Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/x9TqOM2O-IF75cEVwDSb5vPS6Oo.roa
File:                     x9TqOM2O-IF75cEVwDSb5vPS6Oo.roa (raw, json)
Hash identifier:          /XofGxDBxByRQeLyDLO075NU/nKmrTdqf8hzcmdtGsM=
Subject key identifier:   C7:D4:EA:38:CD:8E:F8:81:7B:E5:C1:15:C0:34:9B:E6:F3:D2:E8:EA
Certificate issuer:       /CN=311f85188d082fd5640b5c3fe1221f60c501edb5
Certificate serial:       018CC8DED019C850BCA0C1FE69709EB8801C
Authority key identifier: 31:1F:85:18:8D:08:2F:D5:64:0B:5C:3F:E1:22:1F:60:C5:01:ED:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MR-FGI0IL9VkC1w_4SIfYMUB7bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/x9TqOM2O-IF75cEVwDSb5vPS6Oo.roa
Signing time:             Tue 02 Jan 2024 06:31:34 +0000
ROA not before:           Tue 02 Jan 2024 06:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39305
IP address blocks:        5.183.16.0/24 maxlen: 24
                          5.183.17.0/24 maxlen: 24
                          2a0e:7400::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/MR-FGI0IL9VkC1w_4SIfYMUB7bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/MR-FGI0IL9VkC1w_4SIfYMUB7bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MR-FGI0IL9VkC1w_4SIfYMUB7bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d0:19:c8:50:bc:a0:c1:fe:69:70:9e:b8:80:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=311f85188d082fd5640b5c3fe1221f60c501edb5
        Validity
            Not Before: Jan  2 06:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7d4ea38cd8ef8817be5c115c0349be6f3d2e8ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:51:37:f8:f4:f7:cf:45:a5:6a:ac:15:37:ce:
                    21:95:c4:76:70:92:14:0d:b3:c7:f0:6b:8d:0b:e3:
                    e6:4a:4a:a6:9a:3c:ec:5e:0f:e1:82:37:03:12:e3:
                    67:1f:59:7a:14:7b:cc:8b:d5:da:9d:a3:32:7f:3a:
                    fc:aa:87:b1:91:92:d9:84:8b:de:d6:2c:34:c5:71:
                    c1:b3:5d:42:9b:0e:ba:4a:92:2b:5d:3e:7b:58:2f:
                    6d:ad:45:b2:75:8d:86:f3:d6:fb:6a:04:44:79:4b:
                    5c:bf:35:04:02:7d:5c:b4:a5:e0:b1:32:2c:13:36:
                    c5:02:84:80:c8:99:f7:fc:8f:25:df:1c:fc:fa:84:
                    62:19:26:7a:e5:17:bb:90:21:32:86:0d:3f:f2:c9:
                    ba:2f:11:df:27:3e:43:08:d8:02:2c:78:58:a1:bb:
                    65:ec:47:c4:29:85:7c:1b:50:c3:91:66:f4:0e:75:
                    0d:75:cf:f7:f5:b2:a9:fc:b7:d8:ab:8c:59:f4:84:
                    34:5e:5c:af:3f:2b:40:34:36:a4:9e:55:09:fa:6b:
                    4a:96:93:10:29:31:e2:94:e2:42:7c:0b:25:86:1d:
                    10:5e:de:b9:3b:42:df:ec:19:f2:d8:09:25:84:89:
                    74:83:77:33:d1:be:5d:4f:9c:ca:29:f3:2b:22:26:
                    fa:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:D4:EA:38:CD:8E:F8:81:7B:E5:C1:15:C0:34:9B:E6:F3:D2:E8:EA
            X509v3 Authority Key Identifier:
