Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/47E-iNWWXEqISS9jX01HEWOdSBU.roa
File:                     47E-iNWWXEqISS9jX01HEWOdSBU.roa (raw, json)
Hash identifier:          cKqwognUP6C22xkA0VV16xAz388DpmiqWf8c38KQyLI=
Subject key identifier:   E3:B1:3E:88:D5:96:5C:4A:88:49:2F:63:5F:4D:47:11:63:9D:48:15
Certificate issuer:       /CN=279159ef22f82b936731664ee67c3b6ea96ef443
Certificate serial:       018D68C80481CB4CF5119DD16814C4E2CE40
Authority key identifier: 27:91:59:EF:22:F8:2B:93:67:31:66:4E:E6:7C:3B:6E:A9:6E:F4:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/47E-iNWWXEqISS9jX01HEWOdSBU.roa
Signing time:             Fri 02 Feb 2024 07:45:55 +0000
ROA not before:           Fri 02 Feb 2024 07:45:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48289
IP address blocks:        5.22.192.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:68:c8:04:81:cb:4c:f5:11:9d:d1:68:14:c4:e2:ce:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279159ef22f82b936731664ee67c3b6ea96ef443
        Validity
            Not Before: Feb  2 07:45:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3b13e88d5965c4a88492f635f4d4711639d4815
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:76:e3:79:85:09:8d:fe:bc:26:11:4d:37:11:
                    7d:35:c1:e4:a1:03:c6:3d:65:00:e8:24:26:97:fa:
                    06:30:74:81:0d:5f:07:79:62:c8:d5:b9:e6:4a:96:
                    19:3a:b5:d5:1f:9f:77:60:5e:d7:72:75:06:ab:62:
                    2f:20:4b:4d:c8:89:17:f5:82:62:64:a7:96:c5:3f:
                    8b:9d:a8:06:b6:8e:46:87:62:ae:9e:b8:95:f5:93:
                    fa:45:1c:5c:c6:83:33:46:a5:c9:8d:68:0b:53:3d:
                    a9:f8:d6:74:6d:de:67:33:e1:ae:b0:53:ba:32:4f:
                    78:c6:41:40:23:d0:8f:8b:e8:57:3a:e6:10:50:5f:
                    9f:2d:30:c5:cd:11:84:3d:88:94:9b:99:b8:47:ff:
                    26:b0:fd:22:a3:07:df:b6:1a:72:e2:51:4f:1e:ef:
                    0f:20:ee:67:d7:a6:98:17:6c:f5:85:62:16:6c:ed:
                    ff:ff:b8:6f:c3:5c:de:90:ef:fc:c5:cd:83:50:c2:
                    2f:35:b7:9e:fc:71:40:8e:36:b2:dc:a3:a6:0d:1d:
                    bc:1d:4c:5e:4d:db:97:06:7d:a2:ca:bf:3e:ae:78:
                    6d:91:03:bb:52:a0:ea:56:7f:f7:bc:84:1a:95:88:
                    89:ea:ea:8d:8b:df:26:dd:23:83:16:53:26:88:8c:
                    67:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:B1:3E:88:D5:96:5C:4A:88:49:2F:63:5F:4D:47:11:63:9D:48:15
            X509v3 Authority Key Identifier:
                keyid:27:91:59:EF:22:F8:2B:93:67:31:66:4E:E6:7C:3B:6E:A9:6E:F4:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/47E-iNWWXEqISS9jX01HEWOdSBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.192.0/21

