Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/c8cc63-5305-4636-b336-e7176786f74a/1/5Cgfvar3U8e2JabbyGSXkHVU2pc.roa
File:                     5Cgfvar3U8e2JabbyGSXkHVU2pc.roa (raw, json)
Hash identifier:          WkvfwtUxaY76FnmoXe9ft/iF+oKEL0aAPb8lgG5Og5Q=
Subject key identifier:   E4:28:1F:BD:AA:F7:53:C7:B6:25:A6:DB:C8:64:97:90:75:54:DA:97
Certificate issuer:       /CN=17e69ddc29a05b2c45ee3cc5a2340b2e4c6dad5d
Certificate serial:       018CC8DF25FD595799F13BAFC10D2A6D92A8
Authority key identifier: 17:E6:9D:DC:29:A0:5B:2C:45:EE:3C:C5:A2:34:0B:2E:4C:6D:AD:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F-ad3CmgWyxF7jzFojQLLkxtrV0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/c8cc63-5305-4636-b336-e7176786f74a/1/5Cgfvar3U8e2JabbyGSXkHVU2pc.roa
Signing time:             Tue 02 Jan 2024 06:31:56 +0000
ROA not before:           Tue 02 Jan 2024 06:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204035
IP address blocks:        185.94.254.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/c8cc63-5305-4636-b336-e7176786f74a/1/F-ad3CmgWyxF7jzFojQLLkxtrV0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/c8cc63-5305-4636-b336-e7176786f74a/1/F-ad3CmgWyxF7jzFojQLLkxtrV0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F-ad3CmgWyxF7jzFojQLLkxtrV0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:25:fd:59:57:99:f1:3b:af:c1:0d:2a:6d:92:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17e69ddc29a05b2c45ee3cc5a2340b2e4c6dad5d
        Validity
            Not Before: Jan  2 06:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4281fbdaaf753c7b625a6dbc86497907554da97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:20:28:6e:e0:94:ac:85:55:0c:48:41:8a:0f:
                    6a:d1:34:1c:ea:1a:4e:63:1f:9e:96:41:ee:e5:d9:
                    95:4a:96:bd:b9:83:86:45:cb:3d:b7:71:f8:02:15:
                    44:4e:53:e5:ce:83:39:d5:65:64:4d:c4:87:bf:18:
                    c9:f7:63:5d:cf:a4:0a:3b:db:76:c5:96:62:b0:4d:
                    5c:ad:81:41:6f:4d:f5:72:2b:9b:7e:04:49:f7:b4:
                    b8:12:eb:fc:93:9f:88:8a:ab:30:b2:58:7a:16:05:
                    4d:13:cc:81:3e:9f:94:73:21:9e:07:dd:15:fc:c9:
                    1e:29:63:08:80:88:63:f5:80:84:c7:ed:6a:f4:7b:
                    a0:be:7d:93:f2:10:fd:6d:f3:e6:4a:a2:7e:29:10:
                    7f:67:0e:9d:b4:30:26:90:ec:f3:af:9a:34:0d:d2:
                    a7:81:4a:58:c3:e1:a3:89:9b:8a:d8:56:4b:b2:18:
                    ba:2c:44:52:5b:17:8b:6d:fb:2b:61:84:65:55:c4:
                    f1:44:dc:9b:24:2d:22:34:a9:33:6d:e8:cf:8b:f6:
                    8f:c9:c8:04:1a:e1:52:f4:9f:02:a2:03:16:62:f2:
                    d8:db:25:40:01:ac:aa:d2:da:2c:5b:a1:a5:07:75:
                    7f:68:74:34:af:21:82:e7:26:5b:88:91:9e:7e:0a:
                    ff:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:28:1F:BD:AA:F7:53:C7:B6:25:A6:DB:C8:64:97:90:75:54:DA:97
            X509v3 Authority Key Identifier:
                keyid:17:E6:9D:DC:29:A0:5B:2C:45:EE:3C:C5:A2:34:0B:2E:4C:6D:AD:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F-ad3CmgWyxF7jzFojQLLkxtrV0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/c8cc63-5305-4636-b336-e7176786f74a/1/5Cgfvar3U8e2JabbyGSXkHVU2pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/c8cc63-5305-4636-b336-e7176786f74a/1/F-ad3CmgWyxF7jzFojQLLkxtrV0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:59:47:ea:81:ec:c0:9f:6d:44:cf:72:5c:9a:d9:c5:38:11:
         df:53:65:fc:6d:65:1d:e7:72:13:14:fb:9c:6f:4c:9c:2b:e8:
         02:4a:43:3e:fe:7a:ce:b7:25:80:1d:61:21:74:c1:2b:58:1e:
         aa:c3:a3:62:e8:5f:5d:04:23:59:03:fd:ff:80:c4:cf:4e:e9:
         a9:a0:68:f4:56:0a:16:2b:13:41:9e:35:49:7e:eb:db:b1:e4:
         52:68:3d:8a:21:13:d0:d9:50:ac:04:d3:02:41:51:de:52:e0:
         c7:8c:0a:6e:40:34:38:91:b6:a1:26:eb:66:4e:5e:71:99:18:
         0f:ac:78:41:8b:9e:ba:1e:cb:27:37:4d:2a:3a:8f:25:ce:52:
         76:30:02:26:f4:6e:19:6c:48:aa:64:4b:1a:1c:dd:ec:d3:74:
         fb:81:84:03:3a:1d:dc:2f:93:cd:fb:1d:52:a4:ea:28:61:a2:
         98:b0:f9:c7:d2:fa:6e:93:f1:22:57:a9:cb:17:5e:c7:77:04:
         84:2f:cd:44:00:39:0e:24:e8:aa:34:0b:1c:c3:2b:f4:54:67:
         fc:e0:05:24:58:25:11:79:56:a3:b9:6e:07:d4:1c:a0:11:5a:
         0c:27:80:ab:10:c3:e9:81:69:cd:99:12:19:b4:d2:78:3e:0b:
         c7:5b:94:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3yX9WVeZ8TuvwQ0qbZKoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZTY5ZGRjMjlhMDViMmM0NWVlM2NjNWEyMzQwYjJlNGM2
ZGFkNWQwHhcNMjQwMTAyMDYzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDI4MWZiZGFhZjc1M2M3YjYyNWE2ZGJjODY0OTc5MDc1NTRkYTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiAobuCUrIVVDEhBig9q0TQc6hpO
Yx+elkHu5dmVSpa9uYOGRcs9t3H4AhVETlPlzoM51WVkTcSHvxjJ92Ndz6QKO9t2
xZZisE1crYFBb031ciubfgRJ97S4Euv8k5+Iiqswslh6FgVNE8yBPp+UcyGeB90V
/MkeKWMIgIhj9YCEx+1q9Hugvn2T8hD9bfPmSqJ+KRB/Zw6dtDAmkOzzr5o0DdKn
gUpYw+GjiZuK2FZLshi6LERSWxeLbfsrYYRlVcTxRNybJC0iNKkzbejPi/aPycgE
GuFS9J8CogMWYvLY2yVAAayq0tosW6GlB3V/aHQ0ryGC5yZbiJGefgr/SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQoH72q91PHtiWm28hkl5B1VNqXMB8GA1UdIwQY
MBaAFBfmndwpoFssRe48xaI0Cy5Mba1dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRi1hZDNDbWdXeXhGN2p6Rm9qUUxMa3h0clYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9jOGNjNjMtNTMwNS00NjM2LWIzMzYt
ZTcxNzY3ODZmNzRhLzEvNUNnZnZhcjNVOGUySmFiYnlHU1hrSFZVMnBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9jOGNjNjMtNTMwNS00NjM2LWIzMzYtZTcxNzY3ODZmNzRh
LzEvRi1hZDNDbWdXeXhGN2p6Rm9qUUxMa3h0clYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuV7+MA0G
CSqGSIb3DQEBCwUAA4IBAQB8WUfqgezAn21Ez3JcmtnFOBHfU2X8bWUd53ITFPuc
b0ycK+gCSkM+/nrOtyWAHWEhdMErWB6qw6Ni6F9dBCNZA/3/gMTPTumpoGj0VgoW
KxNBnjVJfuvbseRSaD2KIRPQ2VCsBNMCQVHeUuDHjApuQDQ4kbahJutmTl5xmRgP
rHhBi566HssnN00qOo8lzlJ2MAIm9G4ZbEiqZEsaHN3s03T7gYQDOh3cL5PN+x1S
pOooYaKYsPnH0vpuk/EiV6nLF17HdwSEL81EADkOJOiqNAscwyv0VGf84AUkWCUR
eVajuW4H1BygEVoMJ4CrEMPpgWnNmRIZtNJ4PgvHW5Tm
-----END CERTIFICATE-----