Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/19c943-93cc-4597-bec7-3318ee4a50a6/1/E244zs7jrR5Tyi2x5xDhLhsYspk.roa
File:                     E244zs7jrR5Tyi2x5xDhLhsYspk.roa (raw, json)
Hash identifier:          KtcM2FK7GIYcjAdsxtuOMUGeqe+ID5cukaGi2Ko2Pqc=
Subject key identifier:   13:6E:38:CE:CE:E3:AD:1E:53:CA:2D:B1:E7:10:E1:2E:1B:18:B2:99
Certificate issuer:       /CN=b9ae786ec3a6d8393e023d5d75be7e3f1df9ab2e
Certificate serial:       018CC50048EE746A5203666E3A5EF38B7E2F
Authority key identifier: B9:AE:78:6E:C3:A6:D8:39:3E:02:3D:5D:75:BE:7E:3F:1D:F9:AB:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ua54bsOm2Dk-Aj1ddb5-Px35qy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/19c943-93cc-4597-bec7-3318ee4a50a6/1/E244zs7jrR5Tyi2x5xDhLhsYspk.roa
Signing time:             Mon 01 Jan 2024 12:29:39 +0000
ROA not before:           Mon 01 Jan 2024 12:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43013
IP address blocks:        185.88.56.0/22 maxlen: 22
                          188.65.96.0/21 maxlen: 21
                          2a02:60c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/19c943-93cc-4597-bec7-3318ee4a50a6/1/ua54bsOm2Dk-Aj1ddb5-Px35qy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/19c943-93cc-4597-bec7-3318ee4a50a6/1/ua54bsOm2Dk-Aj1ddb5-Px35qy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ua54bsOm2Dk-Aj1ddb5-Px35qy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:48:ee:74:6a:52:03:66:6e:3a:5e:f3:8b:7e:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ae786ec3a6d8393e023d5d75be7e3f1df9ab2e
        Validity
            Not Before: Jan  1 12:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=136e38cecee3ad1e53ca2db1e710e12e1b18b299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c3:93:ed:a0:eb:41:48:89:57:13:69:b7:4d:
                    56:d0:77:31:74:69:9a:75:06:26:cc:37:4c:40:e0:
                    2a:eb:93:ef:2d:89:6f:04:b7:a2:06:42:04:e8:40:
                    db:1b:d4:39:38:79:1a:f9:91:e9:a5:ff:7b:3d:db:
                    4d:93:d6:4d:5d:52:22:6a:5e:53:20:0d:14:7a:4c:
                    f3:91:72:ce:8e:da:38:34:03:c6:fd:aa:52:9f:72:
                    88:03:61:66:ef:30:70:2b:d3:c3:c1:82:73:e5:96:
                    ac:90:fe:8e:28:a1:b6:14:11:6c:00:df:0b:df:3b:
                    36:56:53:4e:51:9d:30:ad:7a:70:87:db:e4:71:03:
                    4d:1e:c6:40:4d:31:fe:39:6d:bf:92:5e:1c:61:64:
                    e2:d6:a0:c0:9f:73:26:6d:c4:01:87:16:9f:1c:2e:
                    24:99:c8:30:90:70:99:ce:f6:43:f9:71:45:59:fd:
                    cb:15:3f:09:28:36:90:f7:a8:ac:77:10:dc:32:6e:
                    34:d3:32:f2:67:78:e9:8a:3b:35:b5:b7:41:77:c1:
                    76:67:7d:1b:08:32:a0:d2:28:6f:a7:6e:11:cd:70:
                    c0:7a:a7:db:4e:f2:da:0f:09:94:c9:ca:5b:c2:25:
                    d2:1e:88:2a:fe:4d:a2:a0:53:18:fe:b3:3e:05:86:
                    95:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:6E:38:CE:CE:E3:AD:1E:53:CA:2D:B1:E7:10:E1:2E:1B:18:B2:99
            X509v3 Authority Key Identifier:
                keyid:B9:AE:78:6E:C3:A6:D8:39:3E:02:3D:5D:75:BE:7E:3F:1D:F9:AB:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ua54bsOm2Dk-Aj1ddb5-Px35qy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/19c943-93cc-4597-bec7-3318ee4a50a6/1/E244zs7jrR5Tyi2x5xDhLhsYspk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/19c943-93cc-4597-bec7-3318ee4a50a6/1/ua54bsOm2Dk-Aj1ddb5-Px35qy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.56.0/22
                  188.65.96.0/21
                IPv6:
                  2a02:60c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:5c:49:eb:f3:6a:1f:12:9f:ed:51:d4:3e:7e:19:26:22:10:
         7f:7e:9d:66:73:f6:1a:41:77:6d:db:0c:9b:c7:9f:44:bb:70:
         a8:d7:e2:f3:bc:02:16:1c:d1:a2:2e:a7:ee:3f:e5:07:62:c8:
         0d:37:92:66:22:1a:31:14:32:d8:11:27:6f:30:25:83:67:b6:
         93:1d:30:b9:df:8a:5b:f1:ba:1b:33:d6:ec:24:b3:be:0d:43:
         0e:9f:7a:1e:e4:78:41:9f:39:e4:c9:38:b1:a1:45:e6:37:06:
         17:60:3a:18:02:cd:a0:6b:09:77:a7:b0:19:17:26:c3:75:49:
         51:11:d6:1e:37:da:ce:8c:3f:a8:fc:4f:4c:55:00:4c:b3:ea:
         07:54:3f:30:6b:cf:6b:3a:27:88:0b:14:b0:2f:53:b6:fa:38:
         49:79:bf:eb:d4:47:83:70:86:d4:65:00:c7:b2:2e:b7:3c:01:
         65:e9:29:57:27:ca:17:a2:8b:20:7c:4e:bb:cd:fe:3d:c1:a7:
         2e:66:13:5b:59:83:15:4e:1b:20:1e:94:28:e4:3d:bc:3d:7d:
         b0:7e:af:08:1a:74:3d:3d:20:82:6a:34:b6:48:4f:10:b2:d2:
         93:6b:02:37:f1:5f:1c:f9:7d:f9:ec:f2:68:41:8c:2e:09:e3:
         d1:9f:c4:35
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFAEjudGpSA2ZuOl7zi34vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YWU3ODZlYzNhNmQ4MzkzZTAyM2Q1ZDc1YmU3ZTNmMWRm
OWFiMmUwHhcNMjQwMTAxMTIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzZlMzhjZWNlZTNhZDFlNTNjYTJkYjFlNzEwZTEyZTFiMThiMjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcOT7aDrQUiJVxNpt01W0HcxdGma
dQYmzDdMQOAq65PvLYlvBLeiBkIE6EDbG9Q5OHka+ZHppf97PdtNk9ZNXVIial5T
IA0UekzzkXLOjto4NAPG/apSn3KIA2Fm7zBwK9PDwYJz5ZaskP6OKKG2FBFsAN8L
3zs2VlNOUZ0wrXpwh9vkcQNNHsZATTH+OW2/kl4cYWTi1qDAn3MmbcQBhxafHC4k
mcgwkHCZzvZD+XFFWf3LFT8JKDaQ96isdxDcMm400zLyZ3jpijs1tbdBd8F2Z30b
CDKg0ihvp24RzXDAeqfbTvLaDwmUycpbwiXSHogq/k2ioFMY/rM+BYaVzwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBNuOM7O460eU8otsecQ4S4bGLKZMB8GA1UdIwQY
MBaAFLmueG7Dptg5PgI9XXW+fj8d+asuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWE1NGJzT20yRGstQWoxZGRiNS1QeDM1cXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8xOWM5NDMtOTNjYy00NTk3LWJlYzct
MzMxOGVlNGE1MGE2LzEvRTI0NHpzN2pyUjVUeWkyeDV4RGhMaHNZc3BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8xOWM5NDMtOTNjYy00NTk3LWJlYzctMzMxOGVlNGE1MGE2
LzEvdWE1NGJzT20yRGstQWoxZGRiNS1QeDM1cXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuVg4AwQD
vEFgMA0EAgACMAcDBQAqAmDAMA0GCSqGSIb3DQEBCwUAA4IBAQCZXEnr82ofEp/t
UdQ+fhkmIhB/fp1mc/YaQXdt2wybx59Eu3Co1+LzvAIWHNGiLqfuP+UHYsgNN5Jm
IhoxFDLYESdvMCWDZ7aTHTC534pb8bobM9bsJLO+DUMOn3oe5HhBnznkyTixoUXm
NwYXYDoYAs2gawl3p7AZFybDdUlREdYeN9rOjD+o/E9MVQBMs+oHVD8wa89rOieI
CxSwL1O2+jhJeb/r1EeDcIbUZQDHsi63PAFl6SlXJ8oXoosgfE67zf49wacuZhNb
WYMVThsgHpQo5D28PX2wfq8IGnQ9PSCCajS2SE8QstKTawI38V8c+X357PJoQYwu
CePRn8Q1
-----END CERTIFICATE-----