Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/ShdWOdwwUbDIV9UE5K2APxqVRoc.roa
File:                     ShdWOdwwUbDIV9UE5K2APxqVRoc.roa (raw, json)
Hash identifier:          zMT/CN6OZpaAHm1usDw7VmlMZs1427dcbG2B6jmxJdE=
Subject key identifier:   4A:17:56:39:DC:30:51:B0:C8:57:D5:04:E4:AD:80:3F:1A:95:46:87
Certificate issuer:       /CN=1904ce28eae682c97acd2d862fee2897c3b096fd
Certificate serial:       018D78132333A5000C641B06FA3E02C4EE45
Authority key identifier: 19:04:CE:28:EA:E6:82:C9:7A:CD:2D:86:2F:EE:28:97:C3:B0:96:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GQTOKOrmgsl6zS2GL-4ol8Owlv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/ShdWOdwwUbDIV9UE5K2APxqVRoc.roa
Signing time:             Mon 05 Feb 2024 07:02:16 +0000
ROA not before:           Mon 05 Feb 2024 07:02:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44725
IP address blocks:        5.250.192.0/19 maxlen: 19
                          37.114.128.0/18 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/GQTOKOrmgsl6zS2GL-4ol8Owlv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/GQTOKOrmgsl6zS2GL-4ol8Owlv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GQTOKOrmgsl6zS2GL-4ol8Owlv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:13:23:33:a5:00:0c:64:1b:06:fa:3e:02:c4:ee:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1904ce28eae682c97acd2d862fee2897c3b096fd
        Validity
            Not Before: Feb  5 07:02:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a175639dc3051b0c857d504e4ad803f1a954687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:39:70:75:7f:90:2b:e4:b1:35:20:68:25:da:
                    f9:ac:31:41:ad:2b:c7:69:4a:c7:60:32:b6:08:c8:
                    18:4d:1b:11:4b:b2:ea:4f:26:fa:0c:3a:b0:5c:7d:
                    71:af:25:37:32:12:9a:b0:3d:e0:69:4b:e8:0d:4d:
                    88:d4:5c:82:da:7e:d3:05:2b:91:7c:fc:14:be:1c:
                    81:a3:42:b0:8d:60:01:5e:16:ee:b5:9e:79:47:96:
                    7f:2b:dd:b4:79:3d:7c:0d:0a:45:54:f8:f2:99:18:
                    58:47:ef:d6:c1:fb:56:5e:ce:19:67:fe:1e:f2:f4:
                    69:f3:0d:90:4e:df:df:f6:74:8e:19:e6:d7:58:1e:
                    6c:ec:c0:87:21:dd:4c:15:b7:94:95:ba:b8:27:26:
                    d0:f4:5d:02:7c:4b:42:a0:b3:1e:f6:05:d5:fc:9c:
                    a2:59:ec:01:6d:f0:5c:b5:67:01:d5:d7:d7:16:c7:
                    a6:94:92:37:b4:1c:11:2c:3f:1b:3f:be:b8:a2:3b:
                    e4:02:19:99:b3:48:07:a8:35:9c:fc:19:30:6d:2f:
                    96:02:57:5b:6a:ac:db:d9:ea:ad:7c:af:2e:86:4e:
                    9d:35:e6:e5:e8:1e:72:73:d8:72:64:06:29:45:02:
                    3e:bf:d6:1a:38:83:71:86:bc:ff:82:b2:20:0e:28:
                    a3:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:17:56:39:DC:30:51:B0:C8:57:D5:04:E4:AD:80:3F:1A:95:46:87
            X509v3 Authority Key Identifier:
                keyid:19:04:CE:28:EA:E6:82:C9:7A:CD:2D:86:2F:EE:28:97:C3:B0:96:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GQTOKOrmgsl6zS2GL-4ol8Owlv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/ShdWOdwwUbDIV9UE5K2APxqVRoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/GQTOKOrmgsl6zS2GL-4ol8Owlv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.250.192.0/19
                  37.114.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         61:a2:dc:65:bb:5c:a2:df:0b:c7:f2:f5:1a:90:bb:74:b8:c0:
         26:2e:61:99:54:35:47:11:a7:e4:ff:5c:2a:9a:d5:18:4d:0a:
         e0:fc:d8:c5:4b:34:ae:80:14:48:94:fd:7d:04:d7:d7:9e:7a:
         9b:1f:75:05:63:ea:d4:7f:b4:02:e0:c7:2c:f8:09:d6:8c:8d:
         ae:d4:a5:dc:6f:7a:e2:ae:d4:55:14:18:41:5e:03:8c:e1:c4:
         23:bc:51:7d:9f:e9:f3:1e:d7:ae:1f:9f:5f:cf:d3:49:ca:c5:
         23:6c:bc:8a:94:32:d2:a6:c8:c0:11:6a:82:f7:60:92:59:f5:
         79:a7:0d:57:cd:52:d6:ad:c2:e5:14:1f:ad:d4:5b:3e:da:c7:
         bc:ca:2a:46:c2:07:73:85:01:09:66:00:9c:c5:e1:b4:33:2b:
         ee:f1:f3:20:e7:9e:60:9d:3e:66:3e:08:ec:87:72:cf:d8:a5:
         35:50:37:9d:3f:60:62:25:d0:88:6d:b5:08:30:b3:80:e7:67:
         a6:5e:95:03:fd:bb:f1:3b:90:6b:76:92:f7:8c:d2:06:38:be:
         05:eb:e5:ed:82:41:09:fc:93:ca:f7:40:1b:ec:20:a6:86:b3:
         ae:12:a7:df:0e:27:13:48:59:c1:0a:17:35:98:6e:a1:3b:9e:
         61:05:63:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY14EyMzpQAMZBsG+j4CxO5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MDRjZTI4ZWFlNjgyYzk3YWNkMmQ4NjJmZWUyODk3YzNi
MDk2ZmQwHhcNMjQwMjA1MDcwMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTE3NTYzOWRjMzA1MWIwYzg1N2Q1MDRlNGFkODAzZjFhOTU0Njg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjlwdX+QK+SxNSBoJdr5rDFBrSvH
aUrHYDK2CMgYTRsRS7LqTyb6DDqwXH1xryU3MhKasD3gaUvoDU2I1FyC2n7TBSuR
fPwUvhyBo0KwjWABXhbutZ55R5Z/K920eT18DQpFVPjymRhYR+/WwftWXs4ZZ/4e
8vRp8w2QTt/f9nSOGebXWB5s7MCHId1MFbeUlbq4JybQ9F0CfEtCoLMe9gXV/Jyi
WewBbfBctWcB1dfXFsemlJI3tBwRLD8bP764ojvkAhmZs0gHqDWc/BkwbS+WAldb
aqzb2eqtfK8uhk6dNebl6B5yc9hyZAYpRQI+v9YaOINxhrz/grIgDiijtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEoXVjncMFGwyFfVBOStgD8alUaHMB8GA1UdIwQY
MBaAFBkEzijq5oLJes0thi/uKJfDsJb9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1FUT0tPcm1nc2w2elMyR0wtNG9sOE93bHYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9kMDQ4ZjYtMzQxYy00YzY0LWIzZDkt
MTVkNWRlYjIyOGRkLzEvU2hkV09kd3dVYkRJVjlVRTVLMkFQeHFWUm9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9kMDQ4ZjYtMzQxYy00YzY0LWIzZDktMTVkNWRlYjIyOGRk
LzEvR1FUT0tPcm1nc2w2elMyR0wtNG9sOE93bHYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFBfrAAwQG
JXKAMA0GCSqGSIb3DQEBCwUAA4IBAQBhotxlu1yi3wvH8vUakLt0uMAmLmGZVDVH
Eafk/1wqmtUYTQrg/NjFSzSugBRIlP19BNfXnnqbH3UFY+rUf7QC4Mcs+AnWjI2u
1KXcb3rirtRVFBhBXgOM4cQjvFF9n+nzHteuH59fz9NJysUjbLyKlDLSpsjAEWqC
92CSWfV5pw1XzVLWrcLlFB+t1Fs+2se8yipGwgdzhQEJZgCcxeG0Myvu8fMg555g
nT5mPgjsh3LP2KU1UDedP2BiJdCIbbUIMLOA52emXpUD/bvxO5BrdpL3jNIGOL4F
6+XtgkEJ/JPK90Ab7CCmhrOuEqffDicTSFnBChc1mG6hO55hBWMU
-----END CERTIFICATE-----