Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b06942-afc8-4336-97ee-aee696f83903/1/Es8F1xJwEA0vT_Kir407e1Ffat4.roa
File:                     Es8F1xJwEA0vT_Kir407e1Ffat4.roa (raw, json)
Hash identifier:          FuD+bdDDiaPPhYICGGYhRu349kTQh8scZCFy4i9KpLU=
Subject key identifier:   12:CF:05:D7:12:70:10:0D:2F:4F:F2:A2:AF:8D:3B:7B:51:5F:6A:DE
Certificate issuer:       /CN=39805a05b8d9f0dfc43834c664d624715439f0d5
Certificate serial:       018CC501002CDF8C1F482A00BC5D6CE99ADB
Authority key identifier: 39:80:5A:05:B8:D9:F0:DF:C4:38:34:C6:64:D6:24:71:54:39:F0:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OYBaBbjZ8N_EODTGZNYkcVQ58NU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b06942-afc8-4336-97ee-aee696f83903/1/Es8F1xJwEA0vT_Kir407e1Ffat4.roa
Signing time:             Mon 01 Jan 2024 12:30:26 +0000
ROA not before:           Mon 01 Jan 2024 12:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49220
IP address blocks:        188.92.128.0/21 maxlen: 21
                          185.37.136.0/22 maxlen: 22
                          2001:16f0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b06942-afc8-4336-97ee-aee696f83903/1/OYBaBbjZ8N_EODTGZNYkcVQ58NU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b06942-afc8-4336-97ee-aee696f83903/1/OYBaBbjZ8N_EODTGZNYkcVQ58NU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OYBaBbjZ8N_EODTGZNYkcVQ58NU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:00:2c:df:8c:1f:48:2a:00:bc:5d:6c:e9:9a:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39805a05b8d9f0dfc43834c664d624715439f0d5
        Validity
            Not Before: Jan  1 12:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12cf05d71270100d2f4ff2a2af8d3b7b515f6ade
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:cc:40:26:bd:e0:a0:16:47:fc:c8:d6:95:ee:
                    54:21:45:41:ca:f7:05:7e:45:0b:6e:0e:77:20:2d:
                    84:77:29:17:df:22:e5:df:00:70:c4:df:9d:e7:07:
                    92:c3:a5:c8:30:5a:ab:eb:b8:bc:14:bf:07:2e:91:
                    4c:40:66:4d:92:dd:db:55:f4:a1:52:3e:7f:0a:f0:
                    f1:06:96:3a:aa:e2:ba:07:87:77:56:07:f2:f3:8d:
                    f2:18:92:4d:17:a9:f2:94:4f:ff:eb:9f:d6:b5:dd:
                    f7:3b:cd:ee:03:55:96:bc:5c:2a:15:8a:44:9f:f9:
                    2e:ec:cd:2e:17:ac:bf:26:1e:da:32:9c:7a:b3:39:
                    5d:9f:1a:b3:a6:7a:f5:0d:55:ad:e5:2e:b0:a6:5e:
                    6e:a5:2e:1e:97:fb:1a:e9:ff:29:f1:49:a1:c0:54:
                    64:ad:bc:13:1a:3e:29:e0:c3:6a:fb:f4:d1:71:2e:
                    77:e6:c5:17:40:36:69:bd:bd:87:4d:c1:c1:85:32:
                    2d:94:bc:63:3e:ff:03:18:e0:67:42:bd:d6:ca:76:
                    6b:6e:c2:29:ca:79:99:51:e1:59:5e:9b:cb:de:61:
                    86:fc:8e:97:b8:2e:c9:7b:b4:21:2a:5a:bf:cf:43:
                    55:b0:ef:cc:33:10:2a:01:a9:b6:c7:e7:1b:88:5e:
                    88:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:CF:05:D7:12:70:10:0D:2F:4F:F2:A2:AF:8D:3B:7B:51:5F:6A:DE
            X509v3 Authority Key Identifier:
                keyid:39:80:5A:05:B8:D9:F0:DF:C4:38:34:C6:64:D6:24:71:54:39:F0:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OYBaBbjZ8N_EODTGZNYkcVQ58NU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b06942-afc8-4336-97ee-aee696f83903/1/Es8F1xJwEA0vT_Kir407e1Ffat4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b06942-afc8-4336-97ee-aee696f83903/1/OYBaBbjZ8N_EODTGZNYkcVQ58NU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.136.0/22
                  188.92.128.0/21
                IPv6:
                  2001:16f0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5a:3e:b1:d5:d1:50:1a:2d:31:16:00:67:76:df:20:c8:b5:45:
         30:a9:c2:da:a6:6c:ff:9c:b6:2d:d7:ce:3a:cd:f6:8f:15:fa:
         58:c7:57:6a:00:79:2f:79:77:a2:e2:b3:e2:84:d9:87:f2:9b:
         14:da:9e:bb:96:bb:8e:6a:ed:e8:ce:e5:3d:69:58:b9:4f:4e:
         e5:c4:65:a8:07:2c:29:ad:8f:2c:be:a8:64:d7:a4:12:95:29:
         63:5d:f0:a9:fc:63:ac:d8:63:b3:a0:dd:6b:9e:fe:33:be:82:
         92:0c:88:5c:8f:28:73:70:9f:77:5d:24:fb:ca:91:a3:cc:fd:
         a1:d2:d8:1c:5b:0b:72:b7:54:8d:2f:fd:0d:a7:c2:79:16:3e:
         1e:e5:a6:28:dc:4a:f2:bf:38:4b:39:27:f9:60:d8:20:fa:23:
         4c:20:4f:35:a6:b5:1f:7c:af:19:8a:80:57:38:f8:bb:f5:2e:
         8e:62:b3:d3:6e:02:86:c3:73:75:93:22:2c:aa:f2:14:41:08:
         b9:46:3e:fe:67:f0:18:60:01:b0:53:da:06:f0:0b:d9:78:cf:
         79:2f:45:62:b7:74:aa:78:e0:a6:43:65:a7:a1:11:2c:49:d5:
         b5:ad:dc:4b:7d:49:60:e6:01:4c:5d:12:18:3c:8f:26:05:ea:
         e5:20:99:af
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFAQAs34wfSCoAvF1s6ZrbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5ODA1YTA1YjhkOWYwZGZjNDM4MzRjNjY0ZDYyNDcxNTQz
OWYwZDUwHhcNMjQwMTAxMTIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmNmMDVkNzEyNzAxMDBkMmY0ZmYyYTJhZjhkM2I3YjUxNWY2YWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8xAJr3goBZH/MjWle5UIUVByvcF
fkULbg53IC2EdykX3yLl3wBwxN+d5weSw6XIMFqr67i8FL8HLpFMQGZNkt3bVfSh
Uj5/CvDxBpY6quK6B4d3Vgfy843yGJJNF6nylE//65/Wtd33O83uA1WWvFwqFYpE
n/ku7M0uF6y/Jh7aMpx6szldnxqzpnr1DVWt5S6wpl5upS4el/sa6f8p8UmhwFRk
rbwTGj4p4MNq+/TRcS535sUXQDZpvb2HTcHBhTItlLxjPv8DGOBnQr3WynZrbsIp
ynmZUeFZXpvL3mGG/I6XuC7Je7QhKlq/z0NVsO/MMxAqAam2x+cbiF6IHQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBLPBdcScBANL0/yoq+NO3tRX2reMB8GA1UdIwQY
MBaAFDmAWgW42fDfxDg0xmTWJHFUOfDVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1lCYUJialo4Tl9FT0RUR1pOWWtjVlE1OE5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMDY5NDItYWZjOC00MzM2LTk3ZWUt
YWVlNjk2ZjgzOTAzLzEvRXM4RjF4SndFQTB2VF9LaXI0MDdlMUZmYXQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMDY5NDItYWZjOC00MzM2LTk3ZWUtYWVlNjk2ZjgzOTAz
LzEvT1lCYUJialo4Tl9FT0RUR1pOWWtjVlE1OE5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuSWIAwQD
vFyAMA0EAgACMAcDBQAgARbwMA0GCSqGSIb3DQEBCwUAA4IBAQBaPrHV0VAaLTEW
AGd23yDItUUwqcLapmz/nLYt1846zfaPFfpYx1dqAHkveXei4rPihNmH8psU2p67
lruOau3ozuU9aVi5T07lxGWoBywprY8svqhk16QSlSljXfCp/GOs2GOzoN1rnv4z
voKSDIhcjyhzcJ93XST7ypGjzP2h0tgcWwtyt1SNL/0Np8J5Fj4e5aYo3EryvzhL
OSf5YNgg+iNMIE81prUffK8ZioBXOPi79S6OYrPTbgKGw3N1kyIsqvIUQQi5Rj7+
Z/AYYAGwU9oG8AvZeM95L0Vit3SqeOCmQ2WnoREsSdW1rdxLfUlg5gFMXRIYPI8m
BerlIJmv
-----END CERTIFICATE-----