Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/iaDeW4po0sPtq_NDuYp9DTL2p2s.roa
File:                     iaDeW4po0sPtq_NDuYp9DTL2p2s.roa (raw, json)
Hash identifier:          6bCuLG89b67pxl66M0TXK4XDRCK3FIkRQpnwGhQj0Bc=
Subject key identifier:   89:A0:DE:5B:8A:68:D2:C3:ED:AB:F3:43:B9:8A:7D:0D:32:F6:A7:6B
Certificate issuer:       /CN=19b105d148de996036fdf21cb208a338a158ceda
Certificate serial:       018DC0783D5F502C0113166FAC991122C386
Authority key identifier: 19:B1:05:D1:48:DE:99:60:36:FD:F2:1C:B2:08:A3:38:A1:58:CE:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GbEF0UjemWA2_fIcsgijOKFYzto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/iaDeW4po0sPtq_NDuYp9DTL2p2s.roa
Signing time:             Mon 19 Feb 2024 08:25:21 +0000
ROA not before:           Mon 19 Feb 2024 08:25:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203234
IP address blocks:        185.138.240.0/23 maxlen: 23
                          2a07:10c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/GbEF0UjemWA2_fIcsgijOKFYzto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/GbEF0UjemWA2_fIcsgijOKFYzto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GbEF0UjemWA2_fIcsgijOKFYzto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c0:78:3d:5f:50:2c:01:13:16:6f:ac:99:11:22:c3:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19b105d148de996036fdf21cb208a338a158ceda
        Validity
            Not Before: Feb 19 08:25:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89a0de5b8a68d2c3edabf343b98a7d0d32f6a76b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:6e:93:f3:36:28:69:32:2b:06:30:07:44:1f:
                    b9:16:e2:2b:98:f6:c4:1e:38:ef:20:c7:20:6c:9f:
                    bb:f5:5f:2c:29:68:39:0e:a3:c7:b6:39:c9:79:fe:
                    03:3f:e6:ce:4c:79:a7:3a:de:4d:43:fe:dd:ca:de:
                    a8:01:39:49:4a:ac:ca:12:01:7d:c5:2a:ae:a4:51:
                    13:02:2c:ea:16:69:0c:57:c0:83:d6:82:f2:b3:cc:
                    15:3e:1e:fe:54:cb:d6:78:0a:07:2d:37:dd:1a:31:
                    5e:c3:89:d1:a0:d2:38:97:59:04:0b:87:38:4c:fe:
                    45:33:43:d2:33:3b:66:6d:fc:0b:1f:39:71:d7:5c:
                    40:28:09:00:66:b3:e9:db:da:a9:23:b1:a4:45:8e:
                    17:bf:f3:29:dd:95:b9:fa:4b:25:28:a4:44:0f:73:
                    e1:81:98:83:b1:de:14:ac:90:5a:e5:77:c2:23:b5:
                    77:85:c0:10:28:6d:be:ce:5f:77:b8:a7:cc:fa:f5:
                    7f:48:15:0e:dd:43:ac:9c:60:be:28:5d:68:0e:17:
                    3a:13:dd:a7:e6:cf:77:e4:e7:d7:97:09:79:bd:d5:
                    45:f8:d4:ae:75:1f:d7:5a:07:71:d7:c6:97:85:8d:
                    e9:68:39:60:81:75:1d:c6:97:34:e7:56:5f:ef:b6:
                    d8:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A0:DE:5B:8A:68:D2:C3:ED:AB:F3:43:B9:8A:7D:0D:32:F6:A7:6B
            X509v3 Authority Key Identifier:
