Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/5_SC_9I1xVihPLumudyuFy7O13g.roa
File:                     5_SC_9I1xVihPLumudyuFy7O13g.roa (raw, json)
Hash identifier:          C88SQUclgohEDsA3LlWSV2QxdDe+wG16HQSjoDCds6s=
Subject key identifier:   E7:F4:82:FF:D2:35:C5:58:A1:3C:BB:A6:B9:DC:AE:17:2E:CE:D7:78
Certificate issuer:       /CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
Certificate serial:       018CC6B787BB976336AD8EE26B627DB62850
Authority key identifier: 75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/5_SC_9I1xVihPLumudyuFy7O13g.roa
Signing time:             Mon 01 Jan 2024 20:29:25 +0000
ROA not before:           Mon 01 Jan 2024 20:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216358
IP address blocks:        185.177.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:87:bb:97:63:36:ad:8e:e2:6b:62:7d:b6:28:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
        Validity
            Not Before: Jan  1 20:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7f482ffd235c558a13cbba6b9dcae172eced778
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d7:05:85:1a:0a:b9:83:59:93:43:61:49:6d:
                    ee:8a:c7:1f:68:3e:8e:69:69:31:b5:b4:a9:e5:cc:
                    e2:65:3e:32:21:da:9a:b9:e5:71:08:e5:3f:42:98:
                    83:b7:4c:02:9a:71:b4:3c:51:8c:3b:38:41:36:dd:
                    93:65:a1:2b:50:b9:a9:db:8c:60:91:f3:f2:cb:4f:
                    5d:bd:f6:e4:84:02:1a:66:a4:1e:96:3a:0c:fa:56:
                    33:93:c3:91:98:ed:4a:d4:8a:e0:1f:0e:07:15:28:
                    be:eb:38:ed:0e:6c:2d:01:ee:9b:d2:2c:f9:72:c4:
                    25:00:3c:67:a4:8c:58:e8:f3:69:ee:2a:0e:8c:3d:
                    af:45:73:8b:be:64:07:7c:4e:10:bc:e8:99:e2:28:
                    12:75:b1:8a:e1:59:97:14:6b:d7:5b:99:10:2e:59:
                    c7:2a:95:6b:d7:88:5c:29:41:33:85:62:bb:ad:bd:
                    53:b6:4a:cd:ac:e2:db:7d:1b:33:66:59:f0:bf:a1:
                    6e:7a:16:0e:30:50:51:a6:28:d6:c7:8e:2b:74:b9:
                    0e:dd:9a:ad:30:08:62:d0:37:31:44:8f:ce:1d:96:
                    9c:cc:89:cd:18:15:e4:a2:df:d4:5f:cb:f9:0c:77:
                    c6:4d:e9:31:fe:d8:af:c3:7e:a6:4c:3e:27:aa:67:
                    14:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:F4:82:FF:D2:35:C5:58:A1:3C:BB:A6:B9:DC:AE:17:2E:CE:D7:78
            X509v3 Authority Key Identifier:
                keyid:75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/5_SC_9I1xVihPLumudyuFy7O13g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:72:94:16:9f:c1:d9:3d:ef:b5:9f:4b:0a:ae:10:65:d5:54:
         71:dc:85:d6:cc:33:df:08:c1:71:ef:cf:74:7a:0c:2f:7a:76:
         91:16:6e:8b:db:77:29:87:87:93:29:49:4e:bc:17:0e:c4:66:
         9b:e6:ab:ff:27:a0:81:08:7a:50:e8:19:82:90:7d:7e:48:5f:
         a6:e5:4c:8b:0c:30:c6:78:e8:bf:6b:b3:01:9d:8d:6c:0b:c0:
         50:b5:00:41:d2:6f:87:43:27:b1:c6:a8:9d:60:e4:82:18:4f:
         ce:6a:d6:c0:fe:98:4a:45:c1:b3:01:c0:01:2a:e8:cb:c7:50:
         14:ea:4d:b8:2f:9c:e8:6b:90:59:c6:a8:cf:72:c2:62:4f:6b:
         2a:c2:b8:13:c9:fb:c0:82:35:60:5e:17:e8:e2:56:cc:f7:c9:
         af:e9:31:21:94:85:18:aa:44:8f:e8:c6:6b:ed:a0:da:c8:dc:
         39:84:0a:dc:d5:65:79:cc:e1:04:59:6a:2e:82:93:51:38:4e:
         4b:c9:2c:5d:45:8b:81:dd:5f:64:ce:5d:16:ff:92:fa:c6:7d:
         26:dd:ff:f8:e9:55:7e:c2:db:f6:8a:8c:8f:53:71:4f:c4:7e:
         37:f6:a2:ca:c1:1c:8f:fc:72:1b:18:fa:26:61:98:37:09:7f:
         a2:4f:5a:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4e7l2M2rY7ia2J9tihQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NTRhYzRjN2Y0NTFjNWJiOTM4MmZiY2Q0NmQ3MGM0YzBm
OWRlNTYwHhcNMjQwMTAxMjAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2Y0ODJmZmQyMzVjNTU4YTEzY2JiYTZiOWRjYWUxNzJlY2VkNzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktcFhRoKuYNZk0NhSW3uiscfaD6O
aWkxtbSp5cziZT4yIdqaueVxCOU/QpiDt0wCmnG0PFGMOzhBNt2TZaErULmp24xg
kfPyy09dvfbkhAIaZqQeljoM+lYzk8ORmO1K1IrgHw4HFSi+6zjtDmwtAe6b0iz5
csQlADxnpIxY6PNp7ioOjD2vRXOLvmQHfE4QvOiZ4igSdbGK4VmXFGvXW5kQLlnH
KpVr14hcKUEzhWK7rb1TtkrNrOLbfRszZlnwv6FuehYOMFBRpijWx44rdLkO3Zqt
MAhi0DcxRI/OHZaczInNGBXkot/UX8v5DHfGTekx/tivw36mTD4nqmcUQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOf0gv/SNcVYoTy7prncrhcuztd4MB8GA1UdIwQY
MBaAFHVUrEx/RRxbuTgvvNRtcMTA+d5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4Mjgt
ZDkzMzdkYjM5ZDFmLzEvNV9TQ185STF4VmloUEx1bXVkeXVGeTdPMTNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4MjgtZDkzMzdkYjM5ZDFm
LzEvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubHnMA0G
CSqGSIb3DQEBCwUAA4IBAQAWcpQWn8HZPe+1n0sKrhBl1VRx3IXWzDPfCMFx7890
egwvenaRFm6L23cph4eTKUlOvBcOxGab5qv/J6CBCHpQ6BmCkH1+SF+m5UyLDDDG
eOi/a7MBnY1sC8BQtQBB0m+HQyexxqidYOSCGE/OatbA/phKRcGzAcABKujLx1AU
6k24L5zoa5BZxqjPcsJiT2sqwrgTyfvAgjVgXhfo4lbM98mv6TEhlIUYqkSP6MZr
7aDayNw5hArc1WV5zOEEWWougpNROE5LySxdRYuB3V9kzl0W/5L6xn0m3f/46VV+
wtv2ioyPU3FPxH439qLKwRyP/HIbGPomYZg3CX+iT1pU
-----END CERTIFICATE-----