Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/T5giTxtGiDIpFu1PCEANwtKD_vI.roa
File:                     T5giTxtGiDIpFu1PCEANwtKD_vI.roa (raw, json)
Hash identifier:          bQobCP+WyT1WNv9Z0hBuYyi6cpUbSSS8h9RXuoVi51k=
Subject key identifier:   4F:98:22:4F:1B:46:88:32:29:16:ED:4F:08:40:0D:C2:D2:83:FE:F2
Certificate issuer:       /CN=056ad2f4ffc5872e35a429e53ef179925ff4215e
Certificate serial:       018FD0A68FB57B2DCA2166943B71292AA226
Authority key identifier: 05:6A:D2:F4:FF:C5:87:2E:35:A4:29:E5:3E:F1:79:92:5F:F4:21:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BWrS9P_Fhy41pCnlPvF5kl_0IV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/T5giTxtGiDIpFu1PCEANwtKD_vI.roa
Signing time:             Fri 31 May 2024 21:55:27 +0000
ROA not before:           Fri 31 May 2024 21:55:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214792
IP address blocks:        195.244.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/BWrS9P_Fhy41pCnlPvF5kl_0IV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/BWrS9P_Fhy41pCnlPvF5kl_0IV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BWrS9P_Fhy41pCnlPvF5kl_0IV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 09:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d0:a6:8f:b5:7b:2d:ca:21:66:94:3b:71:29:2a:a2:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=056ad2f4ffc5872e35a429e53ef179925ff4215e
        Validity
            Not Before: May 31 21:55:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f98224f1b4688322916ed4f08400dc2d283fef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:1a:86:54:ee:78:28:16:45:41:17:24:d3:46:
                    b4:52:c0:b7:48:82:14:a6:bc:94:9f:48:eb:9f:94:
                    40:02:a0:36:cc:da:1d:e5:4d:b2:58:1e:3a:cf:55:
                    fd:13:5e:cc:82:24:e1:6a:d7:46:21:6a:a8:0d:61:
                    73:7a:11:e8:9f:97:58:ce:58:94:f4:c6:6e:ca:af:
                    ad:c4:82:7f:b8:fd:65:e8:9e:06:55:92:2e:f2:24:
                    aa:6d:e4:fb:58:9d:46:07:ce:cc:13:5b:43:33:d8:
                    0b:5b:ec:9c:01:d1:1a:f1:c0:f4:6b:50:f6:a9:8b:
                    81:8f:a3:4f:6d:93:fa:dc:9d:2a:88:9a:5c:05:77:
                    08:32:ba:35:24:2e:d2:9a:e6:87:ed:d9:7f:0d:c2:
                    b0:b9:98:af:3a:0d:56:71:2a:1b:9e:43:aa:f0:32:
                    90:e7:cb:3d:2c:83:a5:bd:ed:23:31:9a:ee:ee:39:
                    8e:46:12:05:2f:26:24:2e:ed:6a:e4:94:9a:4e:ad:
                    17:a9:89:2f:33:ec:bd:1f:91:40:80:a8:46:a0:90:
                    dd:3a:04:fc:4a:2a:d6:fc:a3:92:63:da:20:cf:4a:
                    5c:6b:6c:27:a3:c6:4d:ea:db:37:c2:95:2e:6e:eb:
                    6c:dc:a8:59:bb:7a:de:13:f0:a8:7d:1f:ec:14:3b:
                    5f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:98:22:4F:1B:46:88:32:29:16:ED:4F:08:40:0D:C2:D2:83:FE:F2
            X509v3 Authority Key Identifier:
