Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/ODYuP52ifkHVkda4BnvvoBDv3i0.roa
File:                     ODYuP52ifkHVkda4BnvvoBDv3i0.roa (raw, json)
Hash identifier:          Syk81rlFJd8p740MNbqd4MRXy4L2MpqIbjxMgMnVoMM=
Subject key identifier:   38:36:2E:3F:9D:A2:7E:41:D5:91:D6:B8:06:7B:EF:A0:10:EF:DE:2D
Certificate issuer:       /CN=411dea53467b6c7143eb23d284569a8183b2e82f
Certificate serial:       018CCA2A05BC62BE815044B283116A60D655
Authority key identifier: 41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/ODYuP52ifkHVkda4BnvvoBDv3i0.roa
Signing time:             Tue 02 Jan 2024 12:33:20 +0000
ROA not before:           Tue 02 Jan 2024 12:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5541
IP address blocks:        84.239.0.0/22 maxlen: 22
                          84.239.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 22:03:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:05:bc:62:be:81:50:44:b2:83:11:6a:60:d6:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411dea53467b6c7143eb23d284569a8183b2e82f
        Validity
            Not Before: Jan  2 12:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38362e3f9da27e41d591d6b8067befa010efde2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c9:f8:3e:98:5d:88:80:86:c0:eb:79:ef:c9:
                    71:9e:26:a5:0c:7b:b3:06:76:cb:7f:11:09:48:c4:
                    25:cb:f7:66:4b:04:f4:36:16:72:18:8c:82:5e:b1:
                    c1:d8:71:aa:87:fb:2b:d5:81:06:9f:99:b9:6f:06:
                    66:db:cb:5c:bf:46:ba:2e:fb:12:d3:ff:9e:8e:0b:
                    c5:77:6d:40:86:24:c5:63:0d:06:47:a3:74:af:e2:
                    9d:ab:96:90:25:41:de:dd:b9:41:43:d0:83:da:f4:
                    b8:33:4e:13:38:b2:e4:91:8a:65:4f:75:d2:59:32:
                    70:a2:ac:da:47:be:36:c5:92:63:fc:07:2f:48:f5:
                    5f:c0:4f:3f:f8:ae:2a:5d:0a:58:e4:e4:10:e9:1d:
                    01:28:41:bb:35:da:68:af:28:af:24:84:ed:b8:5d:
                    8b:ec:a2:c0:91:af:1b:45:60:e8:ab:6c:cd:75:ad:
                    98:bd:57:33:bd:fb:b7:06:2f:9d:42:b5:36:78:cc:
                    5c:b3:94:8f:d6:7f:8b:d6:2b:f1:e8:8c:0a:c4:e1:
                    6e:ba:41:0b:bc:dd:5b:af:90:c8:95:5a:68:6f:61:
                    ed:91:b0:01:2a:2f:8c:8a:2b:f8:1f:cd:71:4b:e8:
                    9c:89:f6:6d:37:2a:1f:37:ed:35:5e:52:c8:bf:cf:
                    05:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:36:2E:3F:9D:A2:7E:41:D5:91:D6:B8:06:7B:EF:A0:10:EF:DE:2D
            X509v3 Authority Key Identifier:
                keyid:41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/ODYuP52ifkHVkda4BnvvoBDv3i0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.239.0.0/22
                  84.239.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:4a:c0:09:06:4b:17:21:84:31:24:f8:57:2d:af:ea:e8:96:
         33:41:1c:1c:9e:d0:f8:41:48:95:52:2e:2f:28:f7:a7:f0:56:
         ee:22:fd:73:e8:c3:58:29:ce:2c:83:44:9e:81:76:67:6e:4f:
         8d:13:34:f4:9e:80:22:a0:87:61:9b:37:d5:6a:23:83:b3:cd:
         2c:57:65:85:73:6a:4d:60:ae:d9:a4:ba:3b:eb:d4:50:26:dd:
         84:67:0c:1a:a0:f5:19:7e:cc:f0:bb:fb:9e:64:c0:30:b0:d1:
         7b:ed:83:e9:1b:c3:47:62:ed:56:7e:b0:a0:21:8d:03:07:fd:
         4c:11:5c:69:a1:9d:68:aa:d8:2a:69:6b:88:2b:20:de:5d:c9:
         cf:41:a7:71:63:cf:33:8f:53:4e:a5:a1:e1:62:46:14:c1:92:
         7d:a7:cb:f2:42:f6:4d:bf:31:1f:2e:63:3f:02:52:10:59:52:
         c7:7f:2a:ff:3c:3e:f6:13:7d:f0:ce:e9:9c:51:30:55:9d:ed:
         b6:48:81:97:f5:3d:4b:cc:f4:47:c5:07:56:06:af:3a:65:8f:
         60:9a:ee:5e:2a:42:d1:62:f1:46:48:1f:30:3a:d2:3f:33:69:
         04:c4:01:f2:c4:8b:45:34:14:8e:47:c6:a8:94:75:f5:0b:d8:
         c4:21:44:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKgW8Yr6BUESygxFqYNZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWRlYTUzNDY3YjZjNzE0M2ViMjNkMjg0NTY5YTgxODNi
MmU4MmYwHhcNMjQwMTAyMTIzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODM2MmUzZjlkYTI3ZTQxZDU5MWQ2YjgwNjdiZWZhMDEwZWZkZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8n4PphdiICGwOt578lxnialDHuz
BnbLfxEJSMQly/dmSwT0NhZyGIyCXrHB2HGqh/sr1YEGn5m5bwZm28tcv0a6LvsS
0/+ejgvFd21AhiTFYw0GR6N0r+Kdq5aQJUHe3blBQ9CD2vS4M04TOLLkkYplT3XS
WTJwoqzaR742xZJj/AcvSPVfwE8/+K4qXQpY5OQQ6R0BKEG7NdporyivJITtuF2L
7KLAka8bRWDoq2zNda2YvVczvfu3Bi+dQrU2eMxcs5SP1n+L1ivx6IwKxOFuukEL
vN1br5DIlVpob2HtkbABKi+Miiv4H81xS+icifZtNyofN+01XlLIv88F5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDg2Lj+don5B1ZHWuAZ776AQ794tMB8GA1UdIwQY
MBaAFEEd6lNGe2xxQ+sj0oRWmoGDsugvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEt
NDcxMjBiOTA2OWI3LzEvT0RZdVA1Mmlma0hWa2RhNEJudnZvQkR2M2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEtNDcxMjBiOTA2OWI3
LzEvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCVO8AAwQA
VO8NMA0GCSqGSIb3DQEBCwUAA4IBAQBtSsAJBksXIYQxJPhXLa/q6JYzQRwcntD4
QUiVUi4vKPen8FbuIv1z6MNYKc4sg0SegXZnbk+NEzT0noAioIdhmzfVaiODs80s
V2WFc2pNYK7ZpLo769RQJt2EZwwaoPUZfszwu/ueZMAwsNF77YPpG8NHYu1WfrCg
IY0DB/1MEVxpoZ1oqtgqaWuIKyDeXcnPQadxY88zj1NOpaHhYkYUwZJ9p8vyQvZN
vzEfLmM/AlIQWVLHfyr/PD72E33wzumcUTBVne22SIGX9T1LzPRHxQdWBq86ZY9g
mu5eKkLRYvFGSB8wOtI/M2kExAHyxItFNBSOR8aolHX1C9jEIUTN
-----END CERTIFICATE-----