Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/m5wxxPLcNH8N5y_KCLQOLIE612U.roa
File:                     m5wxxPLcNH8N5y_KCLQOLIE612U.roa (raw, json)
Hash identifier:          x9uefpJ6pz7v8ILgP3vcqpps/Am4lQakGs0woQqebS4=
Subject key identifier:   9B:9C:31:C4:F2:DC:34:7F:0D:E7:2F:CA:08:B4:0E:2C:81:3A:D7:65
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       018F1E6B69DE69B83D31DBA68FFE2E9CB505
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/m5wxxPLcNH8N5y_KCLQOLIE612U.roa
Signing time:             Sat 27 Apr 2024 07:18:26 +0000
ROA not before:           Sat 27 Apr 2024 07:18:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.126.156.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1e:6b:69:de:69:b8:3d:31:db:a6:8f:fe:2e:9c:b5:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Apr 27 07:18:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b9c31c4f2dc347f0de72fca08b40e2c813ad765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:4f:33:a4:d0:2e:f7:14:51:d3:1e:0d:28:b8:
                    02:ac:e9:c9:81:c4:03:bd:ca:db:3b:c9:88:d7:73:
                    00:56:95:f4:cf:68:75:09:7d:c0:c7:bd:bc:a3:d3:
                    db:df:e2:a9:ac:75:7e:6a:39:4a:11:51:d7:7f:0b:
                    bd:12:e0:95:73:39:e3:f3:9c:77:a4:b4:e9:e8:ba:
                    8c:fa:12:23:66:36:24:eb:af:9e:c8:9f:ef:cc:d1:
                    dd:2b:50:d8:8d:b7:c1:a2:03:40:4b:a2:e6:1a:01:
                    8c:9e:a3:08:7e:f6:ee:96:7c:ee:ae:68:39:13:cc:
                    aa:35:e7:2c:09:58:45:84:d5:c6:58:27:bd:20:69:
                    dc:bc:de:38:90:8c:10:29:24:9e:a2:a0:fb:14:74:
                    58:ce:00:89:6d:62:58:7c:0d:72:ae:f1:96:65:60:
                    54:14:7c:be:44:9e:3a:93:46:75:77:12:96:03:90:
                    6f:a0:67:8a:18:4b:c0:6e:63:94:7e:7a:ca:f0:7d:
                    1c:ad:54:2f:33:83:30:a8:08:05:5c:c2:c5:3e:59:
                    44:04:ef:a8:1d:80:96:53:bf:5c:b3:c8:df:cc:a4:
                    5b:f3:82:87:ad:fb:d7:81:e5:da:a6:5f:91:01:3f:
                    4f:8e:7a:38:e7:ac:0a:f9:04:9b:fa:f4:7d:ac:67:
                    79:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:9C:31:C4:F2:DC:34:7F:0D:E7:2F:CA:08:B4:0E:2C:81:3A:D7:65
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/m5wxxPLcNH8N5y_KCLQOLIE612U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:4a:02:7f:34:10:9f:d0:df:18:96:79:5e:28:01:ab:c9:c2:
         d4:86:7e:82:3e:66:ce:08:3a:56:53:bd:23:43:13:bc:86:6c:
         a7:e0:f4:67:8a:aa:8d:21:4b:df:c2:41:da:9d:40:07:2f:94:
         ce:a1:38:80:49:1f:10:f1:17:43:14:dd:d2:e1:0a:64:27:fd:
         d5:ec:82:03:30:70:00:37:b8:b4:80:a7:af:6e:ac:92:ce:ab:
         1f:a8:68:99:cb:da:a0:3a:63:3b:d5:00:db:32:36:34:24:9a:
         2d:5a:c3:81:bc:e4:03:4c:e5:a3:80:ec:8d:63:dd:16:8c:9a:
         52:82:76:f0:13:76:a6:b6:e2:1f:71:45:6c:1b:e9:7c:88:3d:
         cd:05:c9:94:5d:4f:6f:6d:de:de:a2:b7:44:0a:2b:35:46:c7:
         46:25:0d:3d:6a:bb:37:8b:83:09:47:86:67:5e:bd:57:64:d5:
         41:c6:99:f9:ff:be:45:6d:bd:ff:10:78:e0:5b:ac:ff:2a:9c:
         ee:1c:ba:b2:25:ea:54:33:02:f2:09:68:18:9d:25:74:a4:86:
         a7:ed:2a:cb:d8:72:cc:ea:60:2d:89:80:62:61:c6:b5:73:bd:
         94:ac:3e:ee:a1:a5:cd:27:28:68:6c:04:8b:17:78:47:e6:f6:
         47:04:9a:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8ea2neabg9Mdumj/4unLUFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQwNDI3MDcxODI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjljMzFjNGYyZGMzNDdmMGRlNzJmY2EwOGI0MGUyYzgxM2FkNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn08zpNAu9xRR0x4NKLgCrOnJgcQD
vcrbO8mI13MAVpX0z2h1CX3Ax728o9Pb3+KprHV+ajlKEVHXfwu9EuCVcznj85x3
pLTp6LqM+hIjZjYk66+eyJ/vzNHdK1DYjbfBogNAS6LmGgGMnqMIfvbulnzurmg5
E8yqNecsCVhFhNXGWCe9IGncvN44kIwQKSSeoqD7FHRYzgCJbWJYfA1yrvGWZWBU
FHy+RJ46k0Z1dxKWA5BvoGeKGEvAbmOUfnrK8H0crVQvM4MwqAgFXMLFPllEBO+o
HYCWU79cs8jfzKRb84KHrfvXgeXapl+RAT9Pjno456wK+QSb+vR9rGd5NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJucMcTy3DR/Decvygi0DiyBOtdlMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvbTV3eHhQTGNOSDhONXlfS0NMUU9MSUU2MTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuX6cMA0G
CSqGSIb3DQEBCwUAA4IBAQCQSgJ/NBCf0N8YlnleKAGrycLUhn6CPmbOCDpWU70j
QxO8hmyn4PRniqqNIUvfwkHanUAHL5TOoTiASR8Q8RdDFN3S4QpkJ/3V7IIDMHAA
N7i0gKevbqySzqsfqGiZy9qgOmM71QDbMjY0JJotWsOBvOQDTOWjgOyNY90WjJpS
gnbwE3amtuIfcUVsG+l8iD3NBcmUXU9vbd7eordECis1RsdGJQ09ars3i4MJR4Zn
Xr1XZNVBxpn5/75Fbb3/EHjgW6z/KpzuHLqyJepUMwLyCWgYnSV0pIan7SrL2HLM
6mAtiYBiYca1c72UrD7uoaXNJyhobASLF3hH5vZHBJp5
-----END CERTIFICATE-----