Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/1743df-0462-4cac-8250-dedc52a2ed8f/1/5fATlOoxVMRxRyp1KsLsqXvu3qY.roa
File:                     5fATlOoxVMRxRyp1KsLsqXvu3qY.roa (raw, json)
Hash identifier:          wNFY8s5JI3q7QhZ/d5rgJXFUjgC1L689lkIqr1UyTJw=
Subject key identifier:   E5:F0:13:94:EA:31:54:C4:71:47:2A:75:2A:C2:EC:A9:7B:EE:DE:A6
Certificate issuer:       /CN=909ac4b217a08c348fb2dc9fb7422e1de918f517
Certificate serial:       018CC42543844F5675C91276A92EB31435BD
Authority key identifier: 90:9A:C4:B2:17:A0:8C:34:8F:B2:DC:9F:B7:42:2E:1D:E9:18:F5:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kJrEshegjDSPstyft0IuHekY9Rc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/1743df-0462-4cac-8250-dedc52a2ed8f/1/5fATlOoxVMRxRyp1KsLsqXvu3qY.roa
Signing time:             Mon 01 Jan 2024 08:30:25 +0000
ROA not before:           Mon 01 Jan 2024 08:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47215
IP address blocks:        185.134.240.0/24 maxlen: 24
                          2a06:ee40:22::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/1743df-0462-4cac-8250-dedc52a2ed8f/1/kJrEshegjDSPstyft0IuHekY9Rc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/1743df-0462-4cac-8250-dedc52a2ed8f/1/kJrEshegjDSPstyft0IuHekY9Rc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kJrEshegjDSPstyft0IuHekY9Rc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:43:84:4f:56:75:c9:12:76:a9:2e:b3:14:35:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=909ac4b217a08c348fb2dc9fb7422e1de918f517
        Validity
            Not Before: Jan  1 08:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5f01394ea3154c471472a752ac2eca97beedea6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:82:04:2d:91:97:d6:0c:00:fe:5f:24:42:27:
                    0b:20:60:4e:0d:b0:17:48:aa:cf:8a:32:2d:3a:6e:
                    4e:97:42:e5:0a:54:7d:ad:b5:98:b0:27:4d:ea:5b:
                    44:4a:3a:ba:2f:e9:c2:04:13:9f:91:52:76:a9:8c:
                    a1:f6:d0:f6:0a:97:d7:a4:4a:b6:a3:05:eb:87:a5:
                    d4:cf:07:2f:19:9e:e4:bf:88:20:2f:44:34:e2:ff:
                    c2:ca:f4:b8:08:23:ef:1b:b1:33:23:f2:da:19:6c:
                    bc:63:8c:aa:a2:94:92:87:72:31:2a:30:55:24:7d:
                    84:60:ff:3c:fb:5f:29:1b:02:59:f1:a3:0f:cb:23:
                    e8:ba:d8:4c:98:b0:1a:0c:26:3e:49:4f:4a:0b:d2:
                    72:24:30:e9:d1:7f:63:22:aa:5b:dd:5c:77:88:39:
                    d9:3d:d8:d6:15:4b:af:f2:5b:43:3e:82:07:54:be:
                    34:24:73:72:67:9a:e2:ed:86:07:49:23:2e:da:b8:
                    a7:e8:ed:05:09:12:06:4e:2a:19:05:0d:38:e4:e7:
                    79:39:4d:15:e7:4e:c8:1b:78:2f:b8:57:03:c0:57:
                    93:20:06:b7:82:c1:38:ae:f7:d0:d8:21:f3:83:67:
                    aa:fa:53:90:f7:5f:7c:29:08:43:e8:2a:32:54:a2:
                    22:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:F0:13:94:EA:31:54:C4:71:47:2A:75:2A:C2:EC:A9:7B:EE:DE:A6
            X509v3 Authority Key Identifier:
                keyid:90:9A:C4:B2:17:A0:8C:34:8F:B2:DC:9F:B7:42:2E:1D:E9:18:F5:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kJrEshegjDSPstyft0IuHekY9Rc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1743df-0462-4cac-8250-dedc52a2ed8f/1/5fATlOoxVMRxRyp1KsLsqXvu3qY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/1743df-0462-4cac-8250-dedc52a2ed8f/1/kJrEshegjDSPstyft0IuHekY9Rc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.240.0/24
                IPv6:
                  2a06:ee40:22::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:64:78:14:2b:7d:0b:06:a2:ac:52:f4:e6:4b:9b:a6:74:34:
         3e:11:ad:c0:86:e1:4a:dd:bd:f9:98:6b:c6:13:cf:21:2a:75:
         65:c6:67:e3:6d:ff:95:56:d4:7e:89:a7:d9:f1:c5:60:d7:f6:
         0a:17:d2:5b:25:50:e7:4f:5e:4e:2f:b3:ad:48:16:eb:0a:df:
         54:30:a9:aa:7d:43:01:9e:00:4b:fd:0e:b9:86:46:cc:5f:b4:
         45:c4:34:5d:60:0d:3a:d7:0d:6d:aa:97:1f:fd:89:e9:21:fd:
         1c:27:d3:3d:0a:84:a5:16:92:dd:85:d3:d2:ea:6c:43:32:77:
         fd:12:be:51:08:3e:9b:f4:17:ab:8d:91:be:7b:32:c2:20:49:
         ed:73:ca:a0:a6:f1:03:0e:e9:e0:c8:8f:86:e8:62:2c:4f:bb:
         a8:31:80:b5:2a:da:10:a0:57:79:ee:1f:8c:b4:b5:66:bd:b9:
         87:b5:aa:71:75:1e:9c:67:da:ab:0f:d3:aa:ea:bb:89:51:c8:
         86:10:f4:f6:9c:cc:31:ad:68:e0:84:05:0c:2b:00:9a:3c:df:
         47:6b:45:7a:1f:b8:80:9a:9d:bd:1c:b1:6d:11:e3:c3:9f:c0:
         a2:56:a3:a4:d3:bb:1e:3c:06:3d:10:90:5f:eb:3d:7d:bd:8c:
         0c:cb:3e:0b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJUOET1Z1yRJ2qS6zFDW9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwOWFjNGIyMTdhMDhjMzQ4ZmIyZGM5ZmI3NDIyZTFkZTkx
OGY1MTcwHhcNMjQwMTAxMDgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWYwMTM5NGVhMzE1NGM0NzE0NzJhNzUyYWMyZWNhOTdiZWVkZWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4IELZGX1gwA/l8kQicLIGBODbAX
SKrPijItOm5Ol0LlClR9rbWYsCdN6ltESjq6L+nCBBOfkVJ2qYyh9tD2CpfXpEq2
owXrh6XUzwcvGZ7kv4ggL0Q04v/CyvS4CCPvG7EzI/LaGWy8Y4yqopSSh3IxKjBV
JH2EYP88+18pGwJZ8aMPyyPouthMmLAaDCY+SU9KC9JyJDDp0X9jIqpb3Vx3iDnZ
PdjWFUuv8ltDPoIHVL40JHNyZ5ri7YYHSSMu2rin6O0FCRIGTioZBQ045Od5OU0V
507IG3gvuFcDwFeTIAa3gsE4rvfQ2CHzg2eq+lOQ9198KQhD6CoyVKIilQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOXwE5TqMVTEcUcqdSrC7Kl77t6mMB8GA1UdIwQY
MBaAFJCaxLIXoIw0j7Lcn7dCLh3pGPUXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0pyRXNoZWdqRFNQc3R5ZnQwSXVIZWtZOVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS8xNzQzZGYtMDQ2Mi00Y2FjLTgyNTAt
ZGVkYzUyYTJlZDhmLzEvNWZBVGxPb3hWTVJ4UnlwMUtzTHNxWHZ1M3FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS8xNzQzZGYtMDQ2Mi00Y2FjLTgyNTAtZGVkYzUyYTJlZDhm
LzEva0pyRXNoZWdqRFNQc3R5ZnQwSXVIZWtZOVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuYbwMA8E
AgACMAkDBwAqBu5AACIwDQYJKoZIhvcNAQELBQADggEBAEtkeBQrfQsGoqxS9OZL
m6Z0ND4RrcCG4UrdvfmYa8YTzyEqdWXGZ+Nt/5VW1H6Jp9nxxWDX9goX0lslUOdP
Xk4vs61IFusK31Qwqap9QwGeAEv9DrmGRsxftEXENF1gDTrXDW2qlx/9iekh/Rwn
0z0KhKUWkt2F09LqbEMyd/0SvlEIPpv0F6uNkb57MsIgSe1zyqCm8QMO6eDIj4bo
YixPu6gxgLUq2hCgV3nuH4y0tWa9uYe1qnF1Hpxn2qsP06rqu4lRyIYQ9PaczDGt
aOCEBQwrAJo830drRXofuICanb0csW0R48OfwKJWo6TTux48Bj0QkF/rPX29jAzL
Pgs=
-----END CERTIFICATE-----