Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/445228-b442-4e16-ad69-8ffddb5e3c26/1/5GwgfZne-q2GRIBIA5Gw-wDtOxs.roa
File:                     5GwgfZne-q2GRIBIA5Gw-wDtOxs.roa (raw, json)
Hash identifier:          VQcUUsDxP1FacdH9571GoiiR/cFThd5oiysFhbc+JI4=
Subject key identifier:   E4:6C:20:7D:99:DE:FA:AD:86:44:80:48:03:91:B0:FB:00:ED:3B:1B
Certificate issuer:       /CN=6417b1e13d32ed3a64a7c3522751623eefabe5f3
Certificate serial:       018E3D0B28758388733D9E7A7FD8CA4AD0B1
Authority key identifier: 64:17:B1:E1:3D:32:ED:3A:64:A7:C3:52:27:51:62:3E:EF:AB:E5:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBex4T0y7Tpkp8NSJ1FiPu-r5fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/445228-b442-4e16-ad69-8ffddb5e3c26/1/5GwgfZne-q2GRIBIA5Gw-wDtOxs.roa
Signing time:             Thu 14 Mar 2024 12:58:45 +0000
ROA not before:           Thu 14 Mar 2024 12:58:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31656
IP address blocks:        195.69.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/445228-b442-4e16-ad69-8ffddb5e3c26/1/ZBex4T0y7Tpkp8NSJ1FiPu-r5fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/445228-b442-4e16-ad69-8ffddb5e3c26/1/ZBex4T0y7Tpkp8NSJ1FiPu-r5fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBex4T0y7Tpkp8NSJ1FiPu-r5fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:0b:28:75:83:88:73:3d:9e:7a:7f:d8:ca:4a:d0:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6417b1e13d32ed3a64a7c3522751623eefabe5f3
        Validity
            Not Before: Mar 14 12:58:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e46c207d99defaad864480480391b0fb00ed3b1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:c4:ce:16:da:68:72:87:cd:33:43:e9:4f:e7:
                    67:c7:7a:25:f1:3d:2a:59:a9:94:37:8d:b0:ee:ee:
                    ec:e3:19:e4:53:f1:55:3a:6b:2f:d6:43:e8:af:95:
                    d8:52:ee:62:1f:1c:4e:e3:49:c5:39:cb:3f:52:8f:
                    22:45:92:94:5f:b4:05:45:66:a6:5d:f2:2d:26:e8:
                    a1:90:3c:71:2a:16:9d:89:55:d0:5c:9d:85:b5:19:
                    b0:1b:9d:41:ef:ed:0d:d8:70:50:ed:18:fc:eb:4a:
                    1c:00:c0:6b:f6:13:ea:e8:20:52:49:7d:a0:8d:b4:
                    b4:62:68:03:ff:2c:5e:da:d0:0c:91:3e:05:24:cd:
                    48:cb:76:54:6b:7e:28:0a:98:18:82:f3:47:02:09:
                    59:bb:b5:c6:53:3c:fe:2b:b3:0d:6e:1b:fe:08:49:
                    80:c9:8a:d1:b1:ca:33:3a:84:6a:ef:a4:4b:6f:68:
                    1f:c7:08:c4:6b:82:78:1f:29:cd:7a:81:52:9f:62:
                    20:41:dd:ad:0b:cb:74:ff:50:3b:49:ef:71:20:39:
                    d7:63:df:89:62:e7:4b:71:e5:71:d9:9b:5b:26:49:
                    3c:50:5c:31:29:4c:c0:cd:1c:cc:ca:1b:ee:e0:4b:
                    57:6e:9f:f6:58:cd:11:4c:34:cb:cd:88:26:4f:28:
                    91:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:6C:20:7D:99:DE:FA:AD:86:44:80:48:03:91:B0:FB:00:ED:3B:1B
            X509v3 Authority Key Identifier:
