Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/fydMIRlz63PW3cmozfrk_NgRN3w.roa
File:                     fydMIRlz63PW3cmozfrk_NgRN3w.roa (raw, json)
Hash identifier:          RqEMgoB8/e12hE3b+CCLNDfNx6pybdWpQ68AfhTVSkY=
Subject key identifier:   7F:27:4C:21:19:73:EB:73:D6:DD:C9:A8:CD:FA:E4:FC:D8:11:37:7C
Certificate issuer:       /CN=53d0359f9f8b20815ce4d988e109bf82306e4c74
Certificate serial:       01909857E09B83460CB708759B1D1E6FA20F
Authority key identifier: 53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/fydMIRlz63PW3cmozfrk_NgRN3w.roa
Signing time:             Tue 09 Jul 2024 16:33:34 +0000
ROA not before:           Tue 09 Jul 2024 16:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        185.239.188.0/24 maxlen: 24
                          185.239.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:98:57:e0:9b:83:46:0c:b7:08:75:9b:1d:1e:6f:a2:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53d0359f9f8b20815ce4d988e109bf82306e4c74
        Validity
            Not Before: Jul  9 16:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f274c211973eb73d6ddc9a8cdfae4fcd811377c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:01:19:41:41:85:76:40:8f:f2:bc:8d:59:6e:
                    03:03:77:81:ba:9a:5a:b6:7d:85:c4:19:f4:61:85:
                    43:43:cc:4c:0b:38:70:aa:9e:e1:1b:85:e7:fa:96:
                    90:0d:38:ff:f1:c8:2c:a3:7b:8e:79:1e:03:26:39:
                    99:a0:eb:b1:cf:b0:23:82:d3:b4:5d:ed:f7:de:f8:
                    8d:b0:b9:12:37:65:2b:cd:89:fa:f1:90:36:0a:92:
                    5a:91:ad:6f:d4:3d:a8:29:11:31:d3:fb:ee:39:e6:
                    85:f8:f7:57:84:f1:d2:56:de:ba:6c:e2:5c:bc:d5:
                    4d:43:d9:a2:0e:9f:4d:0d:72:1f:90:64:41:48:6f:
                    bf:6f:77:d4:0a:09:18:bc:d4:12:a1:72:72:ff:5d:
                    8a:4f:45:db:a2:c6:8c:b5:c0:15:15:e3:34:58:02:
                    9b:b0:2a:68:5c:ed:4b:7d:46:e3:9f:0a:f1:39:be:
                    0a:76:6c:11:ad:87:97:05:3c:a1:01:9e:39:0a:e7:
                    c2:8f:1e:12:47:4e:f5:3b:f4:08:c5:2e:89:24:97:
                    10:96:26:f5:a5:e4:e2:35:fb:ca:04:0d:3c:44:0a:
                    a3:25:1e:a5:63:44:85:40:9f:92:01:11:d6:90:22:
                    ad:f0:a8:e5:ed:63:34:da:8c:4b:61:fa:96:7c:19:
                    8a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:27:4C:21:19:73:EB:73:D6:DD:C9:A8:CD:FA:E4:FC:D8:11:37:7C
            X509v3 Authority Key Identifier:
                keyid:53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/fydMIRlz63PW3cmozfrk_NgRN3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.188.0/24
