Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/c47684-2a41-4f79-b992-68b7f6f850fd/1/K5Yt74r9AQvpfy3MGyt7mfmMV34.roa
File:                     K5Yt74r9AQvpfy3MGyt7mfmMV34.roa (raw, json)
Hash identifier:          tBYCVdSuum/g4haCIlLxY0t7v8O2D+/0tV696g0ny5w=
Subject key identifier:   2B:96:2D:EF:8A:FD:01:0B:E9:7F:2D:CC:1B:2B:7B:99:F9:8C:57:7E
Certificate issuer:       /CN=bbc3e9d873e5116c82c1b96d8ed14d305797cd9a
Certificate serial:       018CC5DC372C337EDBA4737DCDB58688A683
Authority key identifier: BB:C3:E9:D8:73:E5:11:6C:82:C1:B9:6D:8E:D1:4D:30:57:97:CD:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u8Pp2HPlEWyCwbltjtFNMFeXzZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/c47684-2a41-4f79-b992-68b7f6f850fd/1/K5Yt74r9AQvpfy3MGyt7mfmMV34.roa
Signing time:             Mon 01 Jan 2024 16:29:52 +0000
ROA not before:           Mon 01 Jan 2024 16:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        185.109.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/c47684-2a41-4f79-b992-68b7f6f850fd/1/u8Pp2HPlEWyCwbltjtFNMFeXzZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/c47684-2a41-4f79-b992-68b7f6f850fd/1/u8Pp2HPlEWyCwbltjtFNMFeXzZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u8Pp2HPlEWyCwbltjtFNMFeXzZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:37:2c:33:7e:db:a4:73:7d:cd:b5:86:88:a6:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbc3e9d873e5116c82c1b96d8ed14d305797cd9a
        Validity
            Not Before: Jan  1 16:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b962def8afd010be97f2dcc1b2b7b99f98c577e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:0a:82:01:c9:d6:26:16:51:2b:33:41:54:f4:
                    88:24:8c:29:5c:a8:d8:f7:fc:c0:55:72:fd:73:08:
                    ec:d2:a7:c0:67:2a:e7:67:de:9f:db:e8:c7:85:56:
                    51:f6:dd:d9:1f:1c:cc:72:81:d2:2b:29:7f:11:a2:
                    75:76:9f:1b:7d:d7:a0:59:36:20:79:8d:19:70:0d:
                    c7:4e:42:02:e2:8a:a1:10:eb:ea:0e:86:4e:54:c6:
                    02:80:1b:54:b7:9f:01:6c:ed:1f:0c:4d:0e:e2:09:
                    61:93:8c:db:02:08:08:1c:be:3c:d4:eb:e2:f6:42:
                    f4:ab:86:45:01:16:07:e2:e9:86:75:b8:87:ce:80:
                    8e:e5:54:f0:ec:53:e6:18:75:14:b6:ad:79:f6:3b:
                    ac:57:85:e6:46:23:44:86:4b:52:60:74:69:dc:23:
                    f3:69:ec:fa:8d:2d:3e:32:34:04:94:df:4a:11:9b:
                    e8:34:9e:10:4a:29:cf:3f:bb:d9:f8:2c:4b:82:2a:
                    7f:20:17:c7:64:f5:0e:22:87:24:ad:7d:52:7a:bc:
                    e3:ce:ed:47:ff:3f:3d:6b:5c:1c:7b:d8:9b:be:3f:
                    b6:ca:2c:ec:91:5a:f2:c5:a0:3a:43:04:40:43:83:
                    a5:5f:33:b7:47:62:b6:e7:45:1d:ef:88:f6:d4:26:
                    a5:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:96:2D:EF:8A:FD:01:0B:E9:7F:2D:CC:1B:2B:7B:99:F9:8C:57:7E
            X509v3 Authority Key Identifier:
                keyid:BB:C3:E9:D8:73:E5:11:6C:82:C1:B9:6D:8E:D1:4D:30:57:97:CD:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u8Pp2HPlEWyCwbltjtFNMFeXzZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/c47684-2a41-4f79-b992-68b7f6f850fd/1/K5Yt74r9AQvpfy3MGyt7mfmMV34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/c47684-2a41-4f79-b992-68b7f6f850fd/1/u8Pp2HPlEWyCwbltjtFNMFeXzZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:d1:dc:1f:44:18:de:58:ea:bc:e6:b7:f5:7d:47:29:8a:1f:
         0e:20:59:f6:ea:69:56:74:2d:ad:0e:e7:2b:cf:ff:93:70:43:
         d2:9c:b0:3e:e4:db:e3:95:aa:ac:32:a0:fd:70:38:48:d3:3f:
         5c:65:f0:f8:08:90:ca:d5:2f:f4:ba:7f:32:08:a1:58:e1:d5:
         3f:14:a8:9e:a2:18:38:08:5e:f8:fc:72:10:f6:60:cb:f1:39:
         73:54:2c:76:48:69:24:4b:cb:65:73:21:be:48:e3:77:75:62:
         fe:41:96:25:b3:e2:2f:da:f0:a4:3b:89:06:52:57:43:9e:de:
         0c:44:f6:91:c2:98:93:7c:83:2b:c5:28:c4:d8:44:a9:9e:d9:
         b0:da:94:66:57:1b:19:d6:54:2c:fb:b7:89:a9:7a:de:77:66:
         70:79:2d:ab:a1:30:07:59:30:9f:b7:94:bd:5a:8b:d2:50:c1:
         a2:eb:b0:71:d5:4c:f3:85:82:9b:76:ca:f8:b5:24:da:da:a7:
         e8:5e:7e:b7:cc:5f:96:26:37:fc:da:b0:52:52:41:79:8e:fa:
         69:10:d7:74:01:f7:b7:3c:e1:73:df:84:b6:81:ae:0d:d9:81:
         03:19:84:65:c5:73:97:42:b7:e4:8a:5c:0f:33:8f:ba:d6:13:
         44:74:d8:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DcsM37bpHN9zbWGiKaDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYzNlOWQ4NzNlNTExNmM4MmMxYjk2ZDhlZDE0ZDMwNTc5
N2NkOWEwHhcNMjQwMTAxMTYyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjk2MmRlZjhhZmQwMTBiZTk3ZjJkY2MxYjJiN2I5OWY5OGM1NzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywqCAcnWJhZRKzNBVPSIJIwpXKjY
9/zAVXL9cwjs0qfAZyrnZ96f2+jHhVZR9t3ZHxzMcoHSKyl/EaJ1dp8bfdegWTYg
eY0ZcA3HTkIC4oqhEOvqDoZOVMYCgBtUt58BbO0fDE0O4glhk4zbAggIHL481Ovi
9kL0q4ZFARYH4umGdbiHzoCO5VTw7FPmGHUUtq159jusV4XmRiNEhktSYHRp3CPz
aez6jS0+MjQElN9KEZvoNJ4QSinPP7vZ+CxLgip/IBfHZPUOIockrX1Serzjzu1H
/z89a1wce9ibvj+2yizskVryxaA6QwRAQ4OlXzO3R2K250Ud74j21CalmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCuWLe+K/QEL6X8tzBsre5n5jFd+MB8GA1UdIwQY
MBaAFLvD6dhz5RFsgsG5bY7RTTBXl82aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdThQcDJIUGxFV3lDd2JsdGp0Rk5NRmVYelpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9jNDc2ODQtMmE0MS00Zjc5LWI5OTIt
NjhiN2Y2Zjg1MGZkLzEvSzVZdDc0cjlBUXZwZnkzTUd5dDdtZm1NVjM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9jNDc2ODQtMmE0MS00Zjc5LWI5OTItNjhiN2Y2Zjg1MGZk
LzEvdThQcDJIUGxFV3lDd2JsdGp0Rk5NRmVYelpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW3vMA0G
CSqGSIb3DQEBCwUAA4IBAQC10dwfRBjeWOq85rf1fUcpih8OIFn26mlWdC2tDucr
z/+TcEPSnLA+5NvjlaqsMqD9cDhI0z9cZfD4CJDK1S/0un8yCKFY4dU/FKieohg4
CF74/HIQ9mDL8TlzVCx2SGkkS8tlcyG+SON3dWL+QZYls+Iv2vCkO4kGUldDnt4M
RPaRwpiTfIMrxSjE2ESpntmw2pRmVxsZ1lQs+7eJqXred2ZweS2roTAHWTCft5S9
WovSUMGi67Bx1UzzhYKbdsr4tSTa2qfoXn63zF+WJjf82rBSUkF5jvppENd0Afe3
POFz34S2ga4N2YEDGYRlxXOXQrfkilwPM4+61hNEdNjd
-----END CERTIFICATE-----