Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/iSZMWapDTGBOQxFt2ZwwrM1xem4.roa
File:                     iSZMWapDTGBOQxFt2ZwwrM1xem4.roa (raw, json)
Hash identifier:          XN8S/XoGYvfBQarBdySeFqYY2WEuVQRu0q6K1m5/P2U=
Subject key identifier:   89:26:4C:59:AA:43:4C:60:4E:43:11:6D:D9:9C:30:AC:CD:71:7A:6E
Certificate issuer:       /CN=2fe5b7ccb403d30a44857d47c58cf1346546d283
Certificate serial:       018CC3B700553BAE251D92238B5E7CE89FA6
Authority key identifier: 2F:E5:B7:CC:B4:03:D3:0A:44:85:7D:47:C5:8C:F1:34:65:46:D2:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L-W3zLQD0wpEhX1HxYzxNGVG0oM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/iSZMWapDTGBOQxFt2ZwwrM1xem4.roa
Signing time:             Mon 01 Jan 2024 06:29:59 +0000
ROA not before:           Mon 01 Jan 2024 06:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15924
IP address blocks:        159.253.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/L-W3zLQD0wpEhX1HxYzxNGVG0oM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/L-W3zLQD0wpEhX1HxYzxNGVG0oM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L-W3zLQD0wpEhX1HxYzxNGVG0oM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:00:55:3b:ae:25:1d:92:23:8b:5e:7c:e8:9f:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fe5b7ccb403d30a44857d47c58cf1346546d283
        Validity
            Not Before: Jan  1 06:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89264c59aa434c604e43116dd99c30accd717a6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:20:be:de:a7:ef:05:48:f8:25:1e:a3:3f:80:
                    59:cc:25:2f:18:ac:bc:6e:45:fd:5c:1d:10:21:09:
                    d1:cf:28:9b:f7:6d:8a:b3:d5:90:69:ae:0c:b3:94:
                    79:21:ef:81:75:31:78:39:da:7d:c2:1b:a5:ff:58:
                    fb:ec:6c:2e:5f:7e:7c:cc:92:b3:eb:cf:0f:31:53:
                    a1:bb:77:15:b2:47:aa:11:7a:82:d7:c3:78:f7:e2:
                    db:41:72:e0:98:37:b1:3b:88:17:0f:e6:c3:c5:3d:
                    2d:c0:ca:00:f4:a6:53:aa:0e:15:8d:fd:7b:ce:b7:
                    c3:75:e2:4b:81:e7:41:86:6f:dc:37:2e:fa:36:1b:
                    79:bc:2d:eb:6d:a2:64:c2:4a:58:fe:40:1e:b0:d8:
                    57:65:83:f9:7d:c4:55:5f:b4:d7:01:ff:dc:86:fb:
                    a1:bc:23:aa:f9:f6:f1:94:16:22:ce:e9:55:ea:87:
                    24:44:4b:2a:59:ff:1b:ab:bd:d8:a2:21:e6:b8:41:
                    19:8a:31:98:11:7e:b4:ab:78:c0:72:4d:80:d3:ca:
                    ac:c7:8c:58:c5:1e:44:80:b4:40:10:e1:c0:e5:e7:
                    2d:5f:38:a7:06:bc:5e:32:b6:43:d5:da:30:57:bb:
                    97:a9:28:b6:d6:e8:51:42:6e:a3:f2:c1:e0:37:c3:
                    f9:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:26:4C:59:AA:43:4C:60:4E:43:11:6D:D9:9C:30:AC:CD:71:7A:6E
            X509v3 Authority Key Identifier:
