Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/1bfdf7-a19f-418e-89c7-db3f22705dd6/1/5MBvIRiYFms3iGBeHF3RQe9ll34.roa
File:                     5MBvIRiYFms3iGBeHF3RQe9ll34.roa (raw, json)
Hash identifier:          ZOt4HY8JzWPIwKbCM0yXoS+siw4USQmatYhxT9gEU9M=
Subject key identifier:   E4:C0:6F:21:18:98:16:6B:37:88:60:5E:1C:5D:D1:41:EF:65:97:7E
Certificate issuer:       /CN=39ec71dc3d68cde8f9077d3af66751c29fceea4c
Certificate serial:       01942747A242333DCD5337E97C8931374CFE
Authority key identifier: 39:EC:71:DC:3D:68:CD:E8:F9:07:7D:3A:F6:67:51:C2:9F:CE:EA:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oexx3D1ozej5B3069mdRwp_O6kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/1bfdf7-a19f-418e-89c7-db3f22705dd6/1/5MBvIRiYFms3iGBeHF3RQe9ll34.roa
Signing time:             Thu 02 Jan 2025 13:49:53 +0000
ROA not before:           Thu 02 Jan 2025 13:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16019
IP address blocks:        178.213.152.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/1bfdf7-a19f-418e-89c7-db3f22705dd6/1/Oexx3D1ozej5B3069mdRwp_O6kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/1bfdf7-a19f-418e-89c7-db3f22705dd6/1/Oexx3D1ozej5B3069mdRwp_O6kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oexx3D1ozej5B3069mdRwp_O6kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:a2:42:33:3d:cd:53:37:e9:7c:89:31:37:4c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39ec71dc3d68cde8f9077d3af66751c29fceea4c
        Validity
            Not Before: Jan  2 13:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4c06f211898166b3788605e1c5dd141ef65977e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f5:51:0f:29:91:00:b7:44:8f:14:98:b8:54:
                    68:e3:a3:bb:87:a8:a1:a0:49:ea:d8:7c:a8:4b:b4:
                    c0:f6:3f:ed:40:ee:2e:9a:a2:42:ba:fb:82:77:d3:
                    f5:9f:b1:e9:d8:d5:7e:9d:62:c9:82:44:e0:22:24:
                    e5:5a:e4:42:1f:fe:41:97:14:9d:b4:9e:db:e9:e9:
                    47:81:5a:b8:e1:e4:3a:30:ac:b2:07:65:b6:bc:99:
                    0f:fd:26:29:57:ac:c6:2b:63:5c:d5:8e:62:01:4e:
                    5d:01:60:48:00:97:e5:6a:3b:da:f4:d1:b2:ba:dc:
                    c7:3f:62:ac:99:84:92:95:cd:f1:bb:11:bb:b1:af:
                    ee:10:f2:f6:48:c1:5e:a7:5c:c0:a5:8b:23:ad:d2:
                    96:f1:b7:a6:74:87:cb:70:52:bf:92:1f:f5:8a:8d:
                    0f:78:7b:d1:5b:22:bf:83:14:bb:01:e5:f9:78:0c:
                    fc:24:49:92:0f:fc:97:4f:54:d3:32:38:05:1d:3c:
                    7a:fa:bb:e9:5d:6a:38:48:16:57:96:7b:0e:ad:d5:
                    10:16:00:06:c7:bd:ad:04:c7:14:0d:b4:fd:c7:40:
                    0d:10:6a:43:f1:6f:dd:f6:7a:ad:f0:2d:51:ea:82:
                    76:f5:77:dc:9a:2f:cb:a3:96:e0:76:2d:54:34:49:
                    08:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:C0:6F:21:18:98:16:6B:37:88:60:5E:1C:5D:D1:41:EF:65:97:7E
            X509v3 Authority Key Identifier:
                keyid:39:EC:71:DC:3D:68:CD:E8:F9:07:7D:3A:F6:67:51:C2:9F:CE:EA:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oexx3D1ozej5B3069mdRwp_O6kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/1bfdf7-a19f-418e-89c7-db3f22705dd6/1/5MBvIRiYFms3iGBeHF3RQe9ll34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/1bfdf7-a19f-418e-89c7-db3f22705dd6/1/Oexx3D1ozej5B3069mdRwp_O6kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         61:66:67:7c:a9:86:00:c9:9a:32:68:a1:0d:c5:86:19:a1:8d:
         89:28:20:ee:ed:1a:7e:36:83:ca:a0:ef:fa:f3:9e:2e:c9:6f:
         2f:76:aa:54:3e:9d:2f:98:6b:1b:19:6b:25:6b:24:48:ed:1d:
         7e:71:08:f0:17:20:6e:e8:70:6b:46:e0:25:4f:f4:3e:aa:fe:
         0c:0a:99:52:9e:57:ea:28:f9:7d:6c:59:c9:dc:18:11:a4:e4:
         be:26:3c:a3:33:fa:11:ee:24:19:7b:4b:74:19:e3:67:b3:33:
         94:50:67:d5:ba:f2:a4:79:55:fc:25:c6:a7:7f:ce:fc:1e:79:
         af:73:00:72:16:50:32:81:25:1c:68:21:c5:1a:3c:6a:6e:94:
         6b:c7:be:65:42:34:05:e5:19:87:20:15:52:52:a5:fd:80:41:
         9a:69:16:e8:16:66:bf:d1:51:00:a7:e0:a0:6f:49:6d:a7:6d:
         e7:e9:40:a7:13:0c:74:c7:f9:37:3f:9c:1f:eb:83:0d:f1:40:
         91:22:21:1b:0d:21:62:85:c9:e6:69:99:81:57:53:7f:a8:f1:
         bb:f1:89:1b:2e:7b:2f:bd:ee:d2:58:b4:df:f6:0c:c3:ef:3d:
         bb:cc:e5:ec:0e:6a:10:24:02:1a:87:14:74:0c:77:a7:c6:04:
         ad:9e:d0:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR6JCMz3NUzfpfIkxN0z+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5ZWM3MWRjM2Q2OGNkZThmOTA3N2QzYWY2Njc1MWMyOWZj
ZWVhNGMwHhcNMjUwMTAyMTM0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGMwNmYyMTE4OTgxNjZiMzc4ODYwNWUxYzVkZDE0MWVmNjU5NzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfVRDymRALdEjxSYuFRo46O7h6ih
oEnq2HyoS7TA9j/tQO4umqJCuvuCd9P1n7Hp2NV+nWLJgkTgIiTlWuRCH/5BlxSd
tJ7b6elHgVq44eQ6MKyyB2W2vJkP/SYpV6zGK2Nc1Y5iAU5dAWBIAJflajva9NGy
utzHP2KsmYSSlc3xuxG7sa/uEPL2SMFep1zApYsjrdKW8bemdIfLcFK/kh/1io0P
eHvRWyK/gxS7AeX5eAz8JEmSD/yXT1TTMjgFHTx6+rvpXWo4SBZXlnsOrdUQFgAG
x72tBMcUDbT9x0ANEGpD8W/d9nqt8C1R6oJ29Xfcmi/Lo5bgdi1UNEkIwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTAbyEYmBZrN4hgXhxd0UHvZZd+MB8GA1UdIwQY
MBaAFDnscdw9aM3o+Qd9OvZnUcKfzupMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2V4eDNEMW96ZWo1QjMwNjltZFJ3cF9PNmt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8xYmZkZjctYTE5Zi00MThlLTg5Yzct
ZGIzZjIyNzA1ZGQ2LzEvNU1CdklSaVlGbXMzaUdCZUhGM1JRZTlsbDM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8xYmZkZjctYTE5Zi00MThlLTg5YzctZGIzZjIyNzA1ZGQ2
LzEvT2V4eDNEMW96ZWo1QjMwNjltZFJ3cF9PNmt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstWYMA0G
CSqGSIb3DQEBCwUAA4IBAQBhZmd8qYYAyZoyaKENxYYZoY2JKCDu7Rp+NoPKoO/6
854uyW8vdqpUPp0vmGsbGWslayRI7R1+cQjwFyBu6HBrRuAlT/Q+qv4MCplSnlfq
KPl9bFnJ3BgRpOS+JjyjM/oR7iQZe0t0GeNnszOUUGfVuvKkeVX8Jcanf878Hnmv
cwByFlAygSUcaCHFGjxqbpRrx75lQjQF5RmHIBVSUqX9gEGaaRboFma/0VEAp+Cg
b0ltp23n6UCnEwx0x/k3P5wf64MN8UCRIiEbDSFihcnmaZmBV1N/qPG78YkbLnsv
ve7SWLTf9gzD7z27zOXsDmoQJAIahxR0DHenxgStntB8
-----END CERTIFICATE-----