                keyid:64:17:B1:E1:3D:32:ED:3A:64:A7:C3:52:27:51:62:3E:EF:AB:E5:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBex4T0y7Tpkp8NSJ1FiPu-r5fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/445228-b442-4e16-ad69-8ffddb5e3c26/1/5GwgfZne-q2GRIBIA5Gw-wDtOxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/445228-b442-4e16-ad69-8ffddb5e3c26/1/ZBex4T0y7Tpkp8NSJ1FiPu-r5fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.69.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:97:5b:65:b6:bf:d9:a0:c8:16:4a:90:3e:7c:51:7e:9d:9d:
         ac:93:d5:91:59:80:b1:41:44:73:13:a7:0c:62:1b:af:f2:e8:
         f9:0c:79:29:00:b6:1d:67:f7:82:b3:57:ba:9d:a5:8c:d5:81:
         84:29:4b:1b:3e:44:e9:cd:8c:12:3e:5b:4c:d2:77:b9:d3:df:
         86:b8:c0:3f:85:9a:a2:75:11:a9:ca:f8:2b:d9:24:1c:84:a7:
         6b:1a:f9:fa:17:94:98:e2:75:05:71:9f:ea:7c:ca:b2:c2:01:
         3d:e2:4b:51:39:86:fd:c0:c6:0c:f0:54:00:1f:c8:e5:ad:8e:
         80:0b:57:f4:97:43:40:98:04:f1:1a:81:07:38:17:91:d7:8f:
         0d:1e:0e:f9:3b:44:ae:a5:74:44:dd:9b:5e:c5:b9:42:27:2d:
         f1:f0:51:dc:a9:a5:de:07:cf:5a:39:ea:d8:fd:54:d7:34:c4:
         58:93:89:a3:6f:d5:dc:41:e2:ad:3c:5c:22:df:dc:09:89:70:
         2a:42:d5:31:b1:46:9c:d4:d3:e9:73:72:88:8f:91:04:cc:9a:
         57:66:bc:02:4a:b4:f1:e1:71:7d:30:c1:27:f1:62:dc:86:5c:
         fd:32:a6:9c:73:e3:81:e0:89:cc:c9:5b:c9:fb:27:82:5c:b6:
         70:fd:29:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY49Cyh1g4hzPZ56f9jKStCxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTdiMWUxM2QzMmVkM2E2NGE3YzM1MjI3NTE2MjNlZWZh
YmU1ZjMwHhcNMjQwMzE0MTI1ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDZjMjA3ZDk5ZGVmYWFkODY0NDgwNDgwMzkxYjBmYjAwZWQzYjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMTOFtpocofNM0PpT+dnx3ol8T0q
WamUN42w7u7s4xnkU/FVOmsv1kPor5XYUu5iHxxO40nFOcs/Uo8iRZKUX7QFRWam
XfItJuihkDxxKhadiVXQXJ2FtRmwG51B7+0N2HBQ7Rj860ocAMBr9hPq6CBSSX2g
jbS0YmgD/yxe2tAMkT4FJM1Iy3ZUa34oCpgYgvNHAglZu7XGUzz+K7MNbhv+CEmA
yYrRscozOoRq76RLb2gfxwjEa4J4HynNeoFSn2IgQd2tC8t0/1A7Se9xIDnXY9+J
YudLceVx2ZtbJkk8UFwxKUzAzRzMyhvu4EtXbp/2WM0RTDTLzYgmTyiREQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORsIH2Z3vqthkSASAORsPsA7TsbMB8GA1UdIwQY
MBaAFGQXseE9Mu06ZKfDUidRYj7vq+XzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJleDRUMHk3VHBrcDhOU0oxRmlQdS1yNWZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS80NDUyMjgtYjQ0Mi00ZTE2LWFkNjkt
OGZmZGRiNWUzYzI2LzEvNUd3Z2ZabmUtcTJHUklCSUE1R3ctd0R0T3hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS80NDUyMjgtYjQ0Mi00ZTE2LWFkNjktOGZmZGRiNWUzYzI2
LzEvWkJleDRUMHk3VHBrcDhOU0oxRmlQdS1yNWZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0WeMA0G
CSqGSIb3DQEBCwUAA4IBAQBEl1tltr/ZoMgWSpA+fFF+nZ2sk9WRWYCxQURzE6cM
Yhuv8uj5DHkpALYdZ/eCs1e6naWM1YGEKUsbPkTpzYwSPltM0ne509+GuMA/hZqi
dRGpyvgr2SQchKdrGvn6F5SY4nUFcZ/qfMqywgE94ktROYb9wMYM8FQAH8jlrY6A
C1f0l0NAmATxGoEHOBeR148NHg75O0SupXRE3ZtexblCJy3x8FHcqaXeB89aOerY
/VTXNMRYk4mjb9XcQeKtPFwi39wJiXAqQtUxsUac1NPpc3KIj5EEzJpXZrwCSrTx
4XF9MMEn8WLchlz9Mqacc+OB4InMyVvJ+yeCXLZw/Slk
-----END CERTIFICATE-----