Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/dcc48f-cfcc-4a58-a6d0-29b68e048a9e/1/zxlEwUWQfr2R9evisSY4_o06jyc.roa
File:                     zxlEwUWQfr2R9evisSY4_o06jyc.roa (raw, json)
Hash identifier:          dnBvNrGyrkjezOcAL4atmQ30W4ObbQxgC2Fr8LOBxRM=
Subject key identifier:   CF:19:44:C1:45:90:7E:BD:91:F5:EB:E2:B1:26:38:FE:8D:3A:8F:27
Certificate issuer:       /CN=3780e7868fbb2617175062a5e7b9e1c049cbdf74
Certificate serial:       018D450329E2D09CA4BF9F0F62CD4FAA2885
Authority key identifier: 37:80:E7:86:8F:BB:26:17:17:50:62:A5:E7:B9:E1:C0:49:CB:DF:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N4Dnho-7JhcXUGKl57nhwEnL33Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/dcc48f-cfcc-4a58-a6d0-29b68e048a9e/1/zxlEwUWQfr2R9evisSY4_o06jyc.roa
Signing time:             Fri 26 Jan 2024 09:04:11 +0000
ROA not before:           Fri 26 Jan 2024 09:04:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207744
IP address blocks:        188.190.192.0/19 maxlen: 19
                          188.190.192.0/21 maxlen: 21
                          188.190.217.0/24 maxlen: 24
                          188.190.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/dcc48f-cfcc-4a58-a6d0-29b68e048a9e/1/N4Dnho-7JhcXUGKl57nhwEnL33Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/dcc48f-cfcc-4a58-a6d0-29b68e048a9e/1/N4Dnho-7JhcXUGKl57nhwEnL33Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N4Dnho-7JhcXUGKl57nhwEnL33Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 12:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:45:03:29:e2:d0:9c:a4:bf:9f:0f:62:cd:4f:aa:28:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3780e7868fbb2617175062a5e7b9e1c049cbdf74
        Validity
            Not Before: Jan 26 09:04:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf1944c145907ebd91f5ebe2b12638fe8d3a8f27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:83:b7:5b:29:72:21:b7:95:d2:f9:a6:a4:27:
                    b0:a8:8d:ce:85:bc:bd:52:b7:48:3b:79:b2:3f:9b:
                    b8:a4:35:24:36:0b:26:1b:21:91:da:05:2c:4a:ec:
                    7a:39:87:be:6a:8e:97:24:7e:c3:c4:da:60:aa:69:
                    d7:6d:f2:84:d0:ce:f5:b4:f9:f5:72:54:42:57:bb:
                    03:42:a5:78:f5:19:e8:5a:d1:f5:19:cf:cb:cc:e2:
                    06:50:9f:f7:4a:e0:d6:34:53:d8:0e:36:05:13:0f:
                    90:2f:48:db:79:81:69:86:b3:99:84:61:b8:46:a6:
                    87:81:2a:ca:5d:de:d6:21:c4:ec:59:2e:09:87:18:
                    f5:3a:fb:15:ab:0d:e4:a0:94:36:f1:d5:30:df:0a:
                    fc:ba:c6:23:55:c0:62:a1:54:1b:77:e9:b6:f1:6c:
                    5f:b9:a8:5d:1f:c5:76:12:f3:b8:7e:2b:84:6b:fa:
                    1e:4f:da:2e:b9:52:03:e7:53:70:3c:f2:92:d4:b1:
                    79:44:e4:3f:3b:29:10:06:e2:52:7f:cc:8a:58:6c:
                    d8:f9:d3:5f:20:93:f0:a3:19:9a:31:e0:b3:b1:9f:
                    ad:76:d4:bd:4a:81:93:45:09:87:6b:7c:06:f3:ac:
                    ff:76:c9:38:77:9b:77:b4:47:03:a0:d6:34:38:d2:
                    29:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:19:44:C1:45:90:7E:BD:91:F5:EB:E2:B1:26:38:FE:8D:3A:8F:27
