Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/021m7hkpK4GgGWCujiKC1-JEWe0.roa
File:                     021m7hkpK4GgGWCujiKC1-JEWe0.roa (raw, json)
Hash identifier:          jrIuWHqHB6j4xV3bp+2TX1QKyNO1AUGzr+9izBE7nk8=
Subject key identifier:   D3:6D:66:EE:19:29:2B:81:A0:19:60:AE:8E:22:82:D7:E2:44:59:ED
Certificate issuer:       /CN=f5c371f3a34abf1957d1895df8063f4d6207ec02
Certificate serial:       018CC49232007743833A0D9FF2F6133E38D2
Authority key identifier: F5:C3:71:F3:A3:4A:BF:19:57:D1:89:5D:F8:06:3F:4D:62:07:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9cNx86NKvxlX0Yld-AY_TWIH7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/021m7hkpK4GgGWCujiKC1-JEWe0.roa
Signing time:             Mon 01 Jan 2024 10:29:24 +0000
ROA not before:           Mon 01 Jan 2024 10:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209459
IP address blocks:        185.143.232.0/22 maxlen: 24
                          193.176.240.0/22 maxlen: 24
                          185.97.116.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/9cNx86NKvxlX0Yld-AY_TWIH7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/9cNx86NKvxlX0Yld-AY_TWIH7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9cNx86NKvxlX0Yld-AY_TWIH7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:32:00:77:43:83:3a:0d:9f:f2:f6:13:3e:38:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5c371f3a34abf1957d1895df8063f4d6207ec02
        Validity
            Not Before: Jan  1 10:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d36d66ee19292b81a01960ae8e2282d7e24459ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:af:69:3b:52:81:33:4d:0f:fa:43:2a:3d:76:
                    e3:39:a1:cc:80:e6:8e:7a:c5:96:50:af:72:69:4d:
                    a3:fe:d5:45:12:b2:dd:ad:59:30:99:92:7c:db:f1:
                    34:3b:4b:16:52:e9:5d:b0:fd:4b:a5:04:7e:8b:f3:
                    95:d9:d6:86:9b:a8:da:1f:f5:a3:33:ad:84:68:2e:
                    55:69:16:a5:ff:13:ad:38:c5:4c:3a:17:50:ee:62:
                    f6:28:0f:f6:99:f4:87:1f:9b:4b:02:b5:83:a0:b6:
                    3b:cd:5b:9c:0a:e6:79:77:4f:dc:77:48:38:d8:d8:
                    6e:14:7a:d3:9a:00:9b:c5:64:09:7e:6f:f7:9e:cb:
                    39:28:5e:aa:68:07:51:5c:8b:4c:59:f4:b9:ec:c7:
                    f6:87:1c:68:c6:e8:3a:84:0e:e6:16:af:32:06:95:
                    1a:4b:ca:33:d0:f9:d0:78:b9:43:43:e4:50:e3:64:
                    d5:c9:8c:d5:88:a7:bc:33:0f:af:70:72:a5:4b:d2:
                    99:27:8a:17:be:9c:ee:70:6b:ec:ce:1d:db:de:e5:
                    10:e5:c3:60:b5:0f:bd:55:0f:14:f0:12:dc:c9:a0:
                    b0:c3:a4:44:4c:ed:08:73:84:38:a2:50:b6:93:a4:
                    99:2c:3a:fb:d1:d9:61:ce:cd:3f:bf:8e:d7:c7:a4:
                    6b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:6D:66:EE:19:29:2B:81:A0:19:60:AE:8E:22:82:D7:E2:44:59:ED
            X509v3 Authority Key Identifier:
                keyid:F5:C3:71:F3:A3:4A:BF:19:57:D1:89:5D:F8:06:3F:4D:62:07:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9cNx86NKvxlX0Yld-AY_TWIH7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/021m7hkpK4GgGWCujiKC1-JEWe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/9cNx86NKvxlX0Yld-AY_TWIH7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.116.0/22
                  185.143.232.0/22
                  193.176.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:9d:67:b7:bc:27:6a:59:3d:6b:26:2c:eb:cf:95:7c:fd:d7:
         2c:00:e4:3e:82:87:f0:ae:51:1a:a4:01:58:39:cd:c8:3a:5c:
         22:36:6c:b4:6d:74:72:9e:e7:7f:1c:1a:2e:06:0f:6c:41:0d:
         e6:74:57:b4:00:0a:25:dc:e1:3b:9a:c7:1c:8a:d1:10:88:8a:
         06:6f:93:bc:ff:ab:db:96:87:95:78:c5:45:f7:dc:bd:ad:79:
         fe:13:2d:f7:27:50:d1:7b:aa:5e:c8:de:89:32:8f:9c:47:25:
         a5:a2:c7:db:f2:39:aa:93:53:f2:6e:7e:bb:88:2c:b3:b0:7c:
         4a:4d:f1:e0:ca:6c:ea:ad:8a:52:73:5f:ec:32:1b:10:7d:8f:
         8e:c7:0e:89:05:28:fe:5c:d7:0d:77:3a:f4:95:07:b5:c7:93:
         4a:9d:ab:0c:c2:53:05:3e:cf:a8:68:fa:1f:05:d7:f3:e8:e1:
         b7:68:3b:98:15:01:e9:e1:0e:47:37:2b:d4:be:07:80:69:e2:
         41:19:f3:de:49:e9:f7:f1:16:69:e2:2a:9f:d7:b0:91:55:c8:
         05:4e:67:29:90:0a:74:5d:63:c2:d2:17:1a:58:d7:21:f6:31:
         5b:68:a1:e1:fb:59:5a:f4:1c:26:23:c9:f3:00:08:87:3b:2a:
         57:5b:97:e3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEkjIAd0ODOg2f8vYTPjjSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1YzM3MWYzYTM0YWJmMTk1N2QxODk1ZGY4MDYzZjRkNjIw
N2VjMDIwHhcNMjQwMTAxMTAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzZkNjZlZTE5MjkyYjgxYTAxOTYwYWU4ZTIyODJkN2UyNDQ1OWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt69pO1KBM00P+kMqPXbjOaHMgOaO
esWWUK9yaU2j/tVFErLdrVkwmZJ82/E0O0sWUuldsP1LpQR+i/OV2daGm6jaH/Wj
M62EaC5VaRal/xOtOMVMOhdQ7mL2KA/2mfSHH5tLArWDoLY7zVucCuZ5d0/cd0g4
2NhuFHrTmgCbxWQJfm/3nss5KF6qaAdRXItMWfS57Mf2hxxoxug6hA7mFq8yBpUa
S8oz0PnQeLlDQ+RQ42TVyYzViKe8Mw+vcHKlS9KZJ4oXvpzucGvszh3b3uUQ5cNg
tQ+9VQ8U8BLcyaCww6RETO0Ic4Q4olC2k6SZLDr70dlhzs0/v47Xx6RrQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNNtZu4ZKSuBoBlgro4igtfiRFntMB8GA1UdIwQY
MBaAFPXDcfOjSr8ZV9GJXfgGP01iB+wCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWNOeDg2Tkt2eGxYMFlsZC1BWV9UV0lIN0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS81YjBjZDktZTI3OS00NmFhLTgxZGEt
MWJiMTdhOGIyNmZlLzEvMDIxbTdoa3BLNEdnR1dDdWppS0MxLUpFV2UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS81YjBjZDktZTI3OS00NmFhLTgxZGEtMWJiMTdhOGIyNmZl
LzEvOWNOeDg2Tkt2eGxYMFlsZC1BWV9UV0lIN0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuWF0AwQC
uY/oAwQCwbDwMA0GCSqGSIb3DQEBCwUAA4IBAQA4nWe3vCdqWT1rJizrz5V8/dcs
AOQ+gofwrlEapAFYOc3IOlwiNmy0bXRynud/HBouBg9sQQ3mdFe0AAol3OE7mscc
itEQiIoGb5O8/6vbloeVeMVF99y9rXn+Ey33J1DRe6peyN6JMo+cRyWlosfb8jmq
k1Pybn67iCyzsHxKTfHgymzqrYpSc1/sMhsQfY+Oxw6JBSj+XNcNdzr0lQe1x5NK
nasMwlMFPs+oaPofBdfz6OG3aDuYFQHp4Q5HNyvUvgeAaeJBGfPeSen38RZp4iqf
17CRVcgFTmcpkAp0XWPC0hcaWNch9jFbaKHh+1la9BwmI8nzAAiHOypXW5fj
-----END CERTIFICATE-----