Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/_5XZ3UbhyCq4yEylHmrwYIQSTiU.roa
File:                     _5XZ3UbhyCq4yEylHmrwYIQSTiU.roa (raw, json)
Hash identifier:          KzE+A3N1TEgVonsq+83sn31X0Ev1s37toQClAGCwONw=
Subject key identifier:   FF:95:D9:DD:46:E1:C8:2A:B8:C8:4C:A5:1E:6A:F0:60:84:12:4E:25
Certificate issuer:       /CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
Certificate serial:       01903B05322161E29640A2EC9ABDAE284070
Authority key identifier: 92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/_5XZ3UbhyCq4yEylHmrwYIQSTiU.roa
Signing time:             Fri 21 Jun 2024 13:38:34 +0000
ROA not before:           Fri 21 Jun 2024 13:38:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212669
IP address blocks:        185.189.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3b:05:32:21:61:e2:96:40:a2:ec:9a:bd:ae:28:40:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92e720465c5cd0da9c6a13b44fa0d86f649e5055
        Validity
            Not Before: Jun 21 13:38:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff95d9dd46e1c82ab8c84ca51e6af06084124e25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:80:b7:30:a4:eb:68:60:5f:6a:cf:9d:48:45:
                    7b:26:32:24:ec:d3:1a:47:7e:4f:99:2a:47:3e:77:
                    6e:0f:2d:d8:0c:68:60:15:89:48:fe:b5:4f:9b:1e:
                    5a:56:91:06:c6:73:7d:0f:3c:44:69:21:84:0a:f2:
                    30:3d:37:9b:44:b4:b6:5b:4d:9f:ed:bb:25:1b:6f:
                    e7:8f:77:48:61:16:ed:3f:20:6a:6b:42:8c:93:aa:
                    36:b0:cb:95:aa:cd:6e:cb:22:15:1e:a2:80:c0:1c:
                    fb:68:d2:ba:f4:58:50:fb:cf:f7:ea:d1:7f:1c:e4:
                    25:a2:fb:67:57:65:5d:d0:33:99:27:ab:b2:5b:aa:
                    71:7f:cf:fc:f2:31:84:24:45:54:36:9b:66:47:b4:
                    dd:db:57:cf:e6:b6:bb:60:be:0f:da:98:69:b8:ba:
                    e4:bf:71:ce:c9:56:66:74:cd:6c:04:2c:42:f0:1d:
                    cf:c5:d0:25:80:6d:1d:5b:28:b5:ed:d3:b6:07:2e:
                    05:d6:e2:31:c7:22:14:f6:0a:8c:b1:ef:ab:55:68:
                    2c:07:00:ae:c8:5f:b7:23:b0:a2:b0:65:52:0a:61:
                    cb:a2:63:98:99:72:d7:70:2d:8b:3c:18:71:6d:7c:
                    2f:60:ad:9d:53:35:c1:d5:71:d9:c0:71:0c:59:46:
                    dd:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:95:D9:DD:46:E1:C8:2A:B8:C8:4C:A5:1E:6A:F0:60:84:12:4E:25
            X509v3 Authority Key Identifier:
                keyid:92:E7:20:46:5C:5C:D0:DA:9C:6A:13:B4:4F:A0:D8:6F:64:9E:50:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kucgRlxc0NqcahO0T6DYb2SeUFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/_5XZ3UbhyCq4yEylHmrwYIQSTiU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f8a9eb-7f8d-4bf7-83d9-9096e1674e22/1/kucgRlxc0NqcahO0T6DYb2SeUFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:ff:a4:ff:16:00:3d:eb:b4:6a:96:c8:65:1b:ed:67:fe:f0:
         de:29:4f:34:d2:6c:55:db:01:49:7b:a6:c7:ce:47:7f:cc:0d:
         ed:8c:49:36:2d:98:04:11:ad:66:b1:5b:60:97:64:fc:04:77:
         f5:19:93:d0:01:ed:97:97:90:23:9d:8c:05:3d:dd:99:47:00:
         7a:3c:0d:93:da:4d:bf:ad:37:dc:1e:9e:18:35:87:b7:5c:f3:
         ba:d2:cf:ce:f1:8b:b0:b1:6d:68:52:b0:29:9d:e4:72:dd:f3:
         ae:18:47:e8:0f:da:b0:33:40:be:55:39:67:b0:f8:19:be:5e:
         4c:43:b2:d1:8c:44:5f:62:ac:41:ed:76:e8:27:49:30:97:a6:
         2b:91:9a:f9:53:40:d4:d6:ea:2d:fc:5b:b1:a9:63:29:46:f9:
         b6:51:35:de:9d:c9:34:ce:f9:00:56:bf:cc:e9:ad:bf:8f:14:
         b5:30:5f:93:23:46:14:25:e3:ba:27:2f:aa:6c:ae:2c:4f:3b:
         cf:d0:5d:44:3e:ab:1f:b8:b6:8c:d9:21:cc:a9:a1:36:11:bd:
         2a:a0:40:89:09:25:06:59:b6:79:c1:f8:55:ce:c7:6d:a8:c5:
         49:59:ec:62:fa:4b:b9:6f:39:a8:1e:34:34:86:59:c1:1c:bb:
         6f:e0:b2:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZA7BTIhYeKWQKLsmr2uKEBwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZTcyMDQ2NWM1Y2QwZGE5YzZhMTNiNDRmYTBkODZmNjQ5
ZTUwNTUwHhcNMjQwNjIxMTMzODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjk1ZDlkZDQ2ZTFjODJhYjhjODRjYTUxZTZhZjA2MDg0MTI0ZTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4IC3MKTraGBfas+dSEV7JjIk7NMa
R35PmSpHPnduDy3YDGhgFYlI/rVPmx5aVpEGxnN9DzxEaSGECvIwPTebRLS2W02f
7bslG2/nj3dIYRbtPyBqa0KMk6o2sMuVqs1uyyIVHqKAwBz7aNK69FhQ+8/36tF/
HOQlovtnV2Vd0DOZJ6uyW6pxf8/88jGEJEVUNptmR7Td21fP5ra7YL4P2phpuLrk
v3HOyVZmdM1sBCxC8B3PxdAlgG0dWyi17dO2By4F1uIxxyIU9gqMse+rVWgsBwCu
yF+3I7CisGVSCmHLomOYmXLXcC2LPBhxbXwvYK2dUzXB1XHZwHEMWUbd+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+V2d1G4cgquMhMpR5q8GCEEk4lMB8GA1UdIwQY
MBaAFJLnIEZcXNDanGoTtE+g2G9knlBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDkt
OTA5NmUxNjc0ZTIyLzEvXzVYWjNVYmh5Q3E0eUV5bEhtcndZSVFTVGlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mOGE5ZWItN2Y4ZC00YmY3LTgzZDktOTA5NmUxNjc0ZTIy
LzEva3VjZ1JseGMwTnFjYWhPMFQ2RFliMlNlVUZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub0jMA0G
CSqGSIb3DQEBCwUAA4IBAQBr/6T/FgA967RqlshlG+1n/vDeKU800mxV2wFJe6bH
zkd/zA3tjEk2LZgEEa1msVtgl2T8BHf1GZPQAe2Xl5AjnYwFPd2ZRwB6PA2T2k2/
rTfcHp4YNYe3XPO60s/O8YuwsW1oUrApneRy3fOuGEfoD9qwM0C+VTlnsPgZvl5M
Q7LRjERfYqxB7XboJ0kwl6YrkZr5U0DU1uot/FuxqWMpRvm2UTXenck0zvkAVr/M
6a2/jxS1MF+TI0YUJeO6Jy+qbK4sTzvP0F1EPqsfuLaM2SHMqaE2Eb0qoECJCSUG
WbZ5wfhVzsdtqMVJWexi+ku5bzmoHjQ0hlnBHLtv4LIl
-----END CERTIFICATE-----