            X509v3 Authority Key Identifier:
                keyid:37:80:E7:86:8F:BB:26:17:17:50:62:A5:E7:B9:E1:C0:49:CB:DF:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N4Dnho-7JhcXUGKl57nhwEnL33Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/dcc48f-cfcc-4a58-a6d0-29b68e048a9e/1/zxlEwUWQfr2R9evisSY4_o06jyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/dcc48f-cfcc-4a58-a6d0-29b68e048a9e/1/N4Dnho-7JhcXUGKl57nhwEnL33Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.190.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         01:e4:6a:4a:fb:f9:7e:7d:0b:09:70:54:23:0a:d6:bd:a6:04:
         d5:aa:49:51:14:6c:bc:fd:af:a3:22:d3:69:9e:ff:0e:e9:72:
         3b:23:d0:89:57:32:db:c2:db:98:de:3a:0e:89:6f:3e:ee:12:
         fc:f5:99:77:6f:e7:de:8c:59:e8:fe:87:9e:5e:82:52:63:a8:
         3b:53:16:f5:c1:2b:b7:cf:16:98:61:8c:41:4c:dd:72:e9:5a:
         bd:8f:f5:6a:87:fb:99:d9:aa:c9:13:75:f8:e5:a2:2a:ad:dd:
         df:61:07:53:3a:ba:0c:76:06:a2:99:ed:5a:9a:cd:71:4f:9e:
         3f:24:70:3a:36:49:ac:90:5f:73:85:5d:85:b9:7d:2c:54:c3:
         51:13:fe:03:f9:05:65:24:6b:52:1e:1d:c2:e3:74:91:f2:c4:
         78:ce:ad:cb:0b:e7:0d:83:fe:82:e3:1b:93:39:f8:dc:94:89:
         e3:d1:04:29:06:af:06:e1:a8:8d:3a:55:a1:a9:c5:e9:27:e9:
         fb:48:c8:0c:3a:7d:ae:11:85:8e:4c:a0:f8:a1:9e:3b:ba:0e:
         92:a7:42:d8:9e:5a:c6:09:bf:7f:8f:c0:3a:2f:7d:21:f3:f7:
         0c:55:2a:39:5e:65:30:ef:16:59:23:aa:b3:72:35:8b:e5:b6:
         e7:79:b9:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1FAyni0Jykv58PYs1PqiiFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ODBlNzg2OGZiYjI2MTcxNzUwNjJhNWU3YjllMWMwNDlj
YmRmNzQwHhcNMjQwMTI2MDkwNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjE5NDRjMTQ1OTA3ZWJkOTFmNWViZTJiMTI2MzhmZThkM2E4ZjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IO3WylyIbeV0vmmpCewqI3Ohby9
UrdIO3myP5u4pDUkNgsmGyGR2gUsSux6OYe+ao6XJH7DxNpgqmnXbfKE0M71tPn1
clRCV7sDQqV49RnoWtH1Gc/LzOIGUJ/3SuDWNFPYDjYFEw+QL0jbeYFphrOZhGG4
RqaHgSrKXd7WIcTsWS4Jhxj1OvsVqw3koJQ28dUw3wr8usYjVcBioVQbd+m28Wxf
uahdH8V2EvO4fiuEa/oeT9ouuVID51NwPPKS1LF5ROQ/OykQBuJSf8yKWGzY+dNf
IJPwoxmaMeCzsZ+tdtS9SoGTRQmHa3wG86z/dsk4d5t3tEcDoNY0ONIpnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM8ZRMFFkH69kfXr4rEmOP6NOo8nMB8GA1UdIwQY
MBaAFDeA54aPuyYXF1Bipee54cBJy990MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjREbmhvLTdKaGNYVUdLbDU3bmh3RW5MMzNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9kY2M0OGYtY2ZjYy00YTU4LWE2ZDAt
MjliNjhlMDQ4YTllLzEvenhsRXdVV1FmcjJSOWV2aXNTWTRfbzA2anljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9kY2M0OGYtY2ZjYy00YTU4LWE2ZDAtMjliNjhlMDQ4YTll
LzEvTjREbmhvLTdKaGNYVUdLbDU3bmh3RW5MMzNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFvL7AMA0G
CSqGSIb3DQEBCwUAA4IBAQAB5GpK+/l+fQsJcFQjCta9pgTVqklRFGy8/a+jItNp
nv8O6XI7I9CJVzLbwtuY3joOiW8+7hL89Zl3b+fejFno/oeeXoJSY6g7Uxb1wSu3
zxaYYYxBTN1y6Vq9j/Vqh/uZ2arJE3X45aIqrd3fYQdTOroMdgaime1ams1xT54/
JHA6NkmskF9zhV2FuX0sVMNRE/4D+QVlJGtSHh3C43SR8sR4zq3LC+cNg/6C4xuT
OfjclInj0QQpBq8G4aiNOlWhqcXpJ+n7SMgMOn2uEYWOTKD4oZ47ug6Sp0LYnlrG
Cb9/j8A6L30h8/cMVSo5XmUw7xZZI6qzcjWL5bbnebk3
-----END CERTIFICATE-----