Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/CDl7IBW5vHz4RcYQ0RBwBJwTrLg.roa
File:                     CDl7IBW5vHz4RcYQ0RBwBJwTrLg.roa (raw, json)
Hash identifier:          Rj3eF7o4FIID1b/689giQxGlm8LLhaP/Gzrffw8Ju08=
Subject key identifier:   08:39:7B:20:15:B9:BC:7C:F8:45:C6:10:D1:10:70:04:9C:13:AC:B8
Certificate issuer:       /CN=d291741252bb9c4cda80047dfb01ce98c219d180
Certificate serial:       018CC2DB250F78AF364C6C45D0C60464FAEA
Authority key identifier: D2:91:74:12:52:BB:9C:4C:DA:80:04:7D:FB:01:CE:98:C2:19:D1:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0pF0ElK7nEzagAR9-wHOmMIZ0YA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/CDl7IBW5vHz4RcYQ0RBwBJwTrLg.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209441
IP address blocks:        5.253.220.0/24 maxlen: 24
                          5.253.221.0/24 maxlen: 24
                          5.253.222.0/24 maxlen: 24
                          5.253.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/0pF0ElK7nEzagAR9-wHOmMIZ0YA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/0pF0ElK7nEzagAR9-wHOmMIZ0YA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0pF0ElK7nEzagAR9-wHOmMIZ0YA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:25:0f:78:af:36:4c:6c:45:d0:c6:04:64:fa:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d291741252bb9c4cda80047dfb01ce98c219d180
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08397b2015b9bc7cf845c610d11070049c13acb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d0:d8:10:e1:44:df:a5:9e:19:3f:60:42:6f:
                    d9:14:8c:7d:d1:16:a9:0e:df:8a:03:67:07:ed:40:
                    57:be:7f:9c:b4:6e:c4:bc:bd:6b:fe:ba:40:2b:55:
                    0b:15:31:32:a2:b7:b3:d5:06:f1:98:47:3a:f7:fe:
                    92:3d:0a:04:a5:d1:54:a9:fb:1a:b9:65:0f:f6:42:
                    97:db:78:e7:93:55:ca:f2:2f:44:06:3b:85:6e:5a:
                    fe:f0:db:ba:8b:39:6d:00:7b:73:7d:4c:68:38:50:
                    39:ff:dc:a9:80:79:70:44:ff:57:dd:78:67:11:e2:
                    c4:36:11:e0:05:ca:d6:7e:da:08:f5:18:8b:73:1e:
                    a7:f7:83:9c:a9:3d:f6:85:8a:42:18:84:e4:4f:7d:
                    17:e2:1b:7f:3b:3d:b0:b5:cd:ba:58:d4:56:0f:19:
                    80:f4:27:87:ff:f6:0f:79:98:ac:fe:19:66:0a:35:
                    e0:c4:2f:a6:bb:80:a3:14:43:cb:24:97:2a:f3:5e:
                    ea:a3:7a:64:41:7d:55:2c:19:1e:e2:c8:dd:6a:33:
                    d1:3b:9a:4e:97:48:68:b7:94:8b:dd:84:ff:02:f4:
                    82:dd:20:68:1a:f5:7f:44:d9:92:14:d1:56:31:cd:
                    1b:85:e1:4e:25:de:0f:c6:3f:90:a0:00:ce:bc:8b:
                    98:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:39:7B:20:15:B9:BC:7C:F8:45:C6:10:D1:10:70:04:9C:13:AC:B8
            X509v3 Authority Key Identifier:
                keyid:D2:91:74:12:52:BB:9C:4C:DA:80:04:7D:FB:01:CE:98:C2:19:D1:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0pF0ElK7nEzagAR9-wHOmMIZ0YA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/CDl7IBW5vHz4RcYQ0RBwBJwTrLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/3ba6fc-2d49-4aff-9229-48b957264c26/1/0pF0ElK7nEzagAR9-wHOmMIZ0YA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:21:6e:4b:de:ac:12:36:06:49:2c:45:e6:ab:32:9a:58:be:
         1d:14:00:1d:60:17:96:ff:a7:4e:fc:d3:3a:bc:fa:d0:b6:38:
         8c:07:28:a0:bb:06:8a:86:79:50:d9:59:41:79:d9:69:da:3b:
         2d:97:f2:5c:a3:61:c2:b9:f4:2e:92:b3:32:ad:b4:12:d9:e2:
         3b:d9:65:63:6b:2d:5e:02:01:0f:ea:04:21:fe:87:34:3d:4c:
         f2:a3:aa:fe:29:ff:44:b0:69:68:33:ec:1c:4e:ad:5c:e5:b8:
         5b:3a:2c:9f:49:04:d0:ab:2d:62:7d:47:ca:7e:a9:be:75:7d:
         c8:e6:53:c5:e3:c9:2e:e8:c8:d9:4f:ff:03:60:e1:d8:0a:74:
         7d:fe:f9:2e:53:f2:7e:60:64:c1:73:2f:08:df:fc:20:d7:8a:
         17:70:23:a3:db:92:db:fc:22:de:c7:8f:7d:bf:16:7d:d2:d1:
         48:70:94:13:c6:8f:bc:73:71:d2:f3:7f:3b:01:3f:e1:75:51:
         d8:3a:8a:56:4e:dc:25:73:86:1e:21:87:37:3a:cd:02:bf:ce:
         93:70:8c:23:08:e6:6b:b9:58:74:1e:0d:2f:b8:32:af:2a:d7:
         03:88:b2:e2:ed:55:55:0f:cc:f9:f1:1f:15:93:61:2c:ec:bc:
         9b:91:9c:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yUPeK82TGxF0MYEZPrqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyOTE3NDEyNTJiYjljNGNkYTgwMDQ3ZGZiMDFjZTk4YzIx
OWQxODAwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODM5N2IyMDE1YjliYzdjZjg0NWM2MTBkMTEwNzAwNDljMTNhY2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNDYEOFE36WeGT9gQm/ZFIx90Rap
Dt+KA2cH7UBXvn+ctG7EvL1r/rpAK1ULFTEyorez1QbxmEc69/6SPQoEpdFUqfsa
uWUP9kKX23jnk1XK8i9EBjuFblr+8Nu6izltAHtzfUxoOFA5/9ypgHlwRP9X3Xhn
EeLENhHgBcrWftoI9RiLcx6n94OcqT32hYpCGITkT30X4ht/Oz2wtc26WNRWDxmA
9CeH//YPeZis/hlmCjXgxC+mu4CjFEPLJJcq817qo3pkQX1VLBke4sjdajPRO5pO
l0hot5SL3YT/AvSC3SBoGvV/RNmSFNFWMc0bheFOJd4Pxj+QoADOvIuYiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAg5eyAVubx8+EXGENEQcAScE6y4MB8GA1UdIwQY
MBaAFNKRdBJSu5xM2oAEffsBzpjCGdGAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHBGMEVsSzduRXphZ0FSOS13SE9tTUlaMFlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8zYmE2ZmMtMmQ0OS00YWZmLTkyMjkt
NDhiOTU3MjY0YzI2LzEvQ0RsN0lCVzV2SHo0UmNZUTBSQndCSndUckxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8zYmE2ZmMtMmQ0OS00YWZmLTkyMjktNDhiOTU3MjY0YzI2
LzEvMHBGMEVsSzduRXphZ0FSOS13SE9tTUlaMFlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBf3cMA0G
CSqGSIb3DQEBCwUAA4IBAQB8IW5L3qwSNgZJLEXmqzKaWL4dFAAdYBeW/6dO/NM6
vPrQtjiMByiguwaKhnlQ2VlBedlp2jstl/Jco2HCufQukrMyrbQS2eI72WVjay1e
AgEP6gQh/oc0PUzyo6r+Kf9EsGloM+wcTq1c5bhbOiyfSQTQqy1ifUfKfqm+dX3I
5lPF48ku6MjZT/8DYOHYCnR9/vkuU/J+YGTBcy8I3/wg14oXcCOj25Lb/CLex499
vxZ90tFIcJQTxo+8c3HS8387AT/hdVHYOopWTtwlc4YeIYc3Os0Cv86TcIwjCOZr
uVh0Hg0vuDKvKtcDiLLi7VVVD8z58R8Vk2Es7LybkZzm
-----END CERTIFICATE-----