Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/da1c43-1916-46ae-8491-35883af9a323/1/5f7GEW8n8oFksnYjWuNRYvpHYuQ.roa
File:                     5f7GEW8n8oFksnYjWuNRYvpHYuQ.roa (raw, json)
Hash identifier:          nXOaoaDUUT/h/WBjJFTDkTb6c8lvmCn+pEflndjgboY=
Subject key identifier:   E5:FE:C6:11:6F:27:F2:81:64:B2:76:23:5A:E3:51:62:FA:47:62:E4
Certificate issuer:       /CN=703c48ed46cb79490e1662db01c31d02d02effe2
Certificate serial:       018E816CF567FF06F2096BC0985562AD909E
Authority key identifier: 70:3C:48:ED:46:CB:79:49:0E:16:62:DB:01:C3:1D:02:D0:2E:FF:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cDxI7UbLeUkOFmLbAcMdAtAu_-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/da1c43-1916-46ae-8491-35883af9a323/1/5f7GEW8n8oFksnYjWuNRYvpHYuQ.roa
Signing time:             Wed 27 Mar 2024 19:39:45 +0000
ROA not before:           Wed 27 Mar 2024 19:39:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6893
IP address blocks:        193.110.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/da1c43-1916-46ae-8491-35883af9a323/1/cDxI7UbLeUkOFmLbAcMdAtAu_-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/da1c43-1916-46ae-8491-35883af9a323/1/cDxI7UbLeUkOFmLbAcMdAtAu_-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cDxI7UbLeUkOFmLbAcMdAtAu_-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:81:6c:f5:67:ff:06:f2:09:6b:c0:98:55:62:ad:90:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=703c48ed46cb79490e1662db01c31d02d02effe2
        Validity
            Not Before: Mar 27 19:39:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5fec6116f27f28164b276235ae35162fa4762e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b8:47:b7:44:e1:f2:5f:c5:f1:e8:0a:bc:e2:
                    88:5a:bb:54:2e:07:8c:00:ca:be:4a:49:22:6d:32:
                    e6:e1:65:b4:d4:65:d8:17:15:4b:f8:30:da:4d:71:
                    d3:3f:c8:c5:92:d3:4e:00:2d:89:bc:b8:68:b7:e7:
                    57:97:2e:bf:c7:22:d9:0d:71:eb:e0:64:1c:16:56:
                    61:53:09:56:dd:6b:8b:64:f9:fb:6b:39:58:2a:8f:
                    49:ad:5d:d6:eb:43:1b:2b:7c:83:df:7a:4a:78:bf:
                    e6:06:ea:d9:f6:02:80:14:52:d6:ac:c1:2b:a1:87:
                    bd:e8:94:9b:f4:f0:30:05:50:22:50:b8:77:26:f9:
                    6e:7e:f3:2b:2d:44:b7:e4:41:39:53:a3:df:1c:1e:
                    2f:09:4a:0a:0e:0f:67:bb:06:30:5c:83:7d:73:e1:
                    eb:fe:37:9d:6a:79:6c:f0:92:2d:04:c7:9c:7b:76:
                    70:2d:36:08:4a:50:2c:2c:5f:be:48:ea:57:cb:94:
                    bf:a0:19:ee:6a:6c:27:80:bd:dc:96:c1:a6:88:16:
                    c7:64:4f:a4:56:07:9d:37:4b:9c:04:bc:ec:d0:67:
                    18:a8:a1:39:d8:4f:61:71:21:81:58:ea:fe:7e:ba:
                    23:f9:02:20:a9:4e:36:62:2e:1f:ae:75:f2:34:e7:
                    58:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:FE:C6:11:6F:27:F2:81:64:B2:76:23:5A:E3:51:62:FA:47:62:E4
            X509v3 Authority Key Identifier:
                keyid:70:3C:48:ED:46:CB:79:49:0E:16:62:DB:01:C3:1D:02:D0:2E:FF:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cDxI7UbLeUkOFmLbAcMdAtAu_-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/da1c43-1916-46ae-8491-35883af9a323/1/5f7GEW8n8oFksnYjWuNRYvpHYuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/da1c43-1916-46ae-8491-35883af9a323/1/cDxI7UbLeUkOFmLbAcMdAtAu_-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:cd:ff:d5:2f:2f:77:48:22:90:29:0c:a9:ab:27:83:f6:fd:
         31:18:d3:33:bc:45:04:fa:92:10:59:b9:ec:46:01:56:1b:20:
         40:a0:c0:ca:f3:25:8c:b2:18:81:07:37:73:54:c6:17:7c:55:
         d4:9e:db:e1:60:c0:16:2f:5f:05:63:b5:d6:59:02:98:59:76:
         22:5a:21:45:65:08:f6:9e:fa:4e:e9:ea:2b:0c:45:ee:ef:9d:
         60:08:86:5f:af:8d:c0:31:4c:0f:59:f9:67:a8:57:c5:af:0a:
         a5:a7:79:cc:b4:db:50:e6:af:4c:35:39:47:04:18:56:80:66:
         af:57:1e:76:f9:c8:48:7e:19:5a:b8:ae:12:fb:39:32:83:08:
         d7:0f:f5:4b:db:22:94:08:75:29:a2:32:4d:cd:20:ff:5e:6a:
         1a:e2:e6:5e:ae:f3:32:8d:6c:ce:c6:a5:d9:4f:17:cd:b1:6e:
         ac:f4:ac:c5:17:37:49:30:e5:7e:5b:f2:06:81:bb:30:9e:88:
         ed:c1:07:25:28:82:4a:20:d4:c4:8b:7c:c8:2b:0c:c7:4a:30:
         e7:4d:f6:54:44:35:c1:a1:87:58:2d:ec:fe:25:e8:dc:b6:8c:
         1f:47:a5:cc:18:8c:74:97:f8:3b:0d:8a:85:c9:60:85:48:21:
         c6:09:0f:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6BbPVn/wbyCWvAmFVirZCeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwM2M0OGVkNDZjYjc5NDkwZTE2NjJkYjAxYzMxZDAyZDAy
ZWZmZTIwHhcNMjQwMzI3MTkzOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWZlYzYxMTZmMjdmMjgxNjRiMjc2MjM1YWUzNTE2MmZhNDc2MmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LhHt0Th8l/F8egKvOKIWrtULgeM
AMq+SkkibTLm4WW01GXYFxVL+DDaTXHTP8jFktNOAC2JvLhot+dXly6/xyLZDXHr
4GQcFlZhUwlW3WuLZPn7azlYKo9JrV3W60MbK3yD33pKeL/mBurZ9gKAFFLWrMEr
oYe96JSb9PAwBVAiULh3JvlufvMrLUS35EE5U6PfHB4vCUoKDg9nuwYwXIN9c+Hr
/jedanls8JItBMece3ZwLTYISlAsLF++SOpXy5S/oBnuamwngL3clsGmiBbHZE+k
VgedN0ucBLzs0GcYqKE52E9hcSGBWOr+froj+QIgqU42Yi4frnXyNOdYXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOX+xhFvJ/KBZLJ2I1rjUWL6R2LkMB8GA1UdIwQY
MBaAFHA8SO1Gy3lJDhZi2wHDHQLQLv/iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0R4STdVYkxlVWtPRm1MYkFjTWRBdEF1Xy1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kYTFjNDMtMTkxNi00NmFlLTg0OTEt
MzU4ODNhZjlhMzIzLzEvNWY3R0VXOG44b0Zrc25Zald1TlJZdnBIWXVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kYTFjNDMtMTkxNi00NmFlLTg0OTEtMzU4ODNhZjlhMzIz
LzEvY0R4STdVYkxlVWtPRm1MYkFjTWRBdEF1Xy1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW5fMA0G
CSqGSIb3DQEBCwUAA4IBAQC9zf/VLy93SCKQKQypqyeD9v0xGNMzvEUE+pIQWbns
RgFWGyBAoMDK8yWMshiBBzdzVMYXfFXUntvhYMAWL18FY7XWWQKYWXYiWiFFZQj2
nvpO6eorDEXu751gCIZfr43AMUwPWflnqFfFrwqlp3nMtNtQ5q9MNTlHBBhWgGav
Vx52+chIfhlauK4S+zkygwjXD/VL2yKUCHUpojJNzSD/Xmoa4uZervMyjWzOxqXZ
TxfNsW6s9KzFFzdJMOV+W/IGgbswnojtwQclKIJKINTEi3zIKwzHSjDnTfZURDXB
oYdYLez+JejctowfR6XMGIx0l/g7DYqFyWCFSCHGCQ+K
-----END CERTIFICATE-----