Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/4vSY7pcoyniRcE3BWoDJLaST4-U.roa
File:                     4vSY7pcoyniRcE3BWoDJLaST4-U.roa (raw, json)
Hash identifier:          HCZT/bqiAdnxIIXJTkL3KadJYBbBM96tekJW+BuWlk0=
Subject key identifier:   E2:F4:98:EE:97:28:CA:78:91:70:4D:C1:5A:80:C9:2D:A4:93:E3:E5
Certificate issuer:       /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial:       018CC3496585034ECABE6202279A2950E614
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/4vSY7pcoyniRcE3BWoDJLaST4-U.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60731
IP address blocks:        193.32.202.0/24 maxlen: 24
                          5.149.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:65:85:03:4e:ca:be:62:02:27:9a:29:50:e6:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2f498ee9728ca7891704dc15a80c92da493e3e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8d:b7:c6:39:c3:dc:2a:64:85:b7:61:8f:1c:
                    a0:97:b2:b0:87:ad:7f:73:a5:8e:8b:08:ff:0f:9d:
                    54:c7:06:8f:71:a9:b2:11:39:a0:5e:3a:16:a4:7b:
                    76:4a:10:35:71:12:2a:69:57:cf:75:d8:9b:8c:6e:
                    9f:2e:f7:a4:01:e6:7a:49:9d:97:fd:b1:e2:e3:26:
                    25:fe:ad:2c:ce:45:74:61:5a:af:54:62:50:d2:21:
                    2e:7c:75:4e:80:bb:c0:a9:79:13:82:5e:67:6b:46:
                    70:6d:cc:55:37:fa:42:7c:70:8d:6a:53:6d:ab:ed:
                    00:5a:57:fd:fd:6e:53:2b:36:48:76:cb:81:e3:77:
                    5b:1c:c8:7f:15:c9:5d:31:0f:94:2f:06:5f:fd:49:
                    53:53:60:2a:cc:a7:d7:67:12:f0:04:54:53:74:da:
                    89:19:d0:b5:32:68:f3:0c:9b:28:45:c6:66:ac:28:
                    ec:9c:93:d8:9d:7c:89:79:af:6f:90:c6:17:1a:77:
                    56:09:17:fb:92:a5:ad:22:b2:bf:2f:9a:68:fa:b3:
                    bd:8a:f0:ad:c0:53:36:fd:75:2d:51:5a:52:3a:27:
                    73:07:1b:0f:9f:22:41:e2:86:b4:37:55:dd:d0:62:
                    f2:6f:eb:2c:a8:78:49:1e:d7:0f:f6:0d:53:f6:43:
                    81:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:F4:98:EE:97:28:CA:78:91:70:4D:C1:5A:80:C9:2D:A4:93:E3:E5
            X509v3 Authority Key Identifier:
                keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/4vSY7pcoyniRcE3BWoDJLaST4-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.158.0/24
                  193.32.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:f1:f9:46:28:26:d4:d3:9b:8a:5b:e8:3d:35:f7:0a:ee:04:
         87:43:78:5a:fc:fb:a7:fb:6e:a1:ea:42:1a:d7:7c:b8:9b:03:
         3d:6a:e4:f1:a1:14:73:fc:04:3a:32:f0:c2:6a:68:b3:e0:1e:
         08:0a:1a:62:94:b2:53:10:26:f3:f1:d6:1f:1b:48:78:38:ca:
         eb:88:57:88:3e:7f:75:1d:71:aa:81:c4:b8:93:4d:1f:b8:90:
         ce:74:d5:35:a7:1d:24:3c:8f:dd:9e:14:47:41:d5:c8:a6:9f:
         c0:96:b1:af:e1:83:23:04:d1:12:3a:0c:9f:db:a6:2f:2e:7a:
         53:65:54:7f:07:3d:f5:83:76:82:42:13:86:3d:e8:fb:da:66:
         51:98:2d:7e:c3:10:49:1c:e6:d5:99:e4:65:db:68:68:8c:72:
         4b:4f:5b:2b:18:b4:bd:1b:2f:db:e5:c0:12:7d:41:b0:de:8d:
         fd:b9:55:41:b2:4f:53:56:43:a2:dc:84:5a:bc:f0:c0:11:94:
         89:9c:fc:1f:6c:53:79:8d:51:e9:15:6e:48:aa:0a:14:bf:6d:
         47:7e:34:52:27:b4:4a:ed:2c:4f:2e:f1:35:6b:d2:a8:60:fe:
         aa:a2:12:97:0f:fc:f8:3e:9c:c7:36:c7:bb:a7:7f:6c:37:4c:
         a5:c4:44:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSWWFA07KvmICJ5opUOYUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmY0OThlZTk3MjhjYTc4OTE3MDRkYzE1YTgwYzkyZGE0OTNlM2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmY23xjnD3Cpkhbdhjxygl7Kwh61/
c6WOiwj/D51UxwaPcamyETmgXjoWpHt2ShA1cRIqaVfPddibjG6fLvekAeZ6SZ2X
/bHi4yYl/q0szkV0YVqvVGJQ0iEufHVOgLvAqXkTgl5na0ZwbcxVN/pCfHCNalNt
q+0AWlf9/W5TKzZIdsuB43dbHMh/FcldMQ+ULwZf/UlTU2AqzKfXZxLwBFRTdNqJ
GdC1MmjzDJsoRcZmrCjsnJPYnXyJea9vkMYXGndWCRf7kqWtIrK/L5po+rO9ivCt
wFM2/XUtUVpSOidzBxsPnyJB4oa0N1Xd0GLyb+ssqHhJHtcP9g1T9kOBswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOL0mO6XKMp4kXBNwVqAyS2kk+PlMB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEvNHZTWTdwY295bmlSY0UzQldvREpMYVNUNC1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABZWeAwQA
wSDKMA0GCSqGSIb3DQEBCwUAA4IBAQAs8flGKCbU05uKW+g9NfcK7gSHQ3ha/Pun
+26h6kIa13y4mwM9auTxoRRz/AQ6MvDCamiz4B4IChpilLJTECbz8dYfG0h4OMrr
iFeIPn91HXGqgcS4k00fuJDOdNU1px0kPI/dnhRHQdXIpp/AlrGv4YMjBNESOgyf
26YvLnpTZVR/Bz31g3aCQhOGPej72mZRmC1+wxBJHObVmeRl22hojHJLT1srGLS9
Gy/b5cASfUGw3o39uVVBsk9TVkOi3IRavPDAEZSJnPwfbFN5jVHpFW5IqgoUv21H
fjRSJ7RK7SxPLvE1a9KoYP6qohKXD/z4PpzHNse7p39sN0ylxET+
-----END CERTIFICATE-----