Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/0cf6d7-d8ef-44a8-aa07-7768d4fbdcd3/1/5Vb5a4rpHp0z5z81l7c9pIYLXLQ.roa
File:                     5Vb5a4rpHp0z5z81l7c9pIYLXLQ.roa (raw, json)
Hash identifier:          2LuC7ndbKQhL6L7dInghSC7wRi6b0n7YLjPKXcxNXTM=
Subject key identifier:   E5:56:F9:6B:8A:E9:1E:9D:33:E7:3F:35:97:B7:3D:A4:86:0B:5C:B4
Certificate issuer:       /CN=638d9a5004c592d093cc89b0d90752e279d51854
Certificate serial:       018CC4922DC1E33ED3C66CD5F83AAC69C759
Authority key identifier: 63:8D:9A:50:04:C5:92:D0:93:CC:89:B0:D9:07:52:E2:79:D5:18:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y42aUATFktCTzImw2QdS4nnVGFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/0cf6d7-d8ef-44a8-aa07-7768d4fbdcd3/1/5Vb5a4rpHp0z5z81l7c9pIYLXLQ.roa
Signing time:             Mon 01 Jan 2024 10:29:23 +0000
ROA not before:           Mon 01 Jan 2024 10:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35388
IP address blocks:        85.209.24.0/22 maxlen: 24
                          2a09:9240::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/0cf6d7-d8ef-44a8-aa07-7768d4fbdcd3/1/Y42aUATFktCTzImw2QdS4nnVGFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/0cf6d7-d8ef-44a8-aa07-7768d4fbdcd3/1/Y42aUATFktCTzImw2QdS4nnVGFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y42aUATFktCTzImw2QdS4nnVGFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2d:c1:e3:3e:d3:c6:6c:d5:f8:3a:ac:69:c7:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=638d9a5004c592d093cc89b0d90752e279d51854
        Validity
            Not Before: Jan  1 10:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e556f96b8ae91e9d33e73f3597b73da4860b5cb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c4:68:ae:45:97:01:ac:50:aa:e6:f3:6f:11:
                    c1:97:ea:80:30:e9:94:d1:0e:0e:ec:a0:62:26:52:
                    67:77:f2:1c:e4:1b:61:27:61:e1:4b:c5:b8:a9:70:
                    4e:d7:7e:16:37:86:4b:87:b1:68:e3:60:46:c9:3d:
                    4d:33:8b:4e:0e:d9:16:74:e1:6d:d7:5d:a2:a4:36:
                    1c:b2:f0:f0:be:44:7a:21:a6:6d:45:7f:d7:a7:67:
                    cc:c2:26:24:b8:26:1b:be:a9:c2:66:c4:9e:ca:f7:
                    fe:63:d2:8f:49:36:fd:e3:a8:cd:e9:02:f6:f8:9c:
                    c9:cf:70:f0:e3:61:4d:34:89:8e:6e:b3:db:67:21:
                    f5:47:2f:9c:4f:c7:1a:66:5b:a4:e0:57:70:5e:79:
                    95:cc:60:6f:1a:83:a1:6c:cc:59:f5:13:48:56:7c:
                    17:a2:38:9a:64:7b:31:0b:52:6f:b3:61:ca:1e:eb:
                    21:85:3c:85:80:31:9c:66:03:70:a0:40:97:41:dc:
                    a8:98:54:67:65:97:cf:59:4d:63:7a:fb:c1:80:f9:
                    7a:85:82:2c:9d:fa:d4:31:5b:13:c2:32:df:03:2b:
                    75:c6:4d:d8:7b:dc:3f:ba:45:7a:98:a2:b6:29:21:
                    92:80:9d:05:f7:36:e1:c2:d7:65:1c:1e:6b:be:96:
                    02:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:56:F9:6B:8A:E9:1E:9D:33:E7:3F:35:97:B7:3D:A4:86:0B:5C:B4
            X509v3 Authority Key Identifier:
                keyid:63:8D:9A:50:04:C5:92:D0:93:CC:89:B0:D9:07:52:E2:79:D5:18:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y42aUATFktCTzImw2QdS4nnVGFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/0cf6d7-d8ef-44a8-aa07-7768d4fbdcd3/1/5Vb5a4rpHp0z5z81l7c9pIYLXLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/0cf6d7-d8ef-44a8-aa07-7768d4fbdcd3/1/Y42aUATFktCTzImw2QdS4nnVGFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.24.0/22
                IPv6:
                  2a09:9240::/29

    Signature Algorithm: sha256WithRSAEncryption
         01:58:e5:10:b9:7e:6e:fe:bf:c3:be:73:55:b0:14:4f:af:c7:
         38:94:08:9e:ab:9a:4d:00:cb:e6:1c:a3:12:94:1c:bb:e2:f3:
         16:86:85:50:4e:dc:fc:ab:ed:1c:15:6a:5b:57:3e:9c:77:9a:
         aa:22:38:ca:4f:65:83:1b:57:88:3f:5d:86:64:4f:96:c5:28:
         a6:88:2b:ee:37:27:0e:f9:42:1c:76:2b:9d:a2:d1:67:86:5c:
         eb:21:77:3f:67:75:cb:ed:a5:49:a7:af:8a:8e:21:7e:72:c7:
         9d:89:5f:b6:5b:a5:ee:12:7a:71:ca:2e:e4:2d:85:b0:6e:16:
         33:b1:bf:af:4e:1c:3c:b4:4f:12:b3:6a:e8:50:0f:8a:d3:34:
         0c:9c:1d:a8:73:25:e4:e3:2a:ed:4e:4b:13:91:81:4b:f0:d8:
         32:17:51:ed:dd:45:6d:63:0a:12:de:f7:e1:89:06:1c:97:a3:
         1a:2e:11:89:f9:4b:60:99:bf:da:78:9b:1a:61:25:16:5f:39:
         c9:8d:19:13:2b:04:73:5f:91:ea:25:46:41:9e:8a:4c:0f:24:
         4a:dc:36:40:18:8e:d1:8e:61:44:4f:83:ac:4b:61:5f:45:7b:
         6e:5d:bc:67:20:03:07:b1:76:25:b6:da:15:a8:20:9c:7d:de:
         9e:6a:35:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEki3B4z7TxmzV+DqsacdZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzOGQ5YTUwMDRjNTkyZDA5M2NjODliMGQ5MDc1MmUyNzlk
NTE4NTQwHhcNMjQwMTAxMTAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTU2Zjk2YjhhZTkxZTlkMzNlNzNmMzU5N2I3M2RhNDg2MGI1Y2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscRorkWXAaxQqubzbxHBl+qAMOmU
0Q4O7KBiJlJnd/Ic5BthJ2HhS8W4qXBO134WN4ZLh7Fo42BGyT1NM4tODtkWdOFt
112ipDYcsvDwvkR6IaZtRX/Xp2fMwiYkuCYbvqnCZsSeyvf+Y9KPSTb946jN6QL2
+JzJz3Dw42FNNImObrPbZyH1Ry+cT8caZluk4FdwXnmVzGBvGoOhbMxZ9RNIVnwX
ojiaZHsxC1Jvs2HKHushhTyFgDGcZgNwoECXQdyomFRnZZfPWU1jevvBgPl6hYIs
nfrUMVsTwjLfAyt1xk3Ye9w/ukV6mKK2KSGSgJ0F9zbhwtdlHB5rvpYCCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOVW+WuK6R6dM+c/NZe3PaSGC1y0MB8GA1UdIwQY
MBaAFGONmlAExZLQk8yJsNkHUuJ51RhUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTQyYVVBVEZrdENUekltdzJRZFM0bm5WR0ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8wY2Y2ZDctZDhlZi00NGE4LWFhMDct
Nzc2OGQ0ZmJkY2QzLzEvNVZiNWE0cnBIcDB6NXo4MWw3YzlwSVlMWExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8wY2Y2ZDctZDhlZi00NGE4LWFhMDctNzc2OGQ0ZmJkY2Qz
LzEvWTQyYVVBVEZrdENUekltdzJRZFM0bm5WR0ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdEYMA0E
AgACMAcDBQMqCZJAMA0GCSqGSIb3DQEBCwUAA4IBAQABWOUQuX5u/r/DvnNVsBRP
r8c4lAieq5pNAMvmHKMSlBy74vMWhoVQTtz8q+0cFWpbVz6cd5qqIjjKT2WDG1eI
P12GZE+WxSimiCvuNycO+UIcdiudotFnhlzrIXc/Z3XL7aVJp6+KjiF+csediV+2
W6XuEnpxyi7kLYWwbhYzsb+vThw8tE8Ss2roUA+K0zQMnB2ocyXk4yrtTksTkYFL
8NgyF1Ht3UVtYwoS3vfhiQYcl6MaLhGJ+Utgmb/aeJsaYSUWXznJjRkTKwRzX5Hq
JUZBnopMDyRK3DZAGI7RjmFET4OsS2FfRXtuXbxnIAMHsXYlttoVqCCcfd6eajXA
-----END CERTIFICATE-----