Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/xddod013bUYLb3gcKCtHNFF-8Fw.roa
File:                     xddod013bUYLb3gcKCtHNFF-8Fw.roa (raw, json)
Hash identifier:          9ko7lJ1J2h5vDcMLmX2ewp7QzZrdjEKI0RxAJ5d4j3g=
Subject key identifier:   C5:D7:68:77:4D:77:6D:46:0B:6F:78:1C:28:2B:47:34:51:7E:F0:5C
Certificate issuer:       /CN=e5825fbee7c43a29838eabe4fc87d794349c0c80
Certificate serial:       018F1B604C8016419A612ED4A895D2C5D10B
Authority key identifier: E5:82:5F:BE:E7:C4:3A:29:83:8E:AB:E4:FC:87:D7:94:34:9C:0C:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/xddod013bUYLb3gcKCtHNFF-8Fw.roa
Signing time:             Fri 26 Apr 2024 17:07:26 +0000
ROA not before:           Fri 26 Apr 2024 17:07:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29436
IP address blocks:        94.240.132.0/22 maxlen: 22
                          94.240.136.0/21 maxlen: 21
                          94.240.144.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/5YJfvufEOimDjqvk_IfXlDScDIA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/5YJfvufEOimDjqvk_IfXlDScDIA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 11:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1b:60:4c:80:16:41:9a:61:2e:d4:a8:95:d2:c5:d1:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5825fbee7c43a29838eabe4fc87d794349c0c80
        Validity
            Not Before: Apr 26 17:07:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5d768774d776d460b6f781c282b4734517ef05c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:55:10:9f:51:ec:7e:94:34:43:cf:2c:dd:04:
                    30:83:64:b9:43:c4:97:64:2a:48:29:00:5b:78:73:
                    00:7b:75:ff:04:fa:c5:e0:38:69:8e:35:d0:81:bd:
                    24:b5:d6:1c:5a:f6:8c:c9:90:a4:64:9b:f0:e1:f0:
                    6b:b9:0a:f8:6c:93:d7:1a:8d:ec:dc:ec:d8:bf:d7:
                    e6:ab:1f:d8:c9:a8:45:a2:1e:be:54:d3:4e:92:88:
                    33:11:9f:60:d6:0c:4e:1e:08:5e:b7:d7:91:ea:0a:
                    13:1c:0f:79:be:b2:f8:68:61:1f:60:3e:82:21:2b:
                    99:ce:41:23:ac:63:fe:62:6f:05:a8:7d:42:12:fd:
                    0e:d6:40:3c:e0:93:90:c5:5c:f2:9c:53:7b:70:09:
                    03:17:20:66:18:f6:d2:87:c9:be:b8:77:d7:dc:07:
                    e1:25:81:1b:5d:2e:e2:09:67:db:10:9a:dd:b2:95:
                    37:86:47:08:30:25:1b:29:45:f1:96:1d:41:19:db:
                    0e:95:6c:64:aa:5a:08:a2:53:0d:fb:68:cf:15:9d:
                    0a:f1:e6:19:21:5c:b7:19:e1:e0:9e:32:ea:60:04:
                    88:44:47:27:8e:41:1a:49:9a:7c:4d:90:81:8a:a6:
                    f6:4a:1f:68:23:7b:cb:d5:ea:d4:63:cd:61:a1:5d:
                    35:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:D7:68:77:4D:77:6D:46:0B:6F:78:1C:28:2B:47:34:51:7E:F0:5C
            X509v3 Authority Key Identifier:
                keyid:E5:82:5F:BE:E7:C4:3A:29:83:8E:AB:E4:FC:87:D7:94:34:9C:0C:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/xddod013bUYLb3gcKCtHNFF-8Fw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/5YJfvufEOimDjqvk_IfXlDScDIA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.132.0-94.240.159.255

    Signature Algorithm: sha256WithRSAEncryption
         82:67:6d:4e:b2:59:c3:0a:ac:7f:0c:e3:a9:51:e0:f1:d7:b7:
         8e:96:12:df:e6:12:cf:95:dc:85:60:f7:67:f6:ad:44:6c:e6:
         17:96:df:1e:06:47:40:db:28:33:58:4f:03:ed:a3:85:5d:47:
         15:5b:2e:c7:33:99:74:70:1e:ef:9f:76:4b:ab:75:0b:19:86:
         d9:a7:70:27:ca:47:f7:8f:e5:d5:71:f2:19:07:87:88:dc:36:
         79:98:0a:8f:7f:ed:26:30:49:54:c4:18:ea:19:34:38:93:c4:
         c4:1a:16:67:fb:62:87:ab:43:f7:e5:e2:be:72:b9:df:ff:f6:
         33:1f:0f:77:ad:15:e0:e8:a1:a6:cb:20:05:a7:45:d8:f6:5c:
         3b:ca:e8:23:1b:1e:5d:04:ee:c9:4a:c0:f3:a2:4c:42:d3:a8:
         b8:44:ad:84:74:17:db:95:bf:a4:77:fe:98:34:07:3a:4a:ca:
         96:f1:e6:91:37:5e:4e:e4:40:91:63:53:07:b0:b5:09:d4:58:
         bb:4e:8a:4b:1c:f7:8d:a6:ae:bc:41:e2:c8:69:df:38:15:49:
         9a:b7:c0:89:2d:db:26:2c:2f:b9:01:22:b0:19:16:d4:3f:bd:
         37:23:64:e5:9b:93:ee:44:de:26:e3:9b:7e:35:9d:5f:46:46:
         8c:76:a6:6a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8bYEyAFkGaYS7UqJXSxdELMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODI1ZmJlZTdjNDNhMjk4MzhlYWJlNGZjODdkNzk0MzQ5
YzBjODAwHhcNMjQwNDI2MTcwNzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWQ3Njg3NzRkNzc2ZDQ2MGI2Zjc4MWMyODJiNDczNDUxN2VmMDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolUQn1HsfpQ0Q88s3QQwg2S5Q8SX
ZCpIKQBbeHMAe3X/BPrF4DhpjjXQgb0ktdYcWvaMyZCkZJvw4fBruQr4bJPXGo3s
3OzYv9fmqx/YyahFoh6+VNNOkogzEZ9g1gxOHghet9eR6goTHA95vrL4aGEfYD6C
ISuZzkEjrGP+Ym8FqH1CEv0O1kA84JOQxVzynFN7cAkDFyBmGPbSh8m+uHfX3Afh
JYEbXS7iCWfbEJrdspU3hkcIMCUbKUXxlh1BGdsOlWxkqloIolMN+2jPFZ0K8eYZ
IVy3GeHgnjLqYASIREcnjkEaSZp8TZCBiqb2Sh9oI3vL1erUY81hoV01VwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMXXaHdNd21GC294HCgrRzRRfvBcMB8GA1UdIwQY
MBaAFOWCX77nxDopg46r5PyH15Q0nAyAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlKZnZ1ZkVPaW1EanF2a19JZlhsRFNjRElBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS83NThjOTYtNjExZC00MTY3LTgwY2Qt
MDQxYWIzMDJjMmY5LzEveGRkb2QwMTNiVVlMYjNnY0tDdEhORkYtOEZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS83NThjOTYtNjExZC00MTY3LTgwY2QtMDQxYWIzMDJjMmY5
LzEvNVlKZnZ1ZkVPaW1EanF2a19JZlhsRFNjRElBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJe8IQD
BAVe8IAwDQYJKoZIhvcNAQELBQADggEBAIJnbU6yWcMKrH8M46lR4PHXt46WEt/m
Es+V3IVg92f2rURs5heW3x4GR0DbKDNYTwPto4VdRxVbLsczmXRwHu+fdkurdQsZ
htmncCfKR/eP5dVx8hkHh4jcNnmYCo9/7SYwSVTEGOoZNDiTxMQaFmf7YoerQ/fl
4r5yud//9jMfD3etFeDooabLIAWnRdj2XDvK6CMbHl0E7slKwPOiTELTqLhErYR0
F9uVv6R3/pg0BzpKypbx5pE3Xk7kQJFjUwewtQnUWLtOiksc942mrrxB4shp3zgV
SZq3wIkt2yYsL7kBIrAZFtQ/vTcjZOWbk+5E3ibjm341nV9GRox2pmo=
-----END CERTIFICATE-----