Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/SgCZdeXzoeWeQVM7RswxUh4AuOU.roa
File:                     SgCZdeXzoeWeQVM7RswxUh4AuOU.roa (raw, json)
Hash identifier:          ZsXKv/4V6HW1Mf2kSspT38g1Bjq5uzV5heNADGaFi6Y=
Subject key identifier:   4A:00:99:75:E5:F3:A1:E5:9E:41:53:3B:46:CC:31:52:1E:00:B8:E5
Certificate issuer:       /CN=e5a1b36552f9daccb92ac5c3b44b426d643749e2
Certificate serial:       018CC5DC0DD31A6636FB0B90BF97FE288749
Authority key identifier: E5:A1:B3:65:52:F9:DA:CC:B9:2A:C5:C3:B4:4B:42:6D:64:37:49:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5aGzZVL52sy5KsXDtEtCbWQ3SeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/SgCZdeXzoeWeQVM7RswxUh4AuOU.roa
Signing time:             Mon 01 Jan 2024 16:29:42 +0000
ROA not before:           Mon 01 Jan 2024 16:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5528
IP address blocks:        195.130.205.0/24 maxlen: 24
                          188.92.23.0/24 maxlen: 32
                          188.92.22.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/5aGzZVL52sy5KsXDtEtCbWQ3SeI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/5aGzZVL52sy5KsXDtEtCbWQ3SeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5aGzZVL52sy5KsXDtEtCbWQ3SeI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0d:d3:1a:66:36:fb:0b:90:bf:97:fe:28:87:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5a1b36552f9daccb92ac5c3b44b426d643749e2
        Validity
            Not Before: Jan  1 16:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a009975e5f3a1e59e41533b46cc31521e00b8e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c2:9e:45:10:7b:36:19:57:ca:de:7a:9d:b4:
                    8c:a5:3c:b4:24:b0:44:a9:2f:12:4d:03:69:6e:26:
                    87:45:2a:a9:e3:d3:4b:12:88:2e:59:6f:9e:6a:46:
                    69:b6:80:7b:ee:5d:95:92:52:ce:3b:a0:d1:e5:7c:
                    ed:72:b1:5c:08:4f:e2:74:fd:5c:5d:76:a9:32:81:
                    6e:84:5f:aa:cc:b6:f8:2e:dd:83:a3:ff:fa:28:dd:
                    35:cf:85:f7:96:14:07:f0:d3:c7:8d:69:b4:b2:32:
                    73:37:c3:c2:8b:5a:8e:35:73:fc:4f:74:8b:27:a7:
                    1b:28:8b:88:f2:29:42:7d:ef:89:8b:00:23:83:c4:
                    32:f1:42:3e:cb:b7:b2:62:a1:2a:a1:af:96:9a:96:
                    f3:3d:4c:8c:4b:50:9e:f1:80:71:3b:96:ff:05:10:
                    22:a3:35:44:27:f4:37:2d:df:32:51:fd:b3:5c:ed:
                    4f:49:cd:15:a3:9d:d2:26:e6:b1:5f:d2:b6:56:88:
                    fd:6a:29:c8:31:ee:09:90:f4:5f:1c:5b:fc:05:c0:
                    ef:15:c9:91:9d:b4:fe:cc:07:d2:26:41:05:d5:37:
                    52:e7:f1:5a:7a:1c:3d:f7:04:b7:f4:99:16:6c:3e:
                    0f:9c:a0:da:c0:e6:53:34:ec:30:2f:62:0e:20:4d:
                    7c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:00:99:75:E5:F3:A1:E5:9E:41:53:3B:46:CC:31:52:1E:00:B8:E5
            X509v3 Authority Key Identifier:
