cc:a1:85:8c:21:9f:16:1e:88:ef:ad:
         fb:72:a2:b0:16:3a:52:6f:cd:01:ad:48:c0:59:00:4b:f7:25:
         68:4d:18:ad:c6:54:bd:d7:6c:32:63:1a:d6:50:83:db:3f:45:
         ea:14:7a:a7:ef:6d:0d:75:62:6a:fe:f0:fa:d7:09:b5:51:bb:
         c7:60:3b:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu5UfYajWA3+6srrsFoDCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZmMwYmVjNjBkMGJhY2UxODg5Njc3YmQ5YmI5MDE5MGNj
NGZkMjIwHhcNMjQwMTAyMTAzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTliZGZmNzg2ZDI1NjRjNDc0NjkyODc4NmYxODJhMWI0MTJlNTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvtY2rtKznZLxIAZ2e3+VWRthw1I
XcLb1fPxLA7CFrihcFA+1nVCkl6/VOWOiEFJMZhIcRsjHrgKDceozHigNNVXx09J
H4Ix3qgHysZYl8YQj3wcpD5N0s2maqloKZ5IvIm2+4cSixiYtMeM6RCzD8AwpJdc
+WMjfux9OCiInlBheDiWN3kZsJHE/1Wc7+afaeEXPyGtDt25UHnqzMPno1v2QVMY
D/Jt/uCDg2zFOBa32WU80tsdvSYlNyi+VKFXbFXxvo/ZRMu4H0S4Ekmvo97bLJyv
9e3/bxsHG8AGe8P0oxu+TH93tupvuBwUXruBaS2Sz8W5V4oPbb5cTHhWfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWb3/eG0lZMR0aSh4bxgqG0EuVXMB8GA1UdIwQY
MBaAFNn8C+xg0LrOGIlne9m7kBkMxP0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjkt
MzQ2OTAzNGZhNDQxLzEvdFp2Zjk0YlNWa3hIUnBLSGh2R0NvYlFTNVZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjktMzQ2OTAzNGZhNDQx
LzEvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTw0MA0G
CSqGSIb3DQEBCwUAA4IBAQCOs8HhLRpDE7AEx5UbYtwIGS3+VI53dnMzN8tvuJ/w
TXxEzfxldUGfuVSsr7BfELzhcKRN1oPY6zMz8ruYxMOfoP9mqclU3adWXBJDV4P6
oLnSp9j1uEOtO/KkyDALGJUEqqlnGeDGzCA0pEHXFjmc7XEgSmC/HsjMGv0IPLaW
ZdYC6fl9WEVaT8MxNeJwJwHEoB0STRsnfsxJ81n31IntKLKg4x/KCI1qtfEILwW6
E+ptszNXP6bNy9yQzKGFjCGfFh6I7637cqKwFjpSb80BrUjAWQBL9yVoTRitxlS9
12wyYxrWUIPbP0XqFHqn720NdWJq/vD61wm1UbvHYDuP
-----END CERTIFICATE-----