Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/5eI67oyoj0ore7vh84P0lHQVAIg.roa
File:                     5eI67oyoj0ore7vh84P0lHQVAIg.roa (raw, json)
Hash identifier:          hZVweQfpwbRBDdanYCsPPEDKA26U6V3SWhapuQs4Hsw=
Subject key identifier:   E5:E2:3A:EE:8C:A8:8F:4A:2B:7B:BB:E1:F3:83:F4:94:74:15:00:88
Certificate issuer:       /CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
Certificate serial:       019096296873B0183B2BE6EF09295DF758F6
Authority key identifier: 5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/5eI67oyoj0ore7vh84P0lHQVAIg.roa
Signing time:             Tue 09 Jul 2024 06:23:34 +0000
ROA not before:           Tue 09 Jul 2024 06:23:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8820
IP address blocks:        188.246.17.0/24 maxlen: 24
                          188.246.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 21:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:96:29:68:73:b0:18:3b:2b:e6:ef:09:29:5d:f7:58:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dedd6b0e36f4bd8f1d57e26cc1c2d18c6993c04
        Validity
            Not Before: Jul  9 06:23:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5e23aee8ca88f4a2b7bbbe1f383f49474150088
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2e:36:fc:5e:3e:b1:3f:75:5b:4e:30:14:11:
                    18:47:06:be:40:dc:c0:44:f3:61:cb:61:e0:1b:35:
                    5a:09:0a:44:9f:ec:0c:30:61:7c:29:5c:76:c8:c8:
                    1b:6b:2c:61:d4:95:bc:9c:89:42:3b:49:c3:9d:09:
                    d6:61:96:20:f0:1d:81:d0:2a:28:60:5b:bc:ce:af:
                    34:d1:ee:bd:51:6a:81:53:53:af:4f:5c:9a:fc:62:
                    75:a0:94:d0:a9:67:0c:39:a2:7e:ba:5e:ce:ff:52:
                    70:32:2e:9b:07:58:41:2b:38:be:1b:a4:84:dd:ab:
                    bf:39:48:65:8a:60:53:61:2e:9f:ba:00:ab:9f:f6:
                    4c:dc:a1:f3:0b:93:02:82:23:ed:32:94:ac:ba:00:
                    90:8c:ff:25:48:79:83:33:fa:78:0c:f4:38:ef:f6:
                    a7:00:ee:90:70:75:42:0a:1c:a9:a5:19:25:f0:3a:
                    ac:31:d1:d2:5c:10:2b:ae:88:fd:e5:fd:d8:b0:a4:
                    68:ef:20:96:04:8a:41:5d:89:e6:8d:a5:71:d3:f4:
                    0e:72:98:b8:f1:7f:0c:d2:0a:18:89:84:52:f1:5e:
                    ea:16:da:1c:6a:71:1d:52:fd:c3:4c:15:ce:5b:6c:
                    cd:27:01:cb:07:54:64:58:95:ea:9c:72:80:97:31:
                    d6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:E2:3A:EE:8C:A8:8F:4A:2B:7B:BB:E1:F3:83:F4:94:74:15:00:88
            X509v3 Authority Key Identifier:
                keyid:5D:ED:D6:B0:E3:6F:4B:D8:F1:D5:7E:26:CC:1C:2D:18:C6:99:3C:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/5eI67oyoj0ore7vh84P0lHQVAIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/f03cdc-2945-408c-8889-c69871f5d305/1/Xe3WsONvS9jx1X4mzBwtGMaZPAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.246.17.0/24
                  188.246.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:ea:2b:eb:fc:ff:7c:f9:34:f7:45:d9:e2:28:83:41:a9:72:
         1d:15:ad:99:42:49:c2:aa:97:fd:f8:01:4a:7a:d6:d6:15:6a:
         61:0d:49:ca:ed:8d:d4:1f:7b:5f:ae:b4:20:d3:d9:39:0c:27:
         ed:99:35:07:63:18:75:d9:2d:ca:3e:f6:47:43:e8:e9:b8:8a:
         8a:a0:82:dd:84:41:c9:a1:6f:72:ee:b2:dd:78:77:0f:59:3b:
         74:d9:e7:52:c6:1a:21:38:1e:e5:bf:29:95:68:bb:d1:5f:84:
         81:ab:62:af:01:75:56:a5:ed:3f:33:81:47:9c:b8:d1:b0:2c:
         38:d4:63:a1:08:ed:47:5d:8d:51:fd:21:f3:da:13:6c:e5:89:
         6f:51:99:44:84:61:67:c3:91:6b:bb:bc:40:45:03:0c:17:76:
         c9:b9:6d:8c:30:42:c4:d1:c3:d6:42:23:04:d5:ff:74:ff:4a:
         dd:b4:02:64:e0:df:70:83:f0:70:86:cc:9e:f6:62:1f:da:e9:
         89:df:2b:62:ae:47:42:17:c5:d2:8b:ee:42:ee:51:79:ba:27:
         c0:64:b3:3c:5e:6b:fb:cc:d6:39:95:96:b2:fe:dc:de:c2:41:
         19:38:35:25:52:b5:e5:e8:03:7e:30:f2:66:9a:23:db:d5:b6:
         3a:aa:2b:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZCWKWhzsBg7K+bvCSld91j2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZWRkNmIwZTM2ZjRiZDhmMWQ1N2UyNmNjMWMyZDE4YzY5
OTNjMDQwHhcNMjQwNzA5MDYyMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWUyM2FlZThjYTg4ZjRhMmI3YmJiZTFmMzgzZjQ5NDc0MTUwMDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqS42/F4+sT91W04wFBEYRwa+QNzA
RPNhy2HgGzVaCQpEn+wMMGF8KVx2yMgbayxh1JW8nIlCO0nDnQnWYZYg8B2B0Coo
YFu8zq800e69UWqBU1OvT1ya/GJ1oJTQqWcMOaJ+ul7O/1JwMi6bB1hBKzi+G6SE
3au/OUhlimBTYS6fugCrn/ZM3KHzC5MCgiPtMpSsugCQjP8lSHmDM/p4DPQ47/an
AO6QcHVCChyppRkl8DqsMdHSXBArroj95f3YsKRo7yCWBIpBXYnmjaVx0/QOcpi4
8X8M0goYiYRS8V7qFtocanEdUv3DTBXOW2zNJwHLB1RkWJXqnHKAlzHWkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOXiOu6MqI9KK3u74fOD9JR0FQCIMB8GA1UdIwQY
MBaAFF3t1rDjb0vY8dV+JswcLRjGmTwEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODkt
YzY5ODcxZjVkMzA1LzEvNWVJNjdveW9qMG9yZTd2aDg0UDBsSFFWQUlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9mMDNjZGMtMjk0NS00MDhjLTg4ODktYzY5ODcxZjVkMzA1
LzEvWGUzV3NPTnZTOWp4MVg0bXpCd3RHTWFaUEFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvPYRAwQA
vPYXMA0GCSqGSIb3DQEBCwUAA4IBAQBw6ivr/P98+TT3RdniKINBqXIdFa2ZQknC
qpf9+AFKetbWFWphDUnK7Y3UH3tfrrQg09k5DCftmTUHYxh12S3KPvZHQ+jpuIqK
oILdhEHJoW9y7rLdeHcPWTt02edSxhohOB7lvymVaLvRX4SBq2KvAXVWpe0/M4FH
nLjRsCw41GOhCO1HXY1R/SHz2hNs5YlvUZlEhGFnw5Fru7xARQMMF3bJuW2MMELE
0cPWQiME1f90/0rdtAJk4N9wg/Bwhsye9mIf2umJ3ytirkdCF8XSi+5C7lF5uifA
ZLM8Xmv7zNY5lZay/tzewkEZODUlUrXl6AN+MPJmmiPb1bY6qivy
-----END CERTIFICATE-----