Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/37bdb7-9b93-46ab-9a15-42a48dbc2521/1/pQJZXZRaLPukd1c8DAKYb6D6usU.roa
File:                     pQJZXZRaLPukd1c8DAKYb6D6usU.roa (raw, json)
Hash identifier:          4SH59zpSspNP32S7MpmykHj7VFpiILrjNWV65iqTEPU=
Subject key identifier:   A5:02:59:5D:94:5A:2C:FB:A4:77:57:3C:0C:02:98:6F:A0:FA:BA:C5
Certificate issuer:       /CN=3848885c9702eac1f3d01263e6d3e54449ee2154
Certificate serial:       018CC2DB2F080C51B3EAC2FDD6DAFD730627
Authority key identifier: 38:48:88:5C:97:02:EA:C1:F3:D0:12:63:E6:D3:E5:44:49:EE:21:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OEiIXJcC6sHz0BJj5tPlREnuIVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/37bdb7-9b93-46ab-9a15-42a48dbc2521/1/pQJZXZRaLPukd1c8DAKYb6D6usU.roa
Signing time:             Mon 01 Jan 2024 02:29:53 +0000
ROA not before:           Mon 01 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210767
IP address blocks:        188.64.139.0/24 maxlen: 24
                          2a11:fc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/37bdb7-9b93-46ab-9a15-42a48dbc2521/1/OEiIXJcC6sHz0BJj5tPlREnuIVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/37bdb7-9b93-46ab-9a15-42a48dbc2521/1/OEiIXJcC6sHz0BJj5tPlREnuIVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OEiIXJcC6sHz0BJj5tPlREnuIVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2f:08:0c:51:b3:ea:c2:fd:d6:da:fd:73:06:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3848885c9702eac1f3d01263e6d3e54449ee2154
        Validity
            Not Before: Jan  1 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a502595d945a2cfba477573c0c02986fa0fabac5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:df:fe:2e:3c:11:b0:7f:19:6a:bf:b7:3a:f4:
                    a2:b0:ea:5a:db:f0:ce:1b:44:82:23:55:c3:4b:5c:
                    8b:2f:af:6d:cd:55:56:7b:06:9f:c7:01:8c:46:18:
                    05:48:3e:9e:74:fd:87:f8:e2:d0:89:d6:2c:af:3d:
                    b1:72:42:3d:55:58:13:72:13:79:a2:5c:40:d3:5a:
                    84:06:d6:62:67:04:89:85:4a:0c:e0:af:1b:70:6c:
                    c3:14:51:a7:a3:f7:8e:af:5a:a0:2b:29:d3:e5:f2:
                    78:d9:db:b1:f3:26:6e:32:53:3a:e0:64:75:06:6c:
                    cd:7d:df:dc:c9:36:eb:05:74:bd:53:1f:f0:20:02:
                    5b:d4:b6:15:37:12:e4:85:50:a7:ee:03:53:66:0b:
                    b2:4b:1c:cb:42:0f:96:d1:fc:03:95:cb:eb:43:ec:
                    7f:e3:14:da:3b:b8:95:f1:d5:22:db:a4:34:76:60:
                    eb:9d:1a:80:1c:e7:d8:e8:3a:18:f9:0e:9a:2e:b3:
                    26:7b:e2:12:0e:4c:c3:e4:27:c9:af:10:f5:ac:c8:
                    ec:f9:e3:19:68:41:9b:27:d8:61:41:54:3f:e3:bf:
                    88:df:09:34:67:9c:eb:71:77:13:64:53:84:31:79:
                    77:e4:90:cb:38:14:55:b9:03:d9:41:dc:66:04:b5:
                    ae:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:02:59:5D:94:5A:2C:FB:A4:77:57:3C:0C:02:98:6F:A0:FA:BA:C5
            X509v3 Authority Key Identifier:
                keyid:38:48:88:5C:97:02:EA:C1:F3:D0:12:63:E6:D3:E5:44:49:EE:21:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OEiIXJcC6sHz0BJj5tPlREnuIVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/37bdb7-9b93-46ab-9a15-42a48dbc2521/1/pQJZXZRaLPukd1c8DAKYb6D6usU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/37bdb7-9b93-46ab-9a15-42a48dbc2521/1/OEiIXJcC6sHz0BJj5tPlREnuIVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.64.139.0/24
                IPv6:
                  2a11:fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:f6:6f:37:c4:04:e2:93:9c:91:fe:04:cb:b6:5b:12:4d:f4:
         1d:d2:25:ee:f1:31:86:5c:47:6a:e1:90:af:f9:6b:8c:3e:a1:
         fe:83:e2:73:9b:d4:ae:0a:8e:8e:77:4b:47:5a:78:6c:5d:2e:
         c8:ca:c1:a4:ad:b3:01:ec:f3:68:61:2d:e5:02:98:3e:37:db:
         46:1c:eb:c7:42:4a:38:9d:a7:48:ab:6a:8f:55:59:82:5f:60:
         dc:89:a6:22:46:34:ea:13:97:cc:3a:10:44:b1:88:1f:17:15:
         15:9e:2c:d6:c1:b1:89:0c:6e:c9:dc:83:be:c2:9b:8d:53:0d:
         ad:8b:7b:ba:f9:ef:1a:17:10:3c:2d:ad:7e:22:2e:a1:20:23:
         4f:29:6c:f7:f9:fd:64:35:fc:c6:0f:c0:e6:70:88:31:d1:66:
         a6:15:bf:78:42:4f:33:3e:f0:5b:52:ee:f1:89:67:46:f0:c1:
         02:ef:4b:5d:97:94:ac:ef:c2:e5:ae:df:74:2d:93:97:a0:10:
         20:58:57:af:58:c5:c2:96:dc:f1:c2:64:ec:b2:2d:1a:c7:51:
         1f:24:62:a8:2a:42:57:0e:c3:29:aa:25:3a:91:7d:88:1e:28:
         e9:6f:ca:7b:48:36:2e:fc:c6:91:a6:da:ab:fa:c5:74:27:f6:
         4a:9d:bc:16
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2y8IDFGz6sL91tr9cwYnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NDg4ODVjOTcwMmVhYzFmM2QwMTI2M2U2ZDNlNTQ0NDll
ZTIxNTQwHhcNMjQwMTAxMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTAyNTk1ZDk0NWEyY2ZiYTQ3NzU3M2MwYzAyOTg2ZmEwZmFiYWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkt/+LjwRsH8Zar+3OvSisOpa2/DO
G0SCI1XDS1yLL69tzVVWewafxwGMRhgFSD6edP2H+OLQidYsrz2xckI9VVgTchN5
olxA01qEBtZiZwSJhUoM4K8bcGzDFFGno/eOr1qgKynT5fJ42dux8yZuMlM64GR1
BmzNfd/cyTbrBXS9Ux/wIAJb1LYVNxLkhVCn7gNTZguySxzLQg+W0fwDlcvrQ+x/
4xTaO7iV8dUi26Q0dmDrnRqAHOfY6DoY+Q6aLrMme+ISDkzD5CfJrxD1rMjs+eMZ
aEGbJ9hhQVQ/47+I3wk0Z5zrcXcTZFOEMXl35JDLOBRVuQPZQdxmBLWufwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKUCWV2UWiz7pHdXPAwCmG+g+rrFMB8GA1UdIwQY
MBaAFDhIiFyXAurB89ASY+bT5URJ7iFUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0VpSVhKY0M2c0h6MEJKajV0UGxSRW51SVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zN2JkYjctOWI5My00NmFiLTlhMTUt
NDJhNDhkYmMyNTIxLzEvcFFKWlhaUmFMUHVrZDFjOERBS1liNkQ2dXNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zN2JkYjctOWI5My00NmFiLTlhMTUtNDJhNDhkYmMyNTIx
LzEvT0VpSVhKY0M2c0h6MEJKajV0UGxSRW51SVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAvECLMA0E
AgACMAcDBQMqEQ/AMA0GCSqGSIb3DQEBCwUAA4IBAQAV9m83xATik5yR/gTLtlsS
TfQd0iXu8TGGXEdq4ZCv+WuMPqH+g+Jzm9SuCo6Od0tHWnhsXS7IysGkrbMB7PNo
YS3lApg+N9tGHOvHQko4nadIq2qPVVmCX2DciaYiRjTqE5fMOhBEsYgfFxUVnizW
wbGJDG7J3IO+wpuNUw2ti3u6+e8aFxA8La1+Ii6hICNPKWz3+f1kNfzGD8DmcIgx
0WamFb94Qk8zPvBbUu7xiWdG8MEC70tdl5Ss78Llrt90LZOXoBAgWFevWMXCltzx
wmTssi0ax1EfJGKoKkJXDsMpqiU6kX2IHijpb8p7SDYu/MaRptqr+sV0J/ZKnbwW
-----END CERTIFICATE-----