Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/R_5kNPFucNUMza9BH18F0SJTmHw.roa
File:                     R_5kNPFucNUMza9BH18F0SJTmHw.roa (raw, json)
Hash identifier:          gOBb1JaPYelo8spACLETICKDA2YuQosEdWTDK6j9cWQ=
Subject key identifier:   47:FE:64:34:F1:6E:70:D5:0C:CD:AF:41:1F:5F:05:D1:22:53:98:7C
Certificate issuer:       /CN=a6785773df313b91711bf6bc5b149ecc246b9e89
Certificate serial:       018CC72691EEFDB239F601932352A654570F
Authority key identifier: A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/R_5kNPFucNUMza9BH18F0SJTmHw.roa
Signing time:             Mon 01 Jan 2024 22:30:42 +0000
ROA not before:           Mon 01 Jan 2024 22:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202354
IP address blocks:        185.239.179.0/24 maxlen: 24
                          185.239.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:91:ee:fd:b2:39:f6:01:93:23:52:a6:54:57:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6785773df313b91711bf6bc5b149ecc246b9e89
        Validity
            Not Before: Jan  1 22:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47fe6434f16e70d50ccdaf411f5f05d12253987c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:f7:e0:a2:bc:3d:80:70:9c:4f:b6:3e:9f:5e:
                    52:e6:df:38:03:b5:5e:fe:62:04:9b:18:a9:fa:f4:
                    dd:bb:13:70:36:e5:c5:3c:2e:f8:ca:cb:5b:df:7d:
                    a3:57:93:ba:26:6f:a8:cd:92:40:ba:64:3a:bc:b8:
                    64:23:50:92:16:1c:3d:15:9e:1f:64:f3:58:cc:42:
                    24:d9:42:3d:47:85:d3:64:ea:da:3d:b4:3b:d9:7e:
                    21:e7:4a:f6:7f:65:cd:35:ef:3d:0f:fa:3b:71:b6:
                    8d:3e:06:13:20:2c:f7:67:e5:8e:df:c3:e8:f5:bc:
                    bc:50:6c:f0:0a:4e:96:ae:a4:4a:7b:53:06:7d:64:
                    6d:65:f5:21:2f:38:3b:18:9f:a3:41:55:c2:cc:e8:
                    78:b3:ab:74:f9:0b:30:34:12:6f:b9:6e:f6:71:b5:
                    db:01:de:ef:47:42:0b:93:c0:61:1a:cf:9f:45:47:
                    cb:0c:20:04:57:34:4b:8e:ae:a2:3a:05:04:f6:1a:
                    26:f5:ed:a2:10:6d:a7:f9:cd:4a:9d:0d:e1:29:bf:
                    f6:4f:9c:a2:e2:6d:4c:26:0d:7f:ce:5a:70:6b:37:
                    92:14:dd:b8:78:0c:57:69:7b:b8:bc:36:4d:28:7d:
                    dd:2a:2d:b6:22:21:6b:2f:d7:56:bf:49:fb:24:de:
                    bd:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:FE:64:34:F1:6E:70:D5:0C:CD:AF:41:1F:5F:05:D1:22:53:98:7C
            X509v3 Authority Key Identifier:
                keyid:A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/R_5kNPFucNUMza9BH18F0SJTmHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:f2:ed:7e:fd:70:2d:b5:8d:75:76:17:6c:c4:d2:da:28:78:
         c6:cb:b8:4b:01:c9:3d:14:60:36:e8:8f:20:fa:29:4f:f0:60:
         47:6b:40:9a:24:2b:11:78:f6:47:1c:99:32:17:94:bb:e0:91:
         24:f8:d3:45:db:36:a0:89:c2:d5:a0:c7:97:8d:d2:58:69:66:
         59:60:07:00:ef:ac:cb:42:36:3f:92:f0:77:01:45:49:69:f1:
         0e:f0:08:bb:54:de:34:12:c6:69:43:64:9a:41:22:ee:23:32:
         89:e6:ff:cc:cd:d3:6b:7f:26:b8:a2:db:15:e8:cc:80:10:65:
         1d:e8:a4:2f:d1:e8:17:f1:86:e5:4a:bb:d6:0a:1a:1c:b5:0f:
         26:3f:63:ff:e0:a9:60:0d:5b:a5:e4:43:64:fc:a0:f4:2a:0f:
         33:d8:15:4f:e7:3c:8d:4a:12:e4:5c:ec:ee:56:13:7d:24:f7:
         6d:34:b7:c0:4d:c5:38:d1:26:5e:e5:b8:5b:1c:4f:46:9b:d5:
         a5:8a:db:33:60:50:fa:cd:e2:27:81:07:c5:99:c5:d0:30:d9:
         d4:2b:c9:41:96:5f:92:52:8b:ba:37:73:1f:af:27:96:b5:b8:
         a3:4d:72:e4:40:68:66:45:68:29:27:a7:ce:0d:b4:5c:90:f1:
         17:19:ef:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJpHu/bI59gGTI1KmVFcPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Nzg1NzczZGYzMTNiOTE3MTFiZjZiYzViMTQ5ZWNjMjQ2
YjllODkwHhcNMjQwMTAxMjIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2ZlNjQzNGYxNmU3MGQ1MGNjZGFmNDExZjVmMDVkMTIyNTM5ODdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPfgorw9gHCcT7Y+n15S5t84A7Ve
/mIEmxip+vTduxNwNuXFPC74ystb332jV5O6Jm+ozZJAumQ6vLhkI1CSFhw9FZ4f
ZPNYzEIk2UI9R4XTZOraPbQ72X4h50r2f2XNNe89D/o7cbaNPgYTICz3Z+WO38Po
9by8UGzwCk6WrqRKe1MGfWRtZfUhLzg7GJ+jQVXCzOh4s6t0+QswNBJvuW72cbXb
Ad7vR0ILk8BhGs+fRUfLDCAEVzRLjq6iOgUE9hom9e2iEG2n+c1KnQ3hKb/2T5yi
4m1MJg1/zlpwazeSFN24eAxXaXu4vDZNKH3dKi22IiFrL9dWv0n7JN69ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEf+ZDTxbnDVDM2vQR9fBdEiU5h8MB8GA1UdIwQY
MBaAFKZ4V3PfMTuRcRv2vFsUnswka56JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEt
ZDc1ODY5YzBjNzFlLzEvUl81a05QRnVjTlVNemE5QkgxOEYwU0pUbUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEtZDc1ODY5YzBjNzFl
LzEvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBue+yMA0G
CSqGSIb3DQEBCwUAA4IBAQBO8u1+/XAttY11dhdsxNLaKHjGy7hLAck9FGA26I8g
+ilP8GBHa0CaJCsRePZHHJkyF5S74JEk+NNF2zagicLVoMeXjdJYaWZZYAcA76zL
QjY/kvB3AUVJafEO8Ai7VN40EsZpQ2SaQSLuIzKJ5v/MzdNrfya4otsV6MyAEGUd
6KQv0egX8YblSrvWChoctQ8mP2P/4KlgDVul5ENk/KD0Kg8z2BVP5zyNShLkXOzu
VhN9JPdtNLfATcU40SZe5bhbHE9Gm9WlitszYFD6zeIngQfFmcXQMNnUK8lBll+S
Uou6N3MfryeWtbijTXLkQGhmRWgpJ6fODbRckPEXGe8t
-----END CERTIFICATE-----