Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/V8NeJ1YDGWpcf_M09Maa8JsQHrA.roa
File:                     V8NeJ1YDGWpcf_M09Maa8JsQHrA.roa (raw, json)
Hash identifier:          BTKb8PhrMoHuUZEZG9JK6hS1cY60NiBFT5HYZX0qjEA=
Subject key identifier:   57:C3:5E:27:56:03:19:6A:5C:7F:F3:34:F4:C6:9A:F0:9B:10:1E:B0
Certificate issuer:       /CN=397245d0492eede59b045b5be1fd4eb9161bc417
Certificate serial:       018CC26D57E2985B5D10B243085A0EE52897
Authority key identifier: 39:72:45:D0:49:2E:ED:E5:9B:04:5B:5B:E1:FD:4E:B9:16:1B:C4:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OXJF0Eku7eWbBFtb4f1OuRYbxBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/V8NeJ1YDGWpcf_M09Maa8JsQHrA.roa
Signing time:             Mon 01 Jan 2024 00:29:54 +0000
ROA not before:           Mon 01 Jan 2024 00:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139659
IP address blocks:        193.134.209.0/24 maxlen: 24
                          193.134.210.0/24 maxlen: 24
                          193.134.211.0/24 maxlen: 24
                          193.134.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/OXJF0Eku7eWbBFtb4f1OuRYbxBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/OXJF0Eku7eWbBFtb4f1OuRYbxBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OXJF0Eku7eWbBFtb4f1OuRYbxBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:57:e2:98:5b:5d:10:b2:43:08:5a:0e:e5:28:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=397245d0492eede59b045b5be1fd4eb9161bc417
        Validity
            Not Before: Jan  1 00:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57c35e275603196a5c7ff334f4c69af09b101eb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:2d:b4:3b:05:b7:fb:f8:56:1a:84:6c:c4:77:
                    dd:2c:29:d9:c6:92:ad:34:26:1d:8c:bc:97:61:07:
                    1b:88:4d:da:cf:20:d4:e6:3e:7a:ff:26:ee:c8:6c:
                    c0:6a:de:d1:c1:01:b4:dc:95:17:00:ff:36:a0:7d:
                    83:89:9c:c5:10:34:a1:c5:fe:a3:a9:dc:22:19:b8:
                    59:b1:c1:14:a3:a9:4d:20:71:09:54:98:74:9c:50:
                    ec:a7:5a:d4:93:ca:0c:e4:e0:82:33:7c:93:d5:e2:
                    8c:e9:b5:90:21:39:fb:2f:e0:6b:bd:32:16:3a:76:
                    6b:f8:1d:4c:c9:bb:92:ae:80:f3:4c:e7:c9:b0:f3:
                    cc:0b:3c:4c:0a:65:93:d3:df:bc:f7:ee:2a:7b:bd:
                    b1:37:09:8e:aa:9a:76:c9:da:60:6b:57:a0:00:e5:
                    56:d6:a1:d2:fe:cc:7a:ab:ec:5e:65:f6:10:40:d7:
                    5e:34:83:e2:30:af:e7:ec:b8:ef:5b:bb:18:c4:f0:
                    68:0d:0a:1c:9a:10:ad:af:90:25:1a:c6:01:0f:01:
                    cb:72:88:f8:f2:7e:0b:18:65:74:64:c3:41:f4:f9:
                    bd:01:63:e4:5b:f5:2b:32:c9:2e:f7:f7:dd:47:9b:
                    c2:b7:13:67:50:9a:1e:af:84:04:99:ec:fa:7c:a7:
                    53:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:C3:5E:27:56:03:19:6A:5C:7F:F3:34:F4:C6:9A:F0:9B:10:1E:B0
            X509v3 Authority Key Identifier:
                keyid:39:72:45:D0:49:2E:ED:E5:9B:04:5B:5B:E1:FD:4E:B9:16:1B:C4:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OXJF0Eku7eWbBFtb4f1OuRYbxBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/V8NeJ1YDGWpcf_M09Maa8JsQHrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/eed9ce-aef9-4fc9-8a4a-c442a18f1efc/1/OXJF0Eku7eWbBFtb4f1OuRYbxBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:d0:57:39:55:b7:b2:7e:3f:c6:78:34:6f:04:cb:ef:6b:84:
         21:6f:30:61:17:26:87:82:e0:18:38:d0:e9:38:01:64:d9:9d:
         a6:69:c7:54:e8:35:98:e6:ce:f6:a9:a1:d2:8e:9b:2a:aa:b6:
         29:bc:d2:09:78:a4:d9:b9:04:aa:fe:f2:8f:b8:f9:22:74:20:
         58:ff:0b:1c:29:6e:3a:63:b6:39:3b:8d:94:47:82:0b:d2:d7:
         c2:33:48:bc:1a:fc:f6:c5:ac:9d:3c:89:7e:bf:03:37:6d:21:
         12:5f:dd:e8:df:06:0e:f8:cb:3a:83:40:b4:f5:53:d3:6d:08:
         9a:02:1b:1b:8a:07:ff:a2:d8:cb:25:ec:b4:c4:55:bd:20:53:
         93:26:3e:7a:bd:27:91:37:09:35:85:0f:a0:3b:a1:7c:1b:d5:
         d5:e8:79:88:33:38:b4:0b:dc:71:bd:f7:6d:2c:e7:8b:25:cd:
         b9:a3:ea:58:6f:88:6d:58:45:8d:a5:0d:20:79:f0:78:c1:2e:
         80:b6:d7:9c:00:69:db:7c:21:ce:35:ae:94:31:e6:cc:ca:eb:
         05:6a:bb:10:d6:a9:79:7c:5b:93:b2:3e:5e:04:d0:31:7e:42:
         36:2b:8e:08:4f:bb:c0:e9:0c:a6:30:3f:1a:b6:73:8c:cc:c6:
         83:a3:c7:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVfimFtdELJDCFoO5SiXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NzI0NWQwNDkyZWVkZTU5YjA0NWI1YmUxZmQ0ZWI5MTYx
YmM0MTcwHhcNMjQwMTAxMDAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2MzNWUyNzU2MDMxOTZhNWM3ZmYzMzRmNGM2OWFmMDliMTAxZWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgi20OwW3+/hWGoRsxHfdLCnZxpKt
NCYdjLyXYQcbiE3azyDU5j56/ybuyGzAat7RwQG03JUXAP82oH2DiZzFEDShxf6j
qdwiGbhZscEUo6lNIHEJVJh0nFDsp1rUk8oM5OCCM3yT1eKM6bWQITn7L+BrvTIW
OnZr+B1MybuSroDzTOfJsPPMCzxMCmWT09+89+4qe72xNwmOqpp2ydpga1egAOVW
1qHS/sx6q+xeZfYQQNdeNIPiMK/n7LjvW7sYxPBoDQocmhCtr5AlGsYBDwHLcoj4
8n4LGGV0ZMNB9Pm9AWPkW/UrMsku9/fdR5vCtxNnUJoer4QEmez6fKdTzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfDXidWAxlqXH/zNPTGmvCbEB6wMB8GA1UdIwQY
MBaAFDlyRdBJLu3lmwRbW+H9TrkWG8QXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1hKRjBFa3U3ZVdiQkZ0YjRmMU91UllieEJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9lZWQ5Y2UtYWVmOS00ZmM5LThhNGEt
YzQ0MmExOGYxZWZjLzEvVjhOZUoxWURHV3BjZl9NMDlNYWE4SnNRSHJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9lZWQ5Y2UtYWVmOS00ZmM5LThhNGEtYzQ0MmExOGYxZWZj
LzEvT1hKRjBFa3U3ZVdiQkZ0YjRmMU91UllieEJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwYbQMA0G
CSqGSIb3DQEBCwUAA4IBAQA70Fc5Vbeyfj/GeDRvBMvva4QhbzBhFyaHguAYONDp
OAFk2Z2macdU6DWY5s72qaHSjpsqqrYpvNIJeKTZuQSq/vKPuPkidCBY/wscKW46
Y7Y5O42UR4IL0tfCM0i8Gvz2xaydPIl+vwM3bSESX93o3wYO+Ms6g0C09VPTbQia
Ahsbigf/otjLJey0xFW9IFOTJj56vSeRNwk1hQ+gO6F8G9XV6HmIMzi0C9xxvfdt
LOeLJc25o+pYb4htWEWNpQ0gefB4wS6AttecAGnbfCHONa6UMebMyusFarsQ1ql5
fFuTsj5eBNAxfkI2K44IT7vA6QymMD8atnOMzMaDo8dA
-----END CERTIFICATE-----