Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/5SLjzScggJQGrp2D4EoG-DOiyoU.roa
File:                     5SLjzScggJQGrp2D4EoG-DOiyoU.roa (raw, json)
Hash identifier:          78jU0QYGG1rop6/7aG/CJvxdBXnjpM/QrRx8NdeYAIo=
Subject key identifier:   E5:22:E3:CD:27:20:80:94:06:AE:9D:83:E0:4A:06:F8:33:A2:CA:85
Certificate issuer:       /CN=ab882cd6d196ae1f96872acae78321be7a92b8eb
Certificate serial:       018CC3B6E0965127950B70BC917F04A6EAA4
Authority key identifier: AB:88:2C:D6:D1:96:AE:1F:96:87:2A:CA:E7:83:21:BE:7A:92:B8:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/5SLjzScggJQGrp2D4EoG-DOiyoU.roa
Signing time:             Mon 01 Jan 2024 06:29:51 +0000
ROA not before:           Mon 01 Jan 2024 06:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12406
IP address blocks:        194.158.192.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:e0:96:51:27:95:0b:70:bc:91:7f:04:a6:ea:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab882cd6d196ae1f96872acae78321be7a92b8eb
        Validity
            Not Before: Jan  1 06:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e522e3cd2720809406ae9d83e04a06f833a2ca85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:1c:a4:f1:29:f6:64:eb:2c:a4:82:78:d1:68:
                    84:cd:4e:21:f4:33:a3:1d:a2:e5:0b:a4:20:a4:ca:
                    1e:7c:22:fd:c8:42:16:0f:27:fc:0a:44:10:96:58:
                    a8:c0:9f:81:df:54:a2:b5:38:d4:0f:e9:e3:99:9e:
                    1b:35:bf:6a:28:3a:b2:4f:17:5d:d1:26:ed:ba:b9:
                    1b:ec:20:00:b3:6a:b4:c1:06:19:9a:60:f1:de:55:
                    14:73:8b:e4:1d:7b:0b:fa:6a:79:95:c0:fc:d6:7d:
                    e7:3c:35:c7:d5:7d:f7:5f:5d:3a:7a:7f:15:54:c8:
                    6c:67:9c:9b:42:85:0c:75:b0:18:ef:2c:c7:f3:7b:
                    ee:dd:1e:e0:9d:d9:fe:94:2d:3b:00:dc:90:5a:b4:
                    50:7b:89:83:46:e5:c2:ab:cb:39:2e:2c:82:8a:0e:
                    0f:a3:98:60:29:03:c0:d8:0e:c7:e4:38:de:5e:c4:
                    bd:de:00:c7:dc:4f:a9:b0:ee:eb:f8:9a:7d:0b:35:
                    1e:3a:61:84:46:74:43:11:71:65:8c:20:99:5c:64:
                    99:cd:ad:4c:5b:29:7a:f5:23:74:93:00:34:4f:b8:
                    09:40:4d:dc:3c:4a:2f:c6:d7:fc:27:85:86:a1:f1:
                    d7:80:57:f9:5c:e9:8c:80:03:fb:bf:ab:cb:cf:53:
                    2f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:22:E3:CD:27:20:80:94:06:AE:9D:83:E0:4A:06:F8:33:A2:CA:85
            X509v3 Authority Key Identifier:
                keyid:AB:88:2C:D6:D1:96:AE:1F:96:87:2A:CA:E7:83:21:BE:7A:92:B8:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/5SLjzScggJQGrp2D4EoG-DOiyoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.158.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2c:3f:11:48:af:1e:05:32:a3:10:c3:a6:bc:e2:86:f5:6b:a4:
         a0:73:d0:ee:9c:63:3e:9c:c6:d3:83:c9:d0:97:f4:de:56:f7:
         27:ec:c7:19:ec:c4:ed:df:ba:4b:37:ce:2f:b9:ae:0e:67:c3:
         a9:47:c5:2f:79:4e:c7:ba:ea:fc:60:2c:04:2a:d6:ac:ee:f6:
         78:12:40:0f:98:6c:a9:83:ae:bc:3a:b7:d1:22:aa:53:4f:ac:
         63:47:1f:aa:b5:f2:df:70:36:63:ae:81:fe:1b:91:2e:55:e4:
         bc:1f:23:57:36:53:6e:a0:a7:ca:88:eb:36:81:8e:10:80:e2:
         35:74:21:a3:51:5f:82:6e:07:37:f9:8b:c5:c8:06:5a:33:08:
         19:12:bb:54:48:56:81:73:7f:37:74:a2:d1:ba:bb:68:ca:3f:
         f2:ea:06:a3:5b:49:71:5b:91:87:2f:2c:6f:9f:79:dd:fe:9b:
         70:da:4b:73:f1:ee:dd:4d:42:9c:2a:80:54:1f:6f:95:21:c1:
         26:71:6c:cf:81:20:ac:8d:aa:2d:bf:8d:ae:64:5e:96:f6:75:
         08:bc:1a:6d:18:f4:32:4d:89:77:fe:79:64:66:c5:3b:8e:83:
         58:ba:2e:2f:93:8c:47:d7:11:59:d8:eb:42:e4:7e:11:ee:7e:
         cb:33:d0:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtuCWUSeVC3C8kX8EpuqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiODgyY2Q2ZDE5NmFlMWY5Njg3MmFjYWU3ODMyMWJlN2E5
MmI4ZWIwHhcNMjQwMTAxMDYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTIyZTNjZDI3MjA4MDk0MDZhZTlkODNlMDRhMDZmODMzYTJjYTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ryk8Sn2ZOsspIJ40WiEzU4h9DOj
HaLlC6QgpMoefCL9yEIWDyf8CkQQlliowJ+B31SitTjUD+njmZ4bNb9qKDqyTxdd
0Sbturkb7CAAs2q0wQYZmmDx3lUUc4vkHXsL+mp5lcD81n3nPDXH1X33X106en8V
VMhsZ5ybQoUMdbAY7yzH83vu3R7gndn+lC07ANyQWrRQe4mDRuXCq8s5LiyCig4P
o5hgKQPA2A7H5DjeXsS93gDH3E+psO7r+Jp9CzUeOmGERnRDEXFljCCZXGSZza1M
Wyl69SN0kwA0T7gJQE3cPEovxtf8J4WGofHXgFf5XOmMgAP7v6vLz1Mv5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUi480nIICUBq6dg+BKBvgzosqFMB8GA1UdIwQY
MBaAFKuILNbRlq4flocqyueDIb56krjrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTRnczF0R1dyaC1XaHlySzU0TWh2bnFTdU9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80YjZjYzktMDlkMy00Njc4LWIwYTct
OTUwYzE4MDU5NmQwLzEvNVNManpTY2dnSlFHcnAyRDRFb0ctRE9peW9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80YjZjYzktMDlkMy00Njc4LWIwYTctOTUwYzE4MDU5NmQw
LzEvcTRnczF0R1dyaC1XaHlySzU0TWh2bnFTdU9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwp7AMA0G
CSqGSIb3DQEBCwUAA4IBAQAsPxFIrx4FMqMQw6a84ob1a6Sgc9DunGM+nMbTg8nQ
l/TeVvcn7McZ7MTt37pLN84vua4OZ8OpR8UveU7Huur8YCwEKtas7vZ4EkAPmGyp
g668OrfRIqpTT6xjRx+qtfLfcDZjroH+G5EuVeS8HyNXNlNuoKfKiOs2gY4QgOI1
dCGjUV+Cbgc3+YvFyAZaMwgZErtUSFaBc383dKLRurtoyj/y6gajW0lxW5GHLyxv
n3nd/ptw2ktz8e7dTUKcKoBUH2+VIcEmcWzPgSCsjaotv42uZF6W9nUIvBptGPQy
TYl3/nlkZsU7joNYui4vk4xH1xFZ2OtC5H4R7n7LM9DM
-----END CERTIFICATE-----