Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/b06337-6517-400b-8cb5-7afa0bcd7976/1/0hfb5qISGkjolenYvj6y3EQ1RyE.roa
File:                     0hfb5qISGkjolenYvj6y3EQ1RyE.roa (raw, json)
Hash identifier:          70E+th+tD/HDI+6XMAOvU4S452HAeVKkPKRv4Eg8bhg=
Subject key identifier:   D2:17:DB:E6:A2:12:1A:48:E8:95:E9:D8:BE:3E:B2:DC:44:35:47:21
Certificate issuer:       /CN=d5a2196ef119221155e1683f8967d254625dae71
Certificate serial:       018CC870B61C920096AC237B25F49CC69585
Authority key identifier: D5:A2:19:6E:F1:19:22:11:55:E1:68:3F:89:67:D2:54:62:5D:AE:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1aIZbvEZIhFV4Wg_iWfSVGJdrnE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/b06337-6517-400b-8cb5-7afa0bcd7976/1/0hfb5qISGkjolenYvj6y3EQ1RyE.roa
Signing time:             Tue 02 Jan 2024 04:31:18 +0000
ROA not before:           Tue 02 Jan 2024 04:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49081
IP address blocks:        188.92.32.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/b06337-6517-400b-8cb5-7afa0bcd7976/1/1aIZbvEZIhFV4Wg_iWfSVGJdrnE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/b06337-6517-400b-8cb5-7afa0bcd7976/1/1aIZbvEZIhFV4Wg_iWfSVGJdrnE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1aIZbvEZIhFV4Wg_iWfSVGJdrnE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 19:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:b6:1c:92:00:96:ac:23:7b:25:f4:9c:c6:95:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5a2196ef119221155e1683f8967d254625dae71
        Validity
            Not Before: Jan  2 04:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d217dbe6a2121a48e895e9d8be3eb2dc44354721
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:7e:d7:e7:08:57:70:51:2c:62:0a:6d:16:ec:
                    66:3b:db:a4:59:37:40:8c:e5:37:ff:65:06:ac:d9:
                    25:df:d9:16:1b:91:00:cc:98:3f:e4:5a:87:9e:89:
                    71:86:72:8f:d4:b1:b5:ad:90:39:00:ef:37:a5:85:
                    1b:3d:25:97:c5:db:71:80:82:2a:8e:4b:82:47:92:
                    98:79:f7:13:c9:85:28:17:f8:4e:15:aa:a2:23:cf:
                    d8:53:17:5f:15:b0:9e:5d:d9:48:08:e5:28:29:40:
                    2e:38:dd:20:15:fc:6f:99:1a:4e:f2:b5:f3:c0:a1:
                    f2:fb:1b:62:89:ac:b0:6c:c3:4f:39:a2:57:3e:06:
                    d4:35:ad:a2:53:78:a4:d2:50:0c:b3:ce:fa:4d:2a:
                    d6:5f:fc:73:e4:64:ae:cc:cb:e2:e4:ae:52:6a:47:
                    4a:8d:cd:76:04:1c:8c:e6:65:dd:29:39:de:a3:a5:
                    39:b2:49:da:e8:6f:c0:8d:02:e8:76:fd:c5:2f:d3:
                    8f:a4:9e:ff:75:c2:20:fe:d5:0c:3c:9a:02:61:ae:
                    99:ce:87:01:25:d0:cd:a5:8d:d1:99:fc:42:8f:b0:
                    50:fc:da:b8:16:d1:e0:08:9e:14:6e:b3:ed:ba:21:
                    c3:f8:be:5e:e8:67:08:0d:1a:5d:1b:0d:17:15:01:
                    64:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:17:DB:E6:A2:12:1A:48:E8:95:E9:D8:BE:3E:B2:DC:44:35:47:21
            X509v3 Authority Key Identifier:
                keyid:D5:A2:19:6E:F1:19:22:11:55:E1:68:3F:89:67:D2:54:62:5D:AE:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1aIZbvEZIhFV4Wg_iWfSVGJdrnE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b06337-6517-400b-8cb5-7afa0bcd7976/1/0hfb5qISGkjolenYvj6y3EQ1RyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b06337-6517-400b-8cb5-7afa0bcd7976/1/1aIZbvEZIhFV4Wg_iWfSVGJdrnE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         79:db:0b:b3:a3:99:51:7b:f9:fb:2d:cc:49:6a:76:29:e6:d5:
         f9:81:6d:ca:56:12:c9:63:ee:60:4d:7e:2a:53:8d:3d:fc:3b:
         9b:4d:72:52:5c:ad:2d:86:5e:fe:ac:db:77:8f:4c:f8:b6:cf:
         eb:2a:62:c8:1e:58:97:4d:c5:2f:18:de:d3:39:26:c3:f4:a1:
         1b:42:4e:a0:19:61:82:c1:7a:88:bd:30:c3:ac:97:43:7f:25:
         12:97:23:e3:15:9f:3d:5d:98:9d:54:a9:89:1d:e0:bb:e3:dc:
         41:c5:d2:ef:69:70:f5:05:f2:de:3e:8c:ff:31:c3:97:e9:32:
         1c:f2:90:27:03:cb:7e:e8:22:a8:0b:54:dd:56:94:09:82:ee:
         37:ae:32:99:6b:2f:21:8c:62:90:f1:1f:1e:27:be:d8:46:d5:
         94:19:9c:5a:fc:88:c2:65:1d:27:08:85:5f:23:45:88:97:7f:
         c9:40:67:43:47:a4:e1:66:93:98:24:11:47:5e:85:e4:af:78:
         82:46:d8:af:ae:43:3a:a1:eb:ee:0d:c8:d1:29:57:07:07:bd:
         7d:b2:c1:22:6b:28:79:9c:77:d9:39:71:fd:11:5b:fa:6e:e6:
         98:32:d9:aa:00:6d:31:22:ae:a1:8d:ea:61:e8:a8:f2:7e:28:
         f7:18:64:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcLYckgCWrCN7JfScxpWFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YTIxOTZlZjExOTIyMTE1NWUxNjgzZjg5NjdkMjU0NjI1
ZGFlNzEwHhcNMjQwMTAyMDQzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjE3ZGJlNmEyMTIxYTQ4ZTg5NWU5ZDhiZTNlYjJkYzQ0MzU0NzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsH7X5whXcFEsYgptFuxmO9ukWTdA
jOU3/2UGrNkl39kWG5EAzJg/5FqHnolxhnKP1LG1rZA5AO83pYUbPSWXxdtxgIIq
jkuCR5KYefcTyYUoF/hOFaqiI8/YUxdfFbCeXdlICOUoKUAuON0gFfxvmRpO8rXz
wKHy+xtiiaywbMNPOaJXPgbUNa2iU3ik0lAMs876TSrWX/xz5GSuzMvi5K5SakdK
jc12BByM5mXdKTneo6U5skna6G/AjQLodv3FL9OPpJ7/dcIg/tUMPJoCYa6ZzocB
JdDNpY3RmfxCj7BQ/Nq4FtHgCJ4UbrPtuiHD+L5e6GcIDRpdGw0XFQFk2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNIX2+aiEhpI6JXp2L4+stxENUchMB8GA1UdIwQY
MBaAFNWiGW7xGSIRVeFoP4ln0lRiXa5xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWFJWmJ2RVpJaEZWNFdnX2lXZlNWR0pkcm5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9iMDYzMzctNjUxNy00MDBiLThjYjUt
N2FmYTBiY2Q3OTc2LzEvMGhmYjVxSVNHa2pvbGVuWXZqNnkzRVExUnlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9iMDYzMzctNjUxNy00MDBiLThjYjUtN2FmYTBiY2Q3OTc2
LzEvMWFJWmJ2RVpJaEZWNFdnX2lXZlNWR0pkcm5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvFwgMA0G
CSqGSIb3DQEBCwUAA4IBAQB52wuzo5lRe/n7LcxJanYp5tX5gW3KVhLJY+5gTX4q
U409/DubTXJSXK0thl7+rNt3j0z4ts/rKmLIHliXTcUvGN7TOSbD9KEbQk6gGWGC
wXqIvTDDrJdDfyUSlyPjFZ89XZidVKmJHeC749xBxdLvaXD1BfLePoz/McOX6TIc
8pAnA8t+6CKoC1TdVpQJgu43rjKZay8hjGKQ8R8eJ77YRtWUGZxa/IjCZR0nCIVf
I0WIl3/JQGdDR6ThZpOYJBFHXoXkr3iCRtivrkM6oevuDcjRKVcHB719ssEiayh5
nHfZOXH9EVv6buaYMtmqAG0xIq6hjeph6Kjyfij3GGTm
-----END CERTIFICATE-----