Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/P5rGqzmh21na75yPc6OiqdpXpMU.roa
File:                     P5rGqzmh21na75yPc6OiqdpXpMU.roa (raw, json)
Hash identifier:          QAj4jlbXmOzOdVejiLbgooiBYvjgHoWNV4qu3UwsxJk=
Subject key identifier:   3F:9A:C6:AB:39:A1:DB:59:DA:EF:9C:8F:73:A3:A2:A9:DA:57:A4:C5
Certificate issuer:       /CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
Certificate serial:       018CCA2A9F1595D7F118EF68290F7DCB023B
Authority key identifier: 5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/P5rGqzmh21na75yPc6OiqdpXpMU.roa
Signing time:             Tue 02 Jan 2024 12:33:59 +0000
ROA not before:           Tue 02 Jan 2024 12:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202268
IP address blocks:        185.126.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:9f:15:95:d7:f1:18:ef:68:29:0f:7d:cb:02:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da432a4ec3b0ac4ca4e4ecec0e9f4d46b497af0
        Validity
            Not Before: Jan  2 12:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f9ac6ab39a1db59daef9c8f73a3a2a9da57a4c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9a:3b:0d:72:c4:ed:a8:05:ad:15:a6:ac:87:
                    36:87:e1:f3:01:96:23:8b:91:fd:ee:7b:c8:c5:dc:
                    dd:49:c1:74:9d:81:f9:5c:54:f0:77:e1:8f:9b:06:
                    ce:27:da:b6:b4:98:8b:eb:92:6f:9e:af:12:a4:ff:
                    2c:7f:a9:36:fc:02:07:63:75:5c:e0:d3:b6:84:25:
                    2a:9a:f2:e2:25:58:14:a8:25:91:9e:af:df:b8:6c:
                    79:91:15:b3:cf:4b:86:7b:4e:67:f3:e9:e7:1e:09:
                    70:e1:e5:55:51:8e:23:55:37:f6:2a:3a:4a:79:aa:
                    c6:68:22:6f:a9:83:9e:b6:02:d1:fe:c6:60:87:d2:
                    ac:f6:91:db:de:68:f9:8d:7f:ef:35:39:95:f5:05:
                    16:39:55:c5:c2:ec:cb:01:ba:5d:30:57:c8:e3:73:
                    e4:05:f5:b0:9b:08:45:4a:0e:5d:30:7d:12:cc:85:
                    3f:ff:8e:e7:aa:88:45:33:4c:07:f8:c4:3c:aa:80:
                    67:37:58:9a:57:28:26:06:58:3d:ef:ef:b0:2a:31:
                    81:99:99:d4:96:4c:e9:df:10:b3:d3:52:89:20:cd:
                    44:ef:52:9f:20:fc:a6:ca:f3:d7:2f:95:13:52:72:
                    38:13:47:a8:25:76:93:a8:24:97:68:cd:d8:fe:37:
                    81:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:9A:C6:AB:39:A1:DB:59:DA:EF:9C:8F:73:A3:A2:A9:DA:57:A4:C5
            X509v3 Authority Key Identifier:
                keyid:5D:A4:32:A4:EC:3B:0A:C4:CA:4E:4E:CE:C0:E9:F4:D4:6B:49:7A:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaQypOw7CsTKTk7OwOn01GtJevA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/P5rGqzmh21na75yPc6OiqdpXpMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9e847f-4146-4566-8c3e-1ba543eeaed7/1/XaQypOw7CsTKTk7OwOn01GtJevA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:67:bd:ef:6f:2d:fa:0c:02:89:8d:d5:2a:fa:8f:f2:f1:92:
         ed:8b:f8:b0:dd:c7:5e:64:55:41:5c:c0:74:8e:74:9a:7f:8b:
         0d:4d:a7:95:a5:b3:11:0f:bd:d3:5d:dc:14:02:20:0b:6f:f5:
         94:c0:d0:87:d3:0e:68:4e:56:14:67:dd:26:2f:ca:4c:49:e1:
         ac:d8:3f:0e:db:39:2e:ea:a7:ac:6b:81:34:04:00:82:56:0c:
         e0:37:70:e9:82:bc:81:46:61:f9:82:dc:45:43:18:e6:e8:c3:
         62:b5:7f:28:60:e9:9e:ee:34:1b:12:ae:49:c7:d3:c9:6f:72:
         f8:d1:20:7a:b5:2a:d4:35:84:1f:7b:9e:57:ad:07:04:39:6e:
         ce:77:b3:66:16:3e:42:cf:0c:c0:df:33:9a:c3:3d:36:a4:39:
         f2:5a:30:b0:d9:3d:f9:8d:02:4e:d8:8b:a1:b1:19:b6:d5:96:
         1d:f8:7a:4e:5a:f6:c3:46:cd:85:db:d1:8b:19:91:43:e6:cf:
         c0:c5:a8:c8:ea:82:0b:aa:39:c1:e8:e0:83:79:4a:f2:86:0e:
         2c:e7:40:86:d4:d9:db:49:ea:1b:c7:e4:08:2f:9e:51:ec:cf:
         26:f8:e1:82:e1:1f:26:8e:e7:f3:4e:1a:74:f4:7a:aa:11:be:
         dc:51:ca:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKp8VldfxGO9oKQ99ywI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTQzMmE0ZWMzYjBhYzRjYTRlNGVjZWMwZTlmNGQ0NmI0
OTdhZjAwHhcNMjQwMTAyMTIzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjlhYzZhYjM5YTFkYjU5ZGFlZjljOGY3M2EzYTJhOWRhNTdhNGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZo7DXLE7agFrRWmrIc2h+HzAZYj
i5H97nvIxdzdScF0nYH5XFTwd+GPmwbOJ9q2tJiL65Jvnq8SpP8sf6k2/AIHY3Vc
4NO2hCUqmvLiJVgUqCWRnq/fuGx5kRWzz0uGe05n8+nnHglw4eVVUY4jVTf2KjpK
earGaCJvqYOetgLR/sZgh9Ks9pHb3mj5jX/vNTmV9QUWOVXFwuzLAbpdMFfI43Pk
BfWwmwhFSg5dMH0SzIU//47nqohFM0wH+MQ8qoBnN1iaVygmBlg97++wKjGBmZnU
lkzp3xCz01KJIM1E71KfIPymyvPXL5UTUnI4E0eoJXaTqCSXaM3Y/jeBQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+axqs5odtZ2u+cj3OjoqnaV6TFMB8GA1UdIwQY
MBaAFF2kMqTsOwrEyk5OzsDp9NRrSXrwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2Ut
MWJhNTQzZWVhZWQ3LzEvUDVyR3F6bWgyMW5hNzV5UGM2T2lxZHBYcE1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85ZTg0N2YtNDE0Ni00NTY2LThjM2UtMWJhNTQzZWVhZWQ3
LzEvWGFReXBPdzdDc1RLVGs3T3dPbjAxR3RKZXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX5cMA0G
CSqGSIb3DQEBCwUAA4IBAQCaZ73vby36DAKJjdUq+o/y8ZLti/iw3cdeZFVBXMB0
jnSaf4sNTaeVpbMRD73TXdwUAiALb/WUwNCH0w5oTlYUZ90mL8pMSeGs2D8O2zku
6qesa4E0BACCVgzgN3DpgryBRmH5gtxFQxjm6MNitX8oYOme7jQbEq5Jx9PJb3L4
0SB6tSrUNYQfe55XrQcEOW7Od7NmFj5CzwzA3zOawz02pDnyWjCw2T35jQJO2Iuh
sRm21ZYd+HpOWvbDRs2F29GLGZFD5s/AxajI6oILqjnB6OCDeUryhg4s50CG1Nnb
Seobx+QIL55R7M8m+OGC4R8mjufzThp09HqqEb7cUcrv
-----END CERTIFICATE-----