Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/8ce795-3fa9-4cb7-831a-1de56e475fbf/1/lIG5pbSZCXVP5KTPtT2KLwdNRnw.roa
File:                     lIG5pbSZCXVP5KTPtT2KLwdNRnw.roa (raw, json)
Hash identifier:          tcwXYvd8YwYik75T1kDyreUZLkeOeHw9Q3wHKVoFnLQ=
Subject key identifier:   94:81:B9:A5:B4:99:09:75:4F:E4:A4:CF:B5:3D:8A:2F:07:4D:46:7C
Certificate issuer:       /CN=c373fae99d651298845d22f89d8d2b2e1d13bc04
Certificate serial:       0191FF769B6BEE0960DAAAECF2B331BDEAB9
Authority key identifier: C3:73:FA:E9:9D:65:12:98:84:5D:22:F8:9D:8D:2B:2E:1D:13:BC:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3P66Z1lEpiEXSL4nY0rLh0TvAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/8ce795-3fa9-4cb7-831a-1de56e475fbf/1/lIG5pbSZCXVP5KTPtT2KLwdNRnw.roa
Signing time:             Tue 17 Sep 2024 10:10:48 +0000
ROA not before:           Tue 17 Sep 2024 10:10:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214238
IP address blocks:        188.190.3.0/24 maxlen: 24
                          188.190.4.0/24 maxlen: 24
                          188.190.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/8ce795-3fa9-4cb7-831a-1de56e475fbf/1/w3P66Z1lEpiEXSL4nY0rLh0TvAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/8ce795-3fa9-4cb7-831a-1de56e475fbf/1/w3P66Z1lEpiEXSL4nY0rLh0TvAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3P66Z1lEpiEXSL4nY0rLh0TvAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ff:76:9b:6b:ee:09:60:da:aa:ec:f2:b3:31:bd:ea:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c373fae99d651298845d22f89d8d2b2e1d13bc04
        Validity
            Not Before: Sep 17 10:10:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9481b9a5b49909754fe4a4cfb53d8a2f074d467c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b1:a9:53:e6:e0:42:7d:4d:15:6c:d2:e6:c6:
                    c7:77:39:a7:20:20:1f:0e:91:91:41:a9:a4:3c:42:
                    d2:5a:8e:07:16:5d:54:4d:7f:a0:4d:65:fb:61:39:
                    6d:97:bf:e4:6e:53:1a:82:fb:d4:bc:4b:17:c8:53:
                    2a:af:84:e5:19:00:4e:97:c0:fd:d7:a8:f0:32:5e:
                    8f:43:64:3e:5c:c7:93:96:4f:b8:55:eb:1f:61:33:
                    4a:88:49:39:f8:cb:e6:38:79:8d:16:68:a3:22:43:
                    b9:1a:88:5d:3c:07:a7:4c:35:01:85:ed:9c:f4:d8:
                    a0:de:c3:41:7d:fe:99:ae:1b:80:cd:29:f6:7f:5a:
                    d2:ba:4c:59:38:8d:6e:e7:90:70:e6:f9:21:22:8d:
                    1b:ea:ce:52:f1:6f:c7:fe:7e:38:b7:e9:9d:a9:17:
                    7b:e9:2e:db:e6:7f:2d:a4:1e:5d:48:ba:bf:3e:58:
                    82:1e:fd:10:e2:1d:79:31:52:03:f3:13:38:a1:2a:
                    e9:6b:a8:71:83:fa:e7:53:e9:b8:cf:d7:b2:66:02:
                    c6:e4:d1:8c:fe:93:c6:84:d1:fe:17:c2:0a:16:c9:
                    e3:15:5d:83:c8:d8:bd:fd:9c:fe:01:6c:bd:bc:fa:
                    3f:be:c8:cb:57:7d:ef:2a:46:50:b6:a5:70:71:68:
                    21:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:81:B9:A5:B4:99:09:75:4F:E4:A4:CF:B5:3D:8A:2F:07:4D:46:7C
            X509v3 Authority Key Identifier:
                keyid:C3:73:FA:E9:9D:65:12:98:84:5D:22:F8:9D:8D:2B:2E:1D:13:BC:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3P66Z1lEpiEXSL4nY0rLh0TvAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/8ce795-3fa9-4cb7-831a-1de56e475fbf/1/lIG5pbSZCXVP5KTPtT2KLwdNRnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/8ce795-3fa9-4cb7-831a-1de56e475fbf/1/w3P66Z1lEpiEXSL4nY0rLh0TvAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.190.3.0-188.190.5.255

    Signature Algorithm: sha256WithRSAEncryption
         1a:4b:34:75:b9:bf:8e:73:a4:c2:07:35:23:a5:62:a1:42:3c:
         9e:4b:0a:91:dd:ea:cc:80:2d:c0:38:73:67:5d:21:0d:e0:36:
         6c:ed:a4:11:e3:af:1e:0f:87:51:f5:ea:a0:2e:09:00:0b:1e:
         ab:92:08:d1:dc:76:a0:3e:e2:12:3c:ba:82:f6:09:47:1e:66:
         9c:f0:62:65:f6:1e:f0:e8:dd:a1:2a:34:f7:c3:90:5a:df:1a:
         0d:55:f8:35:73:44:0b:33:ec:84:87:d6:2c:66:47:c3:7e:ad:
         33:8f:9c:97:59:a9:4d:1a:e8:e6:1e:35:d5:fc:89:a2:cf:f8:
         0b:73:0d:01:45:b1:f6:f1:51:1e:19:ce:96:49:b1:74:ca:a3:
         92:8d:97:67:88:d4:2e:57:ae:46:8e:29:81:73:ad:d6:90:aa:
         d5:21:b1:f7:3d:75:a9:13:cb:d6:10:42:65:aa:9b:76:8c:3f:
         0b:f9:65:5d:2f:a1:81:9e:22:31:e7:c3:b6:32:18:2a:46:fc:
         70:2a:55:e8:76:1b:ed:c9:74:6d:02:3e:30:db:5f:0c:b9:a4:
         ce:15:b1:3b:7c:7d:70:94:0c:77:f6:18:87:5e:25:5e:c1:bd:
         76:ff:0c:d9:20:7a:7c:1c:f6:27:81:1a:5e:49:a3:5d:b3:ff:
         2a:f5:a4:cd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZH/dptr7glg2qrs8rMxveq5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzNmYWU5OWQ2NTEyOTg4NDVkMjJmODlkOGQyYjJlMWQx
M2JjMDQwHhcNMjQwOTE3MTAxMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDgxYjlhNWI0OTkwOTc1NGZlNGE0Y2ZiNTNkOGEyZjA3NGQ0NjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrGpU+bgQn1NFWzS5sbHdzmnICAf
DpGRQamkPELSWo4HFl1UTX+gTWX7YTltl7/kblMagvvUvEsXyFMqr4TlGQBOl8D9
16jwMl6PQ2Q+XMeTlk+4VesfYTNKiEk5+MvmOHmNFmijIkO5GohdPAenTDUBhe2c
9Nig3sNBff6ZrhuAzSn2f1rSukxZOI1u55Bw5vkhIo0b6s5S8W/H/n44t+mdqRd7
6S7b5n8tpB5dSLq/PliCHv0Q4h15MVID8xM4oSrpa6hxg/rnU+m4z9eyZgLG5NGM
/pPGhNH+F8IKFsnjFV2DyNi9/Zz+AWy9vPo/vsjLV33vKkZQtqVwcWghDQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJSBuaW0mQl1T+Skz7U9ii8HTUZ8MB8GA1UdIwQY
MBaAFMNz+umdZRKYhF0i+J2NKy4dE7wEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNQNjZaMWxFcGlFWFNMNG5ZMHJMaDBUdkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC84Y2U3OTUtM2ZhOS00Y2I3LTgzMWEt
MWRlNTZlNDc1ZmJmLzEvbElHNXBiU1pDWFZQNUtUUHRUMktMd2ROUm53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC84Y2U3OTUtM2ZhOS00Y2I3LTgzMWEtMWRlNTZlNDc1ZmJm
LzEvdzNQNjZaMWxFcGlFWFNMNG5ZMHJMaDBUdkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC8vgMD
BAG8vgQwDQYJKoZIhvcNAQELBQADggEBABpLNHW5v45zpMIHNSOlYqFCPJ5LCpHd
6syALcA4c2ddIQ3gNmztpBHjrx4Ph1H16qAuCQALHquSCNHcdqA+4hI8uoL2CUce
ZpzwYmX2HvDo3aEqNPfDkFrfGg1V+DVzRAsz7ISH1ixmR8N+rTOPnJdZqU0a6OYe
NdX8iaLP+AtzDQFFsfbxUR4ZzpZJsXTKo5KNl2eI1C5XrkaOKYFzrdaQqtUhsfc9
dakTy9YQQmWqm3aMPwv5ZV0voYGeIjHnw7YyGCpG/HAqVeh2G+3JdG0CPjDbXwy5
pM4VsTt8fXCUDHf2GIdeJV7BvXb/DNkgenwc9ieBGl5Jo12z/yr1pM0=
-----END CERTIFICATE-----