Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/0b2641-bfb5-4e75-a3e8-b9f05e31523a/1/Z5B-madcRgyHs3mgthgVCbk4nnE.roa
File:                     Z5B-madcRgyHs3mgthgVCbk4nnE.roa (raw, json)
Hash identifier:          MdOK0ucuVMsmn3iWD/LCjKYh8VNlaFCRlQ9Sgt7Jg8g=
Subject key identifier:   67:90:7E:99:A7:5C:46:0C:87:B3:79:A0:B6:18:15:09:B9:38:9E:71
Certificate issuer:       /CN=79d10f728d6499a749ae5902e8fa883f1add4517
Certificate serial:       018CC56F019B05625B95F202A860EDEEA8B4
Authority key identifier: 79:D1:0F:72:8D:64:99:A7:49:AE:59:02:E8:FA:88:3F:1A:DD:45:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/edEPco1kmadJrlkC6PqIPxrdRRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/0b2641-bfb5-4e75-a3e8-b9f05e31523a/1/Z5B-madcRgyHs3mgthgVCbk4nnE.roa
Signing time:             Mon 01 Jan 2024 14:30:35 +0000
ROA not before:           Mon 01 Jan 2024 14:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.236.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/0b2641-bfb5-4e75-a3e8-b9f05e31523a/1/edEPco1kmadJrlkC6PqIPxrdRRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/0b2641-bfb5-4e75-a3e8-b9f05e31523a/1/edEPco1kmadJrlkC6PqIPxrdRRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/edEPco1kmadJrlkC6PqIPxrdRRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:01:9b:05:62:5b:95:f2:02:a8:60:ed:ee:a8:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79d10f728d6499a749ae5902e8fa883f1add4517
        Validity
            Not Before: Jan  1 14:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67907e99a75c460c87b379a0b6181509b9389e71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a3:e0:85:df:9e:99:db:77:94:06:3e:e0:21:
                    de:fd:71:6a:9a:99:9b:1d:12:f7:d4:f9:c6:d3:d7:
                    bb:2f:5e:af:ec:6c:fa:f0:e4:55:cd:9a:cf:31:b8:
                    2a:8c:b1:82:5c:f3:8f:3f:9d:a5:88:77:74:cf:d5:
                    41:3b:eb:5a:89:83:d6:7f:4c:93:ca:29:c4:5e:60:
                    35:a2:d8:e5:2f:97:70:15:ba:f8:e9:14:67:cd:b4:
                    f6:5c:97:f1:d3:c5:31:ec:f6:c7:12:3b:e2:47:47:
                    07:ad:4f:0a:4c:17:42:74:af:be:59:be:ba:c8:06:
                    3d:d7:fa:21:33:09:a3:ad:cc:75:61:00:72:1c:d9:
                    cf:33:e8:ef:4c:99:b5:bb:2d:aa:56:27:fb:bb:b5:
                    39:d8:5d:53:31:54:b0:8b:b1:5b:e9:56:f8:7f:81:
                    4a:0d:12:5b:88:a1:13:61:1c:4c:97:42:75:e4:6b:
                    b3:a0:0c:1e:63:f9:43:d0:43:58:67:bb:68:c4:e8:
                    09:32:c9:7b:16:b4:b5:c3:53:bd:6f:57:9d:99:12:
                    f2:36:85:10:ba:0c:4f:03:15:fe:28:7d:18:0a:95:
                    a9:0f:ff:7a:61:95:ed:e0:01:c0:03:63:a8:3e:40:
                    3e:c2:5a:a6:62:9e:35:33:b8:f8:4a:72:8c:ed:47:
                    f6:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:90:7E:99:A7:5C:46:0C:87:B3:79:A0:B6:18:15:09:B9:38:9E:71
            X509v3 Authority Key Identifier:
                keyid:79:D1:0F:72:8D:64:99:A7:49:AE:59:02:E8:FA:88:3F:1A:DD:45:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/edEPco1kmadJrlkC6PqIPxrdRRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/0b2641-bfb5-4e75-a3e8-b9f05e31523a/1/Z5B-madcRgyHs3mgthgVCbk4nnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/0b2641-bfb5-4e75-a3e8-b9f05e31523a/1/edEPco1kmadJrlkC6PqIPxrdRRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:54:ee:5e:fb:01:a3:a2:d8:78:2d:9d:87:8f:1d:40:9f:35:
         9a:b0:24:28:c4:a8:8b:42:87:8f:7e:5c:3d:b8:e9:9c:a1:44:
         a1:80:50:3a:20:3a:5b:57:2f:71:7c:57:4a:91:71:8d:17:bb:
         8d:6f:9e:9a:23:8e:df:ec:86:63:74:10:8f:d4:97:97:7f:80:
         9b:c4:3f:d1:ca:5d:1d:af:c1:f1:b2:0d:0e:f3:9e:02:a6:16:
         c0:a0:c9:a5:d4:02:94:dd:60:2b:68:05:22:3e:eb:81:d8:88:
         92:cc:72:e5:fc:90:ef:e9:d6:60:ff:cb:5f:dd:82:a4:b0:06:
         b6:40:e6:89:4c:d7:2a:e8:45:42:29:ce:f9:ab:4c:a7:dd:83:
         7c:95:57:35:70:ca:1f:45:0a:4e:bd:28:1e:29:98:53:b3:bf:
         ab:43:50:9e:71:5f:88:d7:03:e2:0e:d9:dd:0c:87:66:a7:fc:
         db:3f:6d:45:be:a1:3a:75:cd:3e:a6:84:22:d3:e8:cd:eb:8b:
         4e:cb:08:a4:85:00:79:46:18:31:a7:ef:8a:eb:c3:17:b6:66:
         b0:a1:3d:ed:44:07:23:62:7c:e4:e4:71:d8:34:cc:d3:4e:c9:
         b1:3b:09:be:28:d7:50:72:a2:e3:4e:ec:90:21:8a:55:8d:4e:
         ea:a9:bf:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwGbBWJblfICqGDt7qi0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZDEwZjcyOGQ2NDk5YTc0OWFlNTkwMmU4ZmE4ODNmMWFk
ZDQ1MTcwHhcNMjQwMTAxMTQzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzkwN2U5OWE3NWM0NjBjODdiMzc5YTBiNjE4MTUwOWI5Mzg5ZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaPghd+emdt3lAY+4CHe/XFqmpmb
HRL31PnG09e7L16v7Gz68ORVzZrPMbgqjLGCXPOPP52liHd0z9VBO+taiYPWf0yT
yinEXmA1otjlL5dwFbr46RRnzbT2XJfx08Ux7PbHEjviR0cHrU8KTBdCdK++Wb66
yAY91/ohMwmjrcx1YQByHNnPM+jvTJm1uy2qVif7u7U52F1TMVSwi7Fb6Vb4f4FK
DRJbiKETYRxMl0J15GuzoAweY/lD0ENYZ7toxOgJMsl7FrS1w1O9b1edmRLyNoUQ
ugxPAxX+KH0YCpWpD/96YZXt4AHAA2OoPkA+wlqmYp41M7j4SnKM7Uf2FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGeQfpmnXEYMh7N5oLYYFQm5OJ5xMB8GA1UdIwQY
MBaAFHnRD3KNZJmnSa5ZAuj6iD8a3UUXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWRFUGNvMWttYWRKcmxrQzZQcUlQeHJkUlJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8wYjI2NDEtYmZiNS00ZTc1LWEzZTgt
YjlmMDVlMzE1MjNhLzEvWjVCLW1hZGNSZ3lIczNtZ3RoZ1ZDYms0bm5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8wYjI2NDEtYmZiNS00ZTc1LWEzZTgtYjlmMDVlMzE1MjNh
LzEvZWRFUGNvMWttYWRKcmxrQzZQcUlQeHJkUlJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueyOMA0G
CSqGSIb3DQEBCwUAA4IBAQA6VO5e+wGjoth4LZ2Hjx1AnzWasCQoxKiLQoePflw9
uOmcoUShgFA6IDpbVy9xfFdKkXGNF7uNb56aI47f7IZjdBCP1JeXf4CbxD/Ryl0d
r8Hxsg0O854CphbAoMml1AKU3WAraAUiPuuB2IiSzHLl/JDv6dZg/8tf3YKksAa2
QOaJTNcq6EVCKc75q0yn3YN8lVc1cMofRQpOvSgeKZhTs7+rQ1CecV+I1wPiDtnd
DIdmp/zbP21FvqE6dc0+poQi0+jN64tOywikhQB5Rhgxp++K68MXtmawoT3tRAcj
Ynzk5HHYNMzTTsmxOwm+KNdQcqLjTuyQIYpVjU7qqb8Q
-----END CERTIFICATE-----