Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/761a3e-880e-4f7c-9366-c8cc5b2d0aed/1/5pVV75LVEWJ-UISZW9X1OAguEaQ.roa
File:                     5pVV75LVEWJ-UISZW9X1OAguEaQ.roa (raw, json)
Hash identifier:          8D3xLtKyWkUMxpT4v8hgfb/BW9Xqy7fxSQW25rVJExM=
Subject key identifier:   E6:95:55:EF:92:D5:11:62:7E:50:84:99:5B:D5:F5:38:08:2E:11:A4
Certificate issuer:       /CN=fe8b494455277ff530025cef2d51df7eab8e4510
Certificate serial:       018CC8DF790EB425A6E89B90CFEF81A5C48E
Authority key identifier: FE:8B:49:44:55:27:7F:F5:30:02:5C:EF:2D:51:DF:7E:AB:8E:45:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_otJRFUnf_UwAlzvLVHffquORRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/761a3e-880e-4f7c-9366-c8cc5b2d0aed/1/5pVV75LVEWJ-UISZW9X1OAguEaQ.roa
Signing time:             Tue 02 Jan 2024 06:32:17 +0000
ROA not before:           Tue 02 Jan 2024 06:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50274
IP address blocks:        109.127.0.0/18 maxlen: 18
                          185.112.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/761a3e-880e-4f7c-9366-c8cc5b2d0aed/1/_otJRFUnf_UwAlzvLVHffquORRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/761a3e-880e-4f7c-9366-c8cc5b2d0aed/1/_otJRFUnf_UwAlzvLVHffquORRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_otJRFUnf_UwAlzvLVHffquORRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:79:0e:b4:25:a6:e8:9b:90:cf:ef:81:a5:c4:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe8b494455277ff530025cef2d51df7eab8e4510
        Validity
            Not Before: Jan  2 06:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e69555ef92d511627e5084995bd5f538082e11a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:74:d8:14:81:e9:94:92:0f:1a:95:d2:82:0a:
                    79:fa:94:7d:dc:a8:8b:8d:1f:aa:89:bf:48:22:cb:
                    42:0b:d4:be:30:61:e4:bf:63:36:96:90:c2:a2:0c:
                    4d:3f:0f:22:86:2b:4d:72:fc:47:8a:fc:cc:86:f3:
                    7a:e8:6c:1c:ce:c8:bd:4a:b6:78:98:07:0b:60:06:
                    cf:58:8b:00:cd:4d:d5:90:bd:53:85:9c:c1:f0:8e:
                    5b:dd:93:5f:02:d6:e7:aa:12:73:79:b8:78:06:8b:
                    ff:0c:c1:c1:93:d3:53:7e:7c:51:c2:ec:49:7d:29:
                    bf:6e:de:8c:06:c9:9c:1d:e3:e0:42:11:e7:02:24:
                    7c:b6:8b:f2:81:70:e7:c1:32:be:59:89:ee:57:75:
                    b2:54:4f:6e:58:e7:5a:f5:ed:72:a9:40:e1:3b:d5:
                    f8:64:1b:dc:47:e4:4c:ef:60:1d:45:bc:46:94:9a:
                    24:a5:70:96:96:c2:57:4e:3e:d5:36:91:2b:65:05:
                    26:00:50:12:03:be:9e:49:ae:4a:21:66:83:a9:7d:
                    82:69:95:a7:4d:ca:2c:42:7d:a7:c2:31:f8:42:ba:
                    d0:4d:09:f0:06:a2:59:ea:28:12:9b:69:49:d8:71:
                    36:ae:2c:8a:93:66:31:7e:2c:7d:fb:85:80:d7:3e:
                    9a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:95:55:EF:92:D5:11:62:7E:50:84:99:5B:D5:F5:38:08:2E:11:A4
            X509v3 Authority Key Identifier:
                keyid:FE:8B:49:44:55:27:7F:F5:30:02:5C:EF:2D:51:DF:7E:AB:8E:45:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_otJRFUnf_UwAlzvLVHffquORRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/761a3e-880e-4f7c-9366-c8cc5b2d0aed/1/5pVV75LVEWJ-UISZW9X1OAguEaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/761a3e-880e-4f7c-9366-c8cc5b2d0aed/1/_otJRFUnf_UwAlzvLVHffquORRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.127.0.0/18
                  185.112.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:fd:b3:56:ff:16:5c:d4:96:e7:0c:03:e9:98:91:c9:8f:d0:
         06:53:7f:01:54:ab:3c:a2:4a:bb:52:76:d6:98:6f:58:3b:95:
         4f:75:84:c0:3f:ae:4c:92:bc:90:ef:5a:55:6c:32:83:c8:a4:
         34:15:44:cb:3d:f0:1f:84:c3:09:21:f2:5b:6c:85:cc:30:c4:
         db:2d:0e:b4:a2:49:5b:ee:b8:e5:39:43:d9:2d:f3:b6:e3:7b:
         3a:1c:7a:4d:f3:c8:30:38:92:26:b4:b1:fd:26:3c:c5:2f:43:
         3c:7e:96:39:f8:27:fc:1a:19:c2:0e:bb:6a:7d:31:6e:ce:ac:
         ae:0e:52:0c:82:e1:49:e7:9a:e0:0f:71:02:23:34:93:f0:d2:
         49:7e:9e:e4:1e:65:d8:57:c2:d4:e2:6c:50:c7:68:9b:00:d1:
         78:52:ef:a0:02:78:05:26:6e:6e:ca:7e:c2:9d:d2:5c:cb:33:
         6c:ac:2f:20:40:6d:d5:31:55:c1:17:64:4b:cd:32:cb:32:c5:
         32:8a:58:5b:d9:12:b2:68:12:7e:8a:8d:c7:a5:97:43:84:cf:
         4a:9c:92:6d:92:ec:ce:16:7e:de:e9:1b:b1:d8:9e:50:54:d8:
         1d:b3:59:17:60:87:ef:16:75:7e:b5:90:26:90:af:b2:90:f0:
         f3:aa:5c:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI33kOtCWm6JuQz++BpcSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlOGI0OTQ0NTUyNzdmZjUzMDAyNWNlZjJkNTFkZjdlYWI4
ZTQ1MTAwHhcNMjQwMTAyMDYzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjk1NTVlZjkyZDUxMTYyN2U1MDg0OTk1YmQ1ZjUzODA4MmUxMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3TYFIHplJIPGpXSggp5+pR93KiL
jR+qib9IIstCC9S+MGHkv2M2lpDCogxNPw8ihitNcvxHivzMhvN66Gwczsi9SrZ4
mAcLYAbPWIsAzU3VkL1ThZzB8I5b3ZNfAtbnqhJzebh4Bov/DMHBk9NTfnxRwuxJ
fSm/bt6MBsmcHePgQhHnAiR8tovygXDnwTK+WYnuV3WyVE9uWOda9e1yqUDhO9X4
ZBvcR+RM72AdRbxGlJokpXCWlsJXTj7VNpErZQUmAFASA76eSa5KIWaDqX2CaZWn
TcosQn2nwjH4QrrQTQnwBqJZ6igSm2lJ2HE2riyKk2Yxfix9+4WA1z6agwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOaVVe+S1RFiflCEmVvV9TgILhGkMB8GA1UdIwQY
MBaAFP6LSURVJ3/1MAJc7y1R336rjkUQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX290SlJGVW5mX1V3QWx6dkxWSGZmcXVPUlJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My83NjFhM2UtODgwZS00ZjdjLTkzNjYt
YzhjYzViMmQwYWVkLzEvNXBWVjc1TFZFV0otVUlTWlc5WDFPQWd1RWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My83NjFhM2UtODgwZS00ZjdjLTkzNjYtYzhjYzViMmQwYWVk
LzEvX290SlJGVW5mX1V3QWx6dkxWSGZmcXVPUlJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGbX8AAwQC
uXDAMA0GCSqGSIb3DQEBCwUAA4IBAQA3/bNW/xZc1JbnDAPpmJHJj9AGU38BVKs8
okq7UnbWmG9YO5VPdYTAP65MkryQ71pVbDKDyKQ0FUTLPfAfhMMJIfJbbIXMMMTb
LQ60oklb7rjlOUPZLfO243s6HHpN88gwOJImtLH9JjzFL0M8fpY5+Cf8GhnCDrtq
fTFuzqyuDlIMguFJ55rgD3ECIzST8NJJfp7kHmXYV8LU4mxQx2ibANF4Uu+gAngF
Jm5uyn7CndJcyzNsrC8gQG3VMVXBF2RLzTLLMsUyilhb2RKyaBJ+io3HpZdDhM9K
nJJtkuzOFn7e6Rux2J5QVNgds1kXYIfvFnV+tZAmkK+ykPDzqlwI
-----END CERTIFICATE-----