Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Kp5qKiQjISvKRylAkIrYORJkzy0.roa
File:                     Kp5qKiQjISvKRylAkIrYORJkzy0.roa (raw, json)
Hash identifier:          Eo+uVnrG3JEWX91/et+EIHChgXW6eDDmLMb9F/dAGNY=
Subject key identifier:   2A:9E:6A:2A:24:23:21:2B:CA:47:29:40:90:8A:D8:39:12:64:CF:2D
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424F6675638EC9D84BFCDCF1C9DEC01
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Kp5qKiQjISvKRylAkIrYORJkzy0.roa
Signing time:             Mon 01 Jan 2024 08:30:05 +0000
ROA not before:           Mon 01 Jan 2024 08:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209474
IP address blocks:        194.62.54.0/24 maxlen: 24
                          185.254.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 13:40:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:f6:67:56:38:ec:9d:84:bf:cd:cf:1c:9d:ec:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a9e6a2a2423212bca472940908ad8391264cf2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d4:9e:0a:40:ea:db:71:5d:35:f9:5e:79:c1:
                    70:4a:3f:f9:5e:2d:ee:6b:c8:cf:86:0f:cb:85:b4:
                    83:67:6d:44:86:a2:70:82:e0:63:9c:e5:c2:bf:d6:
                    f2:03:17:b0:5b:b5:d0:dd:05:6f:37:e5:16:03:12:
                    88:55:ac:5d:c9:98:a8:8d:8a:dd:37:33:23:9e:66:
                    6b:87:15:42:51:ac:05:28:0e:19:2c:72:33:88:00:
                    03:ee:f9:3f:30:3a:9f:26:56:1b:15:7e:bf:f7:0a:
                    10:f7:65:8e:92:02:a5:33:fb:be:94:11:63:6e:49:
                    b7:3b:0c:be:69:e8:06:4c:ba:4d:b3:c3:44:7c:d9:
                    f1:43:83:55:2b:38:e4:fd:6e:77:bd:2f:84:cb:f4:
                    0f:c3:ce:21:55:a9:13:ad:a1:12:d3:17:32:71:79:
                    03:02:70:c8:ba:36:cb:05:17:d7:c6:fd:d0:cf:9f:
                    d7:5b:b9:52:d4:83:ab:53:c9:ed:5b:6a:c2:07:19:
                    d9:60:36:d4:d3:6b:95:e3:b7:54:3e:9d:0e:b7:7e:
                    3c:f6:cc:ff:bc:2c:a3:4b:a6:1f:ac:70:27:17:7c:
                    b0:2d:1d:8a:17:c7:bb:3b:54:82:76:8c:0e:29:15:
                    ab:9f:56:fb:8b:5d:23:9e:ca:17:ae:71:92:85:5f:
                    b7:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:9E:6A:2A:24:23:21:2B:CA:47:29:40:90:8A:D8:39:12:64:CF:2D
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/Kp5qKiQjISvKRylAkIrYORJkzy0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.239.0/24
                  194.62.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:5f:50:d4:44:8b:1a:05:1b:0a:09:7c:45:8f:ea:c5:56:09:
         10:ea:ca:97:55:9a:14:14:a9:90:41:2b:85:40:5b:3a:20:82:
         da:2b:7e:c1:7b:34:b8:81:12:53:ac:05:f5:ae:0c:d9:76:6e:
         ec:c6:b4:db:26:a9:8a:51:1a:20:a6:d2:aa:db:13:8e:f1:6b:
         d9:ae:44:b0:ac:1b:95:17:a4:7b:96:56:d1:ee:5e:c6:fd:56:
         26:1e:e5:61:71:c9:21:e6:a7:a3:c1:28:45:6c:c8:a9:5c:f0:
         72:ea:12:2d:c0:10:5b:b7:e9:0f:72:49:41:fe:39:32:b0:2b:
         9f:e6:d5:e6:bf:7c:ec:3d:5a:43:a0:14:47:64:fd:fc:20:00:
         a5:7c:03:fd:97:bd:73:3c:91:0e:53:41:c6:1a:f1:aa:2e:0d:
         5e:5d:d0:4f:0e:7c:85:9c:7c:5b:86:a6:f7:07:33:bf:8d:25:
         e7:da:07:03:cc:1a:4c:14:4b:6e:f2:d3:21:43:4d:94:07:b6:
         3e:f9:9e:e1:42:ad:87:87:5d:cb:22:c9:76:4d:6b:8f:85:24:
         86:92:8e:6f:eb:72:83:16:3c:88:37:00:04:b7:94:ed:41:45:
         d2:43:75:15:7d:f5:20:e4:01:f8:f2:95:5a:49:2f:f1:36:58:
         03:0c:c6:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJPZnVjjsnYS/zc8cnewBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTllNmEyYTI0MjMyMTJiY2E0NzI5NDA5MDhhZDgzOTEyNjRjZjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNSeCkDq23FdNfleecFwSj/5Xi3u
a8jPhg/LhbSDZ21EhqJwguBjnOXCv9byAxewW7XQ3QVvN+UWAxKIVaxdyZiojYrd
NzMjnmZrhxVCUawFKA4ZLHIziAAD7vk/MDqfJlYbFX6/9woQ92WOkgKlM/u+lBFj
bkm3Owy+aegGTLpNs8NEfNnxQ4NVKzjk/W53vS+Ey/QPw84hVakTraES0xcycXkD
AnDIujbLBRfXxv3Qz5/XW7lS1IOrU8ntW2rCBxnZYDbU02uV47dUPp0Ot3489sz/
vCyjS6YfrHAnF3ywLR2KF8e7O1SCdowOKRWrn1b7i10jnsoXrnGShV+3iQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCqeaiokIyErykcpQJCK2DkSZM8tMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvS3A1cUtpUWpJU3ZLUnlsQWtJcllPUkprenkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuf7vAwQA
wj42MA0GCSqGSIb3DQEBCwUAA4IBAQAlX1DURIsaBRsKCXxFj+rFVgkQ6sqXVZoU
FKmQQSuFQFs6IILaK37BezS4gRJTrAX1rgzZdm7sxrTbJqmKURogptKq2xOO8WvZ
rkSwrBuVF6R7llbR7l7G/VYmHuVhcckh5qejwShFbMipXPBy6hItwBBbt+kPcklB
/jkysCuf5tXmv3zsPVpDoBRHZP38IAClfAP9l71zPJEOU0HGGvGqLg1eXdBPDnyF
nHxbhqb3BzO/jSXn2gcDzBpMFEtu8tMhQ02UB7Y++Z7hQq2Hh13LIsl2TWuPhSSG
ko5v63KDFjyINwAEt5TtQUXSQ3UVffUg5AH48pVaSS/xNlgDDMa7
-----END CERTIFICATE-----