Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/sxPzTvbj5jZjOMhHkKK6m78zI1U.roa
File:                     sxPzTvbj5jZjOMhHkKK6m78zI1U.roa (raw, json)
Hash identifier:          5+5h8KxqsgbjuYX3coiecmehkY/ZvZog8iRBZVtSwlU=
Subject key identifier:   B3:13:F3:4E:F6:E3:E6:36:63:38:C8:47:90:A2:BA:9B:BF:33:23:55
Certificate issuer:       /CN=4c37f27eb4997b3bef9f28266a39694050fe74f9
Certificate serial:       018CC56ED8325E7F1A5C522444F4D67ACC9C
Authority key identifier: 4C:37:F2:7E:B4:99:7B:3B:EF:9F:28:26:6A:39:69:40:50:FE:74:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDfyfrSZezvvnygmajlpQFD-dPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/sxPzTvbj5jZjOMhHkKK6m78zI1U.roa
Signing time:             Mon 01 Jan 2024 14:30:24 +0000
ROA not before:           Mon 01 Jan 2024 14:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20719
IP address blocks:        213.244.124.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/TDfyfrSZezvvnygmajlpQFD-dPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/TDfyfrSZezvvnygmajlpQFD-dPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDfyfrSZezvvnygmajlpQFD-dPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d8:32:5e:7f:1a:5c:52:24:44:f4:d6:7a:cc:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c37f27eb4997b3bef9f28266a39694050fe74f9
        Validity
            Not Before: Jan  1 14:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b313f34ef6e3e6366338c84790a2ba9bbf332355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:b2:75:47:dd:6b:f5:00:b8:db:30:0b:77:d9:
                    29:8d:03:a4:4a:69:86:ac:82:0b:45:d1:ed:24:d5:
                    d1:2b:ba:3a:fc:80:14:9d:75:da:76:62:07:a8:de:
                    cd:1d:a6:a4:b4:a8:cf:05:2f:3c:b2:e9:8c:7e:65:
                    28:17:4c:c6:3e:00:5a:c6:e0:f6:5f:e9:3a:92:34:
                    dc:09:ed:89:36:2a:48:16:83:e0:4a:00:53:18:5b:
                    a1:55:5f:ee:38:4c:4d:2c:cd:20:38:7e:66:31:6c:
                    17:ac:55:92:ad:45:29:b2:f4:34:36:6d:5f:76:cb:
                    42:47:26:ce:61:6e:99:96:85:13:59:6a:c0:1e:0e:
                    32:39:18:d5:28:4e:b1:58:30:82:a7:d0:a1:84:63:
                    82:a2:1e:05:50:fc:36:70:71:c9:ee:ea:7e:73:44:
                    59:eb:f9:cb:05:e3:70:99:c5:5b:f8:67:6c:6a:cc:
                    8b:80:8e:33:1b:44:36:6d:94:21:e5:42:60:37:96:
                    ca:d2:86:69:32:eb:ba:4c:cf:a1:3c:34:9e:bc:e2:
                    ca:92:e8:8b:ad:ed:f0:8c:6e:bd:e3:53:ef:c8:d9:
                    fe:1f:6c:53:fd:78:97:b7:07:85:82:90:5a:0b:45:
                    31:d2:e1:30:c6:e6:2a:d7:29:ac:51:03:63:36:b2:
                    34:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:13:F3:4E:F6:E3:E6:36:63:38:C8:47:90:A2:BA:9B:BF:33:23:55
            X509v3 Authority Key Identifier:
                keyid:4C:37:F2:7E:B4:99:7B:3B:EF:9F:28:26:6A:39:69:40:50:FE:74:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDfyfrSZezvvnygmajlpQFD-dPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/sxPzTvbj5jZjOMhHkKK6m78zI1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/09cea0-ef2b-4f20-a19a-eb5a627e76a3/1/TDfyfrSZezvvnygmajlpQFD-dPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.244.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:dc:f1:b9:31:60:85:66:dd:0c:9b:84:47:d4:75:72:40:ab:
         00:4c:2a:5e:dc:da:b2:6a:3d:97:ee:a4:a8:2e:b6:7a:49:d8:
         d7:42:ab:c4:fd:fa:77:3e:b3:57:36:6b:b2:16:db:59:5e:41:
         36:19:81:8b:da:99:18:86:6c:63:eb:7a:d2:f7:e0:35:d7:20:
         f2:09:82:e0:18:57:ab:ec:e0:27:a5:ff:ce:76:8f:cb:c6:e7:
         9f:d1:b6:58:d5:d2:42:54:bd:54:db:c2:73:2f:a7:a4:32:1e:
         aa:a8:00:45:e1:cb:5e:a5:16:25:c2:d1:c3:34:3b:1c:c3:5b:
         79:6e:6d:08:cd:8b:bb:3b:4b:5c:b8:8d:29:ad:76:dc:12:7d:
         9e:e9:86:f8:e2:f2:dd:e5:2b:cc:54:3c:79:50:55:9b:50:18:
         f3:6d:90:85:5f:a8:85:44:e3:58:81:0b:0c:f9:9b:db:20:38:
         eb:b4:2b:83:b8:18:c6:e5:39:a5:b0:86:66:0f:48:74:cd:83:
         a8:f9:83:d7:d0:dc:b6:a5:13:8b:ae:bd:e3:0d:c2:9a:ff:2d:
         8a:97:f2:ab:71:82:0c:4c:c6:4d:9d:ed:35:f9:51:af:d7:6f:
         83:6a:be:b2:78:c6:28:95:5d:95:0e:38:ce:e2:04:54:2b:8d:
         59:00:34:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtgyXn8aXFIkRPTWesycMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMzdmMjdlYjQ5OTdiM2JlZjlmMjgyNjZhMzk2OTQwNTBm
ZTc0ZjkwHhcNMjQwMTAxMTQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzEzZjM0ZWY2ZTNlNjM2NjMzOGM4NDc5MGEyYmE5YmJmMzMyMzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrJ1R91r9QC42zALd9kpjQOkSmmG
rIILRdHtJNXRK7o6/IAUnXXadmIHqN7NHaaktKjPBS88sumMfmUoF0zGPgBaxuD2
X+k6kjTcCe2JNipIFoPgSgBTGFuhVV/uOExNLM0gOH5mMWwXrFWSrUUpsvQ0Nm1f
dstCRybOYW6ZloUTWWrAHg4yORjVKE6xWDCCp9ChhGOCoh4FUPw2cHHJ7up+c0RZ
6/nLBeNwmcVb+GdsasyLgI4zG0Q2bZQh5UJgN5bK0oZpMuu6TM+hPDSevOLKkuiL
re3wjG6941PvyNn+H2xT/XiXtweFgpBaC0Ux0uEwxuYq1ymsUQNjNrI09wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMT80724+Y2YzjIR5Ciupu/MyNVMB8GA1UdIwQY
MBaAFEw38n60mXs7758oJmo5aUBQ/nT5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVERmeWZyU1plenZ2bnlnbWFqbHBRRkQtZFBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8wOWNlYTAtZWYyYi00ZjIwLWExOWEt
ZWI1YTYyN2U3NmEzLzEvc3hQelR2Ymo1alpqT01oSGtLSzZtNzh6STFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8wOWNlYTAtZWYyYi00ZjIwLWExOWEtZWI1YTYyN2U3NmEz
LzEvVERmeWZyU1plenZ2bnlnbWFqbHBRRkQtZFBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1fR8MA0G
CSqGSIb3DQEBCwUAA4IBAQCF3PG5MWCFZt0Mm4RH1HVyQKsATCpe3Nqyaj2X7qSo
LrZ6SdjXQqvE/fp3PrNXNmuyFttZXkE2GYGL2pkYhmxj63rS9+A11yDyCYLgGFer
7OAnpf/Odo/Lxuef0bZY1dJCVL1U28JzL6ekMh6qqABF4ctepRYlwtHDNDscw1t5
bm0IzYu7O0tcuI0prXbcEn2e6Yb44vLd5SvMVDx5UFWbUBjzbZCFX6iFRONYgQsM
+ZvbIDjrtCuDuBjG5TmlsIZmD0h0zYOo+YPX0Ny2pROLrr3jDcKa/y2Kl/KrcYIM
TMZNne01+VGv12+Dar6yeMYolV2VDjjO4gRUK41ZADR3
-----END CERTIFICATE-----