Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/3f9529-7172-43f8-895d-8eeb089b5caf/1/pkB173lf46Vcywp4IZNJSYM0Q94.roa
File:                     pkB173lf46Vcywp4IZNJSYM0Q94.roa (raw, json)
Hash identifier:          C4LdIHu2Vr/u9XptkJAavyORWVfOB/KPvuqFlcksPk8=
Subject key identifier:   A6:40:75:EF:79:5F:E3:A5:5C:CB:0A:78:21:93:49:49:83:34:43:DE
Certificate issuer:       /CN=04feaefea82b6103dc2b8971e9bdda01669a1357
Certificate serial:       018CC2DB4D02DCC3CD8C6B5D425BB7E3D135
Authority key identifier: 04:FE:AE:FE:A8:2B:61:03:DC:2B:89:71:E9:BD:DA:01:66:9A:13:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BP6u_qgrYQPcK4lx6b3aAWaaE1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/3f9529-7172-43f8-895d-8eeb089b5caf/1/pkB173lf46Vcywp4IZNJSYM0Q94.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198792
IP address blocks:        5.39.224.0/21 maxlen: 21
                          2a00:fb40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/3f9529-7172-43f8-895d-8eeb089b5caf/1/BP6u_qgrYQPcK4lx6b3aAWaaE1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/3f9529-7172-43f8-895d-8eeb089b5caf/1/BP6u_qgrYQPcK4lx6b3aAWaaE1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BP6u_qgrYQPcK4lx6b3aAWaaE1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 10:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4d:02:dc:c3:cd:8c:6b:5d:42:5b:b7:e3:d1:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04feaefea82b6103dc2b8971e9bdda01669a1357
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a64075ef795fe3a55ccb0a7821934949833443de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e0:f9:73:e3:5b:1f:8e:31:c8:6a:95:88:48:
                    ad:bf:b5:5a:24:0d:24:4d:e0:e5:c7:f3:79:56:69:
                    b0:94:39:fb:e3:43:c6:6d:c7:65:ad:c8:94:58:65:
                    17:56:d7:f0:ed:0a:a2:04:73:24:8b:76:97:38:4f:
                    69:67:08:4a:bb:24:1e:85:fa:eb:29:8c:7c:f6:92:
                    ed:c9:2e:12:c5:c8:df:a7:49:b9:13:ed:f7:09:9e:
                    d1:35:fa:cf:a6:1e:81:06:95:2c:38:df:c7:c2:12:
                    a4:0d:54:54:a8:a4:a3:ba:c1:95:2f:b4:a0:64:9d:
                    3b:c3:43:b9:d6:e2:54:b0:0d:1e:93:7e:00:2d:f6:
                    e5:78:40:5a:9d:5a:fb:9a:ec:4c:4f:d2:19:25:ff:
                    55:97:d5:e2:dc:c5:33:c4:0b:3e:53:22:88:2e:4a:
                    27:1b:f7:f6:3a:7b:33:49:d2:d1:c9:bd:1a:e9:64:
                    2b:f9:b6:e5:2e:18:f6:24:b1:cc:e8:78:3f:cc:1d:
                    43:7e:a9:31:b1:5b:aa:0e:f7:a1:7a:99:c7:4f:fb:
                    14:cc:d6:f8:7f:1e:bc:21:2f:12:97:45:af:26:66:
                    9a:47:95:ec:b4:fa:13:8c:ba:b9:d5:e4:59:bf:b7:
                    a7:c8:ef:e3:b9:24:d0:47:97:f1:78:97:ab:81:c0:
                    a2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:40:75:EF:79:5F:E3:A5:5C:CB:0A:78:21:93:49:49:83:34:43:DE
            X509v3 Authority Key Identifier:
