Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/f22743-1898-47e5-96e2-f797e1f544d9/1/5lUiCqjOU4-nzRGoDe_zWkVGqyY.roa
File:                     5lUiCqjOU4-nzRGoDe_zWkVGqyY.roa (raw, json)
Hash identifier:          T+9xcObiJuVxSKffdgOFuJAmEYTEnWftkhqbyCwTwo8=
Subject key identifier:   E6:55:22:0A:A8:CE:53:8F:A7:CD:11:A8:0D:EF:F3:5A:45:46:AB:26
Certificate issuer:       /CN=cf8df52adfe2fce6ae96f6fe05d14089e0247cee
Certificate serial:       018CCA2A61964EACBE7C56E007617D1B1A05
Authority key identifier: CF:8D:F5:2A:DF:E2:FC:E6:AE:96:F6:FE:05:D1:40:89:E0:24:7C:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z431Kt_i_Oaulvb-BdFAieAkfO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/f22743-1898-47e5-96e2-f797e1f544d9/1/5lUiCqjOU4-nzRGoDe_zWkVGqyY.roa
Signing time:             Tue 02 Jan 2024 12:33:44 +0000
ROA not before:           Tue 02 Jan 2024 12:33:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205784
IP address blocks:        94.142.248.0/24 maxlen: 24
                          88.210.29.0/24 maxlen: 24
                          88.210.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/f22743-1898-47e5-96e2-f797e1f544d9/1/z431Kt_i_Oaulvb-BdFAieAkfO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/f22743-1898-47e5-96e2-f797e1f544d9/1/z431Kt_i_Oaulvb-BdFAieAkfO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z431Kt_i_Oaulvb-BdFAieAkfO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:03:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:61:96:4e:ac:be:7c:56:e0:07:61:7d:1b:1a:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf8df52adfe2fce6ae96f6fe05d14089e0247cee
        Validity
            Not Before: Jan  2 12:33:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e655220aa8ce538fa7cd11a80deff35a4546ab26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7b:ae:94:be:da:f4:66:76:7a:a6:41:5f:e8:
                    23:75:ba:b9:7a:8a:89:50:b3:f4:67:5d:92:38:8c:
                    f6:a0:f4:35:97:48:28:b2:a9:6f:5d:97:c6:09:37:
                    75:db:5a:46:02:cd:af:d4:97:ce:10:f5:a7:ba:17:
                    ce:22:12:c8:44:36:e1:27:06:f4:e7:87:79:1d:c1:
                    fc:db:46:7a:62:db:db:84:00:ab:2f:c7:2e:97:f8:
                    bf:84:32:38:36:24:f2:86:f4:e6:4b:cc:4b:5b:35:
                    90:57:31:4f:ea:dc:60:fd:5d:d6:c6:1f:97:18:06:
                    e9:fe:5f:73:12:a9:39:87:61:b3:3e:8e:b9:33:f3:
                    5c:60:b2:f9:d6:b0:e3:f0:d3:c9:46:3a:74:b4:79:
                    3a:8f:d1:af:7e:d2:cd:05:5e:93:86:94:2a:ba:2c:
                    bd:d1:43:a1:2c:92:09:eb:7e:49:d0:43:3e:d5:22:
                    bc:8f:6d:f6:72:2d:7a:d8:3a:fd:96:2f:01:c0:5c:
                    11:40:4c:b0:95:2d:a0:51:98:46:98:8b:0d:ed:0a:
                    17:86:c7:35:61:c9:5a:cc:5e:85:09:32:61:28:4b:
                    75:db:7f:ea:56:c5:0a:ea:3f:7f:a7:c9:5f:7a:c8:
                    3e:b4:2b:28:60:15:22:63:cb:65:c7:33:75:06:e2:
                    f6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:55:22:0A:A8:CE:53:8F:A7:CD:11:A8:0D:EF:F3:5A:45:46:AB:26
            X509v3 Authority Key Identifier:
                keyid:CF:8D:F5:2A:DF:E2:FC:E6:AE:96:F6:FE:05:D1:40:89:E0:24:7C:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z431Kt_i_Oaulvb-BdFAieAkfO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/f22743-1898-47e5-96e2-f797e1f544d9/1/5lUiCqjOU4-nzRGoDe_zWkVGqyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/f22743-1898-47e5-96e2-f797e1f544d9/1/z431Kt_i_Oaulvb-BdFAieAkfO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.210.29.0/24
                  88.210.49.0/24
                  94.142.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:57:8e:24:c9:cf:df:5f:03:72:e8:e8:96:4d:33:38:14:0c:
         0c:b4:ba:6c:20:e8:b0:32:d7:84:35:6a:fc:00:51:b9:c4:8d:
         a3:f4:df:c6:3f:bc:90:19:43:53:90:8a:21:ac:e6:b3:e0:06:
         51:3d:eb:1e:a8:12:df:69:a4:2c:b7:dc:04:ce:07:9c:1d:f6:
         fb:74:46:1b:af:23:89:9a:e4:18:ba:f3:1b:19:b7:9f:60:79:
         d0:b1:c1:93:29:8d:33:be:4a:a8:0e:aa:87:31:cd:17:5a:08:
         a6:7a:a1:32:35:05:01:fe:5c:80:b2:d9:2a:4b:3a:fe:6b:6d:
         4c:de:6a:84:f8:c5:2a:44:dc:fb:3a:88:27:33:56:9c:ef:39:
         1c:01:c7:35:a3:c9:11:41:2f:25:2c:22:fd:b4:d2:4a:af:ad:
         a8:c8:2d:19:9a:5f:66:3a:70:7e:76:b4:d6:9c:fd:a4:0b:01:
         96:cc:80:35:6d:39:d2:96:a0:ae:f9:89:ee:d1:86:b1:4c:91:
         e1:b0:45:87:0d:2f:b8:bb:2d:45:99:bc:f5:48:47:fb:44:4d:
         c1:2c:56:e0:17:c6:b1:2d:25:f5:f1:87:90:40:e3:07:f6:2e:
         ea:98:15:32:7b:6a:43:d5:f1:15:33:73:b8:a4:d0:e1:07:5c:
         44:d9:87:9b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKmGWTqy+fFbgB2F9GxoFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOGRmNTJhZGZlMmZjZTZhZTk2ZjZmZTA1ZDE0MDg5ZTAy
NDdjZWUwHhcNMjQwMTAyMTIzMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjU1MjIwYWE4Y2U1MzhmYTdjZDExYTgwZGVmZjM1YTQ1NDZhYjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXuulL7a9GZ2eqZBX+gjdbq5eoqJ
ULP0Z12SOIz2oPQ1l0gosqlvXZfGCTd121pGAs2v1JfOEPWnuhfOIhLIRDbhJwb0
54d5HcH820Z6YtvbhACrL8cul/i/hDI4NiTyhvTmS8xLWzWQVzFP6txg/V3Wxh+X
GAbp/l9zEqk5h2GzPo65M/NcYLL51rDj8NPJRjp0tHk6j9GvftLNBV6ThpQquiy9
0UOhLJIJ635J0EM+1SK8j232ci162Dr9li8BwFwRQEywlS2gUZhGmIsN7QoXhsc1
YclazF6FCTJhKEt123/qVsUK6j9/p8lfesg+tCsoYBUiY8tlxzN1BuL2sQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOZVIgqozlOPp80RqA3v81pFRqsmMB8GA1UdIwQY
MBaAFM+N9Srf4vzmrpb2/gXRQIngJHzuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejQzMUt0X2lfT2F1bHZiLUJkRkFpZUFrZk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9mMjI3NDMtMTg5OC00N2U1LTk2ZTIt
Zjc5N2UxZjU0NGQ5LzEvNWxVaUNxak9VNC1uelJHb0RlX3pXa1ZHcXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9mMjI3NDMtMTg5OC00N2U1LTk2ZTItZjc5N2UxZjU0NGQ5
LzEvejQzMUt0X2lfT2F1bHZiLUJkRkFpZUFrZk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWNIdAwQA
WNIxAwQAXo74MA0GCSqGSIb3DQEBCwUAA4IBAQA2V44kyc/fXwNy6OiWTTM4FAwM
tLpsIOiwMteENWr8AFG5xI2j9N/GP7yQGUNTkIohrOaz4AZRPeseqBLfaaQst9wE
zgecHfb7dEYbryOJmuQYuvMbGbefYHnQscGTKY0zvkqoDqqHMc0XWgimeqEyNQUB
/lyAstkqSzr+a21M3mqE+MUqRNz7OognM1ac7zkcAcc1o8kRQS8lLCL9tNJKr62o
yC0Zml9mOnB+drTWnP2kCwGWzIA1bTnSlqCu+Ynu0YaxTJHhsEWHDS+4uy1Fmbz1
SEf7RE3BLFbgF8axLSX18YeQQOMH9i7qmBUye2pD1fEVM3O4pNDhB1xE2Yeb
-----END CERTIFICATE-----