Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/5utVM_zlQApLqYApqS3qtYnckks.roa
File:                     5utVM_zlQApLqYApqS3qtYnckks.roa (raw, json)
Hash identifier:          qPsW2ZK60wU/h2bXbgMdyJqYPUYeqqRLGshk8SuE2bw=
Subject key identifier:   E6:EB:55:33:FC:E5:40:0A:4B:A9:80:29:A9:2D:EA:B5:89:DC:92:4B
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       018CC500E322270CE01A38EA382F2AF6193E
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/5utVM_zlQApLqYApqS3qtYnckks.roa
Signing time:             Mon 01 Jan 2024 12:30:18 +0000
ROA not before:           Mon 01 Jan 2024 12:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209181
IP address blocks:        185.89.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 17:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:e3:22:27:0c:e0:1a:38:ea:38:2f:2a:f6:19:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jan  1 12:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6eb5533fce5400a4ba98029a92deab589dc924b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:75:59:99:eb:a1:dc:46:89:8e:d1:7f:aa:f7:
                    fe:63:f5:55:c1:56:26:00:7f:b0:01:d2:9c:26:d9:
                    5c:bd:3f:db:5a:16:3a:f3:b8:5e:32:97:81:e9:b4:
                    cf:fb:72:71:b9:f3:96:c1:c4:dc:a5:f6:d5:26:76:
                    3f:7e:7a:05:1a:c1:ce:1b:fa:d8:7b:37:fb:40:fe:
                    9c:43:bc:b8:2f:74:d6:9b:6c:8e:b3:52:9f:39:3b:
                    53:d2:c8:c4:ac:49:81:1b:65:c2:f9:90:49:20:19:
                    66:b8:56:a7:ff:f8:b8:7c:39:29:8d:6a:7f:32:b4:
                    5b:2c:cd:6f:3e:fd:89:eb:3c:00:f2:2c:22:21:c4:
                    a2:4a:b3:4f:88:b8:a2:c1:8f:8b:da:3c:41:03:c9:
                    6c:d2:30:c1:4a:90:9c:d1:80:68:62:36:bd:1b:69:
                    2d:2f:15:8e:28:0d:0a:bb:4a:67:e8:f6:a6:13:37:
                    76:fe:07:a5:3c:b2:f1:97:b7:ea:50:c3:38:bc:f7:
                    96:e1:8c:4d:4c:32:0e:0e:1e:75:2a:be:27:2e:c3:
                    7d:7d:05:26:85:1e:de:67:3c:e0:7e:65:9b:f0:4a:
                    d1:05:20:19:3b:bb:bb:a5:19:fb:24:cf:3b:83:57:
                    9f:ca:cd:06:7e:29:a7:1c:42:04:5f:80:8a:68:9f:
                    25:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:EB:55:33:FC:E5:40:0A:4B:A9:80:29:A9:2D:EA:B5:89:DC:92:4B
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/5utVM_zlQApLqYApqS3qtYnckks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:cf:dc:66:62:1b:ba:0a:ae:eb:05:e3:c4:5f:d8:0a:98:5c:
         6d:e2:4f:cc:39:51:f6:57:ed:12:10:54:13:2f:ff:d6:fa:0c:
         9d:4b:f7:2c:1c:51:f3:03:03:18:9e:9a:f2:ab:57:df:89:12:
         4d:bf:85:a4:62:4b:17:69:0b:5e:d5:56:b3:f5:94:1f:d9:c3:
         eb:49:88:a5:72:cb:3f:e8:5c:3c:18:a6:31:5b:5a:16:2a:71:
         bc:0a:be:31:c5:88:c0:9b:49:7f:8b:4e:d9:f7:34:26:1b:b5:
         75:5e:c7:99:59:fb:71:01:c6:ab:02:31:88:f8:f5:50:76:f2:
         1c:d2:57:33:27:2e:2c:89:a9:62:33:0b:e9:74:3e:0b:36:46:
         5f:0f:83:b7:e3:98:99:4d:25:2c:ea:91:ae:04:8d:73:94:72:
         5e:2f:ea:a0:37:35:34:c7:fd:10:d0:6c:c6:c5:83:3b:05:de:
         6f:48:27:d6:87:0b:ef:55:dd:d4:33:c8:af:22:b7:5a:6c:e9:
         df:1e:b4:09:1b:79:d9:02:2e:be:92:66:7b:01:18:01:9e:9b:
         85:49:a8:b4:4f:4c:e2:39:62:2f:d1:3b:c0:8b:ab:38:5c:2e:
         ce:ae:b0:96:80:58:6f:d9:30:66:8b:4f:ef:ca:92:81:a5:b4:
         04:a3:02:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAOMiJwzgGjjqOC8q9hk+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjQwMTAxMTIzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmViNTUzM2ZjZTU0MDBhNGJhOTgwMjlhOTJkZWFiNTg5ZGM5MjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHVZmeuh3EaJjtF/qvf+Y/VVwVYm
AH+wAdKcJtlcvT/bWhY687heMpeB6bTP+3JxufOWwcTcpfbVJnY/fnoFGsHOG/rY
ezf7QP6cQ7y4L3TWm2yOs1KfOTtT0sjErEmBG2XC+ZBJIBlmuFan//i4fDkpjWp/
MrRbLM1vPv2J6zwA8iwiIcSiSrNPiLiiwY+L2jxBA8ls0jDBSpCc0YBoYja9G2kt
LxWOKA0Ku0pn6PamEzd2/gelPLLxl7fqUMM4vPeW4YxNTDIODh51Kr4nLsN9fQUm
hR7eZzzgfmWb8ErRBSAZO7u7pRn7JM87g1efys0GfimnHEIEX4CKaJ8l7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObrVTP85UAKS6mAKakt6rWJ3JJLMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvNXV0Vk1femxRQXBMcVlBcHFTM3F0WW5ja2tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVn4MA0G
CSqGSIb3DQEBCwUAA4IBAQAbz9xmYhu6Cq7rBePEX9gKmFxt4k/MOVH2V+0SEFQT
L//W+gydS/csHFHzAwMYnpryq1ffiRJNv4WkYksXaQte1Vaz9ZQf2cPrSYilcss/
6Fw8GKYxW1oWKnG8Cr4xxYjAm0l/i07Z9zQmG7V1XseZWftxAcarAjGI+PVQdvIc
0lczJy4sialiMwvpdD4LNkZfD4O345iZTSUs6pGuBI1zlHJeL+qgNzU0x/0Q0GzG
xYM7Bd5vSCfWhwvvVd3UM8ivIrdabOnfHrQJG3nZAi6+kmZ7ARgBnpuFSai0T0zi
OWIv0TvAi6s4XC7OrrCWgFhv2TBmi0/vypKBpbQEowKa
-----END CERTIFICATE-----