                keyid:2F:E5:B7:CC:B4:03:D3:0A:44:85:7D:47:C5:8C:F1:34:65:46:D2:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L-W3zLQD0wpEhX1HxYzxNGVG0oM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/iSZMWapDTGBOQxFt2ZwwrM1xem4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/91cdfd-2c72-4236-a4c2-2b8f7346f350/1/L-W3zLQD0wpEhX1HxYzxNGVG0oM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:96:a2:70:ce:86:1a:44:7d:eb:af:ee:e1:42:f7:3b:31:fe:
         3d:8a:41:d7:bf:8e:d9:b3:9c:9c:ac:2a:7e:a5:c0:79:06:20:
         87:51:21:a3:2f:b1:8d:65:9b:e4:b1:a2:1c:8d:d3:20:e6:8f:
         cb:d5:20:73:52:40:71:71:e6:1b:85:42:59:45:8c:0a:f1:52:
         48:a9:89:d9:3e:87:94:68:32:b6:b3:6b:4d:61:65:30:00:59:
         36:45:08:d4:c4:70:29:fb:d0:63:1e:5f:68:b2:0a:b9:25:f1:
         59:3d:40:df:9f:c9:9a:6b:d1:7f:b1:6d:a5:3b:7b:07:be:fb:
         da:f3:51:9f:20:f6:f9:80:f7:a6:ce:34:c4:ab:49:e3:0d:1b:
         dc:26:d5:5b:70:1f:37:6b:33:45:17:f2:c8:fc:d7:eb:3a:10:
         22:c4:d5:32:02:a8:71:4d:68:7c:0e:e5:c2:72:70:9d:8e:43:
         6a:45:3a:7c:09:e9:70:37:97:cd:9c:0c:ea:69:61:56:43:00:
         98:0e:b1:af:bf:e9:d2:ea:21:d8:5d:63:87:81:36:63:5f:e2:
         2a:dc:b2:c1:8e:1b:b4:73:15:99:1a:9e:3d:3b:ab:77:4a:48:
         9a:5c:d9:be:0c:6f:b1:45:17:a0:45:68:dc:aa:2f:56:55:bb:
         1f:7e:b8:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtwBVO64lHZIji1586J+mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmZTViN2NjYjQwM2QzMGE0NDg1N2Q0N2M1OGNmMTM0NjU0
NmQyODMwHhcNMjQwMTAxMDYyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTI2NGM1OWFhNDM0YzYwNGU0MzExNmRkOTljMzBhY2NkNzE3YTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiC+3qfvBUj4JR6jP4BZzCUvGKy8
bkX9XB0QIQnRzyib922Ks9WQaa4Ms5R5Ie+BdTF4Odp9whul/1j77GwuX358zJKz
688PMVOhu3cVskeqEXqC18N49+LbQXLgmDexO4gXD+bDxT0twMoA9KZTqg4Vjf17
zrfDdeJLgedBhm/cNy76Nht5vC3rbaJkwkpY/kAesNhXZYP5fcRVX7TXAf/chvuh
vCOq+fbxlBYizulV6ockREsqWf8bq73YoiHmuEEZijGYEX60q3jAck2A08qsx4xY
xR5EgLRAEOHA5ectXzinBrxeMrZD1dowV7uXqSi21uhRQm6j8sHgN8P5owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkmTFmqQ0xgTkMRbdmcMKzNcXpuMB8GA1UdIwQY
MBaAFC/lt8y0A9MKRIV9R8WM8TRlRtKDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTC1XM3pMUUQwd3BFaFgxSHhZenhOR1ZHMG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi85MWNkZmQtMmM3Mi00MjM2LWE0YzIt
MmI4ZjczNDZmMzUwLzEvaVNaTVdhcERUR0JPUXhGdDJad3dyTTF4ZW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi85MWNkZmQtMmM3Mi00MjM2LWE0YzItMmI4ZjczNDZmMzUw
LzEvTC1XM3pMUUQwd3BFaFgxSHhZenhOR1ZHMG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/1VMA0G
CSqGSIb3DQEBCwUAA4IBAQAQlqJwzoYaRH3rr+7hQvc7Mf49ikHXv47Zs5ycrCp+
pcB5BiCHUSGjL7GNZZvksaIcjdMg5o/L1SBzUkBxceYbhUJZRYwK8VJIqYnZPoeU
aDK2s2tNYWUwAFk2RQjUxHAp+9BjHl9osgq5JfFZPUDfn8maa9F/sW2lO3sHvvva
81GfIPb5gPemzjTEq0njDRvcJtVbcB83azNFF/LI/NfrOhAixNUyAqhxTWh8DuXC
cnCdjkNqRTp8CelwN5fNnAzqaWFWQwCYDrGvv+nS6iHYXWOHgTZjX+Iq3LLBjhu0
cxWZGp49O6t3SkiaXNm+DG+xRRegRWjcqi9WVbsffrgf
-----END CERTIFICATE-----