Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/5Myqzp2wk3G-TeXRWjUjEjYncjo.roa
File:                     5Myqzp2wk3G-TeXRWjUjEjYncjo.roa (raw, json)
Hash identifier:          khsOXmiU/wooWARsZh2KdV21nEwQXfhO48140vRZDvs=
Subject key identifier:   E4:CC:AA:CE:9D:B0:93:71:BE:4D:E5:D1:5A:35:23:12:36:27:72:3A
Certificate issuer:       /CN=08af091858bb99651764399c6565df7a0834dbad
Certificate serial:       018CC86F84760B0EF9AB677AC0F20910F1BC
Authority key identifier: 08:AF:09:18:58:BB:99:65:17:64:39:9C:65:65:DF:7A:08:34:DB:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/5Myqzp2wk3G-TeXRWjUjEjYncjo.roa
Signing time:             Tue 02 Jan 2024 04:30:00 +0000
ROA not before:           Tue 02 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42088
IP address blocks:        185.212.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:84:76:0b:0e:f9:ab:67:7a:c0:f2:09:10:f1:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08af091858bb99651764399c6565df7a0834dbad
        Validity
            Not Before: Jan  2 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4ccaace9db09371be4de5d15a3523123627723a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:76:82:5b:1e:fd:7a:0e:c7:86:0f:c7:5d:df:
                    7f:46:55:24:71:70:18:79:c3:bb:15:d9:bb:19:56:
                    96:f7:0f:9b:04:db:9c:18:20:28:b7:57:7d:f5:14:
                    ca:8b:6f:5a:69:36:18:86:f9:e3:85:cb:05:29:3c:
                    6e:46:f4:6f:b7:54:ee:f3:f4:be:f1:d2:0b:8f:ce:
                    e8:17:28:fa:3d:be:91:c4:ef:2b:ba:47:0d:fb:77:
                    0f:81:7e:f7:50:69:8d:9a:53:d6:8c:1a:a7:e9:d4:
                    65:75:1c:ff:d3:71:4e:33:b1:42:59:74:82:f1:2e:
                    3c:25:d1:1b:8e:c2:60:f2:c3:41:6b:38:d3:ae:9d:
                    43:d5:8f:c1:0b:09:20:c8:b7:b7:f8:46:18:c1:46:
                    0d:bf:54:33:03:0b:01:ef:97:1f:86:9e:84:5c:10:
                    95:be:1c:58:3b:ba:57:0a:a9:9f:61:f9:d2:4c:01:
                    2c:54:6c:97:4d:28:0b:27:3b:0a:25:ef:5e:e6:18:
                    71:a9:ab:c4:3c:e6:3b:e9:69:3f:98:34:d1:64:ff:
                    f8:a7:61:10:19:87:b1:75:01:fd:a8:c8:0b:a0:c8:
                    20:27:00:b9:a3:1b:7a:fd:f9:48:65:1d:32:b9:98:
                    97:2d:a2:24:bb:71:35:cc:a6:a1:22:94:57:8e:81:
                    3f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:CC:AA:CE:9D:B0:93:71:BE:4D:E5:D1:5A:35:23:12:36:27:72:3A
            X509v3 Authority Key Identifier:
                keyid:08:AF:09:18:58:BB:99:65:17:64:39:9C:65:65:DF:7A:08:34:DB:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/5Myqzp2wk3G-TeXRWjUjEjYncjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:30:21:e6:96:14:22:dc:28:a3:a7:80:04:c4:a5:6a:6c:19:
         bb:bb:0c:a5:7d:4a:0a:5e:61:f2:f2:ea:df:11:24:8a:0e:b5:
         31:76:fc:85:bf:8c:98:03:5f:18:48:21:aa:8d:4c:06:19:91:
         48:f0:4f:90:03:37:43:c6:f7:e2:7a:c8:39:72:b2:fd:fd:71:
         ed:8a:93:fb:34:97:32:c8:04:70:49:c5:12:ed:69:c0:51:16:
         b8:e3:5f:a4:8e:30:26:9c:c2:bd:a2:27:b0:6b:92:24:2f:e1:
         a7:51:8b:d7:01:45:03:59:b1:f6:3c:26:38:35:e7:44:a4:52:
         9e:37:d2:4f:49:60:ca:8f:9f:13:c0:af:02:db:52:9a:db:a8:
         21:9f:1c:8c:ad:ef:5c:c1:b8:78:0c:8f:cd:91:f1:c8:f7:d9:
         c5:36:0f:f5:f0:f5:45:03:b4:08:b2:94:cb:d9:33:9c:b8:7d:
         16:78:67:ac:73:3e:4a:5b:84:f9:8f:d9:76:47:42:68:fc:31:
         58:76:54:56:fd:83:d6:8c:27:75:45:ff:88:ab:11:5e:44:38:
         87:cc:d9:83:7f:25:ab:d3:14:1a:0a:b0:09:94:02:2b:e3:28:
         4d:1c:ef:93:de:03:cd:9d:72:cc:e9:8b:c3:53:28:86:a0:2a:
         d8:8d:bd:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4R2Cw75q2d6wPIJEPG8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YWYwOTE4NThiYjk5NjUxNzY0Mzk5YzY1NjVkZjdhMDgz
NGRiYWQwHhcNMjQwMTAyMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGNjYWFjZTlkYjA5MzcxYmU0ZGU1ZDE1YTM1MjMxMjM2Mjc3MjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnaCWx79eg7Hhg/HXd9/RlUkcXAY
ecO7Fdm7GVaW9w+bBNucGCAot1d99RTKi29aaTYYhvnjhcsFKTxuRvRvt1Tu8/S+
8dILj87oFyj6Pb6RxO8rukcN+3cPgX73UGmNmlPWjBqn6dRldRz/03FOM7FCWXSC
8S48JdEbjsJg8sNBazjTrp1D1Y/BCwkgyLe3+EYYwUYNv1QzAwsB75cfhp6EXBCV
vhxYO7pXCqmfYfnSTAEsVGyXTSgLJzsKJe9e5hhxqavEPOY76Wk/mDTRZP/4p2EQ
GYexdQH9qMgLoMggJwC5oxt6/flIZR0yuZiXLaIku3E1zKahIpRXjoE/OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTMqs6dsJNxvk3l0Vo1IxI2J3I6MB8GA1UdIwQY
MBaAFAivCRhYu5llF2Q5nGVl33oINNutMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0s4SkdGaTdtV1VYWkRtY1pXWGZlZ2cwMjYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS83MDBmZDMtYzM2MC00OGFiLThhMDYt
NTYxMjliN2RjMDE4LzEvNU15cXpwMndrM0ctVGVYUldqVWpFalluY2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS83MDBmZDMtYzM2MC00OGFiLThhMDYtNTYxMjliN2RjMDE4
LzEvQ0s4SkdGaTdtV1VYWkRtY1pXWGZlZ2cwMjYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudT5MA0G
CSqGSIb3DQEBCwUAA4IBAQCMMCHmlhQi3Cijp4AExKVqbBm7uwylfUoKXmHy8urf
ESSKDrUxdvyFv4yYA18YSCGqjUwGGZFI8E+QAzdDxvfiesg5crL9/XHtipP7NJcy
yARwScUS7WnAURa441+kjjAmnMK9oiewa5IkL+GnUYvXAUUDWbH2PCY4NedEpFKe
N9JPSWDKj58TwK8C21Ka26ghnxyMre9cwbh4DI/NkfHI99nFNg/18PVFA7QIspTL
2TOcuH0WeGescz5KW4T5j9l2R0Jo/DFYdlRW/YPWjCd1Rf+IqxFeRDiHzNmDfyWr
0xQaCrAJlAIr4yhNHO+T3gPNnXLM6YvDUyiGoCrYjb0k
-----END CERTIFICATE-----