                keyid:04:FE:AE:FE:A8:2B:61:03:DC:2B:89:71:E9:BD:DA:01:66:9A:13:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BP6u_qgrYQPcK4lx6b3aAWaaE1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3f9529-7172-43f8-895d-8eeb089b5caf/1/pkB173lf46Vcywp4IZNJSYM0Q94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3f9529-7172-43f8-895d-8eeb089b5caf/1/BP6u_qgrYQPcK4lx6b3aAWaaE1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.224.0/21
                IPv6:
                  2a00:fb40::/32

    Signature Algorithm: sha256WithRSAEncryption
         e7:48:77:cc:cf:14:13:f1:e8:95:33:f7:d4:0b:79:bd:89:f3:
         3c:4a:f9:3c:de:96:a8:64:46:fe:51:21:4e:ca:ca:78:19:ef:
         3f:0d:dc:d7:a2:e3:0d:3d:79:fa:c0:b3:8d:08:cf:a8:1f:ac:
         ed:9e:83:37:62:37:b6:84:62:23:bd:f3:d1:84:04:92:b8:ad:
         82:7a:ff:f5:83:34:91:cc:79:6d:3d:24:39:f3:f5:fd:4a:60:
         ef:09:55:c8:ec:03:63:13:ca:be:89:a4:09:3e:5d:71:9d:c8:
         b1:e2:dc:0f:60:75:7d:c6:8d:e9:2b:76:7d:7a:49:63:00:49:
         02:fc:13:34:13:2a:68:42:42:3b:d3:1a:0f:2a:bf:6a:ca:51:
         18:a2:24:58:74:12:5b:db:75:75:c2:cf:30:9c:f2:de:96:7e:
         5f:e2:dd:8c:cd:ee:88:49:8f:2a:5e:ff:69:09:79:bb:31:14:
         c6:50:eb:be:88:b2:99:46:e4:a0:69:81:75:05:74:73:2c:12:
         f6:2b:87:48:70:53:ea:20:43:da:f7:4b:e3:43:63:38:e9:db:
         80:6b:8b:c5:81:a4:ab:ff:8c:0c:e5:d0:15:56:0b:a9:eb:2e:
         44:33:d1:bf:65:d2:d6:a6:69:fa:95:a6:e4:18:fd:e7:ac:90:
         0e:4d:a2:93
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC200C3MPNjGtdQlu349E1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0ZmVhZWZlYTgyYjYxMDNkYzJiODk3MWU5YmRkYTAxNjY5
YTEzNTcwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjQwNzVlZjc5NWZlM2E1NWNjYjBhNzgyMTkzNDk0OTgzMzQ0M2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueD5c+NbH44xyGqViEitv7VaJA0k
TeDlx/N5VmmwlDn740PGbcdlrciUWGUXVtfw7QqiBHMki3aXOE9pZwhKuyQehfrr
KYx89pLtyS4Sxcjfp0m5E+33CZ7RNfrPph6BBpUsON/HwhKkDVRUqKSjusGVL7Sg
ZJ07w0O51uJUsA0ek34ALfbleEBanVr7muxMT9IZJf9Vl9Xi3MUzxAs+UyKILkon
G/f2OnszSdLRyb0a6WQr+bblLhj2JLHM6Hg/zB1DfqkxsVuqDvehepnHT/sUzNb4
fx68IS8Sl0WvJmaaR5XstPoTjLq51eRZv7enyO/juSTQR5fxeJergcCi3wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKZAde95X+OlXMsKeCGTSUmDNEPeMB8GA1UdIwQY
MBaAFAT+rv6oK2ED3CuJcem92gFmmhNXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlA2dV9xZ3JZUVBjSzRseDZiM2FBV2FhRTFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8zZjk1MjktNzE3Mi00M2Y4LTg5NWQt
OGVlYjA4OWI1Y2FmLzEvcGtCMTczbGY0NlZjeXdwNElaTkpTWU0wUTk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8zZjk1MjktNzE3Mi00M2Y4LTg5NWQtOGVlYjA4OWI1Y2Fm
LzEvQlA2dV9xZ3JZUVBjSzRseDZiM2FBV2FhRTFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDBSfgMA0E
AgACMAcDBQAqAPtAMA0GCSqGSIb3DQEBCwUAA4IBAQDnSHfMzxQT8eiVM/fUC3m9
ifM8Svk83paoZEb+USFOysp4Ge8/DdzXouMNPXn6wLONCM+oH6ztnoM3Yje2hGIj
vfPRhASSuK2Cev/1gzSRzHltPSQ58/X9SmDvCVXI7ANjE8q+iaQJPl1xncix4twP
YHV9xo3pK3Z9ekljAEkC/BM0EypoQkI70xoPKr9qylEYoiRYdBJb23V1ws8wnPLe
ln5f4t2Mze6ISY8qXv9pCXm7MRTGUOu+iLKZRuSgaYF1BXRzLBL2K4dIcFPqIEPa
90vjQ2M46duAa4vFgaSr/4wM5dAVVgup6y5EM9G/ZdLWpmn6labkGP3nrJAOTaKT
-----END CERTIFICATE-----