Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/rH_5_xiM84I5lZHVGi4-6XaN7lI.roa
File:                     rH_5_xiM84I5lZHVGi4-6XaN7lI.roa (raw, json)
Hash identifier:          dqI60RfXEI0Uwj9tmxbcfRal0wwr3sAAMYOwElG9/Vo=
Subject key identifier:   AC:7F:F9:FF:18:8C:F3:82:39:95:91:D5:1A:2E:3E:E9:76:8D:EE:52
Certificate issuer:       /CN=0146b429f8c49611fcfea1efa1a51b9c0eddb6e7
Certificate serial:       018CC9BBFBA32788004763295DFCA58F4B4E
Authority key identifier: 01:46:B4:29:F8:C4:96:11:FC:FE:A1:EF:A1:A5:1B:9C:0E:DD:B6:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/rH_5_xiM84I5lZHVGi4-6XaN7lI.roa
Signing time:             Tue 02 Jan 2024 10:33:09 +0000
ROA not before:           Tue 02 Jan 2024 10:33:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34358
IP address blocks:        193.105.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:fb:a3:27:88:00:47:63:29:5d:fc:a5:8f:4b:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0146b429f8c49611fcfea1efa1a51b9c0eddb6e7
        Validity
            Not Before: Jan  2 10:33:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac7ff9ff188cf382399591d51a2e3ee9768dee52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:13:6b:72:59:74:8e:13:e9:29:1c:82:7a:e0:
                    6d:99:c1:ba:23:03:6a:e3:42:78:81:5f:b1:4a:1e:
                    a2:36:dc:a3:52:0c:24:7d:9c:d0:e3:7a:90:1f:29:
                    52:af:36:a8:bf:b1:65:c5:96:56:3b:2b:2e:42:52:
                    20:33:cf:17:75:1e:8a:3b:5e:6d:6f:c0:1c:b3:dd:
                    6b:92:e1:55:b3:ec:82:c5:c1:66:ec:38:a4:0d:ea:
                    f7:bc:74:7c:36:31:ce:f9:bf:6a:f2:15:70:04:e8:
                    2a:63:45:bd:87:ee:66:7d:ba:f0:64:71:96:ba:03:
                    67:8e:5c:ac:d8:83:95:4a:87:bd:32:19:3b:49:0b:
                    9f:a1:bf:2d:ce:68:2a:19:02:93:e0:a2:4a:61:52:
                    ab:4e:06:32:a5:d5:46:74:07:c7:1d:f8:cb:54:80:
                    96:df:6a:25:be:09:b5:25:0e:b6:17:4c:19:26:b9:
                    a4:94:d4:7b:b5:10:ad:72:47:ed:09:ad:2b:59:43:
                    23:26:3b:2d:44:19:ed:2e:7a:bf:02:9c:98:5e:9c:
                    7d:99:2a:f3:20:28:f3:3f:e2:e4:f9:e9:82:00:5d:
                    e5:9c:0a:f6:54:c4:e1:e8:fc:3f:f7:7c:0d:d2:98:
                    bb:56:54:1d:e5:99:95:cd:8e:a2:28:cd:01:32:e5:
                    bc:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:7F:F9:FF:18:8C:F3:82:39:95:91:D5:1A:2E:3E:E9:76:8D:EE:52
            X509v3 Authority Key Identifier:
                keyid:01:46:B4:29:F8:C4:96:11:FC:FE:A1:EF:A1:A5:1B:9C:0E:DD:B6:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/rH_5_xiM84I5lZHVGi4-6XaN7lI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:08:f0:98:65:e8:e7:47:17:2f:6d:2c:dc:59:91:83:ac:a7:
         66:1f:00:26:88:39:cb:f0:9e:6f:0a:0c:f6:33:2d:a3:75:54:
         8b:54:8e:21:11:6e:bd:e6:3e:a6:bc:63:18:ab:aa:93:75:f9:
         b5:6a:59:19:2b:1f:ea:0b:d8:c2:e9:d7:18:91:3c:0b:d9:db:
         75:b7:5e:fa:a9:70:91:e4:5d:dd:dc:76:44:a8:36:11:3a:5f:
         9c:cd:58:8a:84:21:8e:b7:cf:d9:6c:89:d7:48:c5:3e:ca:49:
         68:8c:31:7a:f6:c4:7f:00:16:6e:d4:63:6f:75:21:e4:8d:af:
         50:33:53:58:4f:65:c6:ed:9c:27:fa:19:37:b8:b8:be:62:c9:
         24:79:53:5e:7b:46:21:d0:9d:22:8f:48:12:2a:61:d7:aa:ad:
         42:dd:55:bf:62:ed:f3:2a:be:5c:18:e6:d0:a4:48:d0:2a:f9:
         a9:c7:16:33:89:91:ea:d8:59:f9:99:68:61:c1:96:c5:55:07:
         92:f5:8a:67:25:3f:58:6c:14:4e:8d:88:59:71:91:65:07:a2:
         21:b2:24:06:6a:79:dd:ef:3d:1b:18:de:63:24:57:d9:4d:0d:
         c7:b0:81:9f:50:c3:79:96:86:01:fd:ab:7b:4c:9e:fe:32:52:
         8e:9c:00:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu/ujJ4gAR2MpXfylj0tOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNDZiNDI5ZjhjNDk2MTFmY2ZlYTFlZmExYTUxYjljMGVk
ZGI2ZTcwHhcNMjQwMTAyMTAzMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzdmZjlmZjE4OGNmMzgyMzk5NTkxZDUxYTJlM2VlOTc2OGRlZTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxNrcll0jhPpKRyCeuBtmcG6IwNq
40J4gV+xSh6iNtyjUgwkfZzQ43qQHylSrzaov7FlxZZWOysuQlIgM88XdR6KO15t
b8Acs91rkuFVs+yCxcFm7DikDer3vHR8NjHO+b9q8hVwBOgqY0W9h+5mfbrwZHGW
ugNnjlys2IOVSoe9Mhk7SQufob8tzmgqGQKT4KJKYVKrTgYypdVGdAfHHfjLVICW
32olvgm1JQ62F0wZJrmklNR7tRCtckftCa0rWUMjJjstRBntLnq/ApyYXpx9mSrz
ICjzP+Lk+emCAF3lnAr2VMTh6Pw/93wN0pi7VlQd5ZmVzY6iKM0BMuW8xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKx/+f8YjPOCOZWR1RouPul2je5SMB8GA1UdIwQY
MBaAFAFGtCn4xJYR/P6h76GlG5wO3bbnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVVhMEtmakVsaEg4X3FIdm9hVWJuQTdkdHVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9lNWUzNzktNjU2ZC00NjIyLWE3YmMt
ZWEyNmU3NDZhMGFkLzEvckhfNV94aU04NEk1bFpIVkdpNC02WGFON2xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9lNWUzNzktNjU2ZC00NjIyLWE3YmMtZWEyNmU3NDZhMGFk
LzEvQVVhMEtmakVsaEg4X3FIdm9hVWJuQTdkdHVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlHMA0G
CSqGSIb3DQEBCwUAA4IBAQARCPCYZejnRxcvbSzcWZGDrKdmHwAmiDnL8J5vCgz2
My2jdVSLVI4hEW695j6mvGMYq6qTdfm1alkZKx/qC9jC6dcYkTwL2dt1t176qXCR
5F3d3HZEqDYROl+czViKhCGOt8/ZbInXSMU+yklojDF69sR/ABZu1GNvdSHkja9Q
M1NYT2XG7Zwn+hk3uLi+YskkeVNee0Yh0J0ij0gSKmHXqq1C3VW/Yu3zKr5cGObQ
pEjQKvmpxxYziZHq2Fn5mWhhwZbFVQeS9YpnJT9YbBROjYhZcZFlB6IhsiQGannd
7z0bGN5jJFfZTQ3HsIGfUMN5loYB/at7TJ7+MlKOnAAw
-----END CERTIFICATE-----