Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/5fe88a-16e1-481f-98e8-031e58905923/1/9UMsIjElrwZFoAimocMjmAFeXnQ.roa
File:                     9UMsIjElrwZFoAimocMjmAFeXnQ.roa (raw, json)
Hash identifier:          SnmR3mfuFeT3NWW3jR+zMIwc4eUYxO8Q4gxkHWLqL90=
Subject key identifier:   F5:43:2C:22:31:25:AF:06:45:A0:08:A6:A1:C3:23:98:01:5E:5E:74
Certificate issuer:       /CN=40339d304499d069aecd8bd0e8fba02e522f576a
Certificate serial:       018CC3B6EFD7A1BD03BB71D24110E2DFE4BC
Authority key identifier: 40:33:9D:30:44:99:D0:69:AE:CD:8B:D0:E8:FB:A0:2E:52:2F:57:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QDOdMESZ0GmuzYvQ6PugLlIvV2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/5fe88a-16e1-481f-98e8-031e58905923/1/9UMsIjElrwZFoAimocMjmAFeXnQ.roa
Signing time:             Mon 01 Jan 2024 06:29:55 +0000
ROA not before:           Mon 01 Jan 2024 06:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197898
IP address blocks:        194.48.232.0/22 maxlen: 24
                          2a0c:c740::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/5fe88a-16e1-481f-98e8-031e58905923/1/QDOdMESZ0GmuzYvQ6PugLlIvV2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/5fe88a-16e1-481f-98e8-031e58905923/1/QDOdMESZ0GmuzYvQ6PugLlIvV2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QDOdMESZ0GmuzYvQ6PugLlIvV2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ef:d7:a1:bd:03:bb:71:d2:41:10:e2:df:e4:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40339d304499d069aecd8bd0e8fba02e522f576a
        Validity
            Not Before: Jan  1 06:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5432c223125af0645a008a6a1c32398015e5e74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c3:4f:e7:92:a0:87:b6:a9:14:2e:60:ce:d0:
                    cf:25:47:a5:6d:df:48:bd:26:fb:70:7e:dd:51:f6:
                    c0:9e:2f:4e:ec:e4:07:58:98:02:ff:45:8c:ce:e0:
                    03:14:07:32:b4:0a:e6:92:b8:0f:22:fb:b2:10:f1:
                    66:ca:3d:cb:33:58:2c:72:a4:20:b8:11:cc:43:c9:
                    12:8e:07:c5:4a:1e:c2:74:4b:4e:52:5b:af:4c:0d:
                    b6:8e:39:40:d4:2e:26:f0:c8:05:45:a2:e7:cf:90:
                    fd:4b:7e:26:79:33:58:e5:94:42:3a:51:91:5f:1a:
                    6c:8c:95:5d:cd:26:bf:55:4a:c7:39:60:8a:71:c4:
                    d9:48:ad:99:2f:4d:6c:8c:a6:33:7c:9b:1d:05:74:
                    43:7e:4b:cb:0e:3a:ed:12:47:0d:0d:af:f3:6b:35:
                    8b:70:d0:90:88:e3:9e:1d:52:68:17:3f:a0:ba:6c:
                    05:93:a1:1b:a3:ce:63:e5:b3:2d:1f:31:0a:08:05:
                    51:38:17:8f:09:fd:f4:bc:dd:e3:12:63:a3:05:f9:
                    9c:03:b3:d0:60:f6:be:88:80:2b:fe:9c:a4:00:50:
                    cb:8e:cd:3e:61:5e:7b:13:8e:c9:4a:a6:63:ff:4a:
                    88:8a:e4:4c:eb:b7:f9:de:88:19:da:dd:6d:79:a8:
                    04:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:43:2C:22:31:25:AF:06:45:A0:08:A6:A1:C3:23:98:01:5E:5E:74
            X509v3 Authority Key Identifier:
                keyid:40:33:9D:30:44:99:D0:69:AE:CD:8B:D0:E8:FB:A0:2E:52:2F:57:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QDOdMESZ0GmuzYvQ6PugLlIvV2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/5fe88a-16e1-481f-98e8-031e58905923/1/9UMsIjElrwZFoAimocMjmAFeXnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/5fe88a-16e1-481f-98e8-031e58905923/1/QDOdMESZ0GmuzYvQ6PugLlIvV2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.232.0/22
                IPv6:
                  2a0c:c740::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:ee:a8:69:dd:a9:f3:a9:87:7f:9a:e6:7a:29:c5:af:48:af:
         f1:d5:84:c9:4b:35:ac:b0:40:8b:25:c8:50:27:09:16:57:14:
         34:f1:42:01:64:42:18:ec:47:d7:65:9c:a2:c9:b4:e3:88:fd:
         3c:e4:79:7d:46:c1:3b:34:fa:11:f3:2f:77:11:af:12:da:aa:
         5b:c4:dd:6a:4b:a8:ff:2c:f3:09:d7:b6:fd:a9:ac:e8:9d:bb:
         8c:b1:4c:e8:78:e3:93:21:78:f1:50:38:06:65:2c:85:44:08:
         27:5c:21:71:ac:2b:78:68:7e:c7:0d:64:15:71:03:4c:e1:f2:
         3d:b5:85:b3:ae:1b:82:04:9e:ca:3c:67:3c:a9:31:89:bc:16:
         81:9a:cb:3b:91:58:b5:a0:c4:ac:1f:3b:3d:1e:b1:89:9e:aa:
         e8:2d:c2:a6:8b:fa:75:23:be:bb:0f:f4:2c:c6:3c:0d:c7:b4:
         8e:ba:d9:47:46:2d:b1:3a:db:ef:36:ae:0c:4b:68:ba:30:39:
         a8:ea:e2:21:c7:d8:a3:2b:4a:6b:89:0a:8f:f2:e9:ae:23:bf:
         12:16:42:19:5e:8c:7a:24:cb:63:2c:65:df:62:ea:c2:c5:05:
         5f:a4:26:b4:ff:6b:3b:03:e4:1c:1f:94:bd:45:87:76:51:9f:
         06:e7:ec:9d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtu/Xob0Du3HSQRDi3+S8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMzM5ZDMwNDQ5OWQwNjlhZWNkOGJkMGU4ZmJhMDJlNTIy
ZjU3NmEwHhcNMjQwMTAxMDYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTQzMmMyMjMxMjVhZjA2NDVhMDA4YTZhMWMzMjM5ODAxNWU1ZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcNP55Kgh7apFC5gztDPJUelbd9I
vSb7cH7dUfbAni9O7OQHWJgC/0WMzuADFAcytArmkrgPIvuyEPFmyj3LM1gscqQg
uBHMQ8kSjgfFSh7CdEtOUluvTA22jjlA1C4m8MgFRaLnz5D9S34meTNY5ZRCOlGR
XxpsjJVdzSa/VUrHOWCKccTZSK2ZL01sjKYzfJsdBXRDfkvLDjrtEkcNDa/zazWL
cNCQiOOeHVJoFz+gumwFk6Ebo85j5bMtHzEKCAVROBePCf30vN3jEmOjBfmcA7PQ
YPa+iIAr/pykAFDLjs0+YV57E47JSqZj/0qIiuRM67f53ogZ2t1teagE2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPVDLCIxJa8GRaAIpqHDI5gBXl50MB8GA1UdIwQY
MBaAFEAznTBEmdBprs2L0Oj7oC5SL1dqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUURPZE1FU1owR211ell2UTZQdWdMbEl2VjJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS81ZmU4OGEtMTZlMS00ODFmLTk4ZTgt
MDMxZTU4OTA1OTIzLzEvOVVNc0lqRWxyd1pGb0FpbW9jTWptQUZlWG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS81ZmU4OGEtMTZlMS00ODFmLTk4ZTgtMDMxZTU4OTA1OTIz
LzEvUURPZE1FU1owR211ell2UTZQdWdMbEl2VjJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwjDoMA0E
AgACMAcDBQAqDMdAMA0GCSqGSIb3DQEBCwUAA4IBAQCf7qhp3anzqYd/muZ6KcWv
SK/x1YTJSzWssECLJchQJwkWVxQ08UIBZEIY7EfXZZyiybTjiP085Hl9RsE7NPoR
8y93Ea8S2qpbxN1qS6j/LPMJ17b9qazonbuMsUzoeOOTIXjxUDgGZSyFRAgnXCFx
rCt4aH7HDWQVcQNM4fI9tYWzrhuCBJ7KPGc8qTGJvBaBmss7kVi1oMSsHzs9HrGJ
nqroLcKmi/p1I767D/QsxjwNx7SOutlHRi2xOtvvNq4MS2i6MDmo6uIhx9ijK0pr
iQqP8umuI78SFkIZXox6JMtjLGXfYurCxQVfpCa0/2s7A+QcH5S9RYd2UZ8G5+yd
-----END CERTIFICATE-----