Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/3BGH0ZtpBidNupZIRMRZbmk99uk.roa
File:                     3BGH0ZtpBidNupZIRMRZbmk99uk.roa (raw, json)
Hash identifier:          keBaUVUspZjg1WFyzNIl3JNFlNkeeFpzT42D1SASlps=
Subject key identifier:   DC:11:87:D1:9B:69:06:27:4D:BA:96:48:44:C4:59:6E:69:3D:F6:E9
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       01929B413DB25C6344557168B803A70150CC
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/3BGH0ZtpBidNupZIRMRZbmk99uk.roa
Signing time:             Thu 17 Oct 2024 16:13:17 +0000
ROA not before:           Thu 17 Oct 2024 16:13:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        5.39.192.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9b:41:3d:b2:5c:63:44:55:71:68:b8:03:a7:01:50:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: Oct 17 16:13:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc1187d19b6906274dba964844c4596e693df6e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3a:93:ed:ed:45:d0:ba:0a:a3:d8:f7:14:6c:
                    84:6a:ca:8b:81:ec:51:0e:a7:dd:8a:83:ac:5c:29:
                    ae:10:93:82:5e:33:96:f2:01:6c:f4:4a:0c:a2:61:
                    cc:6f:2f:a3:0a:b0:f4:01:62:46:d8:a8:98:8a:3c:
                    38:a1:88:1a:81:bf:37:6c:59:6e:8e:98:49:d7:ad:
                    50:0e:e4:5c:4c:5b:cf:a2:87:5e:86:cd:5e:71:a7:
                    87:6b:a3:19:02:df:bb:40:79:5c:e0:6e:6d:f2:bd:
                    fa:ad:16:20:9a:9e:de:c2:4c:20:10:f2:54:c9:cd:
                    a4:f0:4d:08:02:df:82:30:d6:4f:0a:ad:f3:d7:4d:
                    b7:2c:d9:e4:68:76:5d:87:40:6a:47:34:58:3c:25:
                    ba:d3:a3:a4:68:df:aa:c9:42:2f:5a:e9:bc:fb:b3:
                    24:bb:42:43:3c:f9:fb:14:ca:c7:9e:65:33:ac:cc:
                    71:c6:2f:be:91:78:dd:f3:90:9a:b5:ca:c8:7c:ee:
                    0f:56:2b:58:01:40:11:a8:2c:68:b6:aa:36:67:7e:
                    88:82:2e:da:db:d1:8c:c9:7c:e0:1f:fa:9f:7f:82:
                    af:de:b2:a8:66:7b:f4:e3:a3:29:d5:74:1e:5a:ba:
                    78:c9:10:08:62:63:b8:dd:a0:81:6b:14:d2:72:b4:
                    ce:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:11:87:D1:9B:69:06:27:4D:BA:96:48:44:C4:59:6E:69:3D:F6:E9
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/3BGH0ZtpBidNupZIRMRZbmk99uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:1f:55:41:8a:ae:1d:02:3b:4c:6e:d1:f5:39:1d:b3:28:d3:
         62:8e:63:da:98:3a:41:3a:36:2f:cb:cc:d3:79:06:01:64:61:
         b4:8a:14:12:19:d1:f0:af:8f:06:93:af:d0:ec:f9:db:c5:03:
         1b:33:c6:76:cf:f7:a7:dc:be:3c:d7:fd:05:9d:3b:19:38:00:
         60:1a:2f:9b:2c:24:97:d5:d8:76:02:c7:30:93:60:55:a6:69:
         84:df:89:b7:2b:d3:15:93:13:07:59:ca:b6:c0:a4:c6:bf:7d:
         e4:19:79:27:4b:4d:21:9d:0b:cf:57:bd:f8:16:dd:1c:ab:75:
         a8:6b:1e:7f:66:65:e8:3a:85:28:67:85:75:4c:57:b8:82:ee:
         c8:24:94:8d:0a:8a:5d:85:f5:71:1a:18:59:a8:a7:27:77:87:
         ab:9d:18:84:df:38:72:04:8a:72:b9:e9:71:cc:7f:4f:25:a8:
         09:f3:c6:91:95:4a:e3:ab:58:96:97:27:e7:8c:90:77:13:07:
         5e:10:79:9f:b5:39:97:05:5a:dc:6f:43:18:40:51:7a:35:21:
         ed:cc:c4:0b:cb:67:5c:e2:51:5d:3d:53:65:ad:e4:78:23:05:
         6a:d6:7c:5a:15:96:00:a0:d6:0c:37:52:83:94:42:3a:e2:18:
         ec:53:2c:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKbQT2yXGNEVXFouAOnAVDMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjQxMDE3MTYxMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzExODdkMTliNjkwNjI3NGRiYTk2NDg0NGM0NTk2ZTY5M2RmNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDqT7e1F0LoKo9j3FGyEasqLgexR
DqfdioOsXCmuEJOCXjOW8gFs9EoMomHMby+jCrD0AWJG2KiYijw4oYgagb83bFlu
jphJ161QDuRcTFvPoodehs1ecaeHa6MZAt+7QHlc4G5t8r36rRYgmp7ewkwgEPJU
yc2k8E0IAt+CMNZPCq3z1023LNnkaHZdh0BqRzRYPCW606OkaN+qyUIvWum8+7Mk
u0JDPPn7FMrHnmUzrMxxxi++kXjd85CatcrIfO4PVitYAUARqCxotqo2Z36Igi7a
29GMyXzgH/qff4Kv3rKoZnv046Mp1XQeWrp4yRAIYmO43aCBaxTScrTOywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNwRh9GbaQYnTbqWSETEWW5pPfbpMB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEvM0JHSDBadHBCaWROdXBaSVJNUlpibWs5OXVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBSfAMA0G
CSqGSIb3DQEBCwUAA4IBAQBQH1VBiq4dAjtMbtH1OR2zKNNijmPamDpBOjYvy8zT
eQYBZGG0ihQSGdHwr48Gk6/Q7PnbxQMbM8Z2z/en3L481/0FnTsZOABgGi+bLCSX
1dh2Ascwk2BVpmmE34m3K9MVkxMHWcq2wKTGv33kGXknS00hnQvPV734Ft0cq3Wo
ax5/ZmXoOoUoZ4V1TFe4gu7IJJSNCopdhfVxGhhZqKcnd4ernRiE3zhyBIpyuelx
zH9PJagJ88aRlUrjq1iWlyfnjJB3EwdeEHmftTmXBVrcb0MYQFF6NSHtzMQLy2dc
4lFdPVNlreR4IwVq1nxaFZYAoNYMN1KDlEI64hjsUyxl
-----END CERTIFICATE-----