Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/29fcb9-305c-406b-a7a4-1f6b2d14f4f9/1/lJYoeJpUjyLAh-U0jgXP7QKIeU4.roa
File:                     lJYoeJpUjyLAh-U0jgXP7QKIeU4.roa (raw, json)
Hash identifier:          e8HMbm4K6WYrDDBvwNN218WgfLu0K2vXEa/BGtGhR0w=
Subject key identifier:   94:96:28:78:9A:54:8F:22:C0:87:E5:34:8E:05:CF:ED:02:88:79:4E
Certificate issuer:       /CN=5c57c8f8d9ee5e2ce7043e1ec26bb1693f7f121f
Certificate serial:       018CC5012D90929123B369BFB5ECFB5714B5
Authority key identifier: 5C:57:C8:F8:D9:EE:5E:2C:E7:04:3E:1E:C2:6B:B1:69:3F:7F:12:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XFfI-NnuXiznBD4ewmuxaT9_Eh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/29fcb9-305c-406b-a7a4-1f6b2d14f4f9/1/lJYoeJpUjyLAh-U0jgXP7QKIeU4.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        185.173.8.0/22 maxlen: 24
                          5.133.40.0/21 maxlen: 24
                          2a04:ed00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/29fcb9-305c-406b-a7a4-1f6b2d14f4f9/1/XFfI-NnuXiznBD4ewmuxaT9_Eh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/29fcb9-305c-406b-a7a4-1f6b2d14f4f9/1/XFfI-NnuXiznBD4ewmuxaT9_Eh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XFfI-NnuXiznBD4ewmuxaT9_Eh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2d:90:92:91:23:b3:69:bf:b5:ec:fb:57:14:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c57c8f8d9ee5e2ce7043e1ec26bb1693f7f121f
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=949628789a548f22c087e5348e05cfed0288794e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:5e:5f:d3:60:3e:09:72:09:dd:8a:f7:fe:17:
                    0c:64:56:0e:f2:a8:0c:74:a3:2f:ef:c7:2d:77:7b:
                    74:09:e7:69:bc:74:2d:64:37:93:8b:52:f8:7d:18:
                    98:38:bd:14:26:86:19:b5:80:5a:17:53:d6:64:21:
                    9d:b1:1a:0c:ac:2e:69:ca:42:ff:85:39:76:d9:ec:
                    ca:3b:d3:c1:6b:ed:05:c2:f2:4e:eb:3e:ac:8f:5a:
                    46:3a:d5:a7:22:66:db:94:fe:67:5f:9a:9b:82:93:
                    19:02:b6:da:b5:30:6d:ba:cd:04:d0:e1:f7:bc:dd:
                    47:8e:18:67:91:66:6c:46:6d:74:84:6b:2c:4e:e3:
                    80:32:e9:41:6c:35:71:9a:2b:a3:18:79:d0:86:6b:
                    83:ef:f1:1a:27:a1:24:b0:a0:d0:1a:bc:2b:15:51:
                    4a:8a:cf:5e:ef:c6:2d:d9:99:67:34:aa:59:2c:ee:
                    b9:74:41:67:bd:04:24:b5:95:08:8d:4c:cf:f1:c7:
                    98:6d:90:4f:ce:0d:2e:a5:0a:d7:ad:5d:63:2e:6a:
                    7a:c7:9c:8f:93:05:06:52:c0:2f:17:1d:f2:b5:85:
                    d5:35:e8:11:21:29:11:82:87:ed:72:3d:cd:11:57:
                    82:4c:a0:f3:04:b5:33:7c:38:57:1e:b0:26:b0:02:
                    42:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:96:28:78:9A:54:8F:22:C0:87:E5:34:8E:05:CF:ED:02:88:79:4E
            X509v3 Authority Key Identifier:
                keyid:5C:57:C8:F8:D9:EE:5E:2C:E7:04:3E:1E:C2:6B:B1:69:3F:7F:12:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XFfI-NnuXiznBD4ewmuxaT9_Eh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/29fcb9-305c-406b-a7a4-1f6b2d14f4f9/1/lJYoeJpUjyLAh-U0jgXP7QKIeU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/29fcb9-305c-406b-a7a4-1f6b2d14f4f9/1/XFfI-NnuXiznBD4ewmuxaT9_Eh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.40.0/21
                  185.173.8.0/22
                IPv6:
                  2a04:ed00::/29

    Signature Algorithm: sha256WithRSAEncryption
         88:5a:14:4f:31:a8:e0:cf:f6:16:de:7c:18:7a:50:06:56:25:
         b8:6e:27:e3:43:c3:29:0d:97:7e:b1:e3:1e:a8:da:f2:fa:c7:
         cb:4a:a8:18:7f:3c:23:4a:25:db:8f:3d:ab:d2:71:3c:c4:14:
         23:23:d6:fa:85:70:09:0a:e9:28:59:f3:fe:a1:d8:5a:47:83:
         a1:ac:55:40:8e:91:30:09:58:6a:70:be:2d:fc:70:a8:60:2b:
         69:60:3a:f5:d4:60:84:24:d9:5d:2b:db:83:29:f4:ee:cb:a5:
         4b:db:cb:22:cb:0f:0b:7a:26:68:3c:32:0e:99:11:31:31:70:
         1c:21:a5:39:b9:e6:89:e5:a4:58:8a:be:4c:d7:94:07:77:8d:
         9e:78:c0:33:63:34:3f:dc:ee:1f:0b:64:19:67:a1:24:d2:75:
         98:7a:26:93:c6:f1:4a:d3:29:be:89:61:5d:f9:e5:ad:36:6c:
         8f:67:23:db:92:1f:47:ae:88:13:ca:7e:dd:01:c1:d2:50:e6:
         b8:97:8f:50:24:07:09:00:6e:29:82:13:59:b8:48:00:ee:41:
         e7:62:0c:91:7a:ee:32:2a:38:12:ed:9b:94:09:6f:ad:5b:34:
         83:90:17:63:e9:b2:22:a3:42:54:80:7a:33:91:de:ff:10:a3:
         b4:fc:e6:05
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFAS2QkpEjs2m/tez7VxS1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNTdjOGY4ZDllZTVlMmNlNzA0M2UxZWMyNmJiMTY5M2Y3
ZjEyMWYwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDk2Mjg3ODlhNTQ4ZjIyYzA4N2U1MzQ4ZTA1Y2ZlZDAyODg3OTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4l5f02A+CXIJ3Yr3/hcMZFYO8qgM
dKMv78ctd3t0CedpvHQtZDeTi1L4fRiYOL0UJoYZtYBaF1PWZCGdsRoMrC5pykL/
hTl22ezKO9PBa+0FwvJO6z6sj1pGOtWnImbblP5nX5qbgpMZArbatTBtus0E0OH3
vN1HjhhnkWZsRm10hGssTuOAMulBbDVxmiujGHnQhmuD7/EaJ6EksKDQGrwrFVFK
is9e78Yt2ZlnNKpZLO65dEFnvQQktZUIjUzP8ceYbZBPzg0upQrXrV1jLmp6x5yP
kwUGUsAvFx3ytYXVNegRISkRgoftcj3NEVeCTKDzBLUzfDhXHrAmsAJCFwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJSWKHiaVI8iwIflNI4Fz+0CiHlOMB8GA1UdIwQY
MBaAFFxXyPjZ7l4s5wQ+HsJrsWk/fxIfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEZmSS1ObnVYaXpuQkQ0ZXdtdXhhVDlfRWg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8yOWZjYjktMzA1Yy00MDZiLWE3YTQt
MWY2YjJkMTRmNGY5LzEvbEpZb2VKcFVqeUxBaC1VMGpnWFA3UUtJZVU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8yOWZjYjktMzA1Yy00MDZiLWE3YTQtMWY2YjJkMTRmNGY5
LzEvWEZmSS1ObnVYaXpuQkQ0ZXdtdXhhVDlfRWg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBYUoAwQC
ua0IMA0EAgACMAcDBQMqBO0AMA0GCSqGSIb3DQEBCwUAA4IBAQCIWhRPMajgz/YW
3nwYelAGViW4bifjQ8MpDZd+seMeqNry+sfLSqgYfzwjSiXbjz2r0nE8xBQjI9b6
hXAJCukoWfP+odhaR4OhrFVAjpEwCVhqcL4t/HCoYCtpYDr11GCEJNldK9uDKfTu
y6VL28siyw8LeiZoPDIOmRExMXAcIaU5ueaJ5aRYir5M15QHd42eeMAzYzQ/3O4f
C2QZZ6Ek0nWYeiaTxvFK0ym+iWFd+eWtNmyPZyPbkh9HrogTyn7dAcHSUOa4l49Q
JAcJAG4pghNZuEgA7kHnYgyReu4yKjgS7ZuUCW+tWzSDkBdj6bIio0JUgHozkd7/
EKO0/OYF
-----END CERTIFICATE-----