Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5fb089-2589-4c71-b026-3cbe1af3b82c/1/tmIgzCJlZ4bNG8bmcG9hOFvgwQs.roa
File:                     tmIgzCJlZ4bNG8bmcG9hOFvgwQs.roa (raw, json)
Hash identifier:          +W8Mj7dcTmHtTytwjliNI75/8uklXiv1JdL1ecwh5tg=
Subject key identifier:   B6:62:20:CC:22:65:67:86:CD:1B:C6:E6:70:6F:61:38:5B:E0:C1:0B
Certificate issuer:       /CN=c51674fee5556728175efb56eaa8b99f3815afa7
Certificate serial:       018CC87152FEF3D0D893A11D9E2BF039E4B9
Authority key identifier: C5:16:74:FE:E5:55:67:28:17:5E:FB:56:EA:A8:B9:9F:38:15:AF:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xRZ0_uVVZygXXvtW6qi5nzgVr6c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5fb089-2589-4c71-b026-3cbe1af3b82c/1/tmIgzCJlZ4bNG8bmcG9hOFvgwQs.roa
Signing time:             Tue 02 Jan 2024 04:31:59 +0000
ROA not before:           Tue 02 Jan 2024 04:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49409
IP address blocks:        185.179.246.0/24 maxlen: 24
                          2a10:4d40::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5fb089-2589-4c71-b026-3cbe1af3b82c/1/xRZ0_uVVZygXXvtW6qi5nzgVr6c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5fb089-2589-4c71-b026-3cbe1af3b82c/1/xRZ0_uVVZygXXvtW6qi5nzgVr6c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xRZ0_uVVZygXXvtW6qi5nzgVr6c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:52:fe:f3:d0:d8:93:a1:1d:9e:2b:f0:39:e4:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c51674fee5556728175efb56eaa8b99f3815afa7
        Validity
            Not Before: Jan  2 04:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b66220cc22656786cd1bc6e6706f61385be0c10b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:fa:f2:c9:43:0d:c3:84:4a:34:63:c4:8a:3d:
                    0c:ca:42:2d:73:b5:62:f8:06:38:42:e9:4b:a7:b0:
                    a8:85:7f:fa:c9:9e:f0:cb:90:82:20:09:84:bd:6e:
                    5c:86:23:ad:a0:06:b1:28:ef:89:3d:85:8c:a5:69:
                    04:a3:67:51:56:c5:97:ff:9e:d8:cb:80:5d:54:8c:
                    b0:80:da:11:48:48:f6:5e:65:df:8a:a8:38:a5:74:
                    d4:b8:19:a5:9f:48:b0:79:22:cc:a5:3c:fc:31:ce:
                    b5:dc:6d:43:72:b8:92:e0:54:01:58:9b:c3:9e:41:
                    c7:7f:58:f2:0a:6e:97:98:06:dc:9a:40:73:43:84:
                    42:ca:63:4f:ee:de:0b:eb:16:9c:e7:0c:d2:60:31:
                    3a:90:51:67:02:85:e6:47:bc:d3:25:ba:f1:21:45:
                    bf:f0:9a:90:97:78:79:9f:ad:c5:42:a1:eb:fe:ae:
                    08:bd:0f:b5:cd:43:c7:1d:59:c3:cd:e2:41:5d:f0:
                    35:29:eb:c2:15:bb:1b:c2:fd:a1:10:5b:8d:2a:44:
                    cf:6a:2b:ef:81:24:bb:f3:2b:db:0c:dc:a2:50:a9:
                    76:cd:f1:c7:dc:65:f5:85:82:21:1f:b8:87:cf:12:
                    e9:19:08:8a:17:4e:37:d7:71:e4:25:32:92:d4:4e:
                    c4:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:62:20:CC:22:65:67:86:CD:1B:C6:E6:70:6F:61:38:5B:E0:C1:0B
            X509v3 Authority Key Identifier:
                keyid:C5:16:74:FE:E5:55:67:28:17:5E:FB:56:EA:A8:B9:9F:38:15:AF:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xRZ0_uVVZygXXvtW6qi5nzgVr6c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5fb089-2589-4c71-b026-3cbe1af3b82c/1/tmIgzCJlZ4bNG8bmcG9hOFvgwQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5fb089-2589-4c71-b026-3cbe1af3b82c/1/xRZ0_uVVZygXXvtW6qi5nzgVr6c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.246.0/24
                IPv6:
                  2a10:4d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:56:6b:c6:5b:09:15:56:f0:57:0c:47:f2:3c:79:c7:82:83:
         a1:af:69:37:72:8f:66:33:e4:e7:aa:5a:46:9a:b2:cd:b7:c0:
         78:65:cd:96:3b:bc:7e:a0:2e:c3:95:08:38:95:9e:32:0a:54:
         ab:42:05:56:57:bd:c7:ad:5c:3b:2b:ca:b3:87:aa:52:b9:9b:
         fe:aa:7d:53:0c:4c:06:71:8b:08:4e:ec:b6:57:d9:7c:ae:77:
         ec:c8:cb:cd:20:c4:92:ef:48:b7:e9:9a:fb:1a:d3:49:f8:c6:
         05:d0:6b:11:96:f6:ce:ab:6d:ae:4d:cd:0f:1d:4f:91:a1:13:
         e0:ab:47:64:73:af:ce:1f:22:a3:6d:dd:8e:ef:5a:ca:1f:b5:
         29:c6:5f:b5:91:74:fd:08:3a:a6:9a:87:b1:73:7e:f7:45:2a:
         e0:e1:02:f6:2c:da:5e:f0:cd:03:46:ad:70:eb:1e:70:8b:3d:
         54:0d:6c:d7:ae:0c:a6:ca:4c:f9:63:de:25:bd:ee:6b:b8:0b:
         96:82:7e:13:bb:cd:35:38:ff:e1:6e:a2:dc:50:92:84:e8:e7:
         21:ff:f4:ad:66:f4:ca:45:bf:7e:c1:8c:22:f1:0a:e9:7d:5d:
         bd:57:8c:8b:cd:48:a5:a4:0e:be:1c:2c:c2:87:cb:a7:7c:bb:
         c4:b6:de:7c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcVL+89DYk6EdnivwOeS5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MTY3NGZlZTU1NTY3MjgxNzVlZmI1NmVhYThiOTlmMzgx
NWFmYTcwHhcNMjQwMTAyMDQzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjYyMjBjYzIyNjU2Nzg2Y2QxYmM2ZTY3MDZmNjEzODViZTBjMTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfryyUMNw4RKNGPEij0MykItc7Vi
+AY4QulLp7CohX/6yZ7wy5CCIAmEvW5chiOtoAaxKO+JPYWMpWkEo2dRVsWX/57Y
y4BdVIywgNoRSEj2XmXfiqg4pXTUuBmln0iweSLMpTz8Mc613G1DcriS4FQBWJvD
nkHHf1jyCm6XmAbcmkBzQ4RCymNP7t4L6xac5wzSYDE6kFFnAoXmR7zTJbrxIUW/
8JqQl3h5n63FQqHr/q4IvQ+1zUPHHVnDzeJBXfA1KevCFbsbwv2hEFuNKkTPaivv
gSS78yvbDNyiUKl2zfHH3GX1hYIhH7iHzxLpGQiKF04313HkJTKS1E7EZwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLZiIMwiZWeGzRvG5nBvYThb4MELMB8GA1UdIwQY
MBaAFMUWdP7lVWcoF177VuqouZ84Fa+nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFJaMF91VlZaeWdYWHZ0VzZxaTVuemdWcjZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81ZmIwODktMjU4OS00YzcxLWIwMjYt
M2NiZTFhZjNiODJjLzEvdG1JZ3pDSmxaNGJORzhibWNHOWhPRnZnd1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81ZmIwODktMjU4OS00YzcxLWIwMjYtM2NiZTFhZjNiODJj
LzEveFJaMF91VlZaeWdYWHZ0VzZxaTVuemdWcjZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAubP2MA0E
AgACMAcDBQMqEE1AMA0GCSqGSIb3DQEBCwUAA4IBAQAoVmvGWwkVVvBXDEfyPHnH
goOhr2k3co9mM+TnqlpGmrLNt8B4Zc2WO7x+oC7DlQg4lZ4yClSrQgVWV73HrVw7
K8qzh6pSuZv+qn1TDEwGcYsITuy2V9l8rnfsyMvNIMSS70i36Zr7GtNJ+MYF0GsR
lvbOq22uTc0PHU+RoRPgq0dkc6/OHyKjbd2O71rKH7Upxl+1kXT9CDqmmoexc373
RSrg4QL2LNpe8M0DRq1w6x5wiz1UDWzXrgymykz5Y94lve5ruAuWgn4Tu801OP/h
bqLcUJKE6Och//StZvTKRb9+wYwi8QrpfV29V4yLzUilpA6+HCzCh8unfLvEtt58
-----END CERTIFICATE-----