Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/227afa-ddec-4644-982a-58faa27e5549/1/z02Fj6CW6NDREHnyjyBt-x0NhCI.roa
File:                     z02Fj6CW6NDREHnyjyBt-x0NhCI.roa (raw, json)
Hash identifier:          lPmEdQSjheP6yfmUhzyKemmUJ/+FUJbuuM+WSGprOVM=
Subject key identifier:   CF:4D:85:8F:A0:96:E8:D0:D1:10:79:F2:8F:20:6D:FB:1D:0D:84:22
Certificate issuer:       /CN=b14aaa9b084864f44bae18ba076b26067754fb62
Certificate serial:       018CCA2B16A19DB83C3E076C5F8A7A5A21D7
Authority key identifier: B1:4A:AA:9B:08:48:64:F4:4B:AE:18:BA:07:6B:26:06:77:54:FB:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sUqqmwhIZPRLrhi6B2smBndU-2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/227afa-ddec-4644-982a-58faa27e5549/1/z02Fj6CW6NDREHnyjyBt-x0NhCI.roa
Signing time:             Tue 02 Jan 2024 12:34:30 +0000
ROA not before:           Tue 02 Jan 2024 12:34:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51985
IP address blocks:        5.39.232.0/21 maxlen: 21
                          185.26.248.0/22 maxlen: 22
                          46.17.80.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/227afa-ddec-4644-982a-58faa27e5549/1/sUqqmwhIZPRLrhi6B2smBndU-2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/227afa-ddec-4644-982a-58faa27e5549/1/sUqqmwhIZPRLrhi6B2smBndU-2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sUqqmwhIZPRLrhi6B2smBndU-2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:16:a1:9d:b8:3c:3e:07:6c:5f:8a:7a:5a:21:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b14aaa9b084864f44bae18ba076b26067754fb62
        Validity
            Not Before: Jan  2 12:34:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf4d858fa096e8d0d11079f28f206dfb1d0d8422
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:57:dd:87:16:0b:8b:65:8f:1e:17:f6:68:7e:
                    7c:92:d3:18:a2:78:23:e7:db:88:a7:90:15:27:e8:
                    c5:fa:b8:c2:af:5d:d7:ca:0b:d4:ec:20:b2:f5:7c:
                    ac:14:8e:df:f7:ef:d7:a1:69:15:30:f7:ff:89:64:
                    86:9a:29:d9:b8:94:a2:54:a2:9c:62:b9:a5:d6:32:
                    d0:a7:ac:b8:f0:1c:61:2b:f3:b4:1e:8b:38:5a:1e:
                    e7:28:36:12:ef:a5:2c:77:49:36:ca:1a:49:47:c7:
                    91:63:86:89:b7:1f:34:13:a4:9a:ac:e6:54:93:fd:
                    32:74:a4:c0:30:de:7d:6a:4f:64:0b:39:42:25:95:
                    a8:75:7b:36:2b:cc:46:87:24:aa:02:11:aa:61:19:
                    36:2a:f0:c4:d9:f0:cc:6b:6e:84:e7:69:0f:26:22:
                    35:2e:9b:15:bd:66:6a:48:34:c8:eb:a9:5a:2f:7b:
                    b2:fc:fc:ea:ca:d0:38:d1:be:af:35:0f:14:5f:ff:
                    fd:5c:82:76:15:85:b7:8d:d4:6c:3a:7c:e3:d2:41:
                    31:bd:9c:16:8a:e9:2e:53:97:ed:87:89:d5:7b:2d:
                    67:31:d4:00:7f:cb:42:05:d4:e0:a0:83:b9:e1:7f:
                    0b:35:3b:58:5b:f4:eb:c9:e4:29:94:45:4d:80:9b:
                    a0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:4D:85:8F:A0:96:E8:D0:D1:10:79:F2:8F:20:6D:FB:1D:0D:84:22
            X509v3 Authority Key Identifier:
                keyid:B1:4A:AA:9B:08:48:64:F4:4B:AE:18:BA:07:6B:26:06:77:54:FB:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUqqmwhIZPRLrhi6B2smBndU-2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/227afa-ddec-4644-982a-58faa27e5549/1/z02Fj6CW6NDREHnyjyBt-x0NhCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/227afa-ddec-4644-982a-58faa27e5549/1/sUqqmwhIZPRLrhi6B2smBndU-2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.232.0/21
                  46.17.80.0/21
                  185.26.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:65:21:d1:d3:d2:d2:2c:04:9e:68:ca:77:61:03:cb:e4:55:
         2c:ea:8b:97:04:38:06:16:1d:55:f1:8f:8c:19:ff:3d:f0:6a:
         03:1c:0b:61:66:dd:e1:7c:67:35:1f:54:47:8a:e6:f0:68:95:
         12:14:01:5b:3d:29:80:71:68:9c:7b:ed:4c:25:25:4b:8e:90:
         9e:29:aa:1c:9a:e0:be:54:24:60:02:60:f9:de:0c:b9:01:83:
         64:65:e5:9b:af:d9:f1:b4:1f:84:67:83:8d:bd:79:fc:e0:fd:
         df:60:88:75:7b:25:17:cd:c1:64:32:12:1d:a5:db:d7:14:b0:
         c0:c6:e2:10:5f:28:8e:01:58:5d:72:f6:a0:c3:02:94:f9:10:
         22:ae:1e:ee:cc:f4:da:29:b0:9c:51:31:e5:61:57:41:f7:d9:
         cb:ea:1f:e3:89:43:41:db:c1:31:5d:48:d9:4d:37:4f:9e:94:
         ec:11:43:99:13:51:93:f2:61:0f:c7:c3:7f:d3:f5:db:d4:fe:
         cf:31:33:b4:24:ea:4e:7a:e3:e1:32:70:3f:12:f9:6a:ac:de:
         3d:d4:47:e1:5f:18:99:55:87:0e:c0:96:c9:a6:96:9a:02:61:
         d4:11:26:8e:26:70:17:b0:b9:83:9b:c3:9f:ca:b1:bf:b8:92:
         86:02:75:65
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKxahnbg8PgdsX4p6WiHXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNGFhYTliMDg0ODY0ZjQ0YmFlMThiYTA3NmIyNjA2Nzc1
NGZiNjIwHhcNMjQwMTAyMTIzNDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjRkODU4ZmEwOTZlOGQwZDExMDc5ZjI4ZjIwNmRmYjFkMGQ4NDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlfdhxYLi2WPHhf2aH58ktMYongj
59uIp5AVJ+jF+rjCr13XygvU7CCy9XysFI7f9+/XoWkVMPf/iWSGminZuJSiVKKc
Yrml1jLQp6y48BxhK/O0Hos4Wh7nKDYS76Usd0k2yhpJR8eRY4aJtx80E6SarOZU
k/0ydKTAMN59ak9kCzlCJZWodXs2K8xGhySqAhGqYRk2KvDE2fDMa26E52kPJiI1
LpsVvWZqSDTI66laL3uy/PzqytA40b6vNQ8UX//9XIJ2FYW3jdRsOnzj0kExvZwW
iukuU5fth4nVey1nMdQAf8tCBdTgoIO54X8LNTtYW/TryeQplEVNgJugOwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM9NhY+glujQ0RB58o8gbfsdDYQiMB8GA1UdIwQY
MBaAFLFKqpsISGT0S64YugdrJgZ3VPtiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VxcW13aElaUFJMcmhpNkIyc21CbmRVLTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8yMjdhZmEtZGRlYy00NjQ0LTk4MmEt
NThmYWEyN2U1NTQ5LzEvejAyRmo2Q1c2TkRSRUhueWp5QnQteDBOaENJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8yMjdhZmEtZGRlYy00NjQ0LTk4MmEtNThmYWEyN2U1NTQ5
LzEvc1VxcW13aElaUFJMcmhpNkIyc21CbmRVLTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDBSfoAwQD
LhFQAwQCuRr4MA0GCSqGSIb3DQEBCwUAA4IBAQCWZSHR09LSLASeaMp3YQPL5FUs
6ouXBDgGFh1V8Y+MGf898GoDHAthZt3hfGc1H1RHiubwaJUSFAFbPSmAcWice+1M
JSVLjpCeKaocmuC+VCRgAmD53gy5AYNkZeWbr9nxtB+EZ4ONvXn84P3fYIh1eyUX
zcFkMhIdpdvXFLDAxuIQXyiOAVhdcvagwwKU+RAirh7uzPTaKbCcUTHlYVdB99nL
6h/jiUNB28ExXUjZTTdPnpTsEUOZE1GT8mEPx8N/0/Xb1P7PMTO0JOpOeuPhMnA/
EvlqrN491EfhXxiZVYcOwJbJppaaAmHUESaOJnAXsLmDm8OfyrG/uJKGAnVl
-----END CERTIFICATE-----