Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/0cda74-c9bb-4d92-9e6f-38997821ffce/1/R5CtwtXPAJLOxegbk23RjRQeLCg.roa
File:                     R5CtwtXPAJLOxegbk23RjRQeLCg.roa (raw, json)
Hash identifier:          ivMEGxDod5prF5IHlHO06ZWXPAMpHNXzm4F7DPJi0kM=
Subject key identifier:   47:90:AD:C2:D5:CF:00:92:CE:C5:E8:1B:93:6D:D1:8D:14:1E:2C:28
Certificate issuer:       /CN=3547913ce3a11588b59c3c9f9da9ff77f248ac12
Certificate serial:       018CC9BBB631258953B8471170692AEBA037
Authority key identifier: 35:47:91:3C:E3:A1:15:88:B5:9C:3C:9F:9D:A9:FF:77:F2:48:AC:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NUeRPOOhFYi1nDyfnan_d_JIrBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/0cda74-c9bb-4d92-9e6f-38997821ffce/1/R5CtwtXPAJLOxegbk23RjRQeLCg.roa
Signing time:             Tue 02 Jan 2024 10:32:51 +0000
ROA not before:           Tue 02 Jan 2024 10:32:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203175
IP address blocks:        185.137.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/0cda74-c9bb-4d92-9e6f-38997821ffce/1/NUeRPOOhFYi1nDyfnan_d_JIrBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/0cda74-c9bb-4d92-9e6f-38997821ffce/1/NUeRPOOhFYi1nDyfnan_d_JIrBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NUeRPOOhFYi1nDyfnan_d_JIrBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:b6:31:25:89:53:b8:47:11:70:69:2a:eb:a0:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3547913ce3a11588b59c3c9f9da9ff77f248ac12
        Validity
            Not Before: Jan  2 10:32:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4790adc2d5cf0092cec5e81b936dd18d141e2c28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8e:7d:17:f5:00:30:d8:9a:35:76:82:f6:69:
                    45:20:b9:3c:bc:49:5b:b2:8e:8f:6c:d5:b1:d4:11:
                    65:1b:a6:1c:6f:e0:61:f2:47:9b:56:a6:6c:86:fe:
                    9e:0f:d4:25:c0:3b:cb:c5:47:6a:d0:ed:5f:73:89:
                    28:d8:0b:b5:b1:05:98:be:37:3e:8a:bd:5e:05:8d:
                    2b:4d:6c:08:05:ff:d6:5b:ca:8f:d1:33:64:b4:10:
                    e2:31:c0:40:a9:32:4d:32:5d:a8:6f:c0:96:e9:8b:
                    32:1d:4e:76:1b:62:f4:a0:93:f9:81:b6:82:62:a6:
                    31:60:4f:2d:74:19:bd:45:e8:1b:5c:50:aa:1d:ef:
                    bd:29:83:ed:93:78:81:0e:b0:ae:3d:bf:0c:fa:13:
                    ff:9e:e4:4b:7e:81:dd:dc:60:fb:12:5d:8e:38:28:
                    95:7e:96:c9:82:8d:53:7e:69:12:35:44:6c:f2:c4:
                    3e:f6:40:0a:a6:34:42:7b:34:0e:f1:a9:95:49:91:
                    42:40:cd:49:2f:4b:66:08:9b:7e:ab:3c:8a:10:73:
                    92:99:c0:f1:59:c9:d8:39:2a:d5:7c:ee:a5:66:e5:
                    e3:55:88:44:8b:e1:df:c6:4b:bd:7f:f0:cc:21:b6:
                    1a:ba:a1:31:d8:f6:10:47:77:e1:9f:66:34:b6:d6:
                    1a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:90:AD:C2:D5:CF:00:92:CE:C5:E8:1B:93:6D:D1:8D:14:1E:2C:28
            X509v3 Authority Key Identifier:
                keyid:35:47:91:3C:E3:A1:15:88:B5:9C:3C:9F:9D:A9:FF:77:F2:48:AC:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NUeRPOOhFYi1nDyfnan_d_JIrBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0cda74-c9bb-4d92-9e6f-38997821ffce/1/R5CtwtXPAJLOxegbk23RjRQeLCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/0cda74-c9bb-4d92-9e6f-38997821ffce/1/NUeRPOOhFYi1nDyfnan_d_JIrBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:f4:02:2d:fe:94:3c:29:c0:aa:6e:cf:b7:a2:3d:b3:45:07:
         91:61:be:7d:84:5f:9d:de:0e:e4:fd:de:b6:7c:e7:61:0a:fd:
         1a:ac:cd:0f:df:65:1b:43:20:a0:17:04:34:08:52:d4:d4:5d:
         0c:61:85:01:a8:31:94:57:fc:7f:96:c5:cc:b0:58:94:88:0d:
         88:eb:9f:56:54:bb:78:90:b2:22:08:ae:ea:ba:bb:2e:1a:d6:
         8a:75:55:53:e5:e4:fc:24:2f:35:56:a2:3a:7d:7c:6f:f0:79:
         a3:28:b4:44:f9:74:de:b8:e6:6e:eb:56:f5:af:a1:d9:6b:86:
         d6:83:97:b2:db:93:1d:61:60:25:c1:4e:e0:0d:dc:ad:7e:78:
         39:75:df:66:c4:40:e8:9e:e5:f9:97:61:b1:1d:0e:85:ed:0e:
         a2:f0:42:c0:27:87:f7:f6:a0:4e:1c:57:36:07:dc:bf:17:03:
         e0:3f:ac:6c:0c:ce:59:cd:3a:b1:a5:05:3d:0d:67:a0:68:ee:
         ac:b6:44:2f:b3:16:9f:d6:02:c8:ec:1a:8c:41:40:ce:c2:24:
         25:fa:ce:17:f0:d7:01:62:9e:b4:a2:f5:9f:3e:d0:f2:ac:26:
         8a:e4:6b:a6:53:1a:33:a9:64:c3:5d:2b:c1:8e:98:25:a7:21:
         0d:b7:3e:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu7YxJYlTuEcRcGkq66A3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NDc5MTNjZTNhMTE1ODhiNTljM2M5ZjlkYTlmZjc3ZjI0
OGFjMTIwHhcNMjQwMTAyMTAzMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzkwYWRjMmQ1Y2YwMDkyY2VjNWU4MWI5MzZkZDE4ZDE0MWUyYzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlY59F/UAMNiaNXaC9mlFILk8vElb
so6PbNWx1BFlG6Ycb+Bh8kebVqZshv6eD9QlwDvLxUdq0O1fc4ko2Au1sQWYvjc+
ir1eBY0rTWwIBf/WW8qP0TNktBDiMcBAqTJNMl2ob8CW6YsyHU52G2L0oJP5gbaC
YqYxYE8tdBm9RegbXFCqHe+9KYPtk3iBDrCuPb8M+hP/nuRLfoHd3GD7El2OOCiV
fpbJgo1TfmkSNURs8sQ+9kAKpjRCezQO8amVSZFCQM1JL0tmCJt+qzyKEHOSmcDx
WcnYOSrVfO6lZuXjVYhEi+Hfxku9f/DMIbYauqEx2PYQR3fhn2Y0ttYaQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEeQrcLVzwCSzsXoG5Nt0Y0UHiwoMB8GA1UdIwQY
MBaAFDVHkTzjoRWItZw8n52p/3fySKwSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlVlUlBPT2hGWWkxbkR5Zm5hbl9kX0pJckJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wY2RhNzQtYzliYi00ZDkyLTllNmYt
Mzg5OTc4MjFmZmNlLzEvUjVDdHd0WFBBSkxPeGVnYmsyM1JqUlFlTENnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wY2RhNzQtYzliYi00ZDkyLTllNmYtMzg5OTc4MjFmZmNl
LzEvTlVlUlBPT2hGWWkxbkR5Zm5hbl9kX0pJckJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYkdMA0G
CSqGSIb3DQEBCwUAA4IBAQAL9AIt/pQ8KcCqbs+3oj2zRQeRYb59hF+d3g7k/d62
fOdhCv0arM0P32UbQyCgFwQ0CFLU1F0MYYUBqDGUV/x/lsXMsFiUiA2I659WVLt4
kLIiCK7qursuGtaKdVVT5eT8JC81VqI6fXxv8HmjKLRE+XTeuOZu61b1r6HZa4bW
g5ey25MdYWAlwU7gDdytfng5dd9mxEDonuX5l2GxHQ6F7Q6i8ELAJ4f39qBOHFc2
B9y/FwPgP6xsDM5ZzTqxpQU9DWegaO6stkQvsxaf1gLI7BqMQUDOwiQl+s4X8NcB
Yp60ovWfPtDyrCaK5GumUxozqWTDXSvBjpglpyENtz7q
-----END CERTIFICATE-----