Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/5hRvKcpJwRYwvIbrj1EUIkpwLrI.roa
File:                     5hRvKcpJwRYwvIbrj1EUIkpwLrI.roa (raw, json)
Hash identifier:          1PEeYcjbA3a+GP9ZNTgJqccf4eFnzqrXaScoUHhH990=
Subject key identifier:   E6:14:6F:29:CA:49:C1:16:30:BC:86:EB:8F:51:14:22:4A:70:2E:B2
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018CC793537696107C3B2D5675A53559B27A
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/5hRvKcpJwRYwvIbrj1EUIkpwLrI.roa
Signing time:             Tue 02 Jan 2024 00:29:30 +0000
ROA not before:           Tue 02 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6659
IP address blocks:        195.180.249.0/24 maxlen: 24
                          194.64.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:53:76:96:10:7c:3b:2d:56:75:a5:35:59:b2:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6146f29ca49c11630bc86eb8f5114224a702eb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:03:7b:d8:3d:8d:45:63:8a:99:5e:87:2d:44:
                    5a:16:0e:8d:63:c0:ee:1b:bc:97:f9:b2:0a:de:8f:
                    94:c0:00:58:3b:03:cf:cd:b0:a8:4e:47:97:4f:9d:
                    22:f0:73:0a:ea:96:70:cb:c2:77:cd:86:98:db:14:
                    aa:a9:9f:88:e5:ff:6d:10:2e:b2:81:fa:b8:25:17:
                    2b:0f:bb:5e:57:5e:7a:71:30:1f:5d:b6:34:a7:89:
                    9d:b7:db:8a:d4:b8:36:1f:c9:04:db:6b:b6:9f:6a:
                    41:33:a5:5b:47:d9:3f:3a:ed:74:c3:58:e1:43:0f:
                    9b:74:38:8c:6d:31:a6:b3:51:79:fb:18:a4:39:f6:
                    23:fa:78:e6:a9:1c:d8:b3:cf:3d:84:0f:68:c3:72:
                    c9:09:76:c6:24:f4:33:ba:76:1f:05:ba:f5:d2:dd:
                    4f:86:c2:db:a0:e5:e6:aa:05:a9:04:4a:9a:ad:f6:
                    a6:34:8b:e7:01:c0:e4:ad:a9:16:33:ff:6c:a1:a7:
                    77:81:a1:5b:fc:b7:86:59:a2:c1:3c:86:32:fc:d6:
                    c2:ee:ad:4c:b7:20:ee:6b:4a:fa:70:8b:66:29:06:
                    31:ac:46:fe:04:ac:5f:ab:a5:3b:c6:c1:6e:19:d7:
                    cf:29:95:7e:46:7c:95:bd:9d:54:ed:d4:74:00:0f:
                    15:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:14:6F:29:CA:49:C1:16:30:BC:86:EB:8F:51:14:22:4A:70:2E:B2
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/5hRvKcpJwRYwvIbrj1EUIkpwLrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.64.31.0/24
                  195.180.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:58:30:88:cf:cb:b8:00:49:c5:ff:b8:37:31:83:a1:d8:5d:
         2d:5f:15:2b:3d:ab:31:43:54:a9:22:1f:79:b8:d5:74:32:00:
         bd:9b:e0:ca:98:48:34:3d:4c:3a:04:8d:4b:88:c3:a4:4c:e2:
         3b:72:af:0c:da:a7:97:86:e6:85:bb:3f:1e:51:a0:a4:fc:bc:
         ae:6d:9c:d8:ca:fb:4d:6a:86:59:14:1a:b2:6b:a9:ff:b3:1e:
         80:81:14:ce:53:b4:19:56:2a:c8:dd:35:97:3d:65:4b:bf:2c:
         94:8c:28:cc:9f:f7:27:77:7b:f4:0f:57:a7:e7:c1:81:c0:26:
         1d:2d:c5:70:b5:ff:9a:e6:c6:9b:33:73:98:c5:c7:31:74:68:
         a4:79:5f:3b:92:ce:30:65:cb:30:31:28:cf:6e:a2:02:54:a5:
         ab:63:62:a3:43:7e:ab:e1:87:5d:e2:0a:5f:29:05:9e:71:06:
         6e:2d:f0:f9:8c:74:ee:1b:6c:6d:fd:5a:2c:19:85:12:0d:95:
         de:d9:7b:d2:da:f7:97:ad:a3:17:bc:e9:4a:35:8b:6b:74:44:
         d8:b5:45:fa:40:84:c4:34:dd:c3:58:76:f8:76:a2:73:cf:c5:
         f7:70:82:5a:aa:b6:27:82:cd:3f:2f:b2:b6:87:c2:56:c6:37:
         70:5b:d5:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk1N2lhB8Oy1WdaU1WbJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQwMTAyMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjE0NmYyOWNhNDljMTE2MzBiYzg2ZWI4ZjUxMTQyMjRhNzAyZWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwN72D2NRWOKmV6HLURaFg6NY8Du
G7yX+bIK3o+UwABYOwPPzbCoTkeXT50i8HMK6pZwy8J3zYaY2xSqqZ+I5f9tEC6y
gfq4JRcrD7teV156cTAfXbY0p4mdt9uK1Lg2H8kE22u2n2pBM6VbR9k/Ou10w1jh
Qw+bdDiMbTGms1F5+xikOfYj+njmqRzYs889hA9ow3LJCXbGJPQzunYfBbr10t1P
hsLboOXmqgWpBEqarfamNIvnAcDkrakWM/9soad3gaFb/LeGWaLBPIYy/NbC7q1M
tyDua0r6cItmKQYxrEb+BKxfq6U7xsFuGdfPKZV+RnyVvZ1U7dR0AA8VbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOYUbynKScEWMLyG649RFCJKcC6yMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvNWhSdktjcEp3Ull3dklicmoxRVVJa3B3THJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwkAfAwQA
w7T5MA0GCSqGSIb3DQEBCwUAA4IBAQB1WDCIz8u4AEnF/7g3MYOh2F0tXxUrPasx
Q1SpIh95uNV0MgC9m+DKmEg0PUw6BI1LiMOkTOI7cq8M2qeXhuaFuz8eUaCk/Lyu
bZzYyvtNaoZZFBqya6n/sx6AgRTOU7QZVirI3TWXPWVLvyyUjCjMn/cnd3v0D1en
58GBwCYdLcVwtf+a5sabM3OYxccxdGikeV87ks4wZcswMSjPbqICVKWrY2KjQ36r
4Ydd4gpfKQWecQZuLfD5jHTuG2xt/VosGYUSDZXe2XvS2veXraMXvOlKNYtrdETY
tUX6QITENN3DWHb4dqJzz8X3cIJaqrYngs0/L7K2h8JWxjdwW9Vl
-----END CERTIFICATE-----