Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/C5ef8rW2_73O_BUyMDsBz1j3dKw.roa
File:                     C5ef8rW2_73O_BUyMDsBz1j3dKw.roa (raw, json)
Hash identifier:          LIKwHQ5iuEKbKwIeGhU7KNUmHIKpFBoAMTrm5uuPxfg=
Subject key identifier:   0B:97:9F:F2:B5:B6:FF:BD:CE:FC:15:32:30:3B:01:CF:58:F7:74:AC
Certificate issuer:       /CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Certificate serial:       018CC5DCB777CA105813E87770925BD0E17D
Authority key identifier: D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/C5ef8rW2_73O_BUyMDsBz1j3dKw.roa
Signing time:             Mon 01 Jan 2024 16:30:25 +0000
ROA not before:           Mon 01 Jan 2024 16:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212139
IP address blocks:        84.124.119.0/24 maxlen: 24
                          62.175.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:b7:77:ca:10:58:13:e8:77:70:92:5b:d0:e1:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
        Validity
            Not Before: Jan  1 16:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b979ff2b5b6ffbdcefc1532303b01cf58f774ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:46:30:a3:5e:39:68:87:09:b0:2b:f2:ab:ce:
                    45:36:19:38:d6:e1:f4:d4:d4:3d:3f:75:4f:f5:13:
                    41:d4:11:b8:78:b8:96:06:14:e1:7a:d5:e3:df:0c:
                    5b:fd:c1:be:e6:2f:43:8e:e9:9c:5e:e5:61:b8:b5:
                    ae:87:db:5a:fc:c8:20:1e:32:77:ab:be:b5:16:df:
                    42:db:cb:02:fd:14:19:15:4d:27:5a:87:33:20:dd:
                    ad:73:22:07:1a:04:ce:c9:70:c4:98:b7:91:d8:d6:
                    78:f2:31:36:7d:33:4f:97:d3:60:79:9f:3c:e6:71:
                    2d:0f:7c:21:44:56:7d:07:a7:11:59:ec:fd:7b:df:
                    b5:93:69:60:30:b2:0a:c4:0c:db:ee:a8:b5:6a:1b:
                    69:54:93:dd:86:84:60:f2:ea:3b:85:01:21:91:50:
                    68:93:f5:43:56:ba:29:75:cc:65:c7:82:67:82:8e:
                    8d:e4:c7:c8:9d:70:cf:bc:24:d3:cf:86:4a:44:37:
                    b3:ef:53:9e:6a:57:71:18:5c:54:f8:da:12:23:28:
                    b9:d4:06:b8:19:dc:e3:2f:84:25:aa:49:34:bc:63:
                    9e:71:0a:cc:3c:4f:1c:c4:dd:59:41:32:10:97:a1:
                    a0:c3:b8:8b:a3:9b:32:c8:5e:15:57:8e:5b:21:e9:
                    30:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:97:9F:F2:B5:B6:FF:BD:CE:FC:15:32:30:3B:01:CF:58:F7:74:AC
            X509v3 Authority Key Identifier:
                keyid:D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/C5ef8rW2_73O_BUyMDsBz1j3dKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.175.249.0/24
                  84.124.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:e4:79:ee:3b:0c:a9:62:14:bc:80:78:a3:92:a6:ee:6f:b5:
         20:50:64:19:30:0c:e5:35:dc:4b:20:ce:8f:5b:be:93:61:d9:
         e0:4a:74:91:56:ff:ea:b4:e3:87:c8:cf:6b:00:50:16:9a:b1:
         72:4b:0d:ac:de:b2:15:b8:a0:6e:3b:5e:26:9a:94:5c:86:b1:
         db:3a:de:f4:16:69:3b:12:3c:ea:7c:7b:65:d1:fe:ad:98:87:
         44:98:2a:b7:ff:1e:24:cd:70:bf:b6:bc:a4:8c:c0:92:f0:77:
         22:51:18:eb:50:8b:3f:66:d3:97:0f:d2:c3:5d:07:59:78:7d:
         f2:9c:8a:56:ed:0a:21:09:7d:05:b0:c4:ec:38:f1:f7:bd:51:
         79:c1:61:fa:71:b4:14:49:6b:b6:3b:1d:ee:a5:3c:7d:e5:4f:
         67:8a:54:80:60:e2:34:47:9c:16:34:69:b8:a9:89:36:8a:03:
         0f:ad:36:82:b3:56:a5:09:01:76:cb:66:a3:c0:17:8d:a6:55:
         9c:18:65:16:dc:b1:e2:84:db:db:b9:cf:47:0c:21:e0:b6:6c:
         8a:0f:02:c8:4c:99:53:f5:87:32:13:a2:ef:79:9f:f6:09:77:
         ff:95:ff:25:52:ba:0d:8b:a1:cf:68:49:9b:85:aa:be:19:de:
         e9:2f:ae:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3Ld3yhBYE+h3cJJb0OF9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzRmMTY4NjEwMjg3NmM2MjE2YmNlYTI4YTVlNTAyZWMw
ZDdiNmIwHhcNMjQwMTAxMTYzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjk3OWZmMmI1YjZmZmJkY2VmYzE1MzIzMDNiMDFjZjU4Zjc3NGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkYwo145aIcJsCvyq85FNhk41uH0
1NQ9P3VP9RNB1BG4eLiWBhThetXj3wxb/cG+5i9DjumcXuVhuLWuh9ta/MggHjJ3
q761Ft9C28sC/RQZFU0nWoczIN2tcyIHGgTOyXDEmLeR2NZ48jE2fTNPl9NgeZ88
5nEtD3whRFZ9B6cRWez9e9+1k2lgMLIKxAzb7qi1ahtpVJPdhoRg8uo7hQEhkVBo
k/VDVropdcxlx4Jngo6N5MfInXDPvCTTz4ZKRDez71OealdxGFxU+NoSIyi51Aa4
GdzjL4Qlqkk0vGOecQrMPE8cxN1ZQTIQl6Ggw7iLo5syyF4VV45bIekwiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAuXn/K1tv+9zvwVMjA7Ac9Y93SsMB8GA1UdIwQY
MBaAFNQ08WhhAodsYha86iil5QLsDXtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2Ut
NTcxMmQ5NWFlNjM4LzEvQzVlZjhyVzJfNzNPX0JVeU1Ec0J6MWozZEt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2UtNTcxMmQ5NWFlNjM4
LzEvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPq/5AwQA
VHx3MA0GCSqGSIb3DQEBCwUAA4IBAQA+5HnuOwypYhS8gHijkqbub7UgUGQZMAzl
NdxLIM6PW76TYdngSnSRVv/qtOOHyM9rAFAWmrFySw2s3rIVuKBuO14mmpRchrHb
Ot70Fmk7EjzqfHtl0f6tmIdEmCq3/x4kzXC/trykjMCS8HciURjrUIs/ZtOXD9LD
XQdZeH3ynIpW7QohCX0FsMTsOPH3vVF5wWH6cbQUSWu2Ox3upTx95U9nilSAYOI0
R5wWNGm4qYk2igMPrTaCs1alCQF2y2ajwBeNplWcGGUW3LHihNvbuc9HDCHgtmyK
DwLITJlT9YcyE6LveZ/2CXf/lf8lUroNi6HPaEmbhaq+Gd7pL67s
-----END CERTIFICATE-----