Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/1-S5oI4kmMS_i5mxJY5eBtSu1oG8.roa
File:                     1-S5oI4kmMS_i5mxJY5eBtSu1oG8.roa (raw, json)
Hash identifier:          3fSk5tNXG2ck3OZ2TiVxlXZtfu5Q4pZwfDaLRygjRYk=
Subject key identifier:   F9:2E:68:23:89:26:31:2F:E2:E6:6C:49:63:97:81:B5:2B:B5:A0:6F
Certificate issuer:       /CN=69ca7c17232db063491cfa585203369ffbeb76ed
Certificate serial:       019285AB0A6B6DDB7BB0B5FDF6547FD58968
Authority key identifier: 69:CA:7C:17:23:2D:B0:63:49:1C:FA:58:52:03:36:9F:FB:EB:76:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/1-S5oI4kmMS_i5mxJY5eBtSu1oG8.roa
Signing time:             Sun 13 Oct 2024 11:37:12 +0000
ROA not before:           Sun 13 Oct 2024 11:37:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201668
IP address blocks:        185.65.252.0/24 maxlen: 24
                          185.65.253.0/24 maxlen: 24
                          185.65.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:85:ab:0a:6b:6d:db:7b:b0:b5:fd:f6:54:7f:d5:89:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69ca7c17232db063491cfa585203369ffbeb76ed
        Validity
            Not Before: Oct 13 11:37:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f92e68238926312fe2e66c49639781b52bb5a06f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0a:bf:b9:48:c3:e4:83:ba:ba:38:74:fb:8e:
                    7c:af:b7:bb:fb:68:e4:6a:96:f0:b4:46:cd:34:4c:
                    e9:75:88:93:ce:0d:79:5b:b9:18:9a:f7:f4:3f:d6:
                    50:cf:b2:ad:a9:e8:ac:21:c7:25:a9:ba:91:0c:89:
                    5d:dd:8c:3e:df:43:9b:a8:72:17:c5:19:01:af:4f:
                    ee:74:20:a9:49:f5:e9:32:21:c3:10:8c:92:bf:3f:
                    29:c8:7b:d9:14:2c:56:f5:e8:4e:83:e2:6b:fa:01:
                    12:1a:da:fe:90:e8:26:80:91:ed:eb:ff:16:70:3e:
                    28:50:88:df:38:0b:a0:f3:7d:43:15:6f:11:73:7e:
                    11:e4:31:b8:5a:02:03:b0:8f:7a:ee:67:47:4b:17:
                    ec:77:56:c7:dd:99:fa:dd:63:fa:44:fb:04:a7:c0:
                    47:e0:ec:0a:54:d6:3a:05:b4:d9:9b:45:91:e7:28:
                    25:dd:a5:8e:6e:6c:b9:5e:59:83:3e:5a:ce:cc:21:
                    58:ea:44:d8:c9:2f:06:2a:03:c9:77:9b:c8:01:1e:
                    56:9d:63:96:d0:52:c7:23:0f:3f:53:33:3e:0f:9c:
                    bf:2f:09:16:ab:be:ea:58:6c:a2:cd:9b:ba:00:59:
                    14:98:61:7e:aa:7d:8e:26:fb:9d:cc:f5:e6:e3:35:
                    9b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:2E:68:23:89:26:31:2F:E2:E6:6C:49:63:97:81:B5:2B:B5:A0:6F
            X509v3 Authority Key Identifier:
                keyid:69:CA:7C:17:23:2D:B0:63:49:1C:FA:58:52:03:36:9F:FB:EB:76:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/1-S5oI4kmMS_i5mxJY5eBtSu1oG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.252.0-185.65.254.255

    Signature Algorithm: sha256WithRSAEncryption
         46:4d:a6:a7:65:07:85:9e:d4:bc:e8:43:b9:d4:50:28:e5:92:
         d6:b7:83:de:eb:20:cc:8b:37:5f:86:70:38:c4:d9:12:ca:c6:
         f0:c9:af:87:b2:a9:01:88:7d:6d:38:3a:dd:45:44:bf:e6:c8:
         fb:6f:0b:b5:d2:f5:c6:a0:42:f2:19:28:71:86:2a:91:ac:91:
         21:a3:2d:4b:eb:39:16:a2:16:c4:4e:db:ec:90:89:0d:ca:35:
         c4:8a:5d:34:03:c4:5d:81:e6:b1:99:73:26:29:f8:58:5e:92:
         d2:bd:2c:c5:20:42:8e:b5:b9:47:4c:b8:32:b3:8d:51:3b:50:
         1e:2b:6c:a4:6e:5e:2b:30:d2:2e:3a:b2:e5:1d:26:f1:e7:f4:
         5d:26:9d:96:85:c2:6f:9f:94:28:49:ca:eb:64:ad:41:13:62:
         75:79:c3:f0:15:34:ab:c8:1a:d4:57:6c:72:01:e7:8d:89:7b:
         b7:ce:10:90:df:23:a3:e9:fe:5f:e1:a5:39:38:4e:c5:b5:b1:
         05:86:f7:11:af:8b:df:76:40:2d:44:4d:5c:06:d4:dd:3e:08:
         32:1f:54:b8:4b:cb:72:25:a3:f3:7d:67:1e:7c:8e:5f:8f:1e:
         31:f9:90:69:41:97:bc:55:00:df:be:a4:ec:4c:29:fa:1f:3d:
         98:ad:91:57
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZKFqwprbdt7sLX99lR/1YloMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5Y2E3YzE3MjMyZGIwNjM0OTFjZmE1ODUyMDMzNjlmZmJl
Yjc2ZWQwHhcNMjQxMDEzMTEzNzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTJlNjgyMzg5MjYzMTJmZTJlNjZjNDk2Mzk3ODFiNTJiYjVhMDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngq/uUjD5IO6ujh0+458r7e7+2jk
apbwtEbNNEzpdYiTzg15W7kYmvf0P9ZQz7KtqeisIcclqbqRDIld3Yw+30ObqHIX
xRkBr0/udCCpSfXpMiHDEIySvz8pyHvZFCxW9ehOg+Jr+gESGtr+kOgmgJHt6/8W
cD4oUIjfOAug831DFW8Rc34R5DG4WgIDsI967mdHSxfsd1bH3Zn63WP6RPsEp8BH
4OwKVNY6BbTZm0WR5ygl3aWObmy5XlmDPlrOzCFY6kTYyS8GKgPJd5vIAR5WnWOW
0FLHIw8/UzM+D5y/LwkWq77qWGyizZu6AFkUmGF+qn2OJvudzPXm4zWb5wIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFPkuaCOJJjEv4uZsSWOXgbUrtaBvMB8GA1UdIwQY
MBaAFGnKfBcjLbBjSRz6WFIDNp/763btMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWNwOEZ5TXRzR05KSFBwWVVnTTJuX3ZyZHUwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9iZmI0MjMtZGE2OS00MjY1LTk1ZTUt
ZjQ3YWU3ZGRhZWMwLzEvMS1TNW9JNGttTVNfaTVteEpZNWVCdFN1MW9HOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWMvYmZiNDIzLWRhNjktNDI2NS05NWU1LWY0N2FlN2RkYWVj
MC8xL2FjcDhGeU10c0dOSkhQcFlVZ00ybl92cmR1MC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAnBggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQCuUH8
AwQAuUH+MA0GCSqGSIb3DQEBCwUAA4IBAQBGTaanZQeFntS86EO51FAo5ZLWt4Pe
6yDMizdfhnA4xNkSysbwya+HsqkBiH1tODrdRUS/5sj7bwu10vXGoELyGShxhiqR
rJEhoy1L6zkWohbETtvskIkNyjXEil00A8RdgeaxmXMmKfhYXpLSvSzFIEKOtblH
TLgys41RO1AeK2ykbl4rMNIuOrLlHSbx5/RdJp2WhcJvn5QoScrrZK1BE2J1ecPw
FTSryBrUV2xyAeeNiXu3zhCQ3yOj6f5f4aU5OE7FtbEFhvcRr4vfdkAtRE1cBtTd
PggyH1S4S8tyJaPzfWcefI5fjx4x+ZBpQZe8VQDfvqTsTCn6Hz2YrZFX
-----END CERTIFICATE-----