Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/9JMZ6uxqgV7XLDYRpFedgAHZkrU.roa
File:                     9JMZ6uxqgV7XLDYRpFedgAHZkrU.roa (raw, json)
Hash identifier:          sRLfspjW8/j9/7Hb2zhixFkVBz8f3hrY0e0zyaIVgsM=
Subject key identifier:   F4:93:19:EA:EC:6A:81:5E:D7:2C:36:11:A4:57:9D:80:01:D9:92:B5
Certificate issuer:       /CN=311f85188d082fd5640b5c3fe1221f60c501edb5
Certificate serial:       018CC8DED03A1828316951735D57225820AB
Authority key identifier: 31:1F:85:18:8D:08:2F:D5:64:0B:5C:3F:E1:22:1F:60:C5:01:ED:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MR-FGI0IL9VkC1w_4SIfYMUB7bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/9JMZ6uxqgV7XLDYRpFedgAHZkrU.roa
Signing time:             Tue 02 Jan 2024 06:31:34 +0000
ROA not before:           Tue 02 Jan 2024 06:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197033
IP address blocks:        5.183.18.0/24 maxlen: 24
                          5.183.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/MR-FGI0IL9VkC1w_4SIfYMUB7bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/MR-FGI0IL9VkC1w_4SIfYMUB7bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MR-FGI0IL9VkC1w_4SIfYMUB7bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d0:3a:18:28:31:69:51:73:5d:57:22:58:20:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=311f85188d082fd5640b5c3fe1221f60c501edb5
        Validity
            Not Before: Jan  2 06:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f49319eaec6a815ed72c3611a4579d8001d992b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:bb:77:ce:d8:b1:82:6b:b0:d4:19:29:71:4e:
                    d0:7b:07:b5:35:35:f2:21:00:55:78:40:ac:03:24:
                    21:09:ef:a5:b0:90:8f:f8:85:0d:e8:1c:d7:13:91:
                    b6:11:9a:df:60:e9:eb:54:2b:4c:bc:eb:8d:e9:94:
                    05:6c:23:c5:38:2c:eb:cb:80:45:01:41:80:6f:f4:
                    bd:26:14:50:bc:5f:03:5d:46:1a:dc:a1:4e:6b:90:
                    97:ff:4b:0e:cd:5e:ae:19:0c:4d:04:a5:92:a8:15:
                    7c:62:98:c0:f9:af:a0:9d:d5:9f:64:04:dc:fb:6a:
                    e7:1f:7f:de:01:e5:67:eb:d1:87:d0:ba:83:62:7d:
                    5d:2b:29:e4:9b:38:1c:67:04:53:b5:c8:a0:24:22:
                    8d:87:b0:f6:0e:4e:e5:b3:a5:bf:b9:06:40:b1:de:
                    3e:a3:51:d1:b2:b4:46:8c:c7:e2:ae:7a:e2:a1:7d:
                    be:54:39:b4:1b:0f:9f:ac:f7:a5:a3:48:f3:4e:db:
                    95:f0:4b:c8:38:a7:34:97:2b:38:35:69:d6:da:b2:
                    17:cd:0a:7e:4a:33:b1:ff:fb:99:8a:7a:39:2e:83:
                    84:0b:79:69:31:9b:6d:94:7b:07:63:71:43:e1:8b:
                    60:16:3d:e9:b2:ee:f9:a8:b6:fe:70:20:31:1c:fe:
                    35:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:93:19:EA:EC:6A:81:5E:D7:2C:36:11:A4:57:9D:80:01:D9:92:B5
            X509v3 Authority Key Identifier:
                keyid:31:1F:85:18:8D:08:2F:D5:64:0B:5C:3F:E1:22:1F:60:C5:01:ED:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MR-FGI0IL9VkC1w_4SIfYMUB7bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/9JMZ6uxqgV7XLDYRpFedgAHZkrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/MR-FGI0IL9VkC1w_4SIfYMUB7bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5a:50:ac:a7:24:46:5a:8d:f5:af:61:64:36:72:39:af:5a:46:
         08:50:cd:32:ed:2b:99:0c:95:fe:67:cc:11:c7:6c:f1:cd:79:
         41:77:24:8c:79:d3:91:aa:dd:48:92:0d:bd:5b:dd:6b:05:1e:
         21:15:21:4a:db:58:c2:66:eb:a5:41:44:ea:04:fb:0f:8c:d0:
         83:e4:1c:d1:fd:c8:e1:b4:65:e0:15:2a:24:90:1a:71:3f:29:
         4a:69:81:e4:12:ea:f2:25:a1:6a:15:c1:a3:90:4e:f4:34:3b:
         63:d2:23:34:6f:cc:e7:6e:56:6e:5a:ab:87:fe:da:2a:2f:0b:
         f9:a3:b8:d3:f3:40:f3:97:09:7a:a0:20:5f:77:2f:32:bf:64:
         c9:cc:af:e5:dd:82:35:22:30:2b:3e:90:d2:62:5b:df:97:84:
         a3:df:2f:14:b1:c7:a0:62:cd:72:d3:10:a7:cc:21:06:0b:ac:
         de:5b:62:2e:3e:6f:c6:5e:16:1d:4b:3e:9b:b1:2f:48:ce:d3:
         c9:2a:18:74:f1:de:76:cf:1b:bc:d1:aa:d2:0f:13:96:26:15:
         ea:2a:89:33:8e:33:6d:e9:a1:d5:c4:d7:39:28:a4:79:a4:b4:
         40:b2:29:93:fe:05:14:fd:d2:41:78:fe:e0:e2:25:d3:b6:e1:
         23:03:fa:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tA6GCgxaVFzXVciWCCrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMWY4NTE4OGQwODJmZDU2NDBiNWMzZmUxMjIxZjYwYzUw
MWVkYjUwHhcNMjQwMTAyMDYzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDkzMTllYWVjNmE4MTVlZDcyYzM2MTFhNDU3OWQ4MDAxZDk5MmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Lt3ztixgmuw1BkpcU7Qewe1NTXy
IQBVeECsAyQhCe+lsJCP+IUN6BzXE5G2EZrfYOnrVCtMvOuN6ZQFbCPFOCzry4BF
AUGAb/S9JhRQvF8DXUYa3KFOa5CX/0sOzV6uGQxNBKWSqBV8YpjA+a+gndWfZATc
+2rnH3/eAeVn69GH0LqDYn1dKynkmzgcZwRTtcigJCKNh7D2Dk7ls6W/uQZAsd4+
o1HRsrRGjMfirnrioX2+VDm0Gw+frPelo0jzTtuV8EvIOKc0lys4NWnW2rIXzQp+
SjOx//uZino5LoOEC3lpMZttlHsHY3FD4YtgFj3psu75qLb+cCAxHP411QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPSTGersaoFe1yw2EaRXnYAB2ZK1MB8GA1UdIwQY
MBaAFDEfhRiNCC/VZAtcP+EiH2DFAe21MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVItRkdJMElMOVZrQzF3XzRTSWZZTVVCN2JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi84ZmMzOTUtYjY3NC00MTM3LWJjNzUt
OWJiZDFlZWJlMzNlLzEvOUpNWjZ1eHFnVjdYTERZUnBGZWRnQUhaa3JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi84ZmMzOTUtYjY3NC00MTM3LWJjNzUtOWJiZDFlZWJlMzNl
LzEvTVItRkdJMElMOVZrQzF3XzRTSWZZTVVCN2JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBbcSMA0G
CSqGSIb3DQEBCwUAA4IBAQBaUKynJEZajfWvYWQ2cjmvWkYIUM0y7SuZDJX+Z8wR
x2zxzXlBdySMedORqt1Ikg29W91rBR4hFSFK21jCZuulQUTqBPsPjNCD5BzR/cjh
tGXgFSokkBpxPylKaYHkEuryJaFqFcGjkE70NDtj0iM0b8znblZuWquH/toqLwv5
o7jT80Dzlwl6oCBfdy8yv2TJzK/l3YI1IjArPpDSYlvfl4Sj3y8UscegYs1y0xCn
zCEGC6zeW2IuPm/GXhYdSz6bsS9IztPJKhh08d52zxu80arSDxOWJhXqKokzjjNt
6aHVxNc5KKR5pLRAsimT/gUU/dJBeP7g4iXTtuEjA/qZ
-----END CERTIFICATE-----