Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5fd72f-ef77-4537-89e9-9fbd963a513c/1/PMVrLLThNvOJf3pGEEJwNdussEI.roa
File:                     PMVrLLThNvOJf3pGEEJwNdussEI.roa (raw, json)
Hash identifier:          gIVyLd52K+lj7L18c2DTDzSpuYvSYlOKIy2U9bOjQ3g=
Subject key identifier:   3C:C5:6B:2C:B4:E1:36:F3:89:7F:7A:46:10:42:70:35:DB:AC:B0:42
Certificate issuer:       /CN=b039ab8298fa363ae837e530028969cc5cbf104e
Certificate serial:       0190EE2FBE457F518FBD28C11BE992CFFD24
Authority key identifier: B0:39:AB:82:98:FA:36:3A:E8:37:E5:30:02:89:69:CC:5C:BF:10:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sDmrgpj6NjroN-UwAolpzFy_EE4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/5fd72f-ef77-4537-89e9-9fbd963a513c/1/PMVrLLThNvOJf3pGEEJwNdussEI.roa
Signing time:             Fri 26 Jul 2024 08:37:04 +0000
ROA not before:           Fri 26 Jul 2024 08:37:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214865
IP address blocks:        62.169.139.0/24 maxlen: 24
                          2a14:5140::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/5fd72f-ef77-4537-89e9-9fbd963a513c/1/sDmrgpj6NjroN-UwAolpzFy_EE4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/5fd72f-ef77-4537-89e9-9fbd963a513c/1/sDmrgpj6NjroN-UwAolpzFy_EE4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sDmrgpj6NjroN-UwAolpzFy_EE4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 17:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ee:2f:be:45:7f:51:8f:bd:28:c1:1b:e9:92:cf:fd:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b039ab8298fa363ae837e530028969cc5cbf104e
        Validity
            Not Before: Jul 26 08:37:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cc56b2cb4e136f3897f7a4610427035dbacb042
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4c:f9:3e:74:77:cb:23:36:9a:8b:b4:d5:fc:
                    3e:25:16:92:f7:f2:87:e7:14:9b:39:a3:ae:55:3b:
                    3b:95:92:7a:5e:3f:15:1a:e4:95:5c:9f:69:c3:22:
                    e6:e0:8a:6f:ac:68:fa:78:e6:ef:37:83:51:ba:1e:
                    9e:c6:7d:b8:e2:27:34:cf:03:0c:5a:5f:95:13:72:
                    b3:b2:3b:c7:d7:02:a7:40:1c:01:24:15:0f:11:ef:
                    0d:b7:05:43:b0:89:3a:4a:0a:d1:f6:fb:0f:b1:0b:
                    49:b2:ce:b1:14:15:4e:a9:33:31:da:d0:fa:39:5a:
                    8a:7c:2c:b7:39:5a:c6:fa:4e:7e:72:dd:15:6d:f3:
                    19:df:62:13:5b:8b:35:2a:17:0a:46:13:f4:b2:0c:
                    09:68:1b:7b:ad:4e:38:da:7b:96:89:2b:b3:4c:02:
                    d2:e3:8c:c8:a1:e6:b3:06:43:92:0e:91:57:15:9c:
                    76:47:53:f5:27:96:0c:b6:8b:3d:58:f9:a0:64:a4:
                    55:c0:26:61:38:bc:99:61:d5:4e:66:98:96:cb:b9:
                    27:4c:5f:7f:68:4f:40:66:f8:28:58:0b:eb:9a:83:
                    26:af:d4:21:d4:1d:a4:b1:a7:60:ff:8b:60:10:44:
                    00:57:84:eb:13:4d:79:f4:4f:45:05:69:7e:95:ba:
                    55:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:C5:6B:2C:B4:E1:36:F3:89:7F:7A:46:10:42:70:35:DB:AC:B0:42
            X509v3 Authority Key Identifier:
