Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/PLZHcyuKfYSqVOkArIA2ps_MaAc.roa
File:                     PLZHcyuKfYSqVOkArIA2ps_MaAc.roa (raw, json)
Hash identifier:          cMeDf+FgB6SaiLkxqmQq5u0qar/q8bSoEUE3EvDYRNg=
Subject key identifier:   3C:B6:47:73:2B:8A:7D:84:AA:54:E9:00:AC:80:36:A6:CF:CC:68:07
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       018CC793F1A41DCD09089A771D72FE5A5325
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/PLZHcyuKfYSqVOkArIA2ps_MaAc.roa
Signing time:             Tue 02 Jan 2024 00:30:10 +0000
ROA not before:           Tue 02 Jan 2024 00:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57986
IP address blocks:        85.133.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:f1:a4:1d:cd:09:08:9a:77:1d:72:fe:5a:53:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Jan  2 00:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cb647732b8a7d84aa54e900ac8036a6cfcc6807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6c:1e:44:b3:01:35:5d:da:7c:f1:8d:57:4c:
                    96:d4:72:6c:e6:e7:22:9a:64:68:30:92:e0:2f:6e:
                    a3:60:1f:ef:cc:61:ba:2a:ba:67:67:02:80:cf:c5:
                    30:93:d9:30:6d:de:bc:c2:24:65:b5:ca:61:46:02:
                    14:69:a6:51:b6:09:a5:91:89:51:84:8d:0a:2a:3c:
                    4b:62:0d:1f:5c:02:c7:46:ff:c9:1e:fa:dc:28:05:
                    c4:27:d2:f5:5b:bf:fb:29:89:ac:3a:be:e3:6a:e3:
                    0c:36:ad:23:a7:19:27:e2:c2:30:b3:bb:70:ad:d2:
                    9b:25:72:bf:55:2e:99:d2:4b:04:c8:26:22:a9:d4:
                    e7:a8:e6:58:2c:1e:05:28:42:cf:73:5d:cf:40:b3:
                    7b:3b:76:58:58:ef:e9:db:cf:74:be:18:5a:4d:5d:
                    87:9d:75:1a:02:f1:82:70:00:bf:7d:85:34:0c:f3:
                    0d:17:1b:a8:98:d5:87:9e:43:a5:00:0a:23:79:b6:
                    00:39:76:d7:76:32:7a:4b:c6:27:9e:2f:e6:f4:69:
                    2c:43:85:b9:29:9c:b9:b9:66:d2:cd:cf:48:de:d5:
                    2a:54:45:1c:3d:73:a5:d1:48:94:09:9d:01:5e:1c:
                    30:0e:57:d7:e6:c3:f2:6c:42:99:76:14:91:9f:3c:
                    5d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:B6:47:73:2B:8A:7D:84:AA:54:E9:00:AC:80:36:A6:CF:CC:68:07
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/PLZHcyuKfYSqVOkArIA2ps_MaAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:d3:5c:67:f0:80:b6:23:a8:9e:e0:6e:31:f4:0e:42:1f:ca:
         a2:92:4e:bb:7c:2a:70:64:96:d4:67:67:e7:77:fe:e1:c5:d8:
         30:f5:bc:02:2f:dc:10:48:47:8c:de:b0:3a:13:92:6f:96:f3:
         ac:37:ea:4b:42:7a:3d:c8:9e:23:b0:55:86:ba:ab:80:80:a8:
         05:1b:53:8e:7e:98:17:00:bb:23:fd:2d:ca:16:35:62:73:d1:
         3b:16:ed:d8:6b:74:46:ef:7b:72:62:be:22:d0:88:54:c8:5d:
         72:0c:1e:89:de:28:00:d2:00:70:a9:b9:0c:7f:89:16:08:31:
         0c:b6:9d:7e:fd:b6:0d:ee:4c:68:4b:5e:17:ba:cd:4f:dd:f7:
         ab:b8:a4:da:d5:42:69:13:96:fd:76:a7:72:18:ad:7b:8f:be:
         d5:5c:8c:d6:2b:ad:46:22:7f:55:0e:ad:f9:24:81:cb:ec:36:
         57:17:b9:0e:33:09:1c:c7:22:d0:3d:ee:3b:0e:17:77:4b:9d:
         22:a4:a9:3b:1e:1b:13:b6:9f:78:46:ef:6a:e7:30:8e:83:0d:
         02:ef:d1:19:fc:5e:68:0e:b2:05:84:c4:db:2b:d5:ba:88:62:
         ce:e0:e2:d6:3e:1b:47:08:17:82:58:7c:5c:b6:d8:76:d4:7d:
         1e:68:8b:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk/GkHc0JCJp3HXL+WlMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwMTAyMDAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2I2NDc3MzJiOGE3ZDg0YWE1NGU5MDBhYzgwMzZhNmNmY2M2ODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGweRLMBNV3afPGNV0yW1HJs5uci
mmRoMJLgL26jYB/vzGG6KrpnZwKAz8Uwk9kwbd68wiRltcphRgIUaaZRtgmlkYlR
hI0KKjxLYg0fXALHRv/JHvrcKAXEJ9L1W7/7KYmsOr7jauMMNq0jpxkn4sIws7tw
rdKbJXK/VS6Z0ksEyCYiqdTnqOZYLB4FKELPc13PQLN7O3ZYWO/p2890vhhaTV2H
nXUaAvGCcAC/fYU0DPMNFxuomNWHnkOlAAojebYAOXbXdjJ6S8Ynni/m9GksQ4W5
KZy5uWbSzc9I3tUqVEUcPXOl0UiUCZ0BXhwwDlfX5sPybEKZdhSRnzxdKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDy2R3Mrin2EqlTpAKyANqbPzGgHMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvUExaSGN5dUtmWVNxVk9rQXJJQTJwc19NYUFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVYXGMA0G
CSqGSIb3DQEBCwUAA4IBAQCB01xn8IC2I6ie4G4x9A5CH8qikk67fCpwZJbUZ2fn
d/7hxdgw9bwCL9wQSEeM3rA6E5JvlvOsN+pLQno9yJ4jsFWGuquAgKgFG1OOfpgX
ALsj/S3KFjVic9E7Fu3Ya3RG73tyYr4i0IhUyF1yDB6J3igA0gBwqbkMf4kWCDEM
tp1+/bYN7kxoS14Xus1P3feruKTa1UJpE5b9dqdyGK17j77VXIzWK61GIn9VDq35
JIHL7DZXF7kOMwkcxyLQPe47Dhd3S50ipKk7HhsTtp94Ru9q5zCOgw0C79EZ/F5o
DrIFhMTbK9W6iGLO4OLWPhtHCBeCWHxctth21H0eaIvW
-----END CERTIFICATE-----