Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/5x9V8R4p8pTMFbTsOR0_-xmy7wY.roa
File:                     5x9V8R4p8pTMFbTsOR0_-xmy7wY.roa (raw, json)
Hash identifier:          XT1cTwsH6BX+fcbAIlOj2MRkLG/Ws2dNjq6nGTrG+LE=
Subject key identifier:   E7:1F:55:F1:1E:29:F2:94:CC:15:B4:EC:39:1D:3F:FB:19:B2:EF:06
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       018CC8DF38D69BAD11D16E6723F7DDB6720A
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/5x9V8R4p8pTMFbTsOR0_-xmy7wY.roa
Signing time:             Tue 02 Jan 2024 06:32:01 +0000
ROA not before:           Tue 02 Jan 2024 06:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12886
IP address blocks:        213.209.128.0/24 maxlen: 24
                          213.209.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:38:d6:9b:ad:11:d1:6e:67:23:f7:dd:b6:72:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 06:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e71f55f11e29f294cc15b4ec391d3ffb19b2ef06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:a1:58:e8:d9:8d:36:23:20:58:66:d0:38:58:
                    c8:9b:98:d2:20:f9:f5:45:80:ad:16:34:5e:2d:8b:
                    67:f5:cf:91:e5:af:fd:b7:bd:ea:0c:60:e1:68:3c:
                    6c:1d:52:98:73:c4:8e:48:ab:0b:60:46:a0:f1:9f:
                    45:ba:ee:b2:ca:16:32:c7:0e:79:2a:d4:ad:e1:b0:
                    59:5c:26:29:ba:c2:3c:f1:44:54:f2:a7:43:db:94:
                    2e:6d:4d:fc:84:07:29:52:c3:df:29:63:99:e2:11:
                    4a:76:45:52:0e:4c:bc:da:82:dc:f4:bc:3e:fc:19:
                    47:92:10:16:27:c2:3e:7f:48:53:68:f6:b0:b3:b7:
                    3e:89:48:e7:5c:85:ad:9b:e8:79:d6:2f:73:78:65:
                    67:c5:59:f8:fb:7b:0d:03:2c:77:39:e7:df:96:e2:
                    f1:be:03:1b:1f:2e:1d:ab:f8:d5:a3:52:0a:3a:53:
                    82:1f:c7:3a:0d:59:f1:02:9b:3b:3b:b6:34:8e:22:
                    6b:80:8d:13:64:69:0f:dc:8f:c8:ba:24:f0:3b:20:
                    f1:e4:81:24:bc:55:5b:19:50:cc:f9:b3:fe:67:db:
                    c6:4d:4b:72:72:ec:08:be:4d:b0:6e:08:90:a6:06:
                    03:a3:7d:fd:6b:7b:d7:dd:bf:01:3f:f2:f4:3a:9f:
                    3b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:1F:55:F1:1E:29:F2:94:CC:15:B4:EC:39:1D:3F:FB:19:B2:EF:06
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/5x9V8R4p8pTMFbTsOR0_-xmy7wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.209.128.0/24
                  213.209.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:b1:33:84:67:ad:04:9c:df:24:8a:99:2f:02:0d:2a:f3:c3:
         ee:60:ed:39:45:cd:5f:91:b1:8b:5b:25:85:48:ce:22:d9:2b:
         45:e3:bc:33:6c:16:de:8c:df:6c:b4:e0:1e:ce:41:a5:3c:eb:
         82:47:a1:e2:2a:da:cf:bc:ed:81:6a:12:2f:c3:63:9d:c0:f2:
         60:f1:b7:17:ef:24:e7:65:2e:1f:72:2f:23:96:1a:52:72:6a:
         6c:be:46:1a:fe:18:a0:93:bf:ce:0c:b4:74:b5:03:a4:9a:6f:
         9b:e1:93:e8:58:6f:7a:d5:53:f5:20:a4:5e:9c:c7:bd:ac:af:
         cb:82:8e:d6:80:ae:32:54:40:22:22:f6:26:85:bf:a1:fd:b7:
         53:cb:7f:4a:b5:f1:ad:fb:5c:6e:96:28:89:ab:b9:ed:2c:ad:
         14:99:91:98:42:1c:0e:24:7c:b2:71:60:9d:a3:6f:5b:7c:d1:
         d7:14:c1:11:48:2a:8c:ed:92:9b:9c:89:b5:a5:cf:85:3d:6d:
         89:a9:9a:21:a4:2a:0c:39:0d:08:f7:13:82:3d:24:c1:4f:bc:
         82:29:94:61:af:65:6e:e5:3d:d5:59:4a:c4:2e:9c:5a:f2:41:
         fc:0b:21:40:59:0f:71:c6:0c:67:8a:e4:a8:d9:36:03:04:70:
         26:50:09:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3zjWm60R0W5nI/fdtnIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjQwMTAyMDYzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzFmNTVmMTFlMjlmMjk0Y2MxNWI0ZWMzOTFkM2ZmYjE5YjJlZjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKFY6NmNNiMgWGbQOFjIm5jSIPn1
RYCtFjReLYtn9c+R5a/9t73qDGDhaDxsHVKYc8SOSKsLYEag8Z9Fuu6yyhYyxw55
KtSt4bBZXCYpusI88URU8qdD25QubU38hAcpUsPfKWOZ4hFKdkVSDky82oLc9Lw+
/BlHkhAWJ8I+f0hTaPaws7c+iUjnXIWtm+h51i9zeGVnxVn4+3sNAyx3OeffluLx
vgMbHy4dq/jVo1IKOlOCH8c6DVnxAps7O7Y0jiJrgI0TZGkP3I/IuiTwOyDx5IEk
vFVbGVDM+bP+Z9vGTUtycuwIvk2wbgiQpgYDo339a3vX3b8BP/L0Op87jQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOcfVfEeKfKUzBW07DkdP/sZsu8GMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvNXg5VjhSNHA4cFRNRmJUc09SMF8teG15N3dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1dGAAwQA
1dGOMA0GCSqGSIb3DQEBCwUAA4IBAQBBsTOEZ60EnN8kipkvAg0q88PuYO05Rc1f
kbGLWyWFSM4i2StF47wzbBbejN9stOAezkGlPOuCR6HiKtrPvO2BahIvw2OdwPJg
8bcX7yTnZS4fci8jlhpScmpsvkYa/higk7/ODLR0tQOkmm+b4ZPoWG961VP1IKRe
nMe9rK/Lgo7WgK4yVEAiIvYmhb+h/bdTy39KtfGt+1xuliiJq7ntLK0UmZGYQhwO
JHyycWCdo29bfNHXFMERSCqM7ZKbnIm1pc+FPW2JqZohpCoMOQ0I9xOCPSTBT7yC
KZRhr2Vu5T3VWUrELpxa8kH8CyFAWQ9xxgxniuSo2TYDBHAmUAnK
-----END CERTIFICATE-----