                keyid:05:6A:D2:F4:FF:C5:87:2E:35:A4:29:E5:3E:F1:79:92:5F:F4:21:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BWrS9P_Fhy41pCnlPvF5kl_0IV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/T5giTxtGiDIpFu1PCEANwtKD_vI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/4330fe-dbfc-481f-8fd9-1e4fcb1c60cb/1/BWrS9P_Fhy41pCnlPvF5kl_0IV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.244.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:ee:64:1a:b4:81:a9:56:83:80:10:99:eb:50:d3:aa:7d:c1:
         5d:e4:12:70:33:f3:05:80:f8:c5:c9:03:c5:75:e8:64:5c:60:
         e2:71:1b:c9:c2:71:11:14:92:38:9d:d7:c3:91:a0:64:dc:89:
         4b:b0:4b:4c:52:78:aa:ee:b4:7a:e9:c7:cb:1c:2e:c5:5c:3b:
         43:cb:01:04:37:dd:8d:f2:f0:e8:f4:f6:4f:02:d5:1c:5e:94:
         b3:7f:9e:4d:50:92:35:e7:95:e6:c6:12:ff:de:4f:85:a0:ac:
         f5:0a:47:19:fd:b0:39:14:55:1d:d0:3f:bb:6c:bf:41:a6:d3:
         fe:3a:87:ca:a7:38:94:a2:15:af:9e:6e:97:b8:7a:d5:31:48:
         15:c1:45:b0:95:7e:1b:42:f3:f3:29:f1:7a:f3:58:78:9d:28:
         c2:b0:3d:2c:0c:1b:a8:43:14:fd:6b:99:38:91:ea:b9:08:7e:
         10:e8:84:c7:aa:87:26:b2:d8:76:26:59:1f:e8:e7:76:e9:ad:
         cd:24:a1:7c:87:76:b9:6c:66:72:36:b6:38:65:d4:c9:1b:c6:
         24:95:65:6e:d1:0e:4d:7e:03:2c:ff:7c:01:2b:c0:05:a7:bf:
         84:10:8b:b7:05:f0:bf:8e:dd:c0:47:26:6c:a6:6c:b7:6c:9a:
         84:15:87:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/Qpo+1ey3KIWaUO3EpKqImMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NmFkMmY0ZmZjNTg3MmUzNWE0MjllNTNlZjE3OTkyNWZm
NDIxNWUwHhcNMjQwNTMxMjE1NTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjk4MjI0ZjFiNDY4ODMyMjkxNmVkNGYwODQwMGRjMmQyODNmZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RqGVO54KBZFQRck00a0UsC3SIIU
pryUn0jrn5RAAqA2zNod5U2yWB46z1X9E17MgiThatdGIWqoDWFzehHon5dYzliU
9MZuyq+txIJ/uP1l6J4GVZIu8iSqbeT7WJ1GB87ME1tDM9gLW+ycAdEa8cD0a1D2
qYuBj6NPbZP63J0qiJpcBXcIMro1JC7SmuaH7dl/DcKwuZivOg1WcSobnkOq8DKQ
58s9LIOlve0jMZru7jmORhIFLyYkLu1q5JSaTq0XqYkvM+y9H5FAgKhGoJDdOgT8
SirW/KOSY9ogz0pca2wno8ZN6ts3wpUubuts3KhZu3reE/CofR/sFDtfmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+YIk8bRogyKRbtTwhADcLSg/7yMB8GA1UdIwQY
MBaAFAVq0vT/xYcuNaQp5T7xeZJf9CFeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQldyUzlQX0ZoeTQxcENubFB2RjVrbF8wSVY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC80MzMwZmUtZGJmYy00ODFmLThmZDkt
MWU0ZmNiMWM2MGNiLzEvVDVnaVR4dEdpRElwRnUxUENFQU53dEtEX3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC80MzMwZmUtZGJmYy00ODFmLThmZDktMWU0ZmNiMWM2MGNi
LzEvQldyUzlQX0ZoeTQxcENubFB2RjVrbF8wSVY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/TtMA0G
CSqGSIb3DQEBCwUAA4IBAQCl7mQatIGpVoOAEJnrUNOqfcFd5BJwM/MFgPjFyQPF
dehkXGDicRvJwnERFJI4ndfDkaBk3IlLsEtMUniq7rR66cfLHC7FXDtDywEEN92N
8vDo9PZPAtUcXpSzf55NUJI155XmxhL/3k+FoKz1CkcZ/bA5FFUd0D+7bL9BptP+
OofKpziUohWvnm6XuHrVMUgVwUWwlX4bQvPzKfF681h4nSjCsD0sDBuoQxT9a5k4
keq5CH4Q6ITHqocmsth2Jlkf6Od26a3NJKF8h3a5bGZyNrY4ZdTJG8YklWVu0Q5N
fgMs/3wBK8AFp7+EEIu3BfC/jt3ARyZspmy3bJqEFYcd
-----END CERTIFICATE-----