                keyid:E5:A1:B3:65:52:F9:DA:CC:B9:2A:C5:C3:B4:4B:42:6D:64:37:49:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5aGzZVL52sy5KsXDtEtCbWQ3SeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/SgCZdeXzoeWeQVM7RswxUh4AuOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b8ea5b-3dd4-4374-a793-c5e6d23f8b09/1/5aGzZVL52sy5KsXDtEtCbWQ3SeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.22.0/23
                  195.130.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:94:35:97:1c:36:50:27:3b:ee:fd:dc:7f:e4:ff:96:e1:22:
         35:dd:79:b1:21:5e:1f:7f:d2:a4:55:b7:cf:4c:ef:98:81:92:
         7a:8f:23:e8:fa:0f:5a:5c:18:65:74:e0:d0:ff:7d:ad:43:99:
         fc:e4:17:c4:c8:2f:f9:45:c9:5e:bc:a7:ef:43:d6:d3:c4:9e:
         f9:60:07:c8:b3:6c:8b:dd:71:36:be:c7:90:13:ce:3b:40:c3:
         2c:15:5f:a9:5a:0d:c7:42:e4:db:23:bd:eb:dc:43:a0:2a:e2:
         40:08:d7:bc:53:9e:86:b4:d1:bc:a1:fb:89:60:73:e4:15:93:
         78:3d:07:89:ae:f7:d8:5b:83:e1:ab:b3:84:51:0b:4d:4f:ec:
         d7:b2:ee:2d:ef:d4:b0:fc:ac:33:75:d7:c2:4e:d1:b0:23:5b:
         ee:4a:65:3c:ce:c9:71:c5:05:03:dc:5d:f0:d4:4a:bf:21:76:
         11:99:6b:3a:4b:e0:d9:5e:f4:3c:1a:73:0e:9a:99:90:5c:b6:
         b7:11:9c:f8:50:62:b3:4e:20:1c:c6:80:84:be:b8:f7:55:f0:
         43:5a:19:4b:3e:01:ab:bd:44:d8:97:bc:1f:9b:9a:af:73:06:
         d6:d8:5b:f8:56:62:ae:53:0c:77:81:5e:f3:62:1f:9e:c3:3f:
         4f:58:56:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3A3TGmY2+wuQv5f+KIdJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YTFiMzY1NTJmOWRhY2NiOTJhYzVjM2I0NGI0MjZkNjQz
NzQ5ZTIwHhcNMjQwMTAxMTYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTAwOTk3NWU1ZjNhMWU1OWU0MTUzM2I0NmNjMzE1MjFlMDBiOGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8KeRRB7NhlXyt56nbSMpTy0JLBE
qS8STQNpbiaHRSqp49NLEoguWW+eakZptoB77l2VklLOO6DR5XztcrFcCE/idP1c
XXapMoFuhF+qzLb4Lt2Do//6KN01z4X3lhQH8NPHjWm0sjJzN8PCi1qONXP8T3SL
J6cbKIuI8ilCfe+JiwAjg8Qy8UI+y7eyYqEqoa+WmpbzPUyMS1Ce8YBxO5b/BRAi
ozVEJ/Q3Ld8yUf2zXO1PSc0Vo53SJuaxX9K2Voj9ainIMe4JkPRfHFv8BcDvFcmR
nbT+zAfSJkEF1TdS5/Faehw99wS39JkWbD4PnKDawOZTNOwwL2IOIE189QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEoAmXXl86HlnkFTO0bMMVIeALjlMB8GA1UdIwQY
MBaAFOWhs2VS+drMuSrFw7RLQm1kN0niMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFHelpWTDUyc3k1S3NYRHRFdENiV1EzU2VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iOGVhNWItM2RkNC00Mzc0LWE3OTMt
YzVlNmQyM2Y4YjA5LzEvU2dDWmRlWHpvZVdlUVZNN1Jzd3hVaDRBdU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iOGVhNWItM2RkNC00Mzc0LWE3OTMtYzVlNmQyM2Y4YjA5
LzEvNWFHelpWTDUyc3k1S3NYRHRFdENiV1EzU2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBvFwWAwQA
w4LNMA0GCSqGSIb3DQEBCwUAA4IBAQA8lDWXHDZQJzvu/dx/5P+W4SI13XmxIV4f
f9KkVbfPTO+YgZJ6jyPo+g9aXBhldODQ/32tQ5n85BfEyC/5RclevKfvQ9bTxJ75
YAfIs2yL3XE2vseQE847QMMsFV+pWg3HQuTbI73r3EOgKuJACNe8U56GtNG8ofuJ
YHPkFZN4PQeJrvfYW4Phq7OEUQtNT+zXsu4t79Sw/KwzddfCTtGwI1vuSmU8zslx
xQUD3F3w1Eq/IXYRmWs6S+DZXvQ8GnMOmpmQXLa3EZz4UGKzTiAcxoCEvrj3VfBD
WhlLPgGrvUTYl7wfm5qvcwbW2Fv4VmKuUwx3gV7zYh+ewz9PWFaK
-----END CERTIFICATE-----