Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/0e3d64-f290-4893-9a40-c9e141333d58/1/rK5roigYfXhL7vARVIMa5XfmHCM.roa
File:                     rK5roigYfXhL7vARVIMa5XfmHCM.roa (raw, json)
Hash identifier:          lCJMW0BI6GD5AqnE9DylwRMypthcF7aLclly5Z7Vpyw=
Subject key identifier:   AC:AE:6B:A2:28:18:7D:78:4B:EE:F0:11:54:83:1A:E5:77:E6:1C:23
Certificate issuer:       /CN=b53d9f1bc3f0d90b6dcd1e9f6fd1e506188ea7c2
Certificate serial:       018CC801EB25CE1F4D0C2744120171B6CC91
Authority key identifier: B5:3D:9F:1B:C3:F0:D9:0B:6D:CD:1E:9F:6F:D1:E5:06:18:8E:A7:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tT2fG8Pw2QttzR6fb9HlBhiOp8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/0e3d64-f290-4893-9a40-c9e141333d58/1/rK5roigYfXhL7vARVIMa5XfmHCM.roa
Signing time:             Tue 02 Jan 2024 02:30:18 +0000
ROA not before:           Tue 02 Jan 2024 02:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200798
IP address blocks:        185.95.208.0/22 maxlen: 24
                          2a05:fc00::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/0e3d64-f290-4893-9a40-c9e141333d58/1/tT2fG8Pw2QttzR6fb9HlBhiOp8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/0e3d64-f290-4893-9a40-c9e141333d58/1/tT2fG8Pw2QttzR6fb9HlBhiOp8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tT2fG8Pw2QttzR6fb9HlBhiOp8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:eb:25:ce:1f:4d:0c:27:44:12:01:71:b6:cc:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b53d9f1bc3f0d90b6dcd1e9f6fd1e506188ea7c2
        Validity
            Not Before: Jan  2 02:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acae6ba228187d784beef01154831ae577e61c23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:37:38:32:7a:93:20:06:c1:47:6c:ae:29:5d:
                    d8:da:18:51:89:fe:51:78:52:7a:74:04:78:bb:11:
                    57:b0:df:ea:16:70:1f:cb:b4:b3:5e:90:fb:f4:75:
                    4e:a4:9a:1b:35:a6:4b:c5:55:4b:b8:72:26:be:47:
                    64:68:53:45:90:c2:ab:0f:91:b5:82:cb:90:d6:d0:
                    65:62:9a:e1:f2:82:27:e9:40:d3:92:12:0e:10:9b:
                    02:3d:6b:18:a2:51:fd:84:72:20:33:86:46:f7:15:
                    15:50:46:cb:30:05:05:32:2b:78:fd:ac:4d:bb:34:
                    6b:89:bd:d3:e8:d1:95:ac:2a:2e:3e:0b:f1:65:d3:
                    53:ed:33:a2:9d:e9:6c:6a:1a:78:6b:7b:4b:2f:ec:
                    a5:88:f6:e3:ab:96:59:a6:f7:57:5e:ff:71:ea:a6:
                    87:cd:31:28:2c:3a:30:4a:d9:a6:cd:5b:78:02:5b:
                    ee:86:09:43:0c:40:99:f4:50:fb:f7:8f:8c:59:e7:
                    39:66:3f:0e:2c:44:2e:89:bf:c0:48:8a:b5:69:d8:
                    14:ec:b2:6e:bd:33:5d:57:4d:1c:25:38:8c:94:65:
                    f3:6a:ff:c4:2c:91:26:de:a1:61:99:51:6d:c8:de:
                    cc:d0:b6:2f:71:24:8d:d6:40:81:f8:24:44:b9:3b:
                    81:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:AE:6B:A2:28:18:7D:78:4B:EE:F0:11:54:83:1A:E5:77:E6:1C:23
            X509v3 Authority Key Identifier:
                keyid:B5:3D:9F:1B:C3:F0:D9:0B:6D:CD:1E:9F:6F:D1:E5:06:18:8E:A7:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tT2fG8Pw2QttzR6fb9HlBhiOp8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/0e3d64-f290-4893-9a40-c9e141333d58/1/rK5roigYfXhL7vARVIMa5XfmHCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/0e3d64-f290-4893-9a40-c9e141333d58/1/tT2fG8Pw2QttzR6fb9HlBhiOp8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.208.0/22
                IPv6:
                  2a05:fc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         36:78:83:1c:14:4a:d6:80:e8:02:47:6a:52:b9:8c:8d:7d:2c:
         5f:ad:4e:ce:da:e5:2f:bd:89:2e:c5:fb:06:7b:b7:e8:72:19:
         17:38:19:e3:42:74:89:21:c4:48:39:d7:e1:b5:6c:e0:3e:8a:
         c2:40:6f:c9:99:e3:10:2a:67:7b:b5:8d:f2:da:a0:11:5d:91:
         1c:89:3c:83:7c:af:a2:37:65:19:75:93:fc:75:4a:57:8d:e3:
         f2:91:19:ae:11:ca:d6:fc:45:d5:81:f5:45:09:4c:03:e9:ce:
         cf:76:15:51:69:9c:bf:39:3a:47:84:b1:0f:4b:95:98:33:1d:
         56:32:f6:bf:c2:33:39:81:0c:e8:18:22:87:f0:ba:4f:df:f8:
         5c:19:e7:36:68:e7:95:97:85:38:6f:64:e9:d6:df:1a:67:d4:
         15:86:63:79:1c:e9:6b:b1:d8:4f:5a:74:d4:19:c8:49:68:78:
         3f:56:04:9f:10:62:8b:25:4c:35:ef:0a:0a:a8:8a:eb:5c:e2:
         7b:85:a9:bc:ba:9a:7f:f3:a5:10:6b:f8:85:41:58:dc:d2:3c:
         7e:82:5a:c1:aa:87:2a:4d:aa:c5:7f:aa:ce:ce:64:94:e8:65:
         fc:20:d4:b3:b8:30:6a:8a:c2:48:4b:e3:1c:bd:08:32:ce:9f:
         d0:ef:12:35
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAeslzh9NDCdEEgFxtsyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1M2Q5ZjFiYzNmMGQ5MGI2ZGNkMWU5ZjZmZDFlNTA2MTg4
ZWE3YzIwHhcNMjQwMTAyMDIzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2FlNmJhMjI4MTg3ZDc4NGJlZWYwMTE1NDgzMWFlNTc3ZTYxYzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zc4MnqTIAbBR2yuKV3Y2hhRif5R
eFJ6dAR4uxFXsN/qFnAfy7SzXpD79HVOpJobNaZLxVVLuHImvkdkaFNFkMKrD5G1
gsuQ1tBlYprh8oIn6UDTkhIOEJsCPWsYolH9hHIgM4ZG9xUVUEbLMAUFMit4/axN
uzRrib3T6NGVrCouPgvxZdNT7TOinelsahp4a3tLL+yliPbjq5ZZpvdXXv9x6qaH
zTEoLDowStmmzVt4AlvuhglDDECZ9FD794+MWec5Zj8OLEQuib/ASIq1adgU7LJu
vTNdV00cJTiMlGXzav/ELJEm3qFhmVFtyN7M0LYvcSSN1kCB+CREuTuB1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKyua6IoGH14S+7wEVSDGuV35hwjMB8GA1UdIwQY
MBaAFLU9nxvD8NkLbc0en2/R5QYYjqfCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFQyZkc4UHcyUXR0elI2ZmI5SGxCaGlPcDhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8wZTNkNjQtZjI5MC00ODkzLTlhNDAt
YzllMTQxMzMzZDU4LzEvcks1cm9pZ1lmWGhMN3ZBUlZJTWE1WGZtSENNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8wZTNkNjQtZjI5MC00ODkzLTlhNDAtYzllMTQxMzMzZDU4
LzEvdFQyZkc4UHcyUXR0elI2ZmI5SGxCaGlPcDhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuV/QMA0E
AgACMAcDBQMqBfwAMA0GCSqGSIb3DQEBCwUAA4IBAQA2eIMcFErWgOgCR2pSuYyN
fSxfrU7O2uUvvYkuxfsGe7fochkXOBnjQnSJIcRIOdfhtWzgPorCQG/JmeMQKmd7
tY3y2qARXZEciTyDfK+iN2UZdZP8dUpXjePykRmuEcrW/EXVgfVFCUwD6c7PdhVR
aZy/OTpHhLEPS5WYMx1WMva/wjM5gQzoGCKH8LpP3/hcGec2aOeVl4U4b2Tp1t8a
Z9QVhmN5HOlrsdhPWnTUGchJaHg/VgSfEGKLJUw17woKqIrrXOJ7ham8upp/86UQ
a/iFQVjc0jx+glrBqocqTarFf6rOzmSU6GX8INSzuDBqisJIS+McvQgyzp/Q7xI1
-----END CERTIFICATE-----