    Signature Algorithm: sha256WithRSAEncryption
         37:51:23:7e:12:1c:dd:f2:82:76:89:00:66:f4:1c:5a:c3:8a:
         4f:90:34:d5:c7:f8:7b:4c:0e:e7:ca:bd:5b:be:43:a1:3f:43:
         1f:03:e4:f1:25:81:dd:5a:34:6e:09:44:51:d8:fb:e3:d2:37:
         39:fe:b0:44:64:c6:15:16:61:97:d3:82:61:52:ec:05:07:4a:
         20:05:45:45:74:5f:70:1d:97:64:d3:d2:1b:5f:68:c3:58:eb:
         74:b7:bc:3d:22:71:32:60:49:d0:20:f8:9c:32:5d:9f:c8:6b:
         f4:05:90:b2:95:c8:42:89:00:8f:c5:89:55:3d:00:10:98:54:
         2e:43:ee:fa:c5:27:5b:5d:51:09:05:97:60:92:83:8b:12:9c:
         32:02:a7:c6:2e:16:7e:04:e2:3a:ab:1f:cb:0d:ed:8c:17:0f:
         38:17:01:1b:e8:9e:d1:7f:8e:dc:87:b8:81:0b:f7:d5:34:a7:
         d4:41:2d:95:c3:a8:d3:6e:13:84:da:05:2e:9a:8d:42:47:b1:
         d1:89:49:5e:f5:38:1f:41:13:1f:be:76:27:19:5e:c3:89:fd:
         bf:29:d7:11:91:4f:c2:bc:17:b2:f1:4c:46:2d:50:85:00:c2:
         05:bb:78:e8:e9:f8:41:69:a3:58:05:9e:54:40:1d:a3:5c:4a:
         a7:57:e6:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1oyASBy0z1EZ3RaBTE4s5AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTE1OWVmMjJmODJiOTM2NzMxNjY0ZWU2N2MzYjZlYTk2
ZWY0NDMwHhcNMjQwMjAyMDc0NTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2IxM2U4OGQ1OTY1YzRhODg0OTJmNjM1ZjRkNDcxMTYzOWQ0ODE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknbjeYUJjf68JhFNNxF9NcHkoQPG
PWUA6CQml/oGMHSBDV8HeWLI1bnmSpYZOrXVH593YF7XcnUGq2IvIEtNyIkX9YJi
ZKeWxT+LnagGto5Gh2KunriV9ZP6RRxcxoMzRqXJjWgLUz2p+NZ0bd5nM+GusFO6
Mk94xkFAI9CPi+hXOuYQUF+fLTDFzRGEPYiUm5m4R/8msP0iowffthpy4lFPHu8P
IO5n16aYF2z1hWIWbO3//7hvw1zekO/8xc2DUMIvNbee/HFAjjay3KOmDR28HUxe
TduXBn2iyr8+rnhtkQO7UqDqVn/3vIQalYiJ6uqNi98m3SODFlMmiIxnuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOxPojVllxKiEkvY19NRxFjnUgVMB8GA1UdIwQY
MBaAFCeRWe8i+CuTZzFmTuZ8O26pbvRDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVGWjd5TDRLNU5uTVdaTzVudzdicWx1OUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS81YzE1YmUtYWVmMi00YzMxLWJmYjQt
MzFiYWY2ZWVkZThhLzEvNDdFLWlOV1dYRXFJU1M5algwMUhFV09kU0JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS81YzE1YmUtYWVmMi00YzMxLWJmYjQtMzFiYWY2ZWVkZThh
LzEvSjVGWjd5TDRLNU5uTVdaTzVudzdicWx1OUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBRbAMA0G
CSqGSIb3DQEBCwUAA4IBAQA3USN+Ehzd8oJ2iQBm9Bxaw4pPkDTVx/h7TA7nyr1b
vkOhP0MfA+TxJYHdWjRuCURR2Pvj0jc5/rBEZMYVFmGX04JhUuwFB0ogBUVFdF9w
HZdk09IbX2jDWOt0t7w9InEyYEnQIPicMl2fyGv0BZCylchCiQCPxYlVPQAQmFQu
Q+76xSdbXVEJBZdgkoOLEpwyAqfGLhZ+BOI6qx/LDe2MFw84FwEb6J7Rf47ch7iB
C/fVNKfUQS2Vw6jTbhOE2gUumo1CR7HRiUle9TgfQRMfvnYnGV7Dif2/KdcRkU/C
vBey8UxGLVCFAMIFu3jo6fhBaaNYBZ5UQB2jXEqnV+Y3
-----END CERTIFICATE-----