                keyid:31:1F:85:18:8D:08:2F:D5:64:0B:5C:3F:E1:22:1F:60:C5:01:ED:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MR-FGI0IL9VkC1w_4SIfYMUB7bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/x9TqOM2O-IF75cEVwDSb5vPS6Oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/8fc395-b674-4137-bc75-9bbd1eebe33e/1/MR-FGI0IL9VkC1w_4SIfYMUB7bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.16.0/23
                IPv6:
                  2a0e:7400::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:fe:ff:73:c4:56:b3:07:9c:a1:3f:b7:78:c0:fb:27:10:bc:
         e9:5d:38:99:a7:bf:c2:59:e8:9f:b1:2b:16:37:74:72:d0:86:
         33:4a:59:86:2b:55:02:0d:27:a3:5d:ec:33:24:52:70:0c:d2:
         e9:8b:ca:82:c6:1e:b9:23:dd:f8:fa:c3:07:27:1a:8f:96:d5:
         32:ac:dd:f7:7a:9a:7d:7b:ea:b9:80:7a:88:b5:f5:b2:48:0a:
         1b:e4:87:2d:e0:12:d5:a1:39:56:41:ae:ae:a9:52:77:0c:7a:
         4e:c9:ab:4c:54:1d:93:e6:fb:41:a5:a7:5c:a7:28:09:e8:4c:
         49:2e:97:8a:ab:ee:99:96:53:ef:09:a5:01:6b:25:d1:20:e9:
         59:d1:8f:97:17:83:a5:68:38:5b:63:0e:30:c9:6c:7d:4f:ee:
         db:66:62:92:76:e1:69:ca:f7:9f:b9:99:0e:a7:00:3d:d6:54:
         5c:e3:c9:49:f4:20:c7:ad:ea:d3:28:41:3d:e0:10:bb:eb:39:
         d2:0a:63:1d:0d:0f:e7:35:1c:9b:04:30:51:e7:21:39:e4:83:
         6f:31:04:4b:5c:d1:4a:31:c2:20:df:51:a7:14:3e:a1:69:3c:
         ce:6b:78:10:49:4d:12:9d:ec:ae:4a:ed:68:35:86:d0:a2:51:
         11:d9:ac:1f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3tAZyFC8oMH+aXCeuIAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMWY4NTE4OGQwODJmZDU2NDBiNWMzZmUxMjIxZjYwYzUw
MWVkYjUwHhcNMjQwMTAyMDYzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Q0ZWEzOGNkOGVmODgxN2JlNWMxMTVjMDM0OWJlNmYzZDJlOGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFE3+PT3z0WlaqwVN84hlcR2cJIU
DbPH8GuNC+PmSkqmmjzsXg/hgjcDEuNnH1l6FHvMi9XanaMyfzr8qoexkZLZhIve
1iw0xXHBs11Cmw66SpIrXT57WC9trUWydY2G89b7agREeUtcvzUEAn1ctKXgsTIs
EzbFAoSAyJn3/I8l3xz8+oRiGSZ65Re7kCEyhg0/8sm6LxHfJz5DCNgCLHhYobtl
7EfEKYV8G1DDkWb0DnUNdc/39bKp/LfYq4xZ9IQ0XlyvPytANDaknlUJ+mtKlpMQ
KTHilOJCfAslhh0QXt65O0Lf7Bny2AklhIl0g3cz0b5dT5zKKfMrIib6JQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMfU6jjNjviBe+XBFcA0m+bz0ujqMB8GA1UdIwQY
MBaAFDEfhRiNCC/VZAtcP+EiH2DFAe21MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVItRkdJMElMOVZrQzF3XzRTSWZZTVVCN2JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi84ZmMzOTUtYjY3NC00MTM3LWJjNzUt
OWJiZDFlZWJlMzNlLzEveDlUcU9NMk8tSUY3NWNFVndEU2I1dlBTNk9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi84ZmMzOTUtYjY3NC00MTM3LWJjNzUtOWJiZDFlZWJlMzNl
LzEvTVItRkdJMElMOVZrQzF3XzRTSWZZTVVCN2JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBBbcQMA0E
AgACMAcDBQMqDnQAMA0GCSqGSIb3DQEBCwUAA4IBAQAG/v9zxFazB5yhP7d4wPsn
ELzpXTiZp7/CWeifsSsWN3Ry0IYzSlmGK1UCDSejXewzJFJwDNLpi8qCxh65I934
+sMHJxqPltUyrN33epp9e+q5gHqItfWySAob5Ict4BLVoTlWQa6uqVJ3DHpOyatM
VB2T5vtBpadcpygJ6ExJLpeKq+6ZllPvCaUBayXRIOlZ0Y+XF4OlaDhbYw4wyWx9
T+7bZmKSduFpyvefuZkOpwA91lRc48lJ9CDHrerTKEE94BC76znSCmMdDQ/nNRyb
BDBR5yE55INvMQRLXNFKMcIg31GnFD6haTzOa3gQSU0SneyuSu1oNYbQolER2awf
-----END CERTIFICATE-----