                  185.239.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:3f:2a:8b:44:0f:30:d4:4c:6e:17:24:8a:51:86:23:b3:73:
         27:c4:be:6d:80:10:4a:78:1e:60:f5:3e:a3:28:9e:15:f1:2f:
         66:d7:ee:ba:1b:39:87:51:73:16:a1:dd:1a:40:c8:7d:8e:71:
         ca:ea:8a:20:5d:4f:ba:a7:05:8d:cc:9c:9f:e8:02:02:d5:36:
         4d:16:07:43:67:10:17:2f:46:79:ec:55:f4:6a:a9:ce:8f:1a:
         55:78:49:d1:e9:4f:4f:fd:cd:23:6c:92:8f:97:00:7e:ad:10:
         28:47:13:57:fa:6f:57:6f:a4:eb:16:7f:ea:d0:cb:94:31:34:
         19:93:ca:31:61:51:db:96:f1:e3:98:8f:ab:79:a0:3d:eb:6c:
         ad:65:73:49:d0:e0:13:0a:41:3f:87:02:87:f9:42:45:d6:86:
         20:0b:9b:c8:7d:61:cf:20:1e:a8:1e:3a:6c:2e:33:7a:28:56:
         48:b6:3b:d3:92:4c:e6:4e:62:b9:a6:6b:82:18:44:db:a0:3e:
         eb:98:02:e8:b1:ce:07:8b:48:70:57:90:43:24:d9:a9:56:3c:
         fc:a0:09:45:12:4c:96:91:14:22:1b:1e:51:50:d3:29:df:1f:
         dc:2e:e6:7e:8d:e8:25:3c:03:2a:29:7a:45:44:c5:f0:22:e3:
         31:7b:ed:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCYV+Cbg0YMtwh1mx0eb6IPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZDAzNTlmOWY4YjIwODE1Y2U0ZDk4OGUxMDliZjgyMzA2
ZTRjNzQwHhcNMjQwNzA5MTYzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjI3NGMyMTE5NzNlYjczZDZkZGM5YThjZGZhZTRmY2Q4MTEzNzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwEZQUGFdkCP8ryNWW4DA3eBuppa
tn2FxBn0YYVDQ8xMCzhwqp7hG4Xn+paQDTj/8cgso3uOeR4DJjmZoOuxz7AjgtO0
Xe333viNsLkSN2UrzYn68ZA2CpJaka1v1D2oKREx0/vuOeaF+PdXhPHSVt66bOJc
vNVNQ9miDp9NDXIfkGRBSG+/b3fUCgkYvNQSoXJy/12KT0XbosaMtcAVFeM0WAKb
sCpoXO1LfUbjnwrxOb4KdmwRrYeXBTyhAZ45CufCjx4SR071O/QIxS6JJJcQlib1
peTiNfvKBA08RAqjJR6lY0SFQJ+SARHWkCKt8Kjl7WM02oxLYfqWfBmKuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH8nTCEZc+tz1t3JqM365PzYETd8MB8GA1UdIwQY
MBaAFFPQNZ+fiyCBXOTZiOEJv4Iwbkx0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTlBMW41LUxJSUZjNU5tSTRRbV9nakJ1VEhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC80OTM1NzEtMjEwZS00ZDFhLTg4MTkt
YTZjNDljZTkwNzU2LzEvZnlkTUlSbHo2M1BXM2Ntb3pmcmtfTmdSTjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC80OTM1NzEtMjEwZS00ZDFhLTg4MTktYTZjNDljZTkwNzU2
LzEvVTlBMW41LUxJSUZjNU5tSTRRbV9nakJ1VEhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAue+8AwQA
ue++MA0GCSqGSIb3DQEBCwUAA4IBAQA3PyqLRA8w1ExuFySKUYYjs3MnxL5tgBBK
eB5g9T6jKJ4V8S9m1+66GzmHUXMWod0aQMh9jnHK6oogXU+6pwWNzJyf6AIC1TZN
FgdDZxAXL0Z57FX0aqnOjxpVeEnR6U9P/c0jbJKPlwB+rRAoRxNX+m9Xb6TrFn/q
0MuUMTQZk8oxYVHblvHjmI+reaA962ytZXNJ0OATCkE/hwKH+UJF1oYgC5vIfWHP
IB6oHjpsLjN6KFZItjvTkkzmTmK5pmuCGETboD7rmALosc4Hi0hwV5BDJNmpVjz8
oAlFEkyWkRQiGx5RUNMp3x/cLuZ+jeglPAMqKXpFRMXwIuMxe+3B
-----END CERTIFICATE-----