Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/3g2sZuWmZacSTKVHGTHfYYaqdc8.roa
File:                     3g2sZuWmZacSTKVHGTHfYYaqdc8.roa (raw, json)
Hash identifier:          d6Y+blljXMQLxIzMTmFcaFeDQMH5wReNnuK8fUsH880=
Subject key identifier:   DE:0D:AC:66:E5:A6:65:A7:12:4C:A5:47:19:31:DF:61:86:AA:75:CF
Certificate issuer:       /CN=e631b080d4ea6fd0616a6e701c7c815d6ff87c00
Certificate serial:       018D7950CF7E2F3C4F8E424D85068CD909D7
Authority key identifier: E6:31:B0:80:D4:EA:6F:D0:61:6A:6E:70:1C:7C:81:5D:6F:F8:7C:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/3g2sZuWmZacSTKVHGTHfYYaqdc8.roa
Signing time:             Mon 05 Feb 2024 12:49:15 +0000
ROA not before:           Mon 05 Feb 2024 12:49:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50319
IP address blocks:        5.180.140.0/22 maxlen: 22
                          185.84.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:79:50:cf:7e:2f:3c:4f:8e:42:4d:85:06:8c:d9:09:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e631b080d4ea6fd0616a6e701c7c815d6ff87c00
        Validity
            Not Before: Feb  5 12:49:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de0dac66e5a665a7124ca5471931df6186aa75cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:0d:fb:4a:94:b3:01:0c:71:6b:94:25:f8:3b:
                    c2:47:75:92:dc:6a:d3:41:43:d5:c5:12:2d:fb:93:
                    8d:48:67:f8:38:78:24:01:23:ac:98:8e:61:cf:1e:
                    b9:c8:3f:d9:b1:1d:f8:c3:97:c9:ae:9d:00:9c:5b:
                    bc:62:f3:43:53:b9:c3:69:76:2f:87:ae:68:56:c1:
                    6f:67:e5:27:a8:60:05:9b:92:08:51:3e:ee:e6:37:
                    ae:21:30:ec:5c:1c:c9:4e:16:e9:fc:7d:0a:6e:98:
                    85:fd:44:8e:5f:4d:5c:28:78:6e:54:3b:5d:71:ca:
                    a3:26:52:ed:e5:c8:5b:39:d7:aa:f9:5d:8a:b6:44:
                    28:ee:02:45:3b:63:bb:18:cf:26:83:04:69:61:0a:
                    4d:bd:97:16:24:0f:5c:1c:f6:0c:61:9f:8d:c4:9a:
                    20:47:f7:7d:67:60:7a:36:0b:76:51:65:b4:82:e8:
                    b2:24:d8:e4:35:15:f8:68:54:64:88:f4:f4:0a:9a:
                    ce:c1:d2:31:6b:72:63:ad:e6:cc:45:c1:23:1c:bf:
                    4b:17:b2:5c:eb:35:c3:bd:88:68:6e:d0:01:e0:46:
                    79:36:86:e4:90:85:d9:01:33:a9:99:d2:4b:ab:34:
                    a8:d7:fd:c0:76:e0:9a:9d:f4:ae:44:3a:16:a6:1d:
                    47:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:0D:AC:66:E5:A6:65:A7:12:4C:A5:47:19:31:DF:61:86:AA:75:CF
            X509v3 Authority Key Identifier:
                keyid:E6:31:B0:80:D4:EA:6F:D0:61:6A:6E:70:1C:7C:81:5D:6F:F8:7C:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/3g2sZuWmZacSTKVHGTHfYYaqdc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.140.0/22
