Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/b75091-3aa4-4032-a394-ecd28a25feef/1/5mWTFtULJPMujRAmwu7b64GvFg4.roa
File:                     5mWTFtULJPMujRAmwu7b64GvFg4.roa (raw, json)
Hash identifier:          XDuOUKFFAbC839q/GkLctdcDwyvzdu6C6/79Fpae13c=
Subject key identifier:   E6:65:93:16:D5:0B:24:F3:2E:8D:10:26:C2:EE:DB:EB:81:AF:16:0E
Certificate issuer:       /CN=728075a4fbdaab42c5ba1933c702fb6a7841022a
Certificate serial:       018F582E8CD60E67CA84F4E2746589DB32B4
Authority key identifier: 72:80:75:A4:FB:DA:AB:42:C5:BA:19:33:C7:02:FB:6A:78:41:02:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/coB1pPvaq0LFuhkzxwL7anhBAio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/b75091-3aa4-4032-a394-ecd28a25feef/1/5mWTFtULJPMujRAmwu7b64GvFg4.roa
Signing time:             Wed 08 May 2024 12:29:56 +0000
ROA not before:           Wed 08 May 2024 12:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        176.97.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/b75091-3aa4-4032-a394-ecd28a25feef/1/coB1pPvaq0LFuhkzxwL7anhBAio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/b75091-3aa4-4032-a394-ecd28a25feef/1/coB1pPvaq0LFuhkzxwL7anhBAio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/coB1pPvaq0LFuhkzxwL7anhBAio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:58:2e:8c:d6:0e:67:ca:84:f4:e2:74:65:89:db:32:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=728075a4fbdaab42c5ba1933c702fb6a7841022a
        Validity
            Not Before: May  8 12:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6659316d50b24f32e8d1026c2eedbeb81af160e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:72:4a:e6:a9:ad:c9:43:01:8e:a5:53:6a:63:
                    3b:49:c1:4e:9a:4e:d3:0d:4f:bb:aa:f6:46:a5:0d:
                    f8:ab:a2:07:63:24:57:47:20:d2:fd:41:01:4d:88:
                    bb:dc:45:57:59:88:7c:00:1d:1c:f1:79:7f:1e:15:
                    67:c1:d4:31:46:11:08:e0:7b:3d:92:e7:02:a6:98:
                    d6:76:e2:93:d6:20:71:4d:89:80:4e:ee:a0:1a:fb:
                    ca:68:41:fc:7b:5d:21:9b:0a:92:92:37:14:bc:2c:
                    18:24:97:7d:4f:44:0d:ad:86:c6:7b:74:49:62:2b:
                    ea:c6:d3:3a:99:38:86:17:43:94:d1:12:53:13:10:
                    35:f6:4a:00:81:2f:3b:e1:03:a2:64:66:f6:68:41:
                    01:89:a5:16:d4:0c:a0:31:a9:d9:80:cf:38:84:21:
                    e4:da:dd:6a:16:9f:84:96:57:3a:2b:d6:50:66:48:
                    f8:41:ab:5a:86:e4:b2:01:19:57:c8:d3:35:f2:0b:
                    cd:62:9a:d9:dd:87:d0:73:83:1c:c5:f7:29:9f:d6:
                    62:41:b3:7d:a3:c0:fe:ea:88:1d:b2:7a:b7:b0:ea:
                    40:fc:10:93:da:e9:e9:80:9f:e8:19:8d:2c:9e:6f:
                    dc:c1:bb:33:a4:28:52:5f:4f:26:9c:7d:06:59:f6:
                    68:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:65:93:16:D5:0B:24:F3:2E:8D:10:26:C2:EE:DB:EB:81:AF:16:0E
            X509v3 Authority Key Identifier:
                keyid:72:80:75:A4:FB:DA:AB:42:C5:BA:19:33:C7:02:FB:6A:78:41:02:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/coB1pPvaq0LFuhkzxwL7anhBAio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/b75091-3aa4-4032-a394-ecd28a25feef/1/5mWTFtULJPMujRAmwu7b64GvFg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/b75091-3aa4-4032-a394-ecd28a25feef/1/coB1pPvaq0LFuhkzxwL7anhBAio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:9a:4f:81:6e:6d:a5:65:03:f8:77:56:eb:fc:54:d5:33:47:
         13:9a:2a:aa:55:0a:62:b1:2d:f9:4b:1e:d0:49:a9:81:e5:99:
         61:1e:42:bf:2c:99:31:82:76:c8:9c:ba:fb:fe:a4:80:1f:26:
         83:4f:51:38:1d:c1:0f:eb:0d:a6:cf:38:f2:c7:92:8e:fa:ee:
         fd:36:5f:4f:dd:08:a0:ef:45:02:2e:dc:c3:45:0b:8e:c6:a1:
         ea:37:0a:d7:44:b9:00:1a:20:64:65:8b:f8:90:14:7f:ef:5e:
         6d:a1:38:11:19:60:44:a6:81:ec:b8:eb:73:37:fa:e6:c6:2f:
         ec:a8:24:5c:a1:fc:09:57:32:38:ca:e8:93:08:a6:8a:1d:f7:
         7d:79:ec:9a:a0:4e:10:d3:10:29:f6:b6:9e:54:d3:a3:2a:0b:
         37:ee:79:2d:fc:b6:db:66:b7:a6:f2:c7:3b:30:63:59:13:44:
         31:e3:fc:0d:c0:20:4e:67:ba:4b:84:1e:be:f4:f7:f0:5a:e1:
         f0:b6:3b:70:48:11:aa:f6:e4:4f:d2:fc:1c:5d:2c:7c:b9:dc:
         7f:c8:d0:21:74:8e:c4:4f:48:46:4a:0c:04:a1:a9:8f:d4:c4:
         64:61:63:d6:2e:6c:f0:de:81:dd:7e:44:f3:1c:61:e8:8a:35:
         e3:43:f2:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9YLozWDmfKhPTidGWJ2zK0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyODA3NWE0ZmJkYWFiNDJjNWJhMTkzM2M3MDJmYjZhNzg0
MTAyMmEwHhcNMjQwNTA4MTIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjY1OTMxNmQ1MGIyNGYzMmU4ZDEwMjZjMmVlZGJlYjgxYWYxNjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHJK5qmtyUMBjqVTamM7ScFOmk7T
DU+7qvZGpQ34q6IHYyRXRyDS/UEBTYi73EVXWYh8AB0c8Xl/HhVnwdQxRhEI4Hs9
kucCppjWduKT1iBxTYmATu6gGvvKaEH8e10hmwqSkjcUvCwYJJd9T0QNrYbGe3RJ
YivqxtM6mTiGF0OU0RJTExA19koAgS874QOiZGb2aEEBiaUW1AygManZgM84hCHk
2t1qFp+Ellc6K9ZQZkj4QatahuSyARlXyNM18gvNYprZ3YfQc4Mcxfcpn9ZiQbN9
o8D+6ogdsnq3sOpA/BCT2unpgJ/oGY0snm/cwbszpChSX08mnH0GWfZoHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOZlkxbVCyTzLo0QJsLu2+uBrxYOMB8GA1UdIwQY
MBaAFHKAdaT72qtCxboZM8cC+2p4QQIqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY29CMXBQdmFxMExGdWhrenh3TDdhbmhCQWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9iNzUwOTEtM2FhNC00MDMyLWEzOTQt
ZWNkMjhhMjVmZWVmLzEvNW1XVEZ0VUxKUE11alJBbXd1N2I2NEd2Rmc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9iNzUwOTEtM2FhNC00MDMyLWEzOTQtZWNkMjhhMjVmZWVm
LzEvY29CMXBQdmFxMExGdWhrenh3TDdhbmhCQWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGGfMA0G
CSqGSIb3DQEBCwUAA4IBAQAxmk+Bbm2lZQP4d1br/FTVM0cTmiqqVQpisS35Sx7Q
SamB5ZlhHkK/LJkxgnbInLr7/qSAHyaDT1E4HcEP6w2mzzjyx5KO+u79Nl9P3Qig
70UCLtzDRQuOxqHqNwrXRLkAGiBkZYv4kBR/715toTgRGWBEpoHsuOtzN/rmxi/s
qCRcofwJVzI4yuiTCKaKHfd9eeyaoE4Q0xAp9raeVNOjKgs37nkt/LbbZrem8sc7
MGNZE0Qx4/wNwCBOZ7pLhB6+9PfwWuHwtjtwSBGq9uRP0vwcXSx8udx/yNAhdI7E
T0hGSgwEoamP1MRkYWPWLmzw3oHdfkTzHGHoijXjQ/Kk
-----END CERTIFICATE-----