Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/kuez1iA_11dfaTRwPKgQ9y1-0_Y.roa
File:                     kuez1iA_11dfaTRwPKgQ9y1-0_Y.roa (raw, json)
Hash identifier:          +SbYqXIGvd5BJas6VkVuLWLgLkbZxVyhTd/xY7hUwwo=
Subject key identifier:   92:E7:B3:D6:20:3F:D7:57:5F:69:34:70:3C:A8:10:F7:2D:7E:D3:F6
Certificate issuer:       /CN=1e8d205c798ed78f3c44ca0c8f2852e8bec8eaa2
Certificate serial:       018CC94D8284C3B6F74EA40D4823A610F5D4
Authority key identifier: 1E:8D:20:5C:79:8E:D7:8F:3C:44:CA:0C:8F:28:52:E8:BE:C8:EA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ho0gXHmO1488RMoMjyhS6L7I6qI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/kuez1iA_11dfaTRwPKgQ9y1-0_Y.roa
Signing time:             Tue 02 Jan 2024 08:32:29 +0000
ROA not before:           Tue 02 Jan 2024 08:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58250
IP address blocks:        5.42.235.0/24 maxlen: 24
                          5.42.234.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/Ho0gXHmO1488RMoMjyhS6L7I6qI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/Ho0gXHmO1488RMoMjyhS6L7I6qI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ho0gXHmO1488RMoMjyhS6L7I6qI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:82:84:c3:b6:f7:4e:a4:0d:48:23:a6:10:f5:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e8d205c798ed78f3c44ca0c8f2852e8bec8eaa2
        Validity
            Not Before: Jan  2 08:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92e7b3d6203fd7575f6934703ca810f72d7ed3f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:fa:e5:54:06:65:be:ca:88:92:06:a7:38:c5:
                    79:ca:cf:9c:f4:d4:56:be:3d:4c:b0:d9:44:0c:08:
                    85:40:64:8a:7c:65:08:75:ae:48:f8:ae:dd:b8:ac:
                    bb:a5:40:e6:e7:c2:aa:d3:63:42:ff:61:7f:1c:42:
                    66:e5:13:a8:a3:d7:4a:4d:66:b3:d9:b3:6c:50:09:
                    56:1d:43:fd:b3:e4:1f:e7:f3:82:b4:3d:86:68:aa:
                    76:db:5c:e1:37:fc:4d:9e:44:ab:2c:5d:42:19:df:
                    33:34:8a:9b:02:8f:60:2f:b6:8c:10:42:86:56:c3:
                    24:f4:c6:18:02:f4:54:b4:01:82:5a:00:f4:51:47:
                    30:43:75:c7:a4:64:8e:bf:b9:77:0f:7e:c8:2e:96:
                    db:52:70:09:07:25:76:fa:41:02:d1:f6:8f:0a:aa:
                    e8:48:f0:a5:5f:e2:55:11:0b:ee:5e:c8:f6:e7:e4:
                    30:97:db:01:ab:9b:72:89:b9:aa:53:d6:d2:7c:a5:
                    41:6c:80:d3:92:d5:40:b3:cd:a5:c7:79:a1:4a:57:
                    fd:02:51:65:8c:a4:d4:20:d6:ed:d8:f0:3a:29:58:
                    98:ae:23:64:31:ee:95:96:28:33:55:48:db:eb:f5:
                    08:08:18:d3:97:a3:8c:82:d9:a7:32:5c:d9:f4:35:
                    53:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:E7:B3:D6:20:3F:D7:57:5F:69:34:70:3C:A8:10:F7:2D:7E:D3:F6
            X509v3 Authority Key Identifier:
                keyid:1E:8D:20:5C:79:8E:D7:8F:3C:44:CA:0C:8F:28:52:E8:BE:C8:EA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ho0gXHmO1488RMoMjyhS6L7I6qI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/kuez1iA_11dfaTRwPKgQ9y1-0_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/298898-7454-402b-81e9-ee1bd344f015/1/Ho0gXHmO1488RMoMjyhS6L7I6qI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:7e:66:df:1d:84:d4:a4:ef:ce:27:13:ed:1e:67:27:62:83:
         ea:e1:c6:96:c0:fd:ce:71:d2:cd:57:cf:01:e5:14:60:33:d3:
         e6:70:b2:52:78:63:5b:1e:55:84:37:15:bb:d6:57:1f:5c:f9:
         38:65:8c:c7:f6:ae:32:98:2c:d0:3d:48:ff:55:52:77:60:9a:
         4b:4e:d5:e6:bb:3e:29:bd:15:b5:30:66:3e:19:45:1d:81:ca:
         ee:b5:9b:ca:51:54:8a:e0:c0:84:c9:2c:c7:09:04:a8:6c:ca:
         09:2d:06:de:41:a5:f2:14:40:42:a5:c7:c8:f6:3b:1f:61:16:
         f1:be:df:10:29:8b:42:79:7a:b4:3f:56:22:16:e7:64:f5:c9:
         a0:8c:09:51:3c:5f:04:97:80:2c:6e:85:ee:bf:8c:18:ef:d5:
         ca:22:b8:2a:fa:48:51:1a:7b:88:f7:b3:da:aa:e3:c8:48:1a:
         07:14:3f:22:bb:f3:32:a6:ca:5b:d8:3c:6f:c0:76:3f:66:d0:
         22:11:ea:59:8a:c4:fa:a8:bb:2a:72:68:67:de:a3:2d:d7:9e:
         db:e0:24:df:94:69:2c:78:a6:25:58:c0:48:de:55:9e:de:be:
         cb:2f:66:3a:63:67:db:9d:c5:4e:c3:4e:0f:fb:ab:ad:4c:9d:
         d7:75:3b:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTYKEw7b3TqQNSCOmEPXUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOGQyMDVjNzk4ZWQ3OGYzYzQ0Y2EwYzhmMjg1MmU4YmVj
OGVhYTIwHhcNMjQwMTAyMDgzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmU3YjNkNjIwM2ZkNzU3NWY2OTM0NzAzY2E4MTBmNzJkN2VkM2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPrlVAZlvsqIkganOMV5ys+c9NRW
vj1MsNlEDAiFQGSKfGUIda5I+K7duKy7pUDm58Kq02NC/2F/HEJm5ROoo9dKTWaz
2bNsUAlWHUP9s+Qf5/OCtD2GaKp221zhN/xNnkSrLF1CGd8zNIqbAo9gL7aMEEKG
VsMk9MYYAvRUtAGCWgD0UUcwQ3XHpGSOv7l3D37ILpbbUnAJByV2+kEC0faPCqro
SPClX+JVEQvuXsj25+Qwl9sBq5tyibmqU9bSfKVBbIDTktVAs82lx3mhSlf9AlFl
jKTUINbt2PA6KViYriNkMe6VligzVUjb6/UICBjTl6OMgtmnMlzZ9DVTMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLns9YgP9dXX2k0cDyoEPctftP2MB8GA1UdIwQY
MBaAFB6NIFx5jtePPETKDI8oUui+yOqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSG8wZ1hIbU8xNDg4Uk1vTWp5aFM2TDdJNnFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yOTg4OTgtNzQ1NC00MDJiLTgxZTkt
ZWUxYmQzNDRmMDE1LzEva3VlejFpQV8xMWRmYVRSd1BLZ1E5eTEtMF9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yOTg4OTgtNzQ1NC00MDJiLTgxZTktZWUxYmQzNDRmMDE1
LzEvSG8wZ1hIbU8xNDg4Uk1vTWp5aFM2TDdJNnFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBSrqMA0G
CSqGSIb3DQEBCwUAA4IBAQB0fmbfHYTUpO/OJxPtHmcnYoPq4caWwP3OcdLNV88B
5RRgM9PmcLJSeGNbHlWENxW71lcfXPk4ZYzH9q4ymCzQPUj/VVJ3YJpLTtXmuz4p
vRW1MGY+GUUdgcrutZvKUVSK4MCEySzHCQSobMoJLQbeQaXyFEBCpcfI9jsfYRbx
vt8QKYtCeXq0P1YiFudk9cmgjAlRPF8El4AsboXuv4wY79XKIrgq+khRGnuI97Pa
quPISBoHFD8iu/Mypspb2DxvwHY/ZtAiEepZisT6qLsqcmhn3qMt157b4CTflGks
eKYlWMBI3lWe3r7LL2Y6Y2fbncVOw04P+6utTJ3XdTu8
-----END CERTIFICATE-----