Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/3e8fb3-48be-4083-b221-2cd00910bcb7/1/5w-IeZYhsPT4FybImYh9QeQ5_Tg.roa
File:                     5w-IeZYhsPT4FybImYh9QeQ5_Tg.roa (raw, json)
Hash identifier:          UzE8Vo1fxTCQUcz73JL7iQZ6HT54Dpyst8ncHgp5Omk=
Subject key identifier:   E7:0F:88:79:96:21:B0:F4:F8:17:26:C8:99:88:7D:41:E4:39:FD:38
Certificate issuer:       /CN=43301775b3fdff04a227d6d859c01b6d633a4f0b
Certificate serial:       018CC348D246A79AFBF75DB049F04EC12D01
Authority key identifier: 43:30:17:75:B3:FD:FF:04:A2:27:D6:D8:59:C0:1B:6D:63:3A:4F:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QzAXdbP9_wSiJ9bYWcAbbWM6Tws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/3e8fb3-48be-4083-b221-2cd00910bcb7/1/5w-IeZYhsPT4FybImYh9QeQ5_Tg.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201946
IP address blocks:        185.49.8.0/24 maxlen: 24
                          185.49.9.0/24 maxlen: 24
                          185.49.8.0/22 maxlen: 22
                          185.49.10.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/3e8fb3-48be-4083-b221-2cd00910bcb7/1/QzAXdbP9_wSiJ9bYWcAbbWM6Tws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/3e8fb3-48be-4083-b221-2cd00910bcb7/1/QzAXdbP9_wSiJ9bYWcAbbWM6Tws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QzAXdbP9_wSiJ9bYWcAbbWM6Tws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d2:46:a7:9a:fb:f7:5d:b0:49:f0:4e:c1:2d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43301775b3fdff04a227d6d859c01b6d633a4f0b
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e70f88799621b0f4f81726c899887d41e439fd38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:07:d7:32:da:55:d8:49:61:5c:28:94:18:7e:
                    7e:30:94:9b:84:ea:a3:73:58:6a:88:1b:0e:a0:72:
                    01:c2:9a:6e:d7:ca:81:da:d6:48:e9:4c:0e:be:df:
                    32:19:55:d6:e6:77:f7:4c:e4:41:ef:19:0b:e5:0c:
                    31:d6:b0:3d:cf:2d:19:4b:59:eb:5c:61:e8:5d:c3:
                    d4:fb:6c:78:12:a8:8d:eb:49:a8:85:8a:36:5f:f0:
                    6b:da:27:8f:9b:f4:e4:23:6f:3d:25:8f:ec:cc:9c:
                    90:54:cd:d9:34:20:6b:ce:c8:03:63:53:ba:dc:dd:
                    b4:75:38:3a:a3:cb:5c:da:08:ab:96:09:26:1b:3d:
                    5b:6e:19:c9:65:d1:0c:b2:1c:4b:7f:8e:7a:95:61:
                    61:87:61:70:4a:f2:8f:ca:af:26:07:a9:ef:a8:17:
                    75:3d:ce:94:d5:2f:37:29:8b:82:32:a0:4d:58:95:
                    db:fb:18:fc:80:ed:cc:4f:5f:82:87:a6:db:ae:13:
                    96:d0:52:58:d6:5e:ed:8f:53:30:fe:e4:40:21:91:
                    04:c5:89:da:c1:a8:2a:35:b1:d9:91:d5:61:2e:b6:
                    7a:76:49:3b:23:b5:33:75:0c:ca:f8:03:7a:5e:1e:
                    f2:76:a8:e4:19:47:c1:df:29:61:5d:41:5c:f5:ce:
                    38:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:0F:88:79:96:21:B0:F4:F8:17:26:C8:99:88:7D:41:E4:39:FD:38
            X509v3 Authority Key Identifier:
                keyid:43:30:17:75:B3:FD:FF:04:A2:27:D6:D8:59:C0:1B:6D:63:3A:4F:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QzAXdbP9_wSiJ9bYWcAbbWM6Tws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/3e8fb3-48be-4083-b221-2cd00910bcb7/1/5w-IeZYhsPT4FybImYh9QeQ5_Tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/3e8fb3-48be-4083-b221-2cd00910bcb7/1/QzAXdbP9_wSiJ9bYWcAbbWM6Tws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:d1:2c:35:e8:b7:d6:5c:1f:10:3b:9a:97:f8:00:ec:90:4d:
         c2:77:e4:74:c5:5a:e7:9f:3e:96:93:38:0e:5b:58:08:28:ea:
         b8:99:14:05:f0:cf:12:10:3d:6d:6d:5e:6c:32:63:ea:96:bc:
         ab:29:9c:bc:6a:35:a4:cd:85:0a:89:bc:ca:53:d3:58:0c:0a:
         a6:82:07:ef:ff:1e:fa:1c:b5:f0:4e:8d:59:e3:96:9d:07:2d:
         09:83:fd:f6:57:9b:a5:3d:bd:2c:da:c0:72:af:5b:40:18:fa:
         08:30:f6:f0:d6:22:71:88:39:dc:51:b3:2c:58:9e:74:e8:b3:
         2a:eb:7d:85:9a:3d:2a:4f:f1:19:16:7b:90:f5:43:0e:2b:5e:
         39:42:2a:8d:fe:b0:5c:51:80:cb:f1:68:27:8d:d3:05:ed:e6:
         74:c7:a3:f5:cb:65:1c:1e:6b:31:bc:2d:e6:9e:1c:14:fb:6d:
         80:59:7e:4b:57:13:d8:2f:8d:40:84:b5:4a:08:2a:96:99:cc:
         be:4c:c6:e1:9f:11:b9:ca:c4:ef:43:2c:2d:61:93:76:b4:fc:
         d6:97:c2:a8:c1:b4:62:4a:76:9c:cb:84:2c:99:75:ed:e7:c6:
         4b:60:4e:d6:3c:d9:54:6b:85:a2:13:ec:e4:33:0c:50:e6:fe:
         da:2a:8f:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNJGp5r7912wSfBOwS0BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMzAxNzc1YjNmZGZmMDRhMjI3ZDZkODU5YzAxYjZkNjMz
YTRmMGIwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzBmODg3OTk2MjFiMGY0ZjgxNzI2Yzg5OTg4N2Q0MWU0MzlmZDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwfXMtpV2ElhXCiUGH5+MJSbhOqj
c1hqiBsOoHIBwppu18qB2tZI6UwOvt8yGVXW5nf3TORB7xkL5Qwx1rA9zy0ZS1nr
XGHoXcPU+2x4EqiN60mohYo2X/Br2iePm/TkI289JY/szJyQVM3ZNCBrzsgDY1O6
3N20dTg6o8tc2girlgkmGz1bbhnJZdEMshxLf456lWFhh2FwSvKPyq8mB6nvqBd1
Pc6U1S83KYuCMqBNWJXb+xj8gO3MT1+Ch6bbrhOW0FJY1l7tj1Mw/uRAIZEExYna
wagqNbHZkdVhLrZ6dkk7I7UzdQzK+AN6Xh7ydqjkGUfB3ylhXUFc9c44sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcPiHmWIbD0+BcmyJmIfUHkOf04MB8GA1UdIwQY
MBaAFEMwF3Wz/f8EoifW2FnAG21jOk8LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXpBWGRiUDlfd1NpSjliWVdjQWJiV002VHdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8zZThmYjMtNDhiZS00MDgzLWIyMjEt
MmNkMDA5MTBiY2I3LzEvNXctSWVaWWhzUFQ0RnliSW1ZaDlRZVE1X1RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8zZThmYjMtNDhiZS00MDgzLWIyMjEtMmNkMDA5MTBiY2I3
LzEvUXpBWGRiUDlfd1NpSjliWVdjQWJiV002VHdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTEIMA0G
CSqGSIb3DQEBCwUAA4IBAQBf0Sw16LfWXB8QO5qX+ADskE3Cd+R0xVrnnz6WkzgO
W1gIKOq4mRQF8M8SED1tbV5sMmPqlryrKZy8ajWkzYUKibzKU9NYDAqmggfv/x76
HLXwTo1Z45adBy0Jg/32V5ulPb0s2sByr1tAGPoIMPbw1iJxiDncUbMsWJ506LMq
632Fmj0qT/EZFnuQ9UMOK145QiqN/rBcUYDL8WgnjdMF7eZ0x6P1y2UcHmsxvC3m
nhwU+22AWX5LVxPYL41AhLVKCCqWmcy+TMbhnxG5ysTvQywtYZN2tPzWl8KowbRi
Snacy4QsmXXt58ZLYE7WPNlUa4WiE+zkMwxQ5v7aKo9g
-----END CERTIFICATE-----