Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/deca0e-dd4c-44ef-bf77-05dbe3df98f6/1/5Z3LruKxa2aka5mTgfLiozxMjBo.roa
File:                     5Z3LruKxa2aka5mTgfLiozxMjBo.roa (raw, json)
Hash identifier:          snbc+UilQvA4ul+87IHio6qvg4o46H7ibBzSJmFvN5c=
Subject key identifier:   E5:9D:CB:AE:E2:B1:6B:66:A4:6B:99:93:81:F2:E2:A3:3C:4C:8C:1A
Certificate issuer:       /CN=508a9a08abef74dcc51004f4fae0266d620395e3
Certificate serial:       018CC9BB46CA3CA2794FE92DD56A0D86510A
Authority key identifier: 50:8A:9A:08:AB:EF:74:DC:C5:10:04:F4:FA:E0:26:6D:62:03:95:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UIqaCKvvdNzFEAT0-uAmbWIDleM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/deca0e-dd4c-44ef-bf77-05dbe3df98f6/1/5Z3LruKxa2aka5mTgfLiozxMjBo.roa
Signing time:             Tue 02 Jan 2024 10:32:22 +0000
ROA not before:           Tue 02 Jan 2024 10:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211197
IP address blocks:        185.7.213.0/24 maxlen: 24
                          193.223.109.0/24 maxlen: 24
                          2a03:b680::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/deca0e-dd4c-44ef-bf77-05dbe3df98f6/1/UIqaCKvvdNzFEAT0-uAmbWIDleM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/deca0e-dd4c-44ef-bf77-05dbe3df98f6/1/UIqaCKvvdNzFEAT0-uAmbWIDleM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UIqaCKvvdNzFEAT0-uAmbWIDleM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:46:ca:3c:a2:79:4f:e9:2d:d5:6a:0d:86:51:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=508a9a08abef74dcc51004f4fae0266d620395e3
        Validity
            Not Before: Jan  2 10:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e59dcbaee2b16b66a46b999381f2e2a33c4c8c1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:69:6f:57:c6:20:40:8a:7b:9d:44:35:0c:f4:
                    f1:98:a9:01:d4:f4:ba:6a:5f:1a:02:60:27:72:68:
                    90:d2:cf:85:5e:89:79:63:ee:78:d5:dc:08:64:a2:
                    b0:b7:5e:40:1d:a7:57:d2:a3:1f:2f:b8:f1:d6:c0:
                    de:97:d3:51:4d:42:41:8f:5a:58:a7:76:6b:69:1a:
                    3b:c0:eb:3d:9a:bf:04:48:27:c7:9d:0e:06:3d:82:
                    32:c3:93:00:3d:aa:9f:79:35:e8:b2:4a:93:f7:5f:
                    2e:70:cf:be:10:76:d4:4b:a9:e8:00:8d:c8:a7:50:
                    7c:cc:24:82:1a:3f:5a:eb:e8:cb:49:7c:96:00:f1:
                    dd:e3:2b:aa:20:c2:6c:7c:96:1f:3d:6f:94:79:02:
                    74:71:c1:51:0b:e8:47:60:5a:de:9d:76:37:d7:91:
                    8b:3b:4f:12:01:79:45:e5:bc:f5:76:28:b7:90:06:
                    1d:37:f5:04:f5:c2:5b:53:bf:bd:ac:c9:d0:9d:f5:
                    e5:77:61:3b:48:57:19:bb:6b:23:ef:04:d7:c0:ea:
                    b6:8b:47:d8:f0:3d:26:6a:2e:51:b8:25:68:fd:64:
                    a2:46:69:22:9f:37:d2:a1:04:b5:3e:30:fe:5f:70:
                    b5:0d:38:8c:8b:2f:1b:39:fa:84:a7:d3:ad:5d:11:
                    86:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:9D:CB:AE:E2:B1:6B:66:A4:6B:99:93:81:F2:E2:A3:3C:4C:8C:1A
            X509v3 Authority Key Identifier:
                keyid:50:8A:9A:08:AB:EF:74:DC:C5:10:04:F4:FA:E0:26:6D:62:03:95:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UIqaCKvvdNzFEAT0-uAmbWIDleM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/deca0e-dd4c-44ef-bf77-05dbe3df98f6/1/5Z3LruKxa2aka5mTgfLiozxMjBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/deca0e-dd4c-44ef-bf77-05dbe3df98f6/1/UIqaCKvvdNzFEAT0-uAmbWIDleM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.213.0/24
                  193.223.109.0/24
                IPv6:
                  2a03:b680::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:28:96:96:70:c4:de:76:31:1d:eb:22:0f:00:77:f8:75:be:
         cd:67:cd:c3:d2:fc:48:bf:79:a0:9c:1f:c0:92:52:ae:45:10:
         d3:1e:ae:59:ec:e6:33:0c:78:b9:1a:99:66:fe:94:25:70:ba:
         ec:bf:a6:bd:2d:4d:a0:75:f8:fd:6d:65:fb:3b:5c:1a:f9:9b:
         bc:d4:26:a8:08:29:01:b0:e9:e4:3a:9f:34:49:b4:e7:f8:ab:
         52:e4:3e:88:8d:40:02:8f:a9:20:8c:01:bb:50:21:2a:dc:23:
         5c:6e:bc:9a:d7:59:8d:21:67:0d:01:97:12:07:fe:44:7f:02:
         f7:45:e6:4a:dd:ef:a9:98:77:35:77:5f:b4:1c:6c:bc:db:33:
         23:17:25:d3:be:8e:4b:66:9c:c1:59:f7:59:d1:ab:5a:70:f9:
         dd:30:1e:aa:55:c5:c1:c5:96:6a:cb:1f:67:92:84:27:6a:19:
         4a:ba:c5:b6:6b:79:c1:e4:23:3f:9f:43:4f:5b:14:00:d4:de:
         f4:01:27:a0:e0:86:9c:cd:05:33:d1:e1:f1:12:af:75:dc:07:
         b6:f5:3e:81:21:87:d2:de:30:c2:a3:44:d4:35:e8:d9:00:9f:
         29:3c:d3:66:05:03:29:b2:17:06:15:bf:f6:24:f3:be:15:34:
         49:cc:55:89
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJu0bKPKJ5T+kt1WoNhlEKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOGE5YTA4YWJlZjc0ZGNjNTEwMDRmNGZhZTAyNjZkNjIw
Mzk1ZTMwHhcNMjQwMTAyMTAzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTlkY2JhZWUyYjE2YjY2YTQ2Yjk5OTM4MWYyZTJhMzNjNGM4YzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2lvV8YgQIp7nUQ1DPTxmKkB1PS6
al8aAmAncmiQ0s+FXol5Y+541dwIZKKwt15AHadX0qMfL7jx1sDel9NRTUJBj1pY
p3ZraRo7wOs9mr8ESCfHnQ4GPYIyw5MAPaqfeTXoskqT918ucM++EHbUS6noAI3I
p1B8zCSCGj9a6+jLSXyWAPHd4yuqIMJsfJYfPW+UeQJ0ccFRC+hHYFrenXY315GL
O08SAXlF5bz1dii3kAYdN/UE9cJbU7+9rMnQnfXld2E7SFcZu2sj7wTXwOq2i0fY
8D0mai5RuCVo/WSiRmkinzfSoQS1PjD+X3C1DTiMiy8bOfqEp9OtXRGGGQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOWdy67isWtmpGuZk4Hy4qM8TIwaMB8GA1UdIwQY
MBaAFFCKmgir73TcxRAE9PrgJm1iA5XjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUlxYUNLdnZkTnpGRUFUMC11QW1iV0lEbGVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9kZWNhMGUtZGQ0Yy00NGVmLWJmNzct
MDVkYmUzZGY5OGY2LzEvNVozTHJ1S3hhMmFrYTVtVGdmTGlvenhNakJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9kZWNhMGUtZGQ0Yy00NGVmLWJmNzctMDVkYmUzZGY5OGY2
LzEvVUlxYUNLdnZkTnpGRUFUMC11QW1iV0lEbGVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuQfVAwQA
wd9tMA0EAgACMAcDBQMqA7aAMA0GCSqGSIb3DQEBCwUAA4IBAQBDKJaWcMTedjEd
6yIPAHf4db7NZ83D0vxIv3mgnB/AklKuRRDTHq5Z7OYzDHi5Gplm/pQlcLrsv6a9
LU2gdfj9bWX7O1wa+Zu81CaoCCkBsOnkOp80SbTn+KtS5D6IjUACj6kgjAG7UCEq
3CNcbrya11mNIWcNAZcSB/5EfwL3ReZK3e+pmHc1d1+0HGy82zMjFyXTvo5LZpzB
WfdZ0atacPndMB6qVcXBxZZqyx9nkoQnahlKusW2a3nB5CM/n0NPWxQA1N70ASeg
4IaczQUz0eHxEq913Ae29T6BIYfS3jDCo0TUNejZAJ8pPNNmBQMpshcGFb/2JPO+
FTRJzFWJ
-----END CERTIFICATE-----