Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/49aba4-e63d-4e06-8a12-96f216893dec/1/P-tT5oqjxboOzkKoyNJ1oR_qWoQ.roa
File:                     P-tT5oqjxboOzkKoyNJ1oR_qWoQ.roa (raw, json)
Hash identifier:          Ad/29VORhIrbEjl0pLfvRbt1qL128YsmDwI3BwPQdEI=
Subject key identifier:   3F:EB:53:E6:8A:A3:C5:BA:0E:CE:42:A8:C8:D2:75:A1:1F:EA:5A:84
Certificate issuer:       /CN=ef78a6bcc85ec8ade6ecce880ee073d637707965
Certificate serial:       018CC348B437D8B6DD700BAA98723A4209F6
Authority key identifier: EF:78:A6:BC:C8:5E:C8:AD:E6:EC:CE:88:0E:E0:73:D6:37:70:79:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/73imvMheyK3m7M6IDuBz1jdweWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/49aba4-e63d-4e06-8a12-96f216893dec/1/P-tT5oqjxboOzkKoyNJ1oR_qWoQ.roa
Signing time:             Mon 01 Jan 2024 04:29:30 +0000
ROA not before:           Mon 01 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15987
IP address blocks:        194.39.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/49aba4-e63d-4e06-8a12-96f216893dec/1/73imvMheyK3m7M6IDuBz1jdweWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/49aba4-e63d-4e06-8a12-96f216893dec/1/73imvMheyK3m7M6IDuBz1jdweWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/73imvMheyK3m7M6IDuBz1jdweWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b4:37:d8:b6:dd:70:0b:aa:98:72:3a:42:09:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef78a6bcc85ec8ade6ecce880ee073d637707965
        Validity
            Not Before: Jan  1 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3feb53e68aa3c5ba0ece42a8c8d275a11fea5a84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:df:84:a6:fa:ce:bc:57:61:8c:1f:55:95:5b:
                    76:69:3e:f6:4b:51:0b:af:dd:8d:df:eb:3b:f5:41:
                    e2:dd:ee:bb:55:af:e0:1e:db:81:af:5f:7e:19:02:
                    bb:30:ea:f3:5b:19:93:22:34:bd:b3:4e:36:7d:e4:
                    12:3d:34:66:ea:a5:a2:65:0e:53:e4:1b:7d:03:0b:
                    36:1b:da:0e:d0:d8:72:dd:37:83:14:3c:f6:31:6c:
                    a0:28:2b:73:af:a8:4e:65:7d:63:85:bb:fe:27:c1:
                    67:af:62:13:88:a7:43:ca:c7:1a:4e:1c:6a:13:13:
                    62:f3:33:33:97:05:b7:95:e3:6b:60:b4:bd:72:8f:
                    17:1e:e8:8b:40:56:f4:1a:de:84:9d:b8:77:dd:a4:
                    37:c9:61:11:8e:91:bf:b9:c4:50:f7:2a:a3:ba:6f:
                    41:38:9d:2b:09:a6:50:51:ef:0f:b0:65:d3:66:2b:
                    7e:c8:75:7d:39:0c:1d:fa:50:1f:9e:8b:8a:e0:67:
                    d7:0d:2a:ef:69:b6:26:0e:5f:b7:fa:bc:e6:20:9a:
                    68:70:54:65:7f:ae:b3:48:31:3f:73:5b:47:3b:ee:
                    f4:aa:2a:64:fd:d6:18:6d:9d:cf:4b:d8:eb:21:1c:
                    62:e0:d6:9f:b1:14:63:f9:0c:27:3e:9f:8a:4a:e6:
                    71:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:EB:53:E6:8A:A3:C5:BA:0E:CE:42:A8:C8:D2:75:A1:1F:EA:5A:84
            X509v3 Authority Key Identifier:
                keyid:EF:78:A6:BC:C8:5E:C8:AD:E6:EC:CE:88:0E:E0:73:D6:37:70:79:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/73imvMheyK3m7M6IDuBz1jdweWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/49aba4-e63d-4e06-8a12-96f216893dec/1/P-tT5oqjxboOzkKoyNJ1oR_qWoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/49aba4-e63d-4e06-8a12-96f216893dec/1/73imvMheyK3m7M6IDuBz1jdweWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:c5:f8:57:88:34:ff:80:e8:6e:53:2e:38:6a:1f:5a:39:52:
         77:6c:02:43:76:e6:f8:14:35:2e:07:94:d2:64:f4:b9:c3:02:
         39:c9:be:85:92:92:43:36:6f:2a:c7:51:39:92:15:25:c4:86:
         40:bb:56:ca:53:cc:39:70:b8:72:f6:d8:cc:d1:78:17:ff:37:
         9a:40:2d:90:5e:28:51:a4:6f:01:c3:58:ad:7f:e9:ba:25:cf:
         48:5a:27:b0:4e:45:a7:90:76:89:83:7c:ea:1e:9c:30:c2:73:
         18:a9:2a:66:4c:a0:c4:43:b4:a3:48:80:f6:84:6c:d6:52:8f:
         d7:6b:b5:0c:59:8a:7d:96:b0:06:f8:7d:a2:b0:93:6b:0c:6c:
         54:fa:7a:fe:7a:6e:37:64:19:2b:94:3d:b7:10:9c:9f:ec:c0:
         cc:f6:25:f5:39:23:ec:1f:87:76:c0:dd:44:5b:65:48:dd:da:
         4d:59:4d:73:94:44:33:08:e8:b3:70:80:a6:3c:de:fd:40:3c:
         f2:59:4a:99:b8:3a:96:c2:ee:96:ae:fc:93:a4:bb:d4:7e:e0:
         5c:f8:8a:c5:e4:dd:43:1e:d4:19:3f:72:4c:8c:53:1e:84:de:
         03:58:cb:bf:3a:82:3f:d7:63:0e:3f:8f:39:0a:9a:20:dc:5f:
         92:9b:6f:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSLQ32LbdcAuqmHI6Qgn2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNzhhNmJjYzg1ZWM4YWRlNmVjY2U4ODBlZTA3M2Q2Mzc3
MDc5NjUwHhcNMjQwMTAxMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmViNTNlNjhhYTNjNWJhMGVjZTQyYThjOGQyNzVhMTFmZWE1YTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhd+EpvrOvFdhjB9VlVt2aT72S1EL
r92N3+s79UHi3e67Va/gHtuBr19+GQK7MOrzWxmTIjS9s042feQSPTRm6qWiZQ5T
5Bt9Aws2G9oO0Nhy3TeDFDz2MWygKCtzr6hOZX1jhbv+J8Fnr2ITiKdDyscaThxq
ExNi8zMzlwW3leNrYLS9co8XHuiLQFb0Gt6Enbh33aQ3yWERjpG/ucRQ9yqjum9B
OJ0rCaZQUe8PsGXTZit+yHV9OQwd+lAfnouK4GfXDSrvabYmDl+3+rzmIJpocFRl
f66zSDE/c1tHO+70qipk/dYYbZ3PS9jrIRxi4NafsRRj+QwnPp+KSuZx2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/rU+aKo8W6Ds5CqMjSdaEf6lqEMB8GA1UdIwQY
MBaAFO94przIXsit5uzOiA7gc9Y3cHllMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzNpbXZNaGV5SzNtN002SUR1QnoxamR3ZVdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80OWFiYTQtZTYzZC00ZTA2LThhMTIt
OTZmMjE2ODkzZGVjLzEvUC10VDVvcWp4Ym9PemtLb3lOSjFvUl9xV29RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80OWFiYTQtZTYzZC00ZTA2LThhMTItOTZmMjE2ODkzZGVj
LzEvNzNpbXZNaGV5SzNtN002SUR1QnoxamR3ZVdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwie6MA0G
CSqGSIb3DQEBCwUAA4IBAQA3xfhXiDT/gOhuUy44ah9aOVJ3bAJDdub4FDUuB5TS
ZPS5wwI5yb6FkpJDNm8qx1E5khUlxIZAu1bKU8w5cLhy9tjM0XgX/zeaQC2QXihR
pG8Bw1itf+m6Jc9IWiewTkWnkHaJg3zqHpwwwnMYqSpmTKDEQ7SjSID2hGzWUo/X
a7UMWYp9lrAG+H2isJNrDGxU+nr+em43ZBkrlD23EJyf7MDM9iX1OSPsH4d2wN1E
W2VI3dpNWU1zlEQzCOizcICmPN79QDzyWUqZuDqWwu6WrvyTpLvUfuBc+IrF5N1D
HtQZP3JMjFMehN4DWMu/OoI/12MOP485Cpog3F+Sm28M
-----END CERTIFICATE-----