Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/5cffd2-b568-4d55-a124-21fc9afc8ac1/1/F5jHzpl-WL9u7crBRsE6wt5p5vI.roa
File:                     F5jHzpl-WL9u7crBRsE6wt5p5vI.roa (raw, json)
Hash identifier:          OJ1ExGaBhCHguroIuPXyjNRATCLUWGkOVg2zVJTWGqU=
Subject key identifier:   17:98:C7:CE:99:7E:58:BF:6E:ED:CA:C1:46:C1:3A:C2:DE:69:E6:F2
Certificate issuer:       /CN=969ceda5bf37901fe9e44f73b5bf82b687b34572
Certificate serial:       018CCA9957A9C056918536BE818780A8FFDE
Authority key identifier: 96:9C:ED:A5:BF:37:90:1F:E9:E4:4F:73:B5:BF:82:B6:87:B3:45:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lpztpb83kB_p5E9ztb-CtoezRXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/5cffd2-b568-4d55-a124-21fc9afc8ac1/1/F5jHzpl-WL9u7crBRsE6wt5p5vI.roa
Signing time:             Tue 02 Jan 2024 14:34:56 +0000
ROA not before:           Tue 02 Jan 2024 14:34:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43558
IP address blocks:        87.239.120.0/24 maxlen: 24
                          2001:678:a0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/5cffd2-b568-4d55-a124-21fc9afc8ac1/1/lpztpb83kB_p5E9ztb-CtoezRXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/5cffd2-b568-4d55-a124-21fc9afc8ac1/1/lpztpb83kB_p5E9ztb-CtoezRXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lpztpb83kB_p5E9ztb-CtoezRXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:57:a9:c0:56:91:85:36:be:81:87:80:a8:ff:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=969ceda5bf37901fe9e44f73b5bf82b687b34572
        Validity
            Not Before: Jan  2 14:34:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1798c7ce997e58bf6eedcac146c13ac2de69e6f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b7:63:40:77:88:a9:c2:5e:1c:5e:14:66:12:
                    fd:d1:59:ea:a5:c0:ca:a0:5f:fa:91:7d:f5:8b:cf:
                    bd:5a:36:b4:29:55:1e:cc:73:29:c8:12:7b:02:21:
                    17:92:61:68:c9:26:73:21:4d:9a:32:f9:cb:f0:6f:
                    6c:7a:13:2e:c9:a3:0d:14:68:f1:96:f2:64:d2:a8:
                    01:86:53:18:8e:3c:5f:09:2a:7c:d3:a6:fa:49:61:
                    79:fc:3c:ae:c4:ac:ad:36:b5:75:9a:7c:0b:e0:fb:
                    fd:5b:c4:17:e2:03:2e:73:67:e3:79:ac:8f:2f:d5:
                    3b:2e:d0:ac:e3:30:5a:8a:44:0d:96:00:65:bd:c7:
                    22:07:72:07:c4:54:b5:af:51:c9:5a:9b:2e:d8:42:
                    e3:22:99:58:28:ff:af:23:a6:c5:51:f6:cf:2e:4f:
                    fd:02:fd:15:44:5d:70:8f:6a:75:5b:a9:d8:31:53:
                    b1:76:09:a7:e1:91:90:2b:0a:23:42:e9:38:94:4f:
                    bd:71:63:e1:59:ac:6f:2e:93:ac:57:ca:5d:71:8a:
                    41:63:25:a8:11:80:f8:b4:f4:ff:aa:7c:e6:a7:1b:
                    86:ee:db:0b:f7:72:ab:93:ca:93:73:68:2b:95:c8:
                    01:11:58:26:3c:73:58:20:d2:1c:30:52:60:0a:32:
                    5d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:98:C7:CE:99:7E:58:BF:6E:ED:CA:C1:46:C1:3A:C2:DE:69:E6:F2
            X509v3 Authority Key Identifier:
                keyid:96:9C:ED:A5:BF:37:90:1F:E9:E4:4F:73:B5:BF:82:B6:87:B3:45:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lpztpb83kB_p5E9ztb-CtoezRXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/5cffd2-b568-4d55-a124-21fc9afc8ac1/1/F5jHzpl-WL9u7crBRsE6wt5p5vI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/5cffd2-b568-4d55-a124-21fc9afc8ac1/1/lpztpb83kB_p5E9ztb-CtoezRXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.120.0/24
                IPv6:
                  2001:678:a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:52:79:41:ef:d7:96:d3:db:3d:a1:0d:e5:72:c6:7e:9c:2a:
         bc:59:44:af:10:fd:a7:40:f0:a5:d8:25:3a:96:9f:29:29:d5:
         0e:e0:bd:68:76:45:24:c0:a6:2d:de:40:1a:90:31:41:cd:d8:
         9c:2c:a4:90:42:b5:35:e2:43:67:db:2e:04:2e:2a:74:8c:31:
         7d:e9:f1:5f:31:47:56:8c:cc:16:3c:10:d4:e9:53:9b:1f:ee:
         24:31:23:1a:02:09:b4:47:ba:69:12:f7:30:aa:14:79:3c:0b:
         77:e2:8d:c0:e8:5b:fc:e6:8c:85:62:15:cb:86:ba:c4:e7:c8:
         5d:e9:3a:a6:71:f2:0a:d4:57:92:e6:8a:73:49:f5:93:fb:e0:
         c2:3f:35:17:58:19:96:3d:de:60:2f:eb:9d:18:b8:ff:40:18:
         af:8d:2e:94:a4:08:cb:a4:33:e6:89:3d:0a:c0:c8:90:c6:5b:
         ea:8e:a9:8f:72:14:d1:ca:13:a2:f1:8b:a1:ee:60:88:03:65:
         80:72:7d:85:b1:59:83:57:64:a3:09:9a:a8:32:13:24:2a:cf:
         62:71:fc:b3:b3:cc:73:bf:a6:41:e4:2e:b3:10:d2:c4:c0:8a:
         bb:4c:ce:87:d8:7f:26:ae:dc:4a:b3:b3:c6:88:4e:92:f7:fe:
         37:85:c2:7d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKmVepwFaRhTa+gYeAqP/eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2OWNlZGE1YmYzNzkwMWZlOWU0NGY3M2I1YmY4MmI2ODdi
MzQ1NzIwHhcNMjQwMTAyMTQzNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzk4YzdjZTk5N2U1OGJmNmVlZGNhYzE0NmMxM2FjMmRlNjllNmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrdjQHeIqcJeHF4UZhL90VnqpcDK
oF/6kX31i8+9Wja0KVUezHMpyBJ7AiEXkmFoySZzIU2aMvnL8G9sehMuyaMNFGjx
lvJk0qgBhlMYjjxfCSp806b6SWF5/DyuxKytNrV1mnwL4Pv9W8QX4gMuc2fjeayP
L9U7LtCs4zBaikQNlgBlvcciB3IHxFS1r1HJWpsu2ELjIplYKP+vI6bFUfbPLk/9
Av0VRF1wj2p1W6nYMVOxdgmn4ZGQKwojQuk4lE+9cWPhWaxvLpOsV8pdcYpBYyWo
EYD4tPT/qnzmpxuG7tsL93Krk8qTc2grlcgBEVgmPHNYINIcMFJgCjJdKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBeYx86Zfli/bu3KwUbBOsLeaebyMB8GA1UdIwQY
MBaAFJac7aW/N5Af6eRPc7W/graHs0VyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHB6dHBiODNrQl9wNUU5enRiLUN0b2V6UlhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS81Y2ZmZDItYjU2OC00ZDU1LWExMjQt
MjFmYzlhZmM4YWMxLzEvRjVqSHpwbC1XTDl1N2NyQlJzRTZ3dDVwNXZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS81Y2ZmZDItYjU2OC00ZDU1LWExMjQtMjFmYzlhZmM4YWMx
LzEvbHB6dHBiODNrQl9wNUU5enRiLUN0b2V6UlhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAV+94MA8E
AgACMAkDBwAgAQZ4AKAwDQYJKoZIhvcNAQELBQADggEBAIJSeUHv15bT2z2hDeVy
xn6cKrxZRK8Q/adA8KXYJTqWnykp1Q7gvWh2RSTApi3eQBqQMUHN2JwspJBCtTXi
Q2fbLgQuKnSMMX3p8V8xR1aMzBY8ENTpU5sf7iQxIxoCCbRHumkS9zCqFHk8C3fi
jcDoW/zmjIViFcuGusTnyF3pOqZx8grUV5LminNJ9ZP74MI/NRdYGZY93mAv650Y
uP9AGK+NLpSkCMukM+aJPQrAyJDGW+qOqY9yFNHKE6Lxi6HuYIgDZYByfYWxWYNX
ZKMJmqgyEyQqz2Jx/LOzzHO/pkHkLrMQ0sTAirtMzofYfyau3Eqzs8aITpL3/jeF
wn0=
-----END CERTIFICATE-----