Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/5EBvZIPkFXpGHslK8JkF8bn9Le4.roa
File:                     5EBvZIPkFXpGHslK8JkF8bn9Le4.roa (raw, json)
Hash identifier:          /USI06r9tXeBuil0ZV6bmA1o0BQIX6WTup427XnNJ0o=
Subject key identifier:   E4:40:6F:64:83:E4:15:7A:46:1E:C9:4A:F0:99:05:F1:B9:FD:2D:EE
Certificate issuer:       /CN=0af61798dd18965c027afa7f93ae030ff5e1d76e
Certificate serial:       018CC3B6F87AEC643BAF51D6B6EDAC2B18EF
Authority key identifier: 0A:F6:17:98:DD:18:96:5C:02:7A:FA:7F:93:AE:03:0F:F5:E1:D7:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/5EBvZIPkFXpGHslK8JkF8bn9Le4.roa
Signing time:             Mon 01 Jan 2024 06:29:57 +0000
ROA not before:           Mon 01 Jan 2024 06:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20877
IP address blocks:        109.205.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/CvYXmN0YllwCevp_k64DD_Xh124.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/CvYXmN0YllwCevp_k64DD_Xh124.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f8:7a:ec:64:3b:af:51:d6:b6:ed:ac:2b:18:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0af61798dd18965c027afa7f93ae030ff5e1d76e
        Validity
            Not Before: Jan  1 06:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4406f6483e4157a461ec94af09905f1b9fd2dee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:98:3b:3f:48:45:a5:7e:71:d6:7e:e7:d2:f2:
                    d9:98:c8:9e:7e:c1:77:76:c6:36:ce:e0:c1:6c:33:
                    16:c9:66:8e:0d:ca:4b:65:ee:17:c0:1e:92:00:e0:
                    31:41:b9:10:ae:2c:01:e4:e8:d3:0c:04:e0:c8:84:
                    1a:7c:3d:50:a8:28:b2:52:be:5b:38:5d:71:88:63:
                    5e:2b:b5:fa:22:01:8a:64:1d:07:47:c1:33:59:b5:
                    31:f2:17:b0:08:ba:26:8e:29:fa:9a:7a:80:55:ba:
                    2b:e9:49:2a:ec:c9:56:4f:97:40:46:61:cd:25:cf:
                    07:58:d6:9f:56:44:52:fb:7d:00:3f:b1:18:ba:ee:
                    eb:cd:80:1a:7e:01:12:ec:9b:96:34:17:fc:7d:70:
                    6e:3d:84:dc:a1:cd:ab:0d:1c:4d:a2:c1:11:ca:89:
                    b9:e7:f0:77:e0:9f:d8:52:72:b0:bc:ce:81:d7:5e:
                    02:36:15:fd:80:a8:5f:24:13:81:24:c3:00:d3:d3:
                    a8:f0:56:56:fa:c8:27:87:d6:5a:23:b6:b6:67:cf:
                    bc:17:d1:b6:3b:49:72:d9:04:db:ff:53:c0:4b:02:
                    21:f7:f0:10:07:99:0f:cf:ae:a2:e5:f9:22:e3:c4:
                    06:f2:c6:d1:2f:0f:5c:7d:8b:a9:55:ee:ce:24:74:
                    68:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:40:6F:64:83:E4:15:7A:46:1E:C9:4A:F0:99:05:F1:B9:FD:2D:EE
            X509v3 Authority Key Identifier:
                keyid:0A:F6:17:98:DD:18:96:5C:02:7A:FA:7F:93:AE:03:0F:F5:E1:D7:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/5EBvZIPkFXpGHslK8JkF8bn9Le4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/CvYXmN0YllwCevp_k64DD_Xh124.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:dd:48:6a:b7:e2:83:b8:8e:f3:4d:7d:bb:65:de:9a:23:80:
         f0:f1:6d:37:cd:75:cc:fb:e9:44:ed:c3:99:a5:e5:9e:23:16:
         3d:97:41:23:39:b6:a9:29:0f:96:36:20:b1:0d:3d:da:21:4a:
         24:3f:7c:fe:af:84:0c:9d:3d:f4:82:3f:fb:e0:9a:65:e9:0e:
         e4:7c:31:f3:e7:ac:fa:a7:bd:23:27:96:5b:82:be:d3:c1:84:
         4e:69:02:f7:04:92:52:f8:4a:ee:a6:01:72:2b:5b:51:f5:20:
         db:3d:01:64:b5:1c:f3:21:04:9c:d3:b1:6e:48:5e:21:10:b8:
         d2:3a:ff:52:cf:4b:a1:02:78:3a:78:d4:38:78:23:97:c1:ac:
         c4:0b:2d:12:fe:b4:2e:5e:3f:dc:59:eb:08:14:e0:14:45:19:
         fb:e3:3e:5d:de:e7:6d:fb:dc:5f:e2:cf:21:54:63:74:4c:d3:
         cc:9b:be:c8:c1:17:e7:28:df:5c:3a:14:0d:24:44:d1:b0:25:
         cd:6b:a7:7e:12:d6:45:a8:50:9c:ba:1f:42:39:39:2c:58:8a:
         e8:07:09:13:33:2d:e3:ba:04:fb:97:41:c3:29:7e:26:b4:0a:
         65:c1:75:83:85:c0:e5:8d:e4:14:e0:72:85:e5:c7:a5:28:e7:
         88:f3:84:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvh67GQ7r1HWtu2sKxjvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhZjYxNzk4ZGQxODk2NWMwMjdhZmE3ZjkzYWUwMzBmZjVl
MWQ3NmUwHhcNMjQwMTAxMDYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDQwNmY2NDgzZTQxNTdhNDYxZWM5NGFmMDk5MDVmMWI5ZmQyZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZg7P0hFpX5x1n7n0vLZmMiefsF3
dsY2zuDBbDMWyWaODcpLZe4XwB6SAOAxQbkQriwB5OjTDATgyIQafD1QqCiyUr5b
OF1xiGNeK7X6IgGKZB0HR8EzWbUx8hewCLomjin6mnqAVbor6Ukq7MlWT5dARmHN
Jc8HWNafVkRS+30AP7EYuu7rzYAafgES7JuWNBf8fXBuPYTcoc2rDRxNosERyom5
5/B34J/YUnKwvM6B114CNhX9gKhfJBOBJMMA09Oo8FZW+sgnh9ZaI7a2Z8+8F9G2
O0ly2QTb/1PASwIh9/AQB5kPz66i5fki48QG8sbRLw9cfYupVe7OJHRoEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORAb2SD5BV6Rh7JSvCZBfG5/S3uMB8GA1UdIwQY
MBaAFAr2F5jdGJZcAnr6f5OuAw/14dduMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3ZZWG1OMFlsbHdDZXZwX2s2NEREX1hoMTI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC82MTUxNjQtNmQ5Ni00ODhhLTk2YmEt
ZDZlMWUzNDdmOWM3LzEvNUVCdlpJUGtGWHBHSHNsSzhKa0Y4Ym45TGU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC82MTUxNjQtNmQ5Ni00ODhhLTk2YmEtZDZlMWUzNDdmOWM3
LzEvQ3ZZWG1OMFlsbHdDZXZwX2s2NEREX1hoMTI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc1bMA0G
CSqGSIb3DQEBCwUAA4IBAQAe3Uhqt+KDuI7zTX27Zd6aI4Dw8W03zXXM++lE7cOZ
peWeIxY9l0EjObapKQ+WNiCxDT3aIUokP3z+r4QMnT30gj/74Jpl6Q7kfDHz56z6
p70jJ5Zbgr7TwYROaQL3BJJS+ErupgFyK1tR9SDbPQFktRzzIQSc07FuSF4hELjS
Ov9Sz0uhAng6eNQ4eCOXwazECy0S/rQuXj/cWesIFOAURRn74z5d3udt+9xf4s8h
VGN0TNPMm77IwRfnKN9cOhQNJETRsCXNa6d+EtZFqFCcuh9COTksWIroBwkTMy3j
ugT7l0HDKX4mtAplwXWDhcDljeQU4HKF5celKOeI84TP
-----END CERTIFICATE-----