                keyid:B0:39:AB:82:98:FA:36:3A:E8:37:E5:30:02:89:69:CC:5C:BF:10:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sDmrgpj6NjroN-UwAolpzFy_EE4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5fd72f-ef77-4537-89e9-9fbd963a513c/1/PMVrLLThNvOJf3pGEEJwNdussEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5fd72f-ef77-4537-89e9-9fbd963a513c/1/sDmrgpj6NjroN-UwAolpzFy_EE4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.139.0/24
                IPv6:
                  2a14:5140::/32

    Signature Algorithm: sha256WithRSAEncryption
         a7:39:19:40:68:29:2e:18:23:52:33:fe:77:0c:5d:9e:1e:4e:
         b0:f2:91:59:24:10:f8:0c:39:48:6b:55:79:b9:02:e9:d1:63:
         1e:a8:47:e0:40:a4:a9:35:9b:08:b6:2b:af:11:7f:93:80:17:
         91:1b:cf:5c:35:33:a6:4c:3b:ee:f7:4b:05:d6:e2:00:5b:de:
         cf:c4:b8:8d:6a:4e:a5:3a:3c:69:d2:06:dd:55:2b:e9:4f:a7:
         69:d4:a5:43:4e:c1:87:3e:7f:63:dd:36:b8:60:fa:25:86:fe:
         e9:64:89:68:c9:4e:c8:ea:f8:33:b0:99:46:c3:a2:6a:b5:6f:
         3b:91:b6:a8:a0:7b:e2:14:1a:57:2c:2b:e0:9b:13:fa:c7:30:
         db:ea:0b:43:ef:87:36:a7:af:1d:e2:6d:ec:e7:96:a7:44:d7:
         ac:ae:08:26:ea:88:b0:cd:43:29:c5:0e:6f:9b:72:e0:0f:18:
         d5:26:a2:49:05:fb:af:f3:f6:55:56:00:93:60:55:bf:b5:b4:
         b0:bc:a3:74:2d:23:8c:25:64:a3:3a:c7:37:07:e5:91:c4:2c:
         71:40:ad:93:48:2b:23:f1:0f:8c:04:91:59:82:d9:fc:bc:63:
         01:c5:47:02:03:2e:19:53:1b:3d:54:62:c4:db:e3:29:f9:77:
         5d:11:fc:02
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZDuL75Ff1GPvSjBG+mSz/0kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMzlhYjgyOThmYTM2M2FlODM3ZTUzMDAyODk2OWNjNWNi
ZjEwNGUwHhcNMjQwNzI2MDgzNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2M1NmIyY2I0ZTEzNmYzODk3ZjdhNDYxMDQyNzAzNWRiYWNiMDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0z5PnR3yyM2mou01fw+JRaS9/KH
5xSbOaOuVTs7lZJ6Xj8VGuSVXJ9pwyLm4IpvrGj6eObvN4NRuh6exn244ic0zwMM
Wl+VE3KzsjvH1wKnQBwBJBUPEe8NtwVDsIk6SgrR9vsPsQtJss6xFBVOqTMx2tD6
OVqKfCy3OVrG+k5+ct0VbfMZ32ITW4s1KhcKRhP0sgwJaBt7rU442nuWiSuzTALS
44zIoeazBkOSDpFXFZx2R1P1J5YMtos9WPmgZKRVwCZhOLyZYdVOZpiWy7knTF9/
aE9AZvgoWAvrmoMmr9Qh1B2ksadg/4tgEEQAV4TrE0159E9FBWl+lbpVbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDzFayy04TbziX96RhBCcDXbrLBCMB8GA1UdIwQY
MBaAFLA5q4KY+jY66DflMAKJacxcvxBOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0RtcmdwajZOanJvTi1Vd0FvbHB6RnlfRUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81ZmQ3MmYtZWY3Ny00NTM3LTg5ZTkt
OWZiZDk2M2E1MTNjLzEvUE1WckxMVGhOdk9KZjNwR0VFSndOZHVzc0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81ZmQ3MmYtZWY3Ny00NTM3LTg5ZTktOWZiZDk2M2E1MTNj
LzEvc0RtcmdwajZOanJvTi1Vd0FvbHB6RnlfRUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAPqmLMA0E
AgACMAcDBQAqFFFAMA0GCSqGSIb3DQEBCwUAA4IBAQCnORlAaCkuGCNSM/53DF2e
Hk6w8pFZJBD4DDlIa1V5uQLp0WMeqEfgQKSpNZsItiuvEX+TgBeRG89cNTOmTDvu
90sF1uIAW97PxLiNak6lOjxp0gbdVSvpT6dp1KVDTsGHPn9j3Ta4YPolhv7pZIlo
yU7I6vgzsJlGw6JqtW87kbaooHviFBpXLCvgmxP6xzDb6gtD74c2p68d4m3s55an
RNesrggm6oiwzUMpxQ5vm3LgDxjVJqJJBfuv8/ZVVgCTYFW/tbSwvKN0LSOMJWSj
Osc3B+WRxCxxQK2TSCsj8Q+MBJFZgtn8vGMBxUcCAy4ZUxs9VGLE2+Mp+XddEfwC
-----END CERTIFICATE-----