Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/f4863a-aeae-42f7-ba14-ed4a138c4113/1/2z5JKjVIs7MQqY4rzxpryvOJDXs.roa
File:                     2z5JKjVIs7MQqY4rzxpryvOJDXs.roa (raw, json)
Hash identifier:          l3SzRx/NIwODNRgr6IkSurEnzm9qAab6mVKXqxDr/v8=
Subject key identifier:   DB:3E:49:2A:35:48:B3:B3:10:A9:8E:2B:CF:1A:6B:CA:F3:89:0D:7B
Certificate issuer:       /CN=9d8ada352982a319b54d5e483d34426346733ea4
Certificate serial:       018CC94E2967EEAFAD328278DCB800DC4ECB
Authority key identifier: 9D:8A:DA:35:29:82:A3:19:B5:4D:5E:48:3D:34:42:63:46:73:3E:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nYraNSmCoxm1TV5IPTRCY0ZzPqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/f4863a-aeae-42f7-ba14-ed4a138c4113/1/2z5JKjVIs7MQqY4rzxpryvOJDXs.roa
Signing time:             Tue 02 Jan 2024 08:33:12 +0000
ROA not before:           Tue 02 Jan 2024 08:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202862
IP address blocks:        194.146.90.0/23 maxlen: 23
                          194.146.88.0/22 maxlen: 22
                          194.146.88.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/f4863a-aeae-42f7-ba14-ed4a138c4113/1/nYraNSmCoxm1TV5IPTRCY0ZzPqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/f4863a-aeae-42f7-ba14-ed4a138c4113/1/nYraNSmCoxm1TV5IPTRCY0ZzPqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nYraNSmCoxm1TV5IPTRCY0ZzPqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:29:67:ee:af:ad:32:82:78:dc:b8:00:dc:4e:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d8ada352982a319b54d5e483d34426346733ea4
        Validity
            Not Before: Jan  2 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db3e492a3548b3b310a98e2bcf1a6bcaf3890d7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:72:6e:30:db:40:35:d2:ad:1d:da:2f:9a:aa:
                    77:c1:a8:92:52:bd:3a:27:96:54:19:ee:7b:f4:da:
                    d1:0d:8b:c1:ef:75:ff:3f:df:54:7e:7f:2c:54:ea:
                    de:bf:ea:7e:fb:f4:4b:f1:1b:42:65:8f:06:3e:18:
                    7e:73:0c:d9:64:40:02:25:f9:96:fc:bc:62:df:f6:
                    ba:1b:ae:dd:9b:a8:64:46:0c:28:14:ba:f1:c4:97:
                    21:dd:18:da:b7:69:cd:ea:a6:3b:94:48:b6:cf:41:
                    2f:2d:ba:87:b2:bf:12:f4:cb:26:bd:fc:89:6e:17:
                    55:cf:32:fe:33:3a:9d:75:d7:d2:26:d1:f2:4b:37:
                    d4:fb:7a:b2:b4:c0:9c:c2:f9:44:84:92:2c:cc:96:
                    57:53:22:7a:f0:6b:0b:2f:d9:7a:80:de:bd:13:88:
                    04:14:8e:7e:3b:1e:28:4d:f0:3a:fe:78:25:9d:0f:
                    22:12:5f:05:8d:cb:ab:13:df:4a:b2:95:6e:22:64:
                    d6:db:6c:43:c6:be:4d:65:96:14:fc:7c:95:db:16:
                    d9:30:e8:86:85:5c:90:2d:0e:4a:43:93:52:4e:f0:
                    c0:bd:2e:21:77:a4:b8:ba:cb:f4:ca:66:52:9c:67:
                    fc:d7:d5:50:26:dd:f9:b5:2f:dd:44:a6:03:c2:41:
                    f8:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:3E:49:2A:35:48:B3:B3:10:A9:8E:2B:CF:1A:6B:CA:F3:89:0D:7B
            X509v3 Authority Key Identifier:
                keyid:9D:8A:DA:35:29:82:A3:19:B5:4D:5E:48:3D:34:42:63:46:73:3E:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nYraNSmCoxm1TV5IPTRCY0ZzPqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f4863a-aeae-42f7-ba14-ed4a138c4113/1/2z5JKjVIs7MQqY4rzxpryvOJDXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f4863a-aeae-42f7-ba14-ed4a138c4113/1/nYraNSmCoxm1TV5IPTRCY0ZzPqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bb:bb:1b:cb:7a:c7:7f:8b:c9:e3:5b:4b:ea:d5:67:3c:d1:eb:
         96:67:4c:26:61:03:26:bf:01:68:eb:86:4d:3b:e5:18:ea:07:
         17:00:ff:3b:25:c7:7c:06:16:7b:f1:24:40:85:87:0e:4c:3b:
         0c:f7:58:46:bc:d6:d9:4e:15:84:4c:4a:08:83:be:b2:4b:b2:
         ed:ab:1d:0c:ce:5b:1f:b9:f2:b1:82:f2:a5:dc:7e:59:f2:36:
         cc:40:7b:0a:d9:7f:3a:d4:d2:d0:51:60:6a:b5:4b:80:55:c2:
         e2:84:18:40:f7:92:86:c4:ba:ad:86:ee:3e:05:ac:7c:7e:ad:
         66:96:7a:4e:d8:70:a4:4d:ee:19:39:20:d5:f9:f3:ee:f3:41:
         75:60:8e:ff:f9:e0:1a:88:fd:2c:7a:ae:64:b4:11:4b:45:61:
         74:c3:32:83:07:84:00:2f:da:79:0d:5c:73:33:fd:29:ef:5e:
         17:47:bc:7b:cb:2a:5a:a7:bd:0b:18:4d:3a:b5:16:0f:66:d2:
         f8:78:96:64:ed:ba:6e:06:88:95:ca:f9:71:7b:45:f1:37:53:
         06:8b:8d:27:02:a1:7d:98:b8:09:a2:16:ba:6f:43:dc:4f:88:
         30:0d:fb:0d:dd:41:c3:33:0d:56:45:dc:25:51:ba:f7:49:c4:
         47:ba:d0:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTiln7q+tMoJ43LgA3E7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkOGFkYTM1Mjk4MmEzMTliNTRkNWU0ODNkMzQ0MjYzNDY3
MzNlYTQwHhcNMjQwMTAyMDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjNlNDkyYTM1NDhiM2IzMTBhOThlMmJjZjFhNmJjYWYzODkwZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHJuMNtANdKtHdovmqp3waiSUr06
J5ZUGe579NrRDYvB73X/P99Ufn8sVOrev+p++/RL8RtCZY8GPhh+cwzZZEACJfmW
/Lxi3/a6G67dm6hkRgwoFLrxxJch3Rjat2nN6qY7lEi2z0EvLbqHsr8S9MsmvfyJ
bhdVzzL+MzqdddfSJtHySzfU+3qytMCcwvlEhJIszJZXUyJ68GsLL9l6gN69E4gE
FI5+Ox4oTfA6/nglnQ8iEl8FjcurE99KspVuImTW22xDxr5NZZYU/HyV2xbZMOiG
hVyQLQ5KQ5NSTvDAvS4hd6S4usv0ymZSnGf819VQJt35tS/dRKYDwkH4cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNs+SSo1SLOzEKmOK88aa8rziQ17MB8GA1UdIwQY
MBaAFJ2K2jUpgqMZtU1eSD00QmNGcz6kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbllyYU5TbUNveG0xVFY1SVBUUkNZMFp6UHFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9mNDg2M2EtYWVhZS00MmY3LWJhMTQt
ZWQ0YTEzOGM0MTEzLzEvMno1SktqVklzN01RcVk0cnp4cHJ5dk9KRFhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9mNDg2M2EtYWVhZS00MmY3LWJhMTQtZWQ0YTEzOGM0MTEz
LzEvbllyYU5TbUNveG0xVFY1SVBUUkNZMFp6UHFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpJYMA0G
CSqGSIb3DQEBCwUAA4IBAQC7uxvLesd/i8njW0vq1Wc80euWZ0wmYQMmvwFo64ZN
O+UY6gcXAP87Jcd8BhZ78SRAhYcOTDsM91hGvNbZThWETEoIg76yS7Ltqx0Mzlsf
ufKxgvKl3H5Z8jbMQHsK2X861NLQUWBqtUuAVcLihBhA95KGxLqthu4+Bax8fq1m
lnpO2HCkTe4ZOSDV+fPu80F1YI7/+eAaiP0seq5ktBFLRWF0wzKDB4QAL9p5DVxz
M/0p714XR7x7yypap70LGE06tRYPZtL4eJZk7bpuBoiVyvlxe0XxN1MGi40nAqF9
mLgJoha6b0PcT4gwDfsN3UHDMw1WRdwlUbr3ScRHutB/
-----END CERTIFICATE-----