Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/0689ea-cdd9-4790-9f9b-c0f9d087fc10/1/IDVS0zeG1L_Htpjj6h7GuvGVXu8.roa
File:                     IDVS0zeG1L_Htpjj6h7GuvGVXu8.roa (raw, json)
Hash identifier:          tyGcfeYDDZghOGsuyALKWTe2g4rECknGZPglzjnsvcA=
Subject key identifier:   20:35:52:D3:37:86:D4:BF:C7:B6:98:E3:EA:1E:C6:BA:F1:95:5E:EF
Certificate issuer:       /CN=e443fc203f706f9731412761b27a1a4b395cfc1e
Certificate serial:       018CCA2A293DA82A50B3668A1442366872DA
Authority key identifier: E4:43:FC:20:3F:70:6F:97:31:41:27:61:B2:7A:1A:4B:39:5C:FC:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5EP8ID9wb5cxQSdhsnoaSzlc_B4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/0689ea-cdd9-4790-9f9b-c0f9d087fc10/1/IDVS0zeG1L_Htpjj6h7GuvGVXu8.roa
Signing time:             Tue 02 Jan 2024 12:33:29 +0000
ROA not before:           Tue 02 Jan 2024 12:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203646
IP address blocks:        185.128.72.0/22 maxlen: 22
                          87.239.64.0/21 maxlen: 21
                          2a03:9aa0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/0689ea-cdd9-4790-9f9b-c0f9d087fc10/1/5EP8ID9wb5cxQSdhsnoaSzlc_B4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/0689ea-cdd9-4790-9f9b-c0f9d087fc10/1/5EP8ID9wb5cxQSdhsnoaSzlc_B4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5EP8ID9wb5cxQSdhsnoaSzlc_B4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:29:3d:a8:2a:50:b3:66:8a:14:42:36:68:72:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e443fc203f706f9731412761b27a1a4b395cfc1e
        Validity
            Not Before: Jan  2 12:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=203552d33786d4bfc7b698e3ea1ec6baf1955eef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:fb:c6:5c:5a:90:c6:01:c3:d7:49:60:2a:5b:
                    be:76:d7:00:ca:72:91:bf:a7:94:06:d5:8d:30:b4:
                    51:23:dd:08:23:9f:25:b1:e5:d1:77:80:21:31:4f:
                    d6:85:87:12:85:47:dc:ca:3e:0c:e6:01:ab:fa:10:
                    97:ef:67:d4:b2:d5:4b:66:c6:3a:f0:3b:1f:98:80:
                    63:8f:b5:4d:cd:c4:66:c2:da:8b:db:95:4a:38:5b:
                    f6:3f:40:43:66:4e:64:a3:a7:18:e2:79:b6:56:16:
                    f7:37:7c:aa:c7:0b:90:19:2a:c2:63:1b:36:f1:26:
                    77:50:bb:ad:11:33:76:54:e3:1b:9f:25:85:3e:27:
                    7a:e5:71:ca:5a:10:9a:14:97:b8:b3:fe:94:07:80:
                    53:51:5e:f4:0e:08:dd:41:a9:de:84:b8:73:4f:85:
                    3a:ed:28:e2:a0:39:97:20:bd:2d:c3:29:71:45:de:
                    66:14:6a:c2:a8:42:52:af:e0:6e:b8:63:dc:d4:19:
                    2d:12:11:b3:ca:b8:d7:ea:c5:22:4d:ca:30:f9:f6:
                    2b:f9:88:2b:b2:ed:b4:9c:a8:9e:9c:0f:69:2c:75:
                    93:6d:63:db:14:6a:be:3f:b6:52:35:74:ca:da:90:
                    9b:43:7e:98:b3:9f:5a:de:b3:4d:88:dc:36:d9:05:
                    ac:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:35:52:D3:37:86:D4:BF:C7:B6:98:E3:EA:1E:C6:BA:F1:95:5E:EF
            X509v3 Authority Key Identifier:
                keyid:E4:43:FC:20:3F:70:6F:97:31:41:27:61:B2:7A:1A:4B:39:5C:FC:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5EP8ID9wb5cxQSdhsnoaSzlc_B4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/0689ea-cdd9-4790-9f9b-c0f9d087fc10/1/IDVS0zeG1L_Htpjj6h7GuvGVXu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/0689ea-cdd9-4790-9f9b-c0f9d087fc10/1/5EP8ID9wb5cxQSdhsnoaSzlc_B4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.64.0/21
                  185.128.72.0/22
                IPv6:
                  2a03:9aa0::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:85:5f:e2:cf:ea:cc:15:6b:c7:e1:b6:07:71:0c:49:c8:58:
         5d:a0:e2:02:6d:40:53:76:3c:95:f3:ce:98:04:68:f4:8e:e7:
         e9:28:78:2c:7e:03:1e:7a:a6:c3:7c:24:85:94:82:25:2e:bb:
         fa:46:5a:6d:42:75:07:aa:cd:c4:fd:af:0c:59:16:cf:23:ef:
         2a:bb:c4:65:a9:57:47:0c:c2:b4:ef:23:cf:f2:72:df:5c:69:
         fe:ee:70:b4:ba:8c:ef:02:6e:cc:ff:63:11:b2:c2:eb:ac:f7:
         7c:36:64:a2:c0:59:10:9b:82:32:c4:fb:c3:e6:5a:9a:a7:34:
         9a:4c:27:1d:17:49:09:37:cd:b8:05:7f:e2:60:42:94:be:3c:
         fc:67:94:dc:d2:fa:b8:36:68:fd:83:77:7c:f8:d6:79:12:b3:
         c6:0a:a4:ff:30:f6:45:a8:27:a7:37:9e:05:ef:68:ad:6d:80:
         4a:47:f8:16:97:05:55:11:9e:ef:3c:fc:31:29:df:b9:99:ed:
         32:80:cc:38:cc:ae:ed:10:b7:03:b9:7f:fa:ae:29:a2:9d:86:
         8d:01:fe:b3:46:f1:46:eb:bb:2d:4d:93:ef:54:2e:eb:85:71:
         62:3a:77:08:f7:8f:eb:4a:4d:16:c1:10:c1:0f:d5:7f:8e:17:
         2e:e0:9b:2e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKKik9qCpQs2aKFEI2aHLaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NDNmYzIwM2Y3MDZmOTczMTQxMjc2MWIyN2ExYTRiMzk1
Y2ZjMWUwHhcNMjQwMTAyMTIzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDM1NTJkMzM3ODZkNGJmYzdiNjk4ZTNlYTFlYzZiYWYxOTU1ZWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvvGXFqQxgHD10lgKlu+dtcAynKR
v6eUBtWNMLRRI90II58lseXRd4AhMU/WhYcShUfcyj4M5gGr+hCX72fUstVLZsY6
8DsfmIBjj7VNzcRmwtqL25VKOFv2P0BDZk5ko6cY4nm2Vhb3N3yqxwuQGSrCYxs2
8SZ3ULutETN2VOMbnyWFPid65XHKWhCaFJe4s/6UB4BTUV70DgjdQanehLhzT4U6
7SjioDmXIL0twylxRd5mFGrCqEJSr+BuuGPc1BktEhGzyrjX6sUiTcow+fYr+Ygr
su20nKienA9pLHWTbWPbFGq+P7ZSNXTK2pCbQ36Ys59a3rNNiNw22QWs+wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCA1UtM3htS/x7aY4+oexrrxlV7vMB8GA1UdIwQY
MBaAFORD/CA/cG+XMUEnYbJ6Gks5XPweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUVQOElEOXdiNWN4UVNkaHNub2FTemxjX0I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wNjg5ZWEtY2RkOS00NzkwLTlmOWIt
YzBmOWQwODdmYzEwLzEvSURWUzB6ZUcxTF9IdHBqajZoN0d1dkdWWHU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wNjg5ZWEtY2RkOS00NzkwLTlmOWItYzBmOWQwODdmYzEw
LzEvNUVQOElEOXdiNWN4UVNkaHNub2FTemxjX0I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDV+9AAwQC
uYBIMA0EAgACMAcDBQAqA5qgMA0GCSqGSIb3DQEBCwUAA4IBAQCGhV/iz+rMFWvH
4bYHcQxJyFhdoOICbUBTdjyV886YBGj0jufpKHgsfgMeeqbDfCSFlIIlLrv6Rlpt
QnUHqs3E/a8MWRbPI+8qu8RlqVdHDMK07yPP8nLfXGn+7nC0uozvAm7M/2MRssLr
rPd8NmSiwFkQm4IyxPvD5lqapzSaTCcdF0kJN824BX/iYEKUvjz8Z5Tc0vq4Nmj9
g3d8+NZ5ErPGCqT/MPZFqCenN54F72itbYBKR/gWlwVVEZ7vPPwxKd+5me0ygMw4
zK7tELcDuX/6riminYaNAf6zRvFG67stTZPvVC7rhXFiOncI94/rSk0WwRDBD9V/
jhcu4Jsu
-----END CERTIFICATE-----