Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/19fa4a-f41d-4baf-b9ea-ec9b75521297/1/5dRUaiAbsApMZZU9uQV5VnD0O2o.roa
File:                     5dRUaiAbsApMZZU9uQV5VnD0O2o.roa (raw, json)
Hash identifier:          /fA3RLFbDZSvplf/CZpKN1BPjI7I85ymUxR5JWCXbT0=
Subject key identifier:   E5:D4:54:6A:20:1B:B0:0A:4C:65:95:3D:B9:05:79:56:70:F4:3B:6A
Certificate issuer:       /CN=67e1cedfe0826f0f9775bdfa8e9425300bde9f13
Certificate serial:       018CC2DAF117A2B38E39016E5E52F34E618E
Authority key identifier: 67:E1:CE:DF:E0:82:6F:0F:97:75:BD:FA:8E:94:25:30:0B:DE:9F:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z-HO3-CCbw-Xdb36jpQlMAvenxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/19fa4a-f41d-4baf-b9ea-ec9b75521297/1/5dRUaiAbsApMZZU9uQV5VnD0O2o.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35205
IP address blocks:        194.126.129.0/24 maxlen: 24
                          2a05:3700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/19fa4a-f41d-4baf-b9ea-ec9b75521297/1/Z-HO3-CCbw-Xdb36jpQlMAvenxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/19fa4a-f41d-4baf-b9ea-ec9b75521297/1/Z-HO3-CCbw-Xdb36jpQlMAvenxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z-HO3-CCbw-Xdb36jpQlMAvenxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f1:17:a2:b3:8e:39:01:6e:5e:52:f3:4e:61:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67e1cedfe0826f0f9775bdfa8e9425300bde9f13
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5d4546a201bb00a4c65953db905795670f43b6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:76:4e:c5:60:14:a8:79:b3:ae:14:2e:0c:58:
                    02:8f:45:aa:2c:4e:43:2d:80:ba:d9:bc:40:f9:29:
                    70:a4:21:bb:b2:93:6e:6d:b7:24:f4:84:f4:4a:d9:
                    e7:82:2c:90:42:92:a2:cc:86:ac:c1:9c:cf:36:40:
                    90:f8:8c:96:e0:89:b9:1a:5e:ce:68:61:67:8d:2e:
                    9c:a9:07:50:3f:1e:65:5f:ce:ba:1a:c5:24:12:96:
                    cd:67:5c:de:9a:35:76:60:9a:41:29:7a:6d:29:da:
                    a9:60:54:e2:69:02:ec:03:3e:d5:f8:05:15:dd:15:
                    c6:b9:03:7f:34:93:46:88:90:24:93:ef:c1:d9:db:
                    ce:93:2b:23:e2:bf:2e:18:f9:38:95:14:86:aa:bc:
                    9f:66:5a:41:7b:1a:20:75:61:37:fc:7d:44:92:36:
                    68:bf:9e:a8:2e:54:e4:3b:8d:5a:91:07:7c:ec:0d:
                    74:34:48:5b:1c:c6:9a:14:f8:85:b0:4c:a6:0c:af:
                    41:b1:9a:f8:30:c2:e1:90:75:f8:83:1e:5a:bd:db:
                    01:c8:6d:12:1b:6d:73:f7:88:b6:b7:08:2a:09:7a:
                    1f:ab:c1:de:3f:29:aa:a2:33:e0:dd:cf:bd:88:b5:
                    9f:33:c0:6a:02:62:24:0f:86:6c:e1:4f:d5:46:4d:
                    89:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:D4:54:6A:20:1B:B0:0A:4C:65:95:3D:B9:05:79:56:70:F4:3B:6A
            X509v3 Authority Key Identifier:
                keyid:67:E1:CE:DF:E0:82:6F:0F:97:75:BD:FA:8E:94:25:30:0B:DE:9F:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z-HO3-CCbw-Xdb36jpQlMAvenxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/19fa4a-f41d-4baf-b9ea-ec9b75521297/1/5dRUaiAbsApMZZU9uQV5VnD0O2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/19fa4a-f41d-4baf-b9ea-ec9b75521297/1/Z-HO3-CCbw-Xdb36jpQlMAvenxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.129.0/24
                IPv6:
                  2a05:3700::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:48:2d:8a:bc:d0:5a:4e:a9:54:e1:8a:a7:1b:c6:05:d1:bf:
         7e:ec:3b:24:16:13:c3:7a:e3:12:06:27:36:64:f4:1f:fa:0b:
         f1:83:da:88:7f:e3:6e:65:1e:3f:83:5b:3f:b5:bc:10:74:f9:
         95:a7:89:8e:46:0a:6a:c5:dc:a3:a2:06:c1:08:9f:d7:a7:1b:
         45:57:88:32:97:06:a5:d4:07:97:9b:e9:54:87:f2:14:f0:03:
         75:23:eb:b1:d7:7f:7b:62:c6:ac:b5:78:92:a9:11:cd:9b:9f:
         51:5f:af:9a:c8:3e:11:08:39:18:be:c2:a8:4b:56:bb:fb:57:
         16:d2:de:fa:5b:fd:2b:de:f4:ef:43:8b:db:a3:97:06:97:0d:
         ed:d3:a7:72:a4:f7:24:86:48:3e:2d:02:7d:3b:ea:81:5c:ea:
         c7:01:94:90:12:c5:d4:58:cf:d2:c8:77:25:13:c6:7a:93:86:
         49:e6:f3:21:2b:be:e2:b8:d0:c3:66:46:fe:3e:4f:02:b2:d0:
         01:42:68:81:2f:fd:67:75:9c:a7:c6:a0:e6:32:ff:53:04:b1:
         5e:c7:73:21:5f:c6:8a:a9:89:bc:d0:7e:70:ab:f0:07:bc:7c:
         ac:67:fe:73:df:74:7e:f2:92:63:1a:82:20:30:bf:24:b1:94:
         f6:1f:39:a5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2vEXorOOOQFuXlLzTmGOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZTFjZWRmZTA4MjZmMGY5Nzc1YmRmYThlOTQyNTMwMGJk
ZTlmMTMwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWQ0NTQ2YTIwMWJiMDBhNGM2NTk1M2RiOTA1Nzk1NjcwZjQzYjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3ZOxWAUqHmzrhQuDFgCj0WqLE5D
LYC62bxA+SlwpCG7spNubbck9IT0StnngiyQQpKizIaswZzPNkCQ+IyW4Im5Gl7O
aGFnjS6cqQdQPx5lX866GsUkEpbNZ1zemjV2YJpBKXptKdqpYFTiaQLsAz7V+AUV
3RXGuQN/NJNGiJAkk+/B2dvOkysj4r8uGPk4lRSGqryfZlpBexogdWE3/H1EkjZo
v56oLlTkO41akQd87A10NEhbHMaaFPiFsEymDK9BsZr4MMLhkHX4gx5avdsByG0S
G21z94i2twgqCXofq8HePymqojPg3c+9iLWfM8BqAmIkD4Zs4U/VRk2JPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOXUVGogG7AKTGWVPbkFeVZw9DtqMB8GA1UdIwQY
MBaAFGfhzt/ggm8Pl3W9+o6UJTAL3p8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWi1ITzMtQ0Nidy1YZGIzNmpwUWxNQXZlbnhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8xOWZhNGEtZjQxZC00YmFmLWI5ZWEt
ZWM5Yjc1NTIxMjk3LzEvNWRSVWFpQWJzQXBNWlpVOXVRVjVWbkQwTzJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8xOWZhNGEtZjQxZC00YmFmLWI5ZWEtZWM5Yjc1NTIxMjk3
LzEvWi1ITzMtQ0Nidy1YZGIzNmpwUWxNQXZlbnhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwn6BMA0E
AgACMAcDBQMqBTcAMA0GCSqGSIb3DQEBCwUAA4IBAQBvSC2KvNBaTqlU4YqnG8YF
0b9+7DskFhPDeuMSBic2ZPQf+gvxg9qIf+NuZR4/g1s/tbwQdPmVp4mORgpqxdyj
ogbBCJ/XpxtFV4gylwal1AeXm+lUh/IU8AN1I+ux1397YsastXiSqRHNm59RX6+a
yD4RCDkYvsKoS1a7+1cW0t76W/0r3vTvQ4vbo5cGlw3t06dypPckhkg+LQJ9O+qB
XOrHAZSQEsXUWM/SyHclE8Z6k4ZJ5vMhK77iuNDDZkb+Pk8CstABQmiBL/1ndZyn
xqDmMv9TBLFex3MhX8aKqYm80H5wq/AHvHysZ/5z33R+8pJjGoIgML8ksZT2Hzml
-----END CERTIFICATE-----