                keyid:19:B1:05:D1:48:DE:99:60:36:FD:F2:1C:B2:08:A3:38:A1:58:CE:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GbEF0UjemWA2_fIcsgijOKFYzto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/iaDeW4po0sPtq_NDuYp9DTL2p2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/52cb8d-11d4-4f9c-8f92-26e64d78b0c6/1/GbEF0UjemWA2_fIcsgijOKFYzto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.240.0/23
                IPv6:
                  2a07:10c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:25:d1:e0:cc:79:ea:5d:f3:95:3b:a1:78:19:bb:86:e8:21:
         65:39:a5:7e:e9:ff:fb:b5:c8:56:86:38:b8:3d:31:24:74:d2:
         79:d9:f0:d4:2c:59:85:97:64:ee:cf:e9:55:54:d9:35:57:d2:
         9e:14:6f:25:bb:86:2b:cb:de:42:5f:8e:6a:d7:c3:a6:09:60:
         2c:3f:00:dc:91:7b:5d:61:ac:ce:42:b6:10:cf:6b:aa:ac:25:
         8b:25:05:15:a7:a7:ec:4b:49:58:db:fc:3c:60:ee:56:2b:26:
         da:a1:ac:e6:9c:c7:25:06:45:0c:5f:df:45:e7:1c:fe:f8:5c:
         6e:9d:d6:cb:41:8d:bb:98:a9:25:21:60:ae:ab:dc:d3:01:de:
         26:02:af:d6:4a:e7:10:45:06:e7:cf:82:9a:1e:12:31:14:2a:
         7c:ac:16:1c:3a:b2:2f:38:a4:fa:22:4a:0a:97:b7:6b:f0:d8:
         3d:29:bf:79:96:70:46:85:15:4c:8a:c8:e1:ad:34:57:f2:88:
         48:b8:67:34:99:45:e4:ad:ac:a2:00:39:29:d1:76:d3:5c:1c:
         91:e4:62:d1:77:2f:5b:c0:37:8d:cf:53:77:d4:b4:cb:48:ef:
         bf:35:b7:0c:5f:1a:94:76:79:4a:ed:c9:59:31:35:82:3d:09:
         ac:2b:e8:75
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3AeD1fUCwBExZvrJkRIsOGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YjEwNWQxNDhkZTk5NjAzNmZkZjIxY2IyMDhhMzM4YTE1
OGNlZGEwHhcNMjQwMjE5MDgyNTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWEwZGU1YjhhNjhkMmMzZWRhYmYzNDNiOThhN2QwZDMyZjZhNzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA126T8zYoaTIrBjAHRB+5FuIrmPbE
HjjvIMcgbJ+79V8sKWg5DqPHtjnJef4DP+bOTHmnOt5NQ/7dyt6oATlJSqzKEgF9
xSqupFETAizqFmkMV8CD1oLys8wVPh7+VMvWeAoHLTfdGjFew4nRoNI4l1kEC4c4
TP5FM0PSMztmbfwLHzlx11xAKAkAZrPp29qpI7GkRY4Xv/Mp3ZW5+kslKKRED3Ph
gZiDsd4UrJBa5XfCI7V3hcAQKG2+zl93uKfM+vV/SBUO3UOsnGC+KF1oDhc6E92n
5s935OfXlwl5vdVF+NSudR/XWgdx18aXhY3paDlggXUdxpc051Zf77bY8QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFImg3luKaNLD7avzQ7mKfQ0y9qdrMB8GA1UdIwQY
MBaAFBmxBdFI3plgNv3yHLIIozihWM7aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2JFRjBVamVtV0EyX2ZJY3NnaWpPS0ZZenRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi81MmNiOGQtMTFkNC00ZjljLThmOTIt
MjZlNjRkNzhiMGM2LzEvaWFEZVc0cG8wc1B0cV9ORHVZcDlEVEwycDJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi81MmNiOGQtMTFkNC00ZjljLThmOTItMjZlNjRkNzhiMGM2
LzEvR2JFRjBVamVtV0EyX2ZJY3NnaWpPS0ZZenRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuYrwMA8E
AgACMAkDBwAqBxDAAAAwDQYJKoZIhvcNAQELBQADggEBAKwl0eDMeepd85U7oXgZ
u4boIWU5pX7p//u1yFaGOLg9MSR00nnZ8NQsWYWXZO7P6VVU2TVX0p4UbyW7hivL
3kJfjmrXw6YJYCw/ANyRe11hrM5CthDPa6qsJYslBRWnp+xLSVjb/Dxg7lYrJtqh
rOacxyUGRQxf30XnHP74XG6d1stBjbuYqSUhYK6r3NMB3iYCr9ZK5xBFBufPgpoe
EjEUKnysFhw6si84pPoiSgqXt2vw2D0pv3mWcEaFFUyKyOGtNFfyiEi4ZzSZReSt
rKIAOSnRdtNcHJHkYtF3L1vAN43PU3fUtMtI7781twxfGpR2eUrtyVkxNYI9Cawr
6HU=
-----END CERTIFICATE-----