Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/I5-S39Hf8Ud_311l97GZEu_3kDg.roa
File:                     I5-S39Hf8Ud_311l97GZEu_3kDg.roa (raw, json)
Hash identifier:          +yUSHgBD+l/26ZEAwaanT9u1JGd8AU+0te+sdgjMgtY=
Subject key identifier:   23:9F:92:DF:D1:DF:F1:47:7F:DF:5D:65:F7:B1:99:12:EF:F7:90:38
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       019341362F39B91D57DF58450F2CBFEE38D1
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/I5-S39Hf8Ud_311l97GZEu_3kDg.roa
Signing time:             Mon 18 Nov 2024 21:38:10 +0000
ROA not before:           Mon 18 Nov 2024 21:38:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206270
IP address blocks:        185.188.100.0/22 maxlen: 32
                          185.188.103.0/24 maxlen: 24
                          2a0a:10c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:41:36:2f:39:b9:1d:57:df:58:45:0f:2c:bf:ee:38:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Nov 18 21:38:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=239f92dfd1dff1477fdf5d65f7b19912eff79038
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:99:f8:a7:65:42:a9:9e:03:fd:0d:c4:87:47:
                    37:bd:e8:ff:76:a8:4b:1c:ee:a6:a2:c9:2d:5f:a4:
                    89:e3:09:d1:af:c8:ab:7f:28:77:b5:3e:dc:f1:4b:
                    dd:44:38:59:e4:4c:ce:ba:9c:48:06:df:27:f6:7d:
                    3c:fd:d3:04:af:b9:47:91:33:10:20:fa:58:57:e3:
                    19:83:85:14:aa:48:96:dc:46:58:05:a4:d7:49:bd:
                    f0:0f:e1:1a:a7:46:97:d1:22:20:8e:c3:31:ee:5b:
                    c6:35:46:40:e3:41:a6:dc:3f:36:45:03:42:e9:3a:
                    29:51:c1:3b:59:40:8b:77:bf:70:98:42:32:ec:f1:
                    8e:13:ca:9f:1d:08:d1:59:bb:4a:0f:d7:be:0d:81:
                    91:17:81:a6:f6:c5:48:79:77:23:3a:c5:91:a5:20:
                    e8:f3:dd:27:3f:0a:22:7a:e8:29:15:b4:84:c3:bc:
                    d4:53:a5:19:ca:fa:20:40:20:e0:23:38:c2:01:cd:
                    82:b3:e1:64:e2:79:71:31:0c:d0:0a:39:94:38:23:
                    c2:60:16:9c:5b:cf:aa:ab:5a:27:2c:15:39:76:9f:
                    7d:6e:0a:f0:f2:15:da:de:c4:ca:3b:d8:d3:d6:85:
                    56:68:1a:30:54:5b:b2:fe:c1:40:91:9f:4e:60:75:
                    21:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:9F:92:DF:D1:DF:F1:47:7F:DF:5D:65:F7:B1:99:12:EF:F7:90:38
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/I5-S39Hf8Ud_311l97GZEu_3kDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.100.0/22
                IPv6:
                  2a0a:10c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:a3:75:bb:2f:c1:c4:d2:9c:d0:b8:4f:9f:1b:21:92:af:ea:
         96:2f:62:9b:51:0b:07:4e:87:d5:91:48:5d:55:a8:c3:c2:a5:
         aa:35:0c:81:21:df:59:4a:5f:83:b2:fd:57:52:4b:21:83:79:
         81:63:c3:5b:7e:4b:ba:eb:3a:72:ea:53:0e:99:d1:21:ce:d1:
         d9:43:73:7d:61:83:0a:22:e5:f5:be:83:10:0c:e2:77:76:49:
         8f:4e:8c:e9:31:2e:10:a1:53:68:50:21:e0:fd:c7:79:9a:72:
         ce:04:8e:fd:f8:56:b8:6f:ce:6f:e3:ee:8f:a5:3e:ba:94:ac:
         23:c5:da:00:1c:c5:61:a5:26:29:21:8b:e9:de:dd:d8:93:58:
         62:8a:cb:23:92:77:5e:4e:38:28:14:43:e9:0f:fc:d8:4c:98:
         cf:a1:b7:f6:e4:e7:94:14:1c:e9:90:cd:20:00:a2:c6:0a:13:
         dc:f8:32:b6:d9:d9:28:9e:fa:2f:2d:52:d9:b9:ce:a3:d6:0a:
         e2:db:ea:01:b5:6c:59:77:81:06:37:94:c7:e3:9b:07:11:4d:
         2d:e3:44:21:83:3d:4f:25:2c:f2:dd:b4:b0:cc:30:3a:e0:c2:
         d5:8f:76:f8:00:15:fb:5e:d0:01:9c:db:cf:03:5f:74:2f:1a:
         b0:7e:e7:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZNBNi85uR1X31hFDyy/7jjRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjQxMTE4MjEzODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzlmOTJkZmQxZGZmMTQ3N2ZkZjVkNjVmN2IxOTkxMmVmZjc5MDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5n4p2VCqZ4D/Q3Eh0c3vej/dqhL
HO6mosktX6SJ4wnRr8irfyh3tT7c8UvdRDhZ5EzOupxIBt8n9n08/dMEr7lHkTMQ
IPpYV+MZg4UUqkiW3EZYBaTXSb3wD+Eap0aX0SIgjsMx7lvGNUZA40Gm3D82RQNC
6TopUcE7WUCLd79wmEIy7PGOE8qfHQjRWbtKD9e+DYGRF4Gm9sVIeXcjOsWRpSDo
890nPwoieugpFbSEw7zUU6UZyvogQCDgIzjCAc2Cs+Fk4nlxMQzQCjmUOCPCYBac
W8+qq1onLBU5dp99bgrw8hXa3sTKO9jT1oVWaBowVFuy/sFAkZ9OYHUhmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCOfkt/R3/FHf99dZfexmRLv95A4MB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvSTUtUzM5SGY4VWRfMzExbDk3R1pFdV8za0RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubxkMA0E
AgACMAcDBQMqChDAMA0GCSqGSIb3DQEBCwUAA4IBAQBzo3W7L8HE0pzQuE+fGyGS
r+qWL2KbUQsHTofVkUhdVajDwqWqNQyBId9ZSl+Dsv1XUkshg3mBY8Nbfku66zpy
6lMOmdEhztHZQ3N9YYMKIuX1voMQDOJ3dkmPTozpMS4QoVNoUCHg/cd5mnLOBI79
+Fa4b85v4+6PpT66lKwjxdoAHMVhpSYpIYvp3t3Yk1hiissjkndeTjgoFEPpD/zY
TJjPobf25OeUFBzpkM0gAKLGChPc+DK22dkonvovLVLZuc6j1gri2+oBtWxZd4EG
N5TH45sHEU0t40Qhgz1PJSzy3bSwzDA64MLVj3b4ABX7XtABnNvPA190Lxqwfudt
-----END CERTIFICATE-----