Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/3d1945-d60e-48ab-88bc-8cfe4b8157d2/1/DeYFRF8SgqWAkexS1A-BHXI9f8k.roa
File:                     DeYFRF8SgqWAkexS1A-BHXI9f8k.roa (raw, json)
Hash identifier:          bNwkEAQRtlZIuFSB/u0r6n11dTYMMes8YeIHkjBbzSM=
Subject key identifier:   0D:E6:05:44:5F:12:82:A5:80:91:EC:52:D4:0F:81:1D:72:3D:7F:C9
Certificate issuer:       /CN=5e717627f7b2fcc56f0d7be469a13171607d2427
Certificate serial:       018E21918C6516EF9F2502F35C9ED6AAFE89
Authority key identifier: 5E:71:76:27:F7:B2:FC:C5:6F:0D:7B:E4:69:A1:31:71:60:7D:24:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XnF2J_ey_MVvDXvkaaExcWB9JCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/3d1945-d60e-48ab-88bc-8cfe4b8157d2/1/DeYFRF8SgqWAkexS1A-BHXI9f8k.roa
Signing time:             Sat 09 Mar 2024 04:56:10 +0000
ROA not before:           Sat 09 Mar 2024 04:56:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        195.254.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/3d1945-d60e-48ab-88bc-8cfe4b8157d2/1/XnF2J_ey_MVvDXvkaaExcWB9JCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/3d1945-d60e-48ab-88bc-8cfe4b8157d2/1/XnF2J_ey_MVvDXvkaaExcWB9JCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XnF2J_ey_MVvDXvkaaExcWB9JCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 01:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:21:91:8c:65:16:ef:9f:25:02:f3:5c:9e:d6:aa:fe:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e717627f7b2fcc56f0d7be469a13171607d2427
        Validity
            Not Before: Mar  9 04:56:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0de605445f1282a58091ec52d40f811d723d7fc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:90:12:ef:b0:6f:6d:aa:ae:11:28:ba:ce:6b:
                    eb:85:90:53:8d:ec:e3:4c:df:d1:01:db:7a:68:7d:
                    0d:fa:1d:41:90:a5:d5:1d:fe:94:54:eb:42:4b:bc:
                    1a:c4:29:dd:8c:4f:01:84:ea:02:21:53:22:98:6d:
                    fd:43:dc:34:11:a8:8b:b5:d4:3f:d5:0e:da:b9:f8:
                    08:bd:5d:52:d9:f4:78:ba:0c:98:ba:b6:6a:7c:bc:
                    75:2a:71:e3:31:c3:b7:93:54:69:17:03:b5:e8:7a:
                    7b:ab:46:80:77:76:ea:a0:b6:ff:ba:23:6e:d8:46:
                    da:e0:c7:31:34:c5:6f:00:a5:19:4f:ba:b8:6e:e4:
                    7a:90:e8:4b:4e:cc:d6:0f:45:44:e6:2f:97:86:90:
                    24:60:82:04:31:19:07:ce:57:0a:f5:75:47:23:03:
                    74:b7:ee:c5:7c:5d:73:f3:98:19:fb:ba:f4:05:75:
                    39:c6:cd:c9:47:a3:4f:f0:80:0b:e7:08:26:83:e4:
                    06:8d:30:df:db:77:0f:ef:be:80:df:90:28:02:35:
                    d0:60:39:cb:e9:aa:ac:77:19:00:1f:9e:07:4b:3c:
                    fc:37:a5:0f:1b:95:6f:f6:69:d1:41:3e:41:7b:25:
                    bd:de:ef:e2:52:11:4a:3a:0a:3a:21:9a:bf:ec:5d:
                    9c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:E6:05:44:5F:12:82:A5:80:91:EC:52:D4:0F:81:1D:72:3D:7F:C9
            X509v3 Authority Key Identifier:
                keyid:5E:71:76:27:F7:B2:FC:C5:6F:0D:7B:E4:69:A1:31:71:60:7D:24:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XnF2J_ey_MVvDXvkaaExcWB9JCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/3d1945-d60e-48ab-88bc-8cfe4b8157d2/1/DeYFRF8SgqWAkexS1A-BHXI9f8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/3d1945-d60e-48ab-88bc-8cfe4b8157d2/1/XnF2J_ey_MVvDXvkaaExcWB9JCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:ec:b9:f7:6e:cd:f3:27:61:bb:ad:ee:40:a3:f4:99:4f:71:
         08:85:b5:dd:68:c8:1e:e4:a1:f6:9d:e4:32:db:dc:63:6b:69:
         6d:e1:bf:78:19:f8:4c:6d:87:12:ae:14:82:18:bb:0d:ec:d2:
         ca:c7:8c:69:43:7d:f5:12:0f:7a:bb:e3:c5:8f:66:83:d9:17:
         f7:65:8c:ad:17:5d:d7:ff:09:8b:56:ae:9b:96:b8:67:bd:17:
         bd:41:e0:83:ef:97:66:cf:be:6c:3c:a3:b1:1c:65:0b:60:5d:
         80:28:c7:c4:1b:e8:0d:5e:85:55:73:01:23:a8:95:b3:7f:54:
         4e:07:35:d0:71:21:4a:cb:9b:71:a0:06:18:f1:a0:d6:a2:d0:
         02:19:81:1b:3b:d4:cc:57:f8:9b:7a:42:80:15:b0:ab:ec:1d:
         36:d8:a0:ff:aa:7c:09:11:f6:5a:df:5a:da:1e:34:c7:97:0b:
         da:8a:b3:6b:92:76:be:33:79:61:09:e6:ab:c5:8f:3c:b6:3c:
         b4:1d:fa:f7:f6:d7:72:24:a1:af:c9:d1:e2:7f:5b:66:51:4d:
         1c:5f:e1:ed:c7:0a:59:64:9e:d6:d5:4b:3d:0d:a2:e1:03:54:
         7f:c5:dc:f5:f7:3f:b1:9e:11:70:93:ff:43:18:bd:c8:60:e6:
         96:0d:89:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4hkYxlFu+fJQLzXJ7Wqv6JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNzE3NjI3ZjdiMmZjYzU2ZjBkN2JlNDY5YTEzMTcxNjA3
ZDI0MjcwHhcNMjQwMzA5MDQ1NjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGU2MDU0NDVmMTI4MmE1ODA5MWVjNTJkNDBmODExZDcyM2Q3ZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5AS77BvbaquESi6zmvrhZBTjezj
TN/RAdt6aH0N+h1BkKXVHf6UVOtCS7waxCndjE8BhOoCIVMimG39Q9w0EaiLtdQ/
1Q7aufgIvV1S2fR4ugyYurZqfLx1KnHjMcO3k1RpFwO16Hp7q0aAd3bqoLb/uiNu
2Eba4McxNMVvAKUZT7q4buR6kOhLTszWD0VE5i+XhpAkYIIEMRkHzlcK9XVHIwN0
t+7FfF1z85gZ+7r0BXU5xs3JR6NP8IAL5wgmg+QGjTDf23cP776A35AoAjXQYDnL
6aqsdxkAH54HSzz8N6UPG5Vv9mnRQT5BeyW93u/iUhFKOgo6IZq/7F2cewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3mBURfEoKlgJHsUtQPgR1yPX/JMB8GA1UdIwQY
MBaAFF5xdif3svzFbw175GmhMXFgfSQnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG5GMkpfZXlfTVZ2RFh2a2FhRXhjV0I5SkNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8zZDE5NDUtZDYwZS00OGFiLTg4YmMt
OGNmZTRiODE1N2QyLzEvRGVZRlJGOFNncVdBa2V4UzFBLUJIWEk5ZjhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8zZDE5NDUtZDYwZS00OGFiLTg4YmMtOGNmZTRiODE1N2Qy
LzEvWG5GMkpfZXlfTVZ2RFh2a2FhRXhjV0I5SkNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/6lMA0G
CSqGSIb3DQEBCwUAA4IBAQAR7Ln3bs3zJ2G7re5Ao/SZT3EIhbXdaMge5KH2neQy
29xja2lt4b94GfhMbYcSrhSCGLsN7NLKx4xpQ331Eg96u+PFj2aD2Rf3ZYytF13X
/wmLVq6blrhnvRe9QeCD75dmz75sPKOxHGULYF2AKMfEG+gNXoVVcwEjqJWzf1RO
BzXQcSFKy5txoAYY8aDWotACGYEbO9TMV/ibekKAFbCr7B022KD/qnwJEfZa31ra
HjTHlwvairNrkna+M3lhCearxY88tjy0Hfr39tdyJKGvydHif1tmUU0cX+HtxwpZ
ZJ7W1Us9DaLhA1R/xdz19z+xnhFwk/9DGL3IYOaWDYku
-----END CERTIFICATE-----