Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/5r2DKXWFOzJ3O47HmmS-om3sJTU.roa
File:                     5r2DKXWFOzJ3O47HmmS-om3sJTU.roa (raw, json)
Hash identifier:          TdIu0ZqCO/dE5pDnNxxo02P4Y3BL2QuXw0/2/8P4Dlg=
Subject key identifier:   E6:BD:83:29:75:85:3B:32:77:3B:8E:C7:9A:64:BE:A2:6D:EC:25:35
Certificate issuer:       /CN=35135b81b6c1edd2f6f5bc1c608a5fc9fe926474
Certificate serial:       018CC5DC3D3F0AF0490FD3896510C61DEDC7
Authority key identifier: 35:13:5B:81:B6:C1:ED:D2:F6:F5:BC:1C:60:8A:5F:C9:FE:92:64:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRNbgbbB7dL29bwcYIpfyf6SZHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/5r2DKXWFOzJ3O47HmmS-om3sJTU.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58161
IP address blocks:        178.215.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/NRNbgbbB7dL29bwcYIpfyf6SZHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/NRNbgbbB7dL29bwcYIpfyf6SZHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRNbgbbB7dL29bwcYIpfyf6SZHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3d:3f:0a:f0:49:0f:d3:89:65:10:c6:1d:ed:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35135b81b6c1edd2f6f5bc1c608a5fc9fe926474
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6bd832975853b32773b8ec79a64bea26dec2535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7e:0f:18:f9:5f:71:f8:64:37:74:a6:89:48:
                    fa:d2:0c:6c:1b:51:30:eb:ca:83:11:9f:73:b5:62:
                    25:a5:66:f0:c7:54:3d:64:03:76:97:e1:73:1e:08:
                    e3:3b:1a:81:2d:79:23:14:76:59:12:2e:f1:e2:79:
                    60:cb:a0:c5:c7:79:4c:fa:d3:e4:eb:72:8c:1e:6b:
                    6c:d9:79:3b:3e:cd:1d:ed:19:83:69:67:b4:6a:82:
                    77:ca:eb:83:a8:e1:e5:12:56:5a:4d:07:c6:03:f8:
                    91:e2:47:97:34:7d:c8:fa:7a:2d:b7:29:91:53:d5:
                    61:fc:2e:9b:18:01:be:39:af:a5:b2:8f:e1:a2:66:
                    f8:e2:35:14:24:a3:cc:b7:5c:70:74:da:47:bb:ca:
                    39:60:9f:3f:aa:67:5c:1e:21:8d:6e:fb:52:b0:b2:
                    8b:b7:ee:02:56:cd:ba:59:6c:30:64:67:21:06:4a:
                    3e:4a:18:53:47:7a:13:de:d9:a5:4a:53:2f:10:fb:
                    37:dc:28:92:be:87:f9:ad:04:37:06:ce:94:36:97:
                    64:31:03:4d:7e:e9:c9:1e:de:71:77:5a:35:e1:42:
                    5a:10:6d:b2:1d:55:b8:54:f1:6d:03:e7:1f:75:87:
                    ec:e0:36:14:6f:46:dc:2a:0d:94:48:0a:6f:e2:db:
                    dd:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:BD:83:29:75:85:3B:32:77:3B:8E:C7:9A:64:BE:A2:6D:EC:25:35
            X509v3 Authority Key Identifier:
