Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/7jxS3gUoGlalMvE3l38v3Ha-vJI.roa
File:                     7jxS3gUoGlalMvE3l38v3Ha-vJI.roa (raw, json)
Hash identifier:          aZWSDiQPxOVSKeSMtjMaPoqioyaOO7L4VrNsGaWlLDA=
Subject key identifier:   EE:3C:52:DE:05:28:1A:56:A5:32:F1:37:97:7F:2F:DC:76:BE:BC:92
Certificate issuer:       /CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Certificate serial:       018DEF13171FAF6B418C516F5236F643EE8E
Authority key identifier: E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/7jxS3gUoGlalMvE3l38v3Ha-vJI.roa
Signing time:             Wed 28 Feb 2024 09:37:02 +0000
ROA not before:           Wed 28 Feb 2024 09:37:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31486
IP address blocks:        185.96.170.0/24 maxlen: 24
                          2a06:9140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 13:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ef:13:17:1f:af:6b:41:8c:51:6f:52:36:f6:43:ee:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e501815c6f98f3a2b6184afebf18ea341be882ea
        Validity
            Not Before: Feb 28 09:37:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee3c52de05281a56a532f137977f2fdc76bebc92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:12:7f:53:91:22:8b:37:cb:f4:e2:27:f0:05:
                    f4:55:b7:3e:74:49:3e:ac:a6:81:f4:71:17:7c:9a:
                    eb:be:79:e8:e7:69:9c:20:75:a0:83:63:9c:2d:04:
                    34:25:17:47:bf:7e:81:9c:d6:76:60:6d:86:19:1e:
                    8d:3a:f0:5a:d6:1c:91:20:16:98:2b:46:74:7f:53:
                    89:fe:df:4d:b2:8a:f2:32:11:7f:fc:1a:94:4e:a3:
                    86:cb:d2:f0:4a:c6:c9:2f:fa:2b:e9:d1:2b:1a:57:
                    03:0a:39:c9:fe:84:47:04:51:ca:dc:4b:4f:16:6d:
                    4a:b7:2e:b5:eb:73:2d:cb:13:6a:67:6a:ab:26:11:
                    dd:40:74:1c:3a:4f:ac:2f:0a:cc:ae:9f:78:8c:af:
                    d1:ad:f5:43:50:84:49:aa:8e:7b:64:f7:af:75:eb:
                    94:10:01:77:ad:21:1e:44:f3:93:e9:44:e6:8f:68:
                    b8:da:7d:00:90:5a:0c:37:9d:e5:01:38:c9:40:80:
                    63:e5:2d:a0:ed:da:ff:31:d0:df:41:cb:55:50:b1:
                    a0:d0:3c:0d:50:c3:17:24:0b:e8:ce:08:06:21:d9:
                    01:92:f4:b5:ae:33:f1:74:40:02:e8:8d:80:fb:02:
                    30:11:ec:48:66:de:de:47:3e:a0:6a:e9:7f:a0:af:
                    50:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:3C:52:DE:05:28:1A:56:A5:32:F1:37:97:7F:2F:DC:76:BE:BC:92
            X509v3 Authority Key Identifier:
                keyid:E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/7jxS3gUoGlalMvE3l38v3Ha-vJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.170.0/24
                IPv6:
                  2a06:9140::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:30:8d:65:84:e9:e5:65:24:26:e3:b9:ab:be:24:18:cb:de:
         8c:4b:c5:e6:08:1f:b5:f0:75:f8:de:d6:f6:e0:fd:2c:be:a6:
         6e:44:7b:12:44:d6:54:cf:9f:31:e4:59:40:01:23:76:51:15:
         48:30:8a:61:5f:ce:b7:8a:91:cd:e6:d3:24:8a:ff:a3:78:2a:
         a8:2a:af:da:22:73:bc:8d:b0:6d:29:3f:07:6e:ff:50:31:47:
         3e:81:b5:00:a4:52:c9:5b:67:a3:a4:64:f3:dd:54:69:75:b3:
         c3:e2:d8:d6:b1:70:a3:19:25:f7:ff:b8:cf:6c:1a