Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/S-RZogmO9eOg7wvY8qpho0ZDBJw.roa
File:                     S-RZogmO9eOg7wvY8qpho0ZDBJw.roa (raw, json)
Hash identifier:          VixBu6QgDFc5DCWX6FQX65MqOElfwl6wcnfqENZMKHI=
Subject key identifier:   4B:E4:59:A2:09:8E:F5:E3:A0:EF:0B:D8:F2:AA:61:A3:46:43:04:9C
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C3F9E7D2793271D30396564E1778
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/S-RZogmO9eOg7wvY8qpho0ZDBJw.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48359
IP address blocks:        185.126.42.0/23 maxlen: 23
                          109.232.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c3:f9:e7:d2:79:32:71:d3:03:96:56:4e:17:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4be459a2098ef5e3a0ef0bd8f2aa61a34643049c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5f:e4:ce:bf:a7:1b:2d:86:8a:c7:ca:8b:a0:
                    fd:60:f3:5e:73:2a:b2:4b:d1:f4:4c:f1:8a:08:c7:
                    9f:fd:fd:6b:48:d5:68:9c:d7:b0:61:08:2f:b1:c3:
                    60:2e:85:b0:62:9c:bc:ba:8a:84:23:bd:77:22:17:
                    ef:e3:22:8a:af:14:97:f3:e1:67:9d:fc:fc:67:3d:
                    ee:84:73:35:3d:ab:01:c2:a1:59:16:f6:78:bd:de:
                    fd:24:df:83:bb:af:46:a1:bb:93:63:c2:90:90:98:
                    06:43:9e:b9:90:c4:a4:4d:08:ea:c2:43:5c:6b:dd:
                    62:5b:90:a5:e0:c7:55:27:cd:b6:97:b3:6f:38:06:
                    4d:f7:79:81:51:12:7a:4f:47:bf:c2:8b:7d:3e:ca:
                    05:90:ca:54:bd:ad:f7:6b:53:a3:81:a6:0a:99:93:
                    60:73:26:e5:5d:e2:a4:00:ed:91:58:ab:f6:19:f2:
                    da:5c:7b:bb:4a:a7:9e:4b:5d:89:39:33:11:9b:ac:
                    ad:db:49:56:0e:82:7d:9a:66:5e:6a:c5:c9:33:f7:
                    ff:6d:d6:ae:a5:99:68:45:5a:29:0c:37:0c:9c:b5:
                    1a:09:db:ef:5a:eb:96:12:19:38:22:dc:d5:2e:b8:
                    b7:7e:ab:a4:cf:86:8d:9c:d4:4b:c7:6f:65:e4:b5:
                    a4:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:E4:59:A2:09:8E:F5:E3:A0:EF:0B:D8:F2:AA:61:A3:46:43:04:9C
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/S-RZogmO9eOg7wvY8qpho0ZDBJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.232.5.0/24
                  185.126.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:9b:b1:20:3d:6c:60:94:77:6d:a3:64:a2:db:2f:14:a2:9f:
         d3:57:ac:57:f4:55:13:ab:a6:7b:2c:c1:81:f9:dd:d5:0f:c8:
         b8:6d:43:20:69:34:d4:ce:ad:e9:84:16:a7:7b:f7:0c:82:58:
         59:1e:dc:e0:ea:c5:b2:03:fd:d1:5b:97:a9:15:f8:37:20:a4:
         c1:11:f9:80:75:92:c0:8d:08:5a:27:41:f9:66:b4:9f:e6:e7:
         12:50:7c:1c:47:05:76:fe:77:a1:c3:50:a4:19:59:64:73:df:
         89:fa:ab:df:60:bc:48:7b:2c:ef:c4:8f:0b:0f:35:d7:67:5e:
         0d:f5:92:c3:30:c4:4d:50:b2:ff:af:c8:66:54:8f:bf:10:a0:
         be:10:aa:40:10:d5:bd:6f:0a:24:c2:69:22:89:f2:e9:11:37:
         ce:4d:14:fe:db:f5:80:ef:ae:10:a2:5d:bf:11:7b:c3:bf:49:
         53:c4:58:66:af:a4:dc:df:c7:0b:48:a1:36:13:9b:d7:97:14:
         ce:d1:39:00:d1:e6:f7:d2:96:6d:2d:73:ce:cf:11:d2:ba:ef:
         fb:8b:c4:7f:17:72:36:66:08:cc:64:44:3a:b9:6d:10:04:6f:
         ab:63:9f:9c:68:2a:47:d2:40:1c:7d:56:70:70:8f:e9:35:88:
         60:b6:86:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSMP559J5MnHTA5ZWThd4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmU0NTlhMjA5OGVmNWUzYTBlZjBiZDhmMmFhNjFhMzQ2NDMwNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwF/kzr+nGy2GisfKi6D9YPNecyqy
S9H0TPGKCMef/f1rSNVonNewYQgvscNgLoWwYpy8uoqEI713Ihfv4yKKrxSX8+Fn
nfz8Zz3uhHM1PasBwqFZFvZ4vd79JN+Du69GobuTY8KQkJgGQ565kMSkTQjqwkNc
a91iW5Cl4MdVJ822l7NvOAZN93mBURJ6T0e/wot9PsoFkMpUva33a1OjgaYKmZNg
cyblXeKkAO2RWKv2GfLaXHu7SqeeS12JOTMRm6yt20lWDoJ9mmZeasXJM/f/bdau
pZloRVopDDcMnLUaCdvvWuuWEhk4ItzVLri3fqukz4aNnNRLx29l5LWkDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEvkWaIJjvXjoO8L2PKqYaNGQwScMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvUy1SWm9nbU85ZU9nN3d2WThxcGhvMFpEQkp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbegFAwQB
uX4qMA0GCSqGSIb3DQEBCwUAA4IBAQAWm7EgPWxglHdto2Si2y8Uop/TV6xX9FUT
q6Z7LMGB+d3VD8i4bUMgaTTUzq3phBane/cMglhZHtzg6sWyA/3RW5epFfg3IKTB
EfmAdZLAjQhaJ0H5ZrSf5ucSUHwcRwV2/nehw1CkGVlkc9+J+qvfYLxIeyzvxI8L
DzXXZ14N9ZLDMMRNULL/r8hmVI+/EKC+EKpAENW9bwokwmkiifLpETfOTRT+2/WA
764Qol2/EXvDv0lTxFhmr6Tc38cLSKE2E5vXlxTO0TkA0eb30pZtLXPOzxHSuu/7
i8R/F3I2ZgjMZEQ6uW0QBG+rY5+caCpH0kAcfVZwcI/pNYhgtoZz
-----END CERTIFICATE-----