                  185.84.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:19:0d:99:5b:42:f0:05:7a:d4:09:60:d7:90:be:e4:9e:0b:
         9c:3f:f5:97:66:9f:0a:8c:3e:cf:8a:6c:cc:2f:de:d3:4f:6e:
         19:bf:00:6e:85:2f:57:68:98:fa:28:d4:7b:6e:8d:72:60:15:
         c3:2f:a0:55:ca:0f:91:43:76:3e:a0:43:a0:3f:78:a4:bd:35:
         3b:8d:4e:f1:0e:55:fb:e0:59:00:fe:cf:ef:74:cf:ac:b7:21:
         0b:b1:56:70:39:c6:d9:99:d0:95:c2:f6:8f:c1:e2:fe:f4:8a:
         f8:30:64:03:22:11:9f:14:a2:71:42:58:93:78:49:9d:6d:f9:
         d8:6c:21:52:47:d6:bd:0a:11:7d:0e:a6:52:0d:03:f1:fd:67:
         26:96:27:9e:97:29:fe:c2:54:41:78:18:85:6f:ec:f3:86:ec:
         05:25:9d:75:31:8a:67:50:fd:56:00:7d:cf:64:2e:f4:15:3f:
         57:2c:cf:8e:1a:32:17:f8:fb:fd:c5:ce:fc:a3:03:d6:e8:88:
         09:0f:f2:52:54:52:8b:d1:47:c9:bc:38:6c:2d:0f:8c:c6:9b:
         3a:ba:76:32:33:f5:bf:c6:74:cd:ea:f3:34:f6:2d:54:1c:07:
         95:86:cf:1c:97:53:1d:42:a6:5b:aa:83:bd:bc:d6:47:37:88:
         20:85:3e:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY15UM9+LzxPjkJNhQaM2QnXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MzFiMDgwZDRlYTZmZDA2MTZhNmU3MDFjN2M4MTVkNmZm
ODdjMDAwHhcNMjQwMjA1MTI0OTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTBkYWM2NmU1YTY2NWE3MTI0Y2E1NDcxOTMxZGY2MTg2YWE3NWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhg37SpSzAQxxa5Ql+DvCR3WS3GrT
QUPVxRIt+5ONSGf4OHgkASOsmI5hzx65yD/ZsR34w5fJrp0AnFu8YvNDU7nDaXYv
h65oVsFvZ+UnqGAFm5IIUT7u5jeuITDsXBzJThbp/H0KbpiF/USOX01cKHhuVDtd
ccqjJlLt5chbOdeq+V2KtkQo7gJFO2O7GM8mgwRpYQpNvZcWJA9cHPYMYZ+NxJog
R/d9Z2B6Ngt2UWW0guiyJNjkNRX4aFRkiPT0CprOwdIxa3JjrebMRcEjHL9LF7Jc
6zXDvYhobtAB4EZ5NobkkIXZATOpmdJLqzSo1/3AduCanfSuRDoWph1HQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN4NrGblpmWnEkylRxkx32GGqnXPMB8GA1UdIwQY
MBaAFOYxsIDU6m/QYWpucBx8gV1v+HwAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWpHd2dOVHFiOUJoYW01d0hIeUJYV180ZkFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9kY2RhZTYtZDY5NS00MjY2LWJhOWIt
OTNiM2EzNjk2ZDk2LzEvM2cyc1p1V21aYWNTVEtWSEdUSGZZWWFxZGM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9kY2RhZTYtZDY5NS00MjY2LWJhOWItOTNiM2EzNjk2ZDk2
LzEvNWpHd2dOVHFiOUJoYW01d0hIeUJYV180ZkFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBbSMAwQC
uVTEMA0GCSqGSIb3DQEBCwUAA4IBAQAUGQ2ZW0LwBXrUCWDXkL7kngucP/WXZp8K
jD7PimzML97TT24ZvwBuhS9XaJj6KNR7bo1yYBXDL6BVyg+RQ3Y+oEOgP3ikvTU7
jU7xDlX74FkA/s/vdM+styELsVZwOcbZmdCVwvaPweL+9Ir4MGQDIhGfFKJxQliT
eEmdbfnYbCFSR9a9ChF9DqZSDQPx/Wcmlieelyn+wlRBeBiFb+zzhuwFJZ11MYpn
UP1WAH3PZC70FT9XLM+OGjIX+Pv9xc78owPW6IgJD/JSVFKL0UfJvDhsLQ+Mxps6
unYyM/W/xnTN6vM09i1UHAeVhs8cl1MdQqZbqoO9vNZHN4gghT5x
-----END CERTIFICATE-----