Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/227afa-ddec-4644-982a-58faa27e5549/1/D45rX9vD8zZcYh-ohYRy1y4Wbyg.roa
File:                     D45rX9vD8zZcYh-ohYRy1y4Wbyg.roa (raw, json)
Hash identifier:          oAr1b1gS4pPEpu05ZUoGMaZFMoL8d1EUH+0PXJXYmzY=
Subject key identifier:   0F:8E:6B:5F:DB:C3:F3:36:5C:62:1F:A8:85:84:72:D7:2E:16:6F:28
Certificate issuer:       /CN=b14aaa9b084864f44bae18ba076b26067754fb62
Certificate serial:       018CCA2B170AEC40661C126464F3323D5C71
Authority key identifier: B1:4A:AA:9B:08:48:64:F4:4B:AE:18:BA:07:6B:26:06:77:54:FB:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sUqqmwhIZPRLrhi6B2smBndU-2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/227afa-ddec-4644-982a-58faa27e5549/1/D45rX9vD8zZcYh-ohYRy1y4Wbyg.roa
Signing time:             Tue 02 Jan 2024 12:34:30 +0000
ROA not before:           Tue 02 Jan 2024 12:34:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60641
IP address blocks:        5.39.233.0/24 maxlen: 24
                          5.39.236.0/24 maxlen: 24
                          5.39.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/227afa-ddec-4644-982a-58faa27e5549/1/sUqqmwhIZPRLrhi6B2smBndU-2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/227afa-ddec-4644-982a-58faa27e5549/1/sUqqmwhIZPRLrhi6B2smBndU-2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sUqqmwhIZPRLrhi6B2smBndU-2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:17:0a:ec:40:66:1c:12:64:64:f3:32:3d:5c:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b14aaa9b084864f44bae18ba076b26067754fb62
        Validity
            Not Before: Jan  2 12:34:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f8e6b5fdbc3f3365c621fa8858472d72e166f28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:07:00:4e:51:73:9f:e8:03:86:62:4b:8f:a8:
                    73:d5:58:b8:b2:c5:52:f2:f6:ff:17:ef:8c:19:95:
                    d9:e0:fb:37:7a:4e:f5:49:a1:89:a4:c6:0f:01:4d:
                    9d:74:95:ec:71:f8:3c:52:e9:f0:7b:2e:7e:58:3b:
                    c9:af:76:e9:8e:b6:c0:08:a5:00:2d:8d:f7:30:fd:
                    ca:40:92:3f:ab:b1:da:5d:46:dc:13:c3:43:63:26:
                    c5:56:b2:ef:3f:51:c5:79:e1:3f:cc:1e:a9:3c:15:
                    1e:42:53:6e:93:d1:aa:0f:9d:38:33:e5:17:b6:1a:
                    36:8c:a8:82:87:3d:31:60:7c:15:56:a0:7d:4b:e1:
                    2f:94:ac:82:9b:e7:fc:f2:14:f0:db:30:e4:d0:7e:
                    cd:24:b5:27:49:b2:13:76:82:db:dd:07:6b:6c:77:
                    7b:e6:26:e2:8e:f0:13:2c:38:a5:97:d8:32:06:70:
                    77:db:6c:26:79:88:bc:a9:e7:4f:89:f0:81:c9:56:
                    f3:99:d0:71:a8:18:6c:80:ba:80:ea:bd:a5:25:84:
                    a7:1d:1d:d7:75:28:94:91:98:98:da:c4:72:7c:13:
                    87:08:d3:84:a2:0b:8e:5f:60:46:d6:43:af:7f:0a:
                    02:73:31:de:84:fe:0c:5a:b3:69:f5:b4:8a:f4:a9:
                    41:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:8E:6B:5F:DB:C3:F3:36:5C:62:1F:A8:85:84:72:D7:2E:16:6F:28
            X509v3 Authority Key Identifier:
                keyid:B1:4A:AA:9B:08:48:64:F4:4B:AE:18:BA:07:6B:26:06:77:54:FB:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUqqmwhIZPRLrhi6B2smBndU-2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/227afa-ddec-4644-982a-58faa27e5549/1/D45rX9vD8zZcYh-ohYRy1y4Wbyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/227afa-ddec-4644-982a-58faa27e5549/1/sUqqmwhIZPRLrhi6B2smBndU-2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.233.0-5.39.234.255
                  5.39.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:86:d3:78:4b:72:02:4b:21:0c:4b:d3:33:44:da:7c:0e:0f:
         8c:51:9a:20:a0:93:60:ca:f5:e4:82:0d:d1:7c:09:d5:06:41:
         58:ba:42:f2:c7:4d:80:33:eb:0d:8c:83:d6:77:14:e0:7b:2a:
         51:50:6e:45:c2:e6:c5:84:2e:11:ed:c8:6c:5f:32:9c:b2:13:
         ec:90:e6:d1:47:87:8f:27:bc:dc:bc:a2:d1:93:1e:14:cd:15:
         3c:a2:f6:25:fa:05:6e:a5:b9:48:2a:e3:5f:62:20:a4:8c:88:
         43:d4:d8:a1:7d:be:95:6c:31:31:c6:dd:80:77:e9:da:75:e2:
         db:7c:32:09:1d:06:05:29:6c:71:7c:4c:92:86:09:df:14:01:
         ba:ca:48:cf:08:53:0b:18:3c:1c:c9:34:20:f3:e3:8d:e6:72:
         bb:c9:b7:11:24:ac:94:ba:41:db:e2:bc:fc:77:66:15:86:dd:
         e5:49:48:11:9f:96:d8:4e:83:f2:ae:36:c9:cf:91:3d:6d:f2:
         bd:8d:5d:99:d7:08:89:ef:71:1d:68:b5:3b:27:b4:b4:d0:21:
         f9:52:87:26:09:ad:df:fe:62:94:b5:ee:aa:31:fe:2a:33:9d:
         bd:7f:83:5b:d1:de:f2:75:3f:be:89:26:95:07:73:35:84:ab:
         a0:f0:10:92
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzKKxcK7EBmHBJkZPMyPVxxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNGFhYTliMDg0ODY0ZjQ0YmFlMThiYTA3NmIyNjA2Nzc1
NGZiNjIwHhcNMjQwMTAyMTIzNDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjhlNmI1ZmRiYzNmMzM2NWM2MjFmYTg4NTg0NzJkNzJlMTY2ZjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwcATlFzn+gDhmJLj6hz1Vi4ssVS
8vb/F++MGZXZ4Ps3ek71SaGJpMYPAU2ddJXscfg8Uunwey5+WDvJr3bpjrbACKUA
LY33MP3KQJI/q7HaXUbcE8NDYybFVrLvP1HFeeE/zB6pPBUeQlNuk9GqD504M+UX
tho2jKiChz0xYHwVVqB9S+EvlKyCm+f88hTw2zDk0H7NJLUnSbITdoLb3QdrbHd7
5ibijvATLDill9gyBnB322wmeYi8qedPifCByVbzmdBxqBhsgLqA6r2lJYSnHR3X
dSiUkZiY2sRyfBOHCNOEoguOX2BG1kOvfwoCczHehP4MWrNp9bSK9KlBIwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFA+Oa1/bw/M2XGIfqIWEctcuFm8oMB8GA1UdIwQY
MBaAFLFKqpsISGT0S64YugdrJgZ3VPtiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VxcW13aElaUFJMcmhpNkIyc21CbmRVLTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8yMjdhZmEtZGRlYy00NjQ0LTk4MmEt
NThmYWEyN2U1NTQ5LzEvRDQ1clg5dkQ4elpjWWgtb2hZUnkxeTRXYnlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8yMjdhZmEtZGRlYy00NjQ0LTk4MmEtNThmYWEyN2U1NTQ5
LzEvc1VxcW13aElaUFJMcmhpNkIyc21CbmRVLTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAFJ+kD
BAAFJ+oDBAAFJ+wwDQYJKoZIhvcNAQELBQADggEBAFaG03hLcgJLIQxL0zNE2nwO
D4xRmiCgk2DK9eSCDdF8CdUGQVi6QvLHTYAz6w2Mg9Z3FOB7KlFQbkXC5sWELhHt
yGxfMpyyE+yQ5tFHh48nvNy8otGTHhTNFTyi9iX6BW6luUgq419iIKSMiEPU2KF9
vpVsMTHG3YB36dp14tt8MgkdBgUpbHF8TJKGCd8UAbrKSM8IUwsYPBzJNCDz443m
crvJtxEkrJS6QdvivPx3ZhWG3eVJSBGflthOg/KuNsnPkT1t8r2NXZnXCInvcR1o
tTsntLTQIflShyYJrd/+YpS17qox/ioznb1/g1vR3vJ1P76JJpUHczWEq6DwEJI=
-----END CERTIFICATE-----