                keyid:35:13:5B:81:B6:C1:ED:D2:F6:F5:BC:1C:60:8A:5F:C9:FE:92:64:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRNbgbbB7dL29bwcYIpfyf6SZHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/5r2DKXWFOzJ3O47HmmS-om3sJTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/NRNbgbbB7dL29bwcYIpfyf6SZHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.215.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:56:2f:a9:81:dd:28:38:35:ac:bf:40:37:29:70:a8:44:73:
         bb:b4:7e:7a:d9:08:06:45:bc:4b:53:42:9c:0e:ae:5a:ec:41:
         6d:da:0b:31:b8:e2:0a:76:75:3a:8e:19:ae:46:7f:0c:4c:a8:
         ac:9c:6d:5f:92:51:15:54:70:fe:5e:1d:6d:2a:47:35:b5:82:
         d0:4b:ed:bc:3a:21:b2:e5:a9:3a:e4:66:29:b1:d0:e3:9d:0e:
         76:74:bb:18:a3:87:4c:9b:5c:6c:b3:93:a4:14:19:6f:4d:2d:
         24:bc:d7:06:7e:89:9d:64:8b:d7:6f:a5:d1:c3:b8:77:83:e3:
         22:e5:1f:af:9d:22:54:62:46:3f:4b:c9:eb:6d:ef:db:12:1e:
         e2:8c:b0:c4:a5:6d:50:24:13:f7:47:a5:c3:fc:0e:3d:a1:3f:
         25:eb:20:3a:20:03:80:74:a3:19:e8:1a:34:b0:40:d1:53:20:
         2f:80:4d:55:55:8e:67:4d:ab:e9:bd:fb:cf:3e:58:da:0e:a8:
         26:2d:60:22:81:b2:65:80:19:bc:a0:4f:d9:ff:64:df:cd:9c:
         db:42:4c:d9:19:d8:6c:3f:8c:64:34:eb:5f:4d:d3:4b:aa:28:
         58:34:f8:f2:96:fb:53:4f:50:07:8f:d0:78:f9:20:38:85:f6:
         87:b6:06:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3D0/CvBJD9OJZRDGHe3HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTM1YjgxYjZjMWVkZDJmNmY1YmMxYzYwOGE1ZmM5ZmU5
MjY0NzQwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmJkODMyOTc1ODUzYjMyNzczYjhlYzc5YTY0YmVhMjZkZWMyNTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk34PGPlfcfhkN3SmiUj60gxsG1Ew
68qDEZ9ztWIlpWbwx1Q9ZAN2l+FzHgjjOxqBLXkjFHZZEi7x4nlgy6DFx3lM+tPk
63KMHmts2Xk7Ps0d7RmDaWe0aoJ3yuuDqOHlElZaTQfGA/iR4keXNH3I+nottymR
U9Vh/C6bGAG+Oa+lso/homb44jUUJKPMt1xwdNpHu8o5YJ8/qmdcHiGNbvtSsLKL
t+4CVs26WWwwZGchBko+ShhTR3oT3tmlSlMvEPs33CiSvof5rQQ3Bs6UNpdkMQNN
funJHt5xd1o14UJaEG2yHVW4VPFtA+cfdYfs4DYUb0bcKg2USApv4tvd4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOa9gyl1hTsydzuOx5pkvqJt7CU1MB8GA1UdIwQY
MBaAFDUTW4G2we3S9vW8HGCKX8n+kmR0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJOYmdiYkI3ZEwyOWJ3Y1lJcGZ5ZjZTWkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9kMGEwYTAtZDI1YS00NzQ2LTkxMzkt
YTcxNDU2ZGY5OTk3LzEvNXIyREtYV0ZPekozTzQ3SG1tUy1vbTNzSlRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9kMGEwYTAtZDI1YS00NzQ2LTkxMzktYTcxNDU2ZGY5OTk3
LzEvTlJOYmdiYkI3ZEwyOWJ3Y1lJcGZ5ZjZTWkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstcGMA0G
CSqGSIb3DQEBCwUAA4IBAQBsVi+pgd0oODWsv0A3KXCoRHO7tH562QgGRbxLU0Kc
Dq5a7EFt2gsxuOIKdnU6jhmuRn8MTKisnG1fklEVVHD+Xh1tKkc1tYLQS+28OiGy
5ak65GYpsdDjnQ52dLsYo4dMm1xss5OkFBlvTS0kvNcGfomdZIvXb6XRw7h3g+Mi
5R+vnSJUYkY/S8nrbe/bEh7ijLDEpW1QJBP3R6XD/A49oT8l6yA6IAOAdKMZ6Bo0
sEDRUyAvgE1VVY5nTavpvfvPPljaDqgmLWAigbJlgBm8oE/Z/2TfzZzbQkzZGdhs
P4xkNOtfTdNLqihYNPjylvtTT1AHj9B4+SA4hfaHtgbc
-----END CERTIFICATE-----