Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/pOFuNkLBMNZPe45RMVbnIt0jYiw.roa
File:                     pOFuNkLBMNZPe45RMVbnIt0jYiw.roa (raw, json)
Hash identifier:          LwL7Od5ygbmO/XBedBt8WAKytI66HS4+FsLJgaeEdec=
Subject key identifier:   A4:E1:6E:36:42:C1:30:D6:4F:7B:8E:51:31:56:E7:22:DD:23:62:2C
Certificate issuer:       /CN=53d0359f9f8b20815ce4d988e109bf82306e4c74
Certificate serial:       018F7250BFBB3A8073846B5F7789D82DE285
Authority key identifier: 53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/pOFuNkLBMNZPe45RMVbnIt0jYiw.roa
Signing time:             Mon 13 May 2024 14:17:25 +0000
ROA not before:           Mon 13 May 2024 14:17:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        185.239.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:72:50:bf:bb:3a:80:73:84:6b:5f:77:89:d8:2d:e2:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53d0359f9f8b20815ce4d988e109bf82306e4c74
        Validity
            Not Before: May 13 14:17:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4e16e3642c130d64f7b8e513156e722dd23622c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ae:e2:39:ce:0e:72:14:3f:74:86:6b:51:33:
                    09:17:e2:80:3a:21:2e:e6:71:e8:69:d6:ad:f9:da:
                    33:d5:24:6f:95:33:15:f8:dd:61:66:6f:ec:71:25:
                    0b:ec:59:50:5f:06:5a:19:20:fc:5f:7c:79:d8:ca:
                    9e:c2:36:f2:5b:67:25:6d:24:c4:5f:29:96:7d:12:
                    6d:cf:51:04:20:8f:8e:28:e3:57:9e:01:8b:22:c4:
                    07:33:48:f0:2f:14:22:33:96:2f:99:2a:d1:1b:4b:
                    92:62:ef:45:4c:9f:78:ae:25:78:7c:33:7f:cb:46:
                    40:78:19:12:5e:ed:7b:26:53:b1:e5:d8:5e:5e:5c:
                    44:99:b6:77:19:ef:66:44:c7:70:c6:af:13:ed:35:
                    25:56:01:88:cf:38:8d:d0:c2:5d:f3:33:86:53:f7:
                    1a:a9:4d:1d:98:ce:4f:55:fb:86:b5:e1:02:5c:77:
                    1c:47:9b:21:f4:27:21:d7:3c:e7:34:3f:1b:5c:f1:
                    03:57:71:ae:0d:b3:18:7c:6e:69:f9:f5:8e:52:dd:
                    ba:33:1d:ad:f8:76:14:a9:74:43:04:4b:d5:e2:28:
                    95:01:52:25:0a:47:e6:84:9f:56:b4:45:89:0d:f4:
                    2d:7b:1c:82:3d:44:94:31:09:2d:09:71:f3:39:5b:
                    95:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:E1:6E:36:42:C1:30:D6:4F:7B:8E:51:31:56:E7:22:DD:23:62:2C
            X509v3 Authority Key Identifier:
                keyid:53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/pOFuNkLBMNZPe45RMVbnIt0jYiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:cb:41:68:99:eb:34:da:e1:76:f2:26:c0:cf:64:01:3e:81:
         b6:92:7b:51:dc:f8:dd:f3:57:b5:68:42:eb:95:c9:77:28:eb:
         2d:16:39:a3:61:42:44:a5:70:5e:b2:97:eb:d2:8f:0d:cf:10:
         5b:56:72:7c:b7:ab:5a:95:98:52:c3:00:ec:79:08:ed:2b:1f:
         30:50:f6:4d:4e:de:82:4c:f6:5f:de:eb:47:3f:6e:17:06:9e:
         6a:69:46:53:76:ae:f0:81:60:f5:8b:21:03:33:c2:0f:05:61:
         5c:a0:cb:cd:df:73:9d:fb:7b:30:5d:64:92:28:21:de:f6:10:
         2c:9a:71:6c:cc:9e:f6:2d:25:9a:ee:87:f9:0a:be:41:e9:45:
         19:9e:08:c6:46:30:c1:a4:a6:3a:33:cb:ae:83:02:10:5a:9a:
         d4:00:a6:4a:bc:4d:bb:0f:ef:3a:37:8b:8a:b6:ea:30:7a:a6:
         29:d9:58:e2:b8:1a:58:72:94:02:2b:19:44:55:d8:c0:52:ca:
         9a:04:22:6a:5a:98:35:41:87:ff:a3:d3:ac:96:a5:40:e1:39:
         cf:3a:57:5c:5f:5a:3e:0b:f4:fe:a7:98:9c:15:1d:dd:a3:ee:
         75:be:1d:1f:d7:2a:4b:f2:b4:bd:a9:0e:31:2e:19:7d:bd:f8:
         d5:d1:de:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9yUL+7OoBzhGtfd4nYLeKFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZDAzNTlmOWY4YjIwODE1Y2U0ZDk4OGUxMDliZjgyMzA2
ZTRjNzQwHhcNMjQwNTEzMTQxNzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGUxNmUzNjQyYzEzMGQ2NGY3YjhlNTEzMTU2ZTcyMmRkMjM2MjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5q7iOc4OchQ/dIZrUTMJF+KAOiEu
5nHoadat+doz1SRvlTMV+N1hZm/scSUL7FlQXwZaGSD8X3x52MqewjbyW2clbSTE
XymWfRJtz1EEII+OKONXngGLIsQHM0jwLxQiM5YvmSrRG0uSYu9FTJ94riV4fDN/
y0ZAeBkSXu17JlOx5dheXlxEmbZ3Ge9mRMdwxq8T7TUlVgGIzziN0MJd8zOGU/ca
qU0dmM5PVfuGteECXHccR5sh9Cch1zznND8bXPEDV3GuDbMYfG5p+fWOUt26Mx2t
+HYUqXRDBEvV4iiVAVIlCkfmhJ9WtEWJDfQtexyCPUSUMQktCXHzOVuVIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKThbjZCwTDWT3uOUTFW5yLdI2IsMB8GA1UdIwQY
MBaAFFPQNZ+fiyCBXOTZiOEJv4Iwbkx0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTlBMW41LUxJSUZjNU5tSTRRbV9nakJ1VEhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC80OTM1NzEtMjEwZS00ZDFhLTg4MTkt
YTZjNDljZTkwNzU2LzEvcE9GdU5rTEJNTlpQZTQ1Uk1WYm5JdDBqWWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC80OTM1NzEtMjEwZS00ZDFhLTg4MTktYTZjNDljZTkwNzU2
LzEvVTlBMW41LUxJSUZjNU5tSTRRbV9nakJ1VEhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue+9MA0G
CSqGSIb3DQEBCwUAA4IBAQBly0Fomes02uF28ibAz2QBPoG2kntR3Pjd81e1aELr
lcl3KOstFjmjYUJEpXBespfr0o8NzxBbVnJ8t6talZhSwwDseQjtKx8wUPZNTt6C
TPZf3utHP24XBp5qaUZTdq7wgWD1iyEDM8IPBWFcoMvN33Od+3swXWSSKCHe9hAs
mnFszJ72LSWa7of5Cr5B6UUZngjGRjDBpKY6M8uugwIQWprUAKZKvE27D+86N4uK
tuoweqYp2VjiuBpYcpQCKxlEVdjAUsqaBCJqWpg1QYf/o9OslqVA4TnPOldcX1o+
C/T+p5icFR3do+51vh0f1ypL8rS9qQ4xLhl9vfjV0d7F
-----END CERTIFICATE-----