Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/5FvvNrhKGJae4rCdshESu9Kjrgw.roa
File:                     5FvvNrhKGJae4rCdshESu9Kjrgw.roa (raw, json)
Hash identifier:          PqHSwZCbfvGbpMBWujQhO7/u6Qf1okBXT/lvf+vZOp4=
Subject key identifier:   E4:5B:EF:36:B8:4A:18:96:9E:E2:B0:9D:B2:11:12:BB:D2:A3:AE:0C
Certificate issuer:       /CN=894928a39627cd5ee5f975bd897c2d775ab29940
Certificate serial:       018CCA99B3E1770F0288473E836FC7288DA2
Authority key identifier: 89:49:28:A3:96:27:CD:5E:E5:F9:75:BD:89:7C:2D:77:5A:B2:99:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/5FvvNrhKGJae4rCdshESu9Kjrgw.roa
Signing time:             Tue 02 Jan 2024 14:35:19 +0000
ROA not before:           Tue 02 Jan 2024 14:35:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203970
IP address blocks:        139.15.0.0/20 maxlen: 24
                          185.112.176.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:b3:e1:77:0f:02:88:47:3e:83:6f:c7:28:8d:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=894928a39627cd5ee5f975bd897c2d775ab29940
        Validity
            Not Before: Jan  2 14:35:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e45bef36b84a18969ee2b09db21112bbd2a3ae0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:45:0e:2d:f5:4e:d7:78:e2:68:f7:73:43:bc:
                    6d:9c:b6:51:eb:af:09:ff:6f:05:e5:12:90:23:b5:
                    5d:96:a1:1d:7f:b6:14:cf:ad:fb:2e:7f:d8:d1:85:
                    05:be:4a:97:c6:0b:d8:4d:20:3a:7f:4d:50:ea:e9:
                    9f:d0:e7:25:db:d9:f4:98:0e:79:05:8e:64:0f:c4:
                    24:b3:e9:33:df:d5:2b:63:cd:a6:93:25:35:19:66:
                    de:49:7a:06:92:81:41:ad:93:d1:54:a1:3e:d7:f9:
                    5a:56:a4:ba:7a:d0:bc:82:03:48:f0:15:a4:9b:e4:
                    07:06:0c:e9:15:8e:1e:1f:b6:a9:cb:be:97:f9:94:
                    7b:bc:fa:d1:24:9c:ef:dd:04:53:09:ca:1d:d7:f5:
                    e5:ec:7d:9c:c6:f6:86:e8:34:04:57:13:2d:18:0d:
                    99:2c:bd:30:d3:54:a0:e5:50:cc:fc:ac:29:0f:15:
                    96:79:ab:e1:61:cc:09:48:58:e0:b7:08:2b:2f:ee:
                    ef:12:89:87:1c:70:c5:bf:01:8a:07:ad:6a:35:7f:
                    46:30:48:25:62:9b:db:2f:f4:b7:31:2f:38:a9:79:
                    b9:92:80:88:40:5f:03:af:bc:ae:15:7f:fa:12:3e:
                    85:76:f7:b6:ce:65:4b:c2:05:03:c1:d9:08:f6:6b:
                    bc:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:5B:EF:36:B8:4A:18:96:9E:E2:B0:9D:B2:11:12:BB:D2:A3:AE:0C
            X509v3 Authority Key Identifier:
                keyid:89:49:28:A3:96:27:CD:5E:E5:F9:75:BD:89:7C:2D:77:5A:B2:99:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iUkoo5YnzV7l-XW9iXwtd1qymUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/5FvvNrhKGJae4rCdshESu9Kjrgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/69c7d1-c43d-4bcd-8e6a-1593d4045cbc/1/iUkoo5YnzV7l-XW9iXwtd1qymUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.15.0.0/20
                  185.112.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:6c:9f:d4:05:ed:a2:5c:e4:87:ec:97:c6:b6:aa:1b:37:7d:
         fb:b9:01:44:b3:8c:12:4f:dc:7c:87:79:4f:e9:42:00:5c:fe:
         14:9f:94:f0:4e:b8:ff:ac:53:8a:88:cc:da:aa:3f:b4:31:ab:
         5c:ca:49:7d:40:9a:c5:83:4a:ef:80:16:d3:01:03:bd:a4:c9:
         ac:08:dc:fa:4c:bf:81:12:74:52:7a:46:be:c6:44:01:29:32:
         87:c5:f0:c3:11:c0:c8:51:a4:ff:ed:eb:c7:b9:98:17:8a:ad:
         e7:3a:b2:b2:90:82:7d:f9:17:0d:e0:29:02:1f:46:dc:84:1c:
         d9:ff:5b:5d:57:ce:5a:47:a7:fb:b9:61:16:de:b1:b2:63:4d:
         01:88:9d:a4:47:85:c9:41:8f:2f:23:20:1a:f8:47:6c:23:fb:
         6b:7c:69:d2:c6:ff:f3:a7:ff:0e:4f:54:ed:95:de:bc:bd:2b:
         4f:7c:fe:4f:71:1c:cb:a5:25:45:40:fa:ef:ce:b1:4f:e2:76:
         ca:7a:92:30:6f:f6:a2:7a:d9:dc:f7:de:1c:aa:eb:be:09:17:
         83:fa:8b:59:bc:67:b4:6b:2f:46:98:37:ed:03:74:3b:1d:43:
         83:29:77:65:19:95:27:66:98:b9:f6:07:84:b0:8f:96:44:fe:
         7e:22:9b:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmbPhdw8CiEc+g2/HKI2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NDkyOGEzOTYyN2NkNWVlNWY5NzViZDg5N2MyZDc3NWFi
Mjk5NDAwHhcNMjQwMTAyMTQzNTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDViZWYzNmI4NGExODk2OWVlMmIwOWRiMjExMTJiYmQyYTNhZTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0UOLfVO13jiaPdzQ7xtnLZR668J
/28F5RKQI7VdlqEdf7YUz637Ln/Y0YUFvkqXxgvYTSA6f01Q6umf0Ocl29n0mA55
BY5kD8Qks+kz39UrY82mkyU1GWbeSXoGkoFBrZPRVKE+1/laVqS6etC8ggNI8BWk
m+QHBgzpFY4eH7apy76X+ZR7vPrRJJzv3QRTCcod1/Xl7H2cxvaG6DQEVxMtGA2Z
LL0w01Sg5VDM/KwpDxWWeavhYcwJSFjgtwgrL+7vEomHHHDFvwGKB61qNX9GMEgl
YpvbL/S3MS84qXm5koCIQF8Dr7yuFX/6Ej6Fdve2zmVLwgUDwdkI9mu8DwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFORb7za4ShiWnuKwnbIRErvSo64MMB8GA1UdIwQY
MBaAFIlJKKOWJ81e5fl1vYl8LXdasplAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVVrb281WW56VjdsLVhXOWlYd3RkMXF5bVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC82OWM3ZDEtYzQzZC00YmNkLThlNmEt
MTU5M2Q0MDQ1Y2JjLzEvNUZ2dk5yaEtHSmFlNHJDZHNoRVN1OUtqcmd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC82OWM3ZDEtYzQzZC00YmNkLThlNmEtMTU5M2Q0MDQ1Y2Jj
LzEvaVVrb281WW56VjdsLVhXOWlYd3RkMXF5bVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEiw8AAwQC
uXCwMA0GCSqGSIb3DQEBCwUAA4IBAQCBbJ/UBe2iXOSH7JfGtqobN337uQFEs4wS
T9x8h3lP6UIAXP4Un5TwTrj/rFOKiMzaqj+0Matcykl9QJrFg0rvgBbTAQO9pMms
CNz6TL+BEnRSeka+xkQBKTKHxfDDEcDIUaT/7evHuZgXiq3nOrKykIJ9+RcN4CkC
H0bchBzZ/1tdV85aR6f7uWEW3rGyY00BiJ2kR4XJQY8vIyAa+EdsI/trfGnSxv/z
p/8OT1Ttld68vStPfP5PcRzLpSVFQPrvzrFP4nbKepIwb/aietnc994cquu+CReD
+otZvGe0ay9GmDftA3Q7HUODKXdlGZUnZpi59geEsI+WRP5+IpsO
-----END CERTIFICATE-----