Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/5yQLvjt1YyiGqruSzgZQvo1OXDg.roa
File:                     5yQLvjt1YyiGqruSzgZQvo1OXDg.roa (raw, json)
Hash identifier:          4ck0VBti9YGlaCSlBqKHezkn69pVs3NecvuD1ZMjHgI=
Subject key identifier:   E7:24:0B:BE:3B:75:63:28:86:AA:BB:92:CE:06:50:BE:8D:4E:5C:38
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B81355CA62489CC9EFF4C7AE81544
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/5yQLvjt1YyiGqruSzgZQvo1OXDg.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28982
IP address blocks:        82.143.128.0/18 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:81:35:5c:a6:24:89:cc:9e:ff:4c:7a:e8:15:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7240bbe3b75632886aabb92ce0650be8d4e5c38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c1:b1:97:ed:4e:0b:cb:f7:b1:9b:ef:1f:74:
                    f6:27:d1:d9:01:f1:32:10:ff:32:14:b8:75:3f:57:
                    c9:b0:4d:b3:95:fc:ae:4d:b6:14:d9:ed:d9:18:94:
                    0c:81:26:8f:1e:f8:b1:2c:19:d4:7c:c7:e7:e6:ab:
                    ca:fe:d7:69:fc:e9:43:85:c7:1f:6e:35:2e:0f:d8:
                    7f:09:f9:98:ef:70:ac:59:e8:27:76:89:94:e7:49:
                    2b:da:94:56:5f:54:1f:cd:20:6d:89:d1:44:35:ac:
                    40:5b:4d:ad:f7:88:58:e7:8d:52:63:c0:dd:3e:f7:
                    85:a5:82:39:94:66:bb:2b:1c:7a:e6:4a:5a:e3:70:
                    4e:95:4b:bb:41:f8:9d:af:1b:f2:4b:fc:21:27:d5:
                    56:00:d9:df:a5:df:b9:3a:53:e4:05:10:21:c2:c3:
                    b4:ad:b9:75:6c:5e:73:e5:8e:33:fd:88:6c:d6:5c:
                    7d:7e:6b:47:c6:11:47:f7:00:53:92:58:3a:51:62:
                    22:cd:7f:d6:18:d8:41:3b:ae:07:d1:5c:38:3c:4e:
                    55:3b:14:d7:14:71:e3:57:6b:1f:19:bf:c5:59:7d:
                    57:9b:be:0f:a1:cd:ef:7c:cf:83:6d:0a:6b:2f:8c:
                    99:07:89:6c:5b:0c:38:f7:ac:a6:37:0f:44:34:ba:
                    df:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:24:0B:BE:3B:75:63:28:86:AA:BB:92:CE:06:50:BE:8D:4E:5C:38
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/5yQLvjt1YyiGqruSzgZQvo1OXDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.143.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         21:d5:3e:f2:0a:b6:d6:7a:86:30:d5:9e:58:43:57:e4:df:df:
         21:3c:f5:d8:97:f5:03:a0:e8:8a:4b:7f:a5:ab:41:81:48:c7:
         95:78:da:43:21:fb:57:13:d3:6d:94:18:24:75:aa:8b:4d:9f:
         d1:05:1c:d8:1f:ee:c9:96:2d:e4:3e:30:a0:a9:45:0d:d3:d0:
         34:7b:c0:97:ad:4e:29:b6:63:e6:17:69:c8:b3:4a:d4:9f:78:
         8a:7a:c0:a7:db:a1:98:69:6c:7e:9c:07:12:10:97:28:3a:d3:
         10:a9:49:28:90:6b:80:da:af:25:40:7e:8a:a9:39:c9:74:ff:
         d7:6d:4d:18:5b:a1:ed:b3:7c:50:07:87:d7:d8:8f:f9:00:3f:
         f6:c5:e2:12:b3:80:23:d6:ef:21:1d:a4:cf:9e:dd:95:d8:e9:
         8d:d4:a2:7b:21:e3:4a:3b:76:d8:26:33:14:6e:e1:cb:66:97:
         a4:5c:5c:5b:2f:e0:99:f9:28:00:81:0e:80:31:b6:6d:f2:15:
         a7:83:50:1f:55:80:49:2a:38:80:f7:3f:01:d4:f4:3b:2f:24:
         d1:85:ae:3b:2a:85:c0:27:33:2d:af:b2:c2:22:94:66:9a:66:
         73:f9:c3:db:03:18:de:ef:a8:f2:a5:66:1e:07:23:3c:cf:0e:
         b0:fa:16:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4E1XKYkicye/0x66BVEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzI0MGJiZTNiNzU2MzI4ODZhYWJiOTJjZTA2NTBiZThkNGU1YzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcGxl+1OC8v3sZvvH3T2J9HZAfEy
EP8yFLh1P1fJsE2zlfyuTbYU2e3ZGJQMgSaPHvixLBnUfMfn5qvK/tdp/OlDhccf
bjUuD9h/CfmY73CsWegndomU50kr2pRWX1QfzSBtidFENaxAW02t94hY541SY8Dd
PveFpYI5lGa7Kxx65kpa43BOlUu7QfidrxvyS/whJ9VWANnfpd+5OlPkBRAhwsO0
rbl1bF5z5Y4z/Yhs1lx9fmtHxhFH9wBTklg6UWIizX/WGNhBO64H0Vw4PE5VOxTX
FHHjV2sfGb/FWX1Xm74Poc3vfM+DbQprL4yZB4lsWww496ymNw9ENLrfAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOckC747dWMohqq7ks4GUL6NTlw4MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvNXlRTHZqdDFZeWlHcXJ1U3pnWlF2bzFPWERnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGUo+AMA0G
CSqGSIb3DQEBCwUAA4IBAQAh1T7yCrbWeoYw1Z5YQ1fk398hPPXYl/UDoOiKS3+l
q0GBSMeVeNpDIftXE9NtlBgkdaqLTZ/RBRzYH+7Jli3kPjCgqUUN09A0e8CXrU4p
tmPmF2nIs0rUn3iKesCn26GYaWx+nAcSEJcoOtMQqUkokGuA2q8lQH6KqTnJdP/X
bU0YW6Hts3xQB4fX2I/5AD/2xeISs4Aj1u8hHaTPnt2V2OmN1KJ7IeNKO3bYJjMU
buHLZpekXFxbL+CZ+SgAgQ6AMbZt8hWng1AfVYBJKjiA9z8B1PQ7LyTRha47KoXA
JzMtr7LCIpRmmmZz+cPbAxje76jypWYeByM8zw6w+hY8
-----END CERTIFICATE-----