Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/3f151b-fb71-4f1b-bb09-539b329f995c/1/5WkcvJ_-DOE5imjuWi3lMOoWZb4.roa
File:                     5WkcvJ_-DOE5imjuWi3lMOoWZb4.roa (raw, json)
Hash identifier:          W4IACYuExyp7VUjRCa9FZL8WiV35Eyr6tnSFmYqtRVo=
Subject key identifier:   E5:69:1C:BC:9F:FE:0C:E1:39:8A:68:EE:5A:2D:E5:30:EA:16:65:BE
Certificate issuer:       /CN=434421cf6a02b38af5b6bbca6dbd3764448b6cb7
Certificate serial:       018CC9B9A2AD464989E0A27E2A3F3829D2A6
Authority key identifier: 43:44:21:CF:6A:02:B3:8A:F5:B6:BB:CA:6D:BD:37:64:44:8B:6C:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q0Qhz2oCs4r1trvKbb03ZESLbLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/3f151b-fb71-4f1b-bb09-539b329f995c/1/5WkcvJ_-DOE5imjuWi3lMOoWZb4.roa
Signing time:             Tue 02 Jan 2024 10:30:35 +0000
ROA not before:           Tue 02 Jan 2024 10:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199244
IP address blocks:        185.3.192.0/22 maxlen: 22
                          2a02:5f40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/3f151b-fb71-4f1b-bb09-539b329f995c/1/Q0Qhz2oCs4r1trvKbb03ZESLbLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/3f151b-fb71-4f1b-bb09-539b329f995c/1/Q0Qhz2oCs4r1trvKbb03ZESLbLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q0Qhz2oCs4r1trvKbb03ZESLbLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b9:a2:ad:46:49:89:e0:a2:7e:2a:3f:38:29:d2:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=434421cf6a02b38af5b6bbca6dbd3764448b6cb7
        Validity
            Not Before: Jan  2 10:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5691cbc9ffe0ce1398a68ee5a2de530ea1665be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:61:0d:01:79:b6:1d:7d:4a:3e:df:0f:65:f9:
                    76:93:8a:5e:f9:5c:cd:5b:55:e3:ab:b9:55:b6:e2:
                    aa:50:c3:ff:9d:7f:43:67:d9:e5:43:ce:6a:c1:32:
                    47:61:4c:1b:1c:02:a8:bc:2b:20:2f:aa:7c:6b:e6:
                    ef:61:ad:e5:ae:b5:ac:13:30:16:b6:f9:89:7c:ec:
                    2a:fe:86:ef:be:37:be:77:73:00:b9:c8:de:f4:d1:
                    70:39:0b:4a:80:7f:e8:7e:10:81:f7:7a:cb:bc:d6:
                    6c:50:da:c5:6e:5a:93:8c:5d:6a:66:a0:e3:d0:79:
                    9d:9d:5d:1c:66:d1:c8:b5:03:79:42:d3:31:c7:59:
                    7b:73:b5:a8:ab:50:f8:ac:80:05:c6:7a:20:16:9d:
                    49:8f:ce:86:77:4e:98:a6:4a:ee:01:ce:62:d3:6b:
                    37:d4:c8:12:cd:9c:34:58:e5:95:1e:36:49:6c:0f:
                    2d:4e:c9:22:04:b4:a3:f9:0a:8f:4f:2b:14:1c:e7:
                    fb:32:d5:38:30:7c:5b:66:f7:ca:11:c9:68:fb:b0:
                    61:b6:dd:99:3e:2c:f4:26:06:91:93:f1:29:84:94:
                    95:61:1f:5a:0b:44:ab:3a:3b:95:e1:5a:5c:bd:86:
                    bd:df:7f:f9:7e:b3:bd:f4:ad:11:ff:e8:e6:e1:63:
                    2e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:69:1C:BC:9F:FE:0C:E1:39:8A:68:EE:5A:2D:E5:30:EA:16:65:BE
            X509v3 Authority Key Identifier:
                keyid:43:44:21:CF:6A:02:B3:8A:F5:B6:BB:CA:6D:BD:37:64:44:8B:6C:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q0Qhz2oCs4r1trvKbb03ZESLbLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3f151b-fb71-4f1b-bb09-539b329f995c/1/5WkcvJ_-DOE5imjuWi3lMOoWZb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3f151b-fb71-4f1b-bb09-539b329f995c/1/Q0Qhz2oCs4r1trvKbb03ZESLbLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.192.0/22
                IPv6:
                  2a02:5f40::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:ea:90:aa:20:d3:64:75:4e:37:ac:d7:2a:a0:5a:62:a7:63:
         99:55:67:f7:a3:4e:6f:40:ab:7e:82:43:53:fe:ad:96:b3:56:
         75:87:cf:58:6c:9e:b7:b8:03:eb:f9:c5:eb:83:5d:5b:0a:69:
         87:50:53:5f:24:10:3c:07:4a:ba:ff:4e:5c:3e:8e:0f:19:2e:
         6f:16:c7:8a:f0:3c:0d:cc:21:37:45:4c:54:4e:da:f7:d8:71:
         63:11:7e:fe:01:50:45:4d:3d:98:3b:a8:d4:3d:a7:77:3f:d2:
         87:15:ee:b0:48:f0:0f:41:cf:08:94:cc:8b:96:63:29:63:03:
         c6:a7:a3:40:90:0e:83:b8:1a:38:45:c4:38:0d:b7:69:77:14:
         cf:1d:7d:5e:85:6b:fc:92:b9:80:11:7c:5a:23:53:62:3a:c6:
         40:ab:03:62:d6:59:36:19:f9:2a:d2:fb:04:18:f2:fa:86:eb:
         6c:70:2e:10:3e:44:24:0e:eb:c0:ab:fd:fc:95:fd:46:28:c2:
         24:c6:59:c9:0c:21:1d:32:be:b3:c7:29:9b:12:99:49:07:fc:
         0b:1b:ac:51:cb:60:3d:5b:1b:1b:e8:b9:bf:99:4b:62:19:41:
         9a:82:fc:5f:d0:fd:51:9b:ed:97:2c:39:c5:6a:fe:77:e7:02:
         04:8a:a1:c6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJuaKtRkmJ4KJ+Kj84KdKmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNDQyMWNmNmEwMmIzOGFmNWI2YmJjYTZkYmQzNzY0NDQ4
YjZjYjcwHhcNMjQwMTAyMTAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTY5MWNiYzlmZmUwY2UxMzk4YTY4ZWU1YTJkZTUzMGVhMTY2NWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmENAXm2HX1KPt8PZfl2k4pe+VzN
W1Xjq7lVtuKqUMP/nX9DZ9nlQ85qwTJHYUwbHAKovCsgL6p8a+bvYa3lrrWsEzAW
tvmJfOwq/obvvje+d3MAucje9NFwOQtKgH/ofhCB93rLvNZsUNrFblqTjF1qZqDj
0HmdnV0cZtHItQN5QtMxx1l7c7Woq1D4rIAFxnogFp1Jj86Gd06YpkruAc5i02s3
1MgSzZw0WOWVHjZJbA8tTskiBLSj+QqPTysUHOf7MtU4MHxbZvfKEclo+7Bhtt2Z
Piz0JgaRk/EphJSVYR9aC0SrOjuV4VpcvYa933/5frO99K0R/+jm4WMuAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOVpHLyf/gzhOYpo7lot5TDqFmW+MB8GA1UdIwQY
MBaAFENEIc9qArOK9ba7ym29N2REi2y3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTBRaHoyb0NzNHIxdHJ2S2JiMDNaRVNMYkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zZjE1MWItZmI3MS00ZjFiLWJiMDkt
NTM5YjMyOWY5OTVjLzEvNVdrY3ZKXy1ET0U1aW1qdVdpM2xNT29XWmI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zZjE1MWItZmI3MS00ZjFiLWJiMDktNTM5YjMyOWY5OTVj
LzEvUTBRaHoyb0NzNHIxdHJ2S2JiMDNaRVNMYkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQPAMA0E
AgACMAcDBQAqAl9AMA0GCSqGSIb3DQEBCwUAA4IBAQCb6pCqINNkdU43rNcqoFpi
p2OZVWf3o05vQKt+gkNT/q2Ws1Z1h89YbJ63uAPr+cXrg11bCmmHUFNfJBA8B0q6
/05cPo4PGS5vFseK8DwNzCE3RUxUTtr32HFjEX7+AVBFTT2YO6jUPad3P9KHFe6w
SPAPQc8IlMyLlmMpYwPGp6NAkA6DuBo4RcQ4DbdpdxTPHX1ehWv8krmAEXxaI1Ni
OsZAqwNi1lk2Gfkq0vsEGPL6hutscC4QPkQkDuvAq/38lf1GKMIkxlnJDCEdMr6z
xymbEplJB/wLG6xRy2A9Wxsb6Lm/mUtiGUGagvxf0P1Rm+2XLDnFav535wIEiqHG
-----END CERTIFICATE-----