Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/39a5b5-3c51-46e2-9479-12f41a0cc0c1/1/fEClfNDU0Hq_Np23zRl7L49bSR4.roa
File:                     fEClfNDU0Hq_Np23zRl7L49bSR4.roa (raw, json)
Hash identifier:          RLN2MObcBzdTvJJ26FXVq2qJjuXPXA8rWAjXBhkrF8Y=
Subject key identifier:   7C:40:A5:7C:D0:D4:D0:7A:BF:36:9D:B7:CD:19:7B:2F:8F:5B:49:1E
Certificate issuer:       /CN=1c7433fafa59f0d512a2bebb097e69463cc06759
Certificate serial:       018CF215D7E18BBB135534EA21333F691B91
Authority key identifier: 1C:74:33:FA:FA:59:F0:D5:12:A2:BE:BB:09:7E:69:46:3C:C0:67:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHQz-vpZ8NUSor67CX5pRjzAZ1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/39a5b5-3c51-46e2-9479-12f41a0cc0c1/1/fEClfNDU0Hq_Np23zRl7L49bSR4.roa
Signing time:             Wed 10 Jan 2024 06:36:06 +0000
ROA not before:           Wed 10 Jan 2024 06:36:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42926
IP address blocks:        185.123.54.0/24 maxlen: 24
                          5.250.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/39a5b5-3c51-46e2-9479-12f41a0cc0c1/1/HHQz-vpZ8NUSor67CX5pRjzAZ1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/39a5b5-3c51-46e2-9479-12f41a0cc0c1/1/HHQz-vpZ8NUSor67CX5pRjzAZ1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHQz-vpZ8NUSor67CX5pRjzAZ1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f2:15:d7:e1:8b:bb:13:55:34:ea:21:33:3f:69:1b:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7433fafa59f0d512a2bebb097e69463cc06759
        Validity
            Not Before: Jan 10 06:36:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c40a57cd0d4d07abf369db7cd197b2f8f5b491e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cd:0c:6a:4b:8c:3f:83:2a:1b:48:58:55:1d:
                    8d:aa:a1:12:b4:7a:4b:9c:c2:d8:c1:b2:e8:a0:03:
                    fb:f5:65:2b:db:2e:2e:4a:49:e1:9e:ae:6d:87:a9:
                    47:8a:91:66:e1:3a:fe:21:c6:41:8d:e9:06:8a:de:
                    b2:96:4a:dc:eb:1b:59:3c:59:dc:64:c2:04:fc:f2:
                    f3:b6:2c:86:0a:5f:47:f3:2a:6f:3a:b1:8c:51:6c:
                    04:02:73:2a:13:75:cb:0d:bf:82:1e:d6:76:61:97:
                    78:48:ef:c9:4e:f6:ca:06:a2:a0:8d:8b:91:ab:e8:
                    78:74:bb:10:d4:b9:a3:8c:12:2a:2d:8b:8a:95:55:
                    43:06:10:98:b2:87:76:2a:93:ed:1d:f9:af:4c:9e:
                    b9:36:4f:71:81:fd:27:ab:fe:84:4e:32:9d:ed:2e:
                    87:37:c0:0a:ef:5e:80:85:a1:b2:6e:71:b2:66:0a:
                    9a:28:74:f9:56:8a:b1:c2:5b:cd:68:99:1b:69:6c:
                    ac:89:70:3f:e7:19:12:c9:6b:65:80:f5:e1:74:a8:
                    c2:e3:4d:d6:4e:98:36:c7:b0:e7:7d:6a:33:5e:c4:
                    60:ea:35:a7:76:27:51:9a:e3:1c:21:ab:03:ed:e4:
                    db:3b:32:3f:b1:6f:86:e5:91:43:8c:9c:5e:96:94:
                    7d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:40:A5:7C:D0:D4:D0:7A:BF:36:9D:B7:CD:19:7B:2F:8F:5B:49:1E
            X509v3 Authority Key Identifier:
                keyid:1C:74:33:FA:FA:59:F0:D5:12:A2:BE:BB:09:7E:69:46:3C:C0:67:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHQz-vpZ8NUSor67CX5pRjzAZ1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/39a5b5-3c51-46e2-9479-12f41a0cc0c1/1/fEClfNDU0Hq_Np23zRl7L49bSR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/39a5b5-3c51-46e2-9479-12f41a0cc0c1/1/HHQz-vpZ8NUSor67CX5pRjzAZ1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.250.255.0/24
                  185.123.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:e5:d2:9c:15:b0:f1:27:48:28:78:c6:22:8b:0d:9d:3f:77:
         33:a4:18:3d:02:58:c8:45:2e:f4:da:ed:95:c9:0f:28:1e:73:
         56:3f:dd:6e:2f:af:73:85:5c:1e:c0:37:cc:48:15:b6:b9:59:
         32:14:4c:55:68:f3:b9:10:71:95:98:5a:c5:c1:76:92:bb:4b:
         31:9b:77:f1:d0:0c:47:b7:75:2b:f1:da:c7:e6:bc:7e:0f:81:
         07:15:5c:37:1a:85:d9:ea:8c:3f:06:b2:e5:4e:45:f4:8c:a4:
         5d:ba:02:53:5f:de:a8:44:67:3d:03:f9:ad:2e:be:37:40:8b:
         27:d3:a1:4d:6d:87:c9:dd:13:15:c1:97:11:96:96:cc:db:49:
         28:01:a7:d7:a7:08:e7:86:af:9e:cb:4e:c6:ee:b2:38:44:b9:
         96:ce:84:af:53:88:c3:db:af:41:26:18:4e:bc:90:5e:2e:83:
         fb:ef:6f:fc:74:bc:e3:cb:9e:bd:eb:f0:3a:49:40:e0:3f:b8:
         40:2e:fb:5a:21:a7:7b:e6:ad:64:e7:bd:a0:5d:62:e1:7c:59:
         96:23:6b:31:85:0b:e6:d2:04:b0:8a:f2:f6:50:8a:d1:b9:f1:
         36:22:bd:f5:24:ae:65:b2:54:74:41:6b:50:34:89:b1:83:45:
         43:bd:8f:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzyFdfhi7sTVTTqITM/aRuRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNzQzM2ZhZmE1OWYwZDUxMmEyYmViYjA5N2U2OTQ2M2Nj
MDY3NTkwHhcNMjQwMTEwMDYzNjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzQwYTU3Y2QwZDRkMDdhYmYzNjlkYjdjZDE5N2IyZjhmNWI0OTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn80MakuMP4MqG0hYVR2NqqEStHpL
nMLYwbLooAP79WUr2y4uSknhnq5th6lHipFm4Tr+IcZBjekGit6ylkrc6xtZPFnc
ZMIE/PLztiyGCl9H8ypvOrGMUWwEAnMqE3XLDb+CHtZ2YZd4SO/JTvbKBqKgjYuR
q+h4dLsQ1LmjjBIqLYuKlVVDBhCYsod2KpPtHfmvTJ65Nk9xgf0nq/6ETjKd7S6H
N8AK716AhaGybnGyZgqaKHT5VoqxwlvNaJkbaWysiXA/5xkSyWtlgPXhdKjC403W
Tpg2x7DnfWozXsRg6jWndidRmuMcIasD7eTbOzI/sW+G5ZFDjJxelpR9zwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHxApXzQ1NB6vzadt80Zey+PW0keMB8GA1UdIwQY
MBaAFBx0M/r6WfDVEqK+uwl+aUY8wGdZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhRei12cFo4TlVTb3I2N0NYNXBSanpBWjFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8zOWE1YjUtM2M1MS00NmUyLTk0Nzkt
MTJmNDFhMGNjMGMxLzEvZkVDbGZORFUwSHFfTnAyM3pSbDdMNDliU1I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8zOWE1YjUtM2M1MS00NmUyLTk0NzktMTJmNDFhMGNjMGMx
LzEvSEhRei12cFo4TlVTb3I2N0NYNXBSanpBWjFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABfr/AwQA
uXs2MA0GCSqGSIb3DQEBCwUAA4IBAQC45dKcFbDxJ0goeMYiiw2dP3czpBg9AljI
RS702u2VyQ8oHnNWP91uL69zhVwewDfMSBW2uVkyFExVaPO5EHGVmFrFwXaSu0sx
m3fx0AxHt3Ur8drH5rx+D4EHFVw3GoXZ6ow/BrLlTkX0jKRdugJTX96oRGc9A/mt
Lr43QIsn06FNbYfJ3RMVwZcRlpbM20koAafXpwjnhq+ey07G7rI4RLmWzoSvU4jD
269BJhhOvJBeLoP772/8dLzjy5696/A6SUDgP7hALvtaIad75q1k572gXWLhfFmW
I2sxhQvm0gSwivL2UIrRufE2Ir31JK5lslR0QWtQNImxg0VDvY/v
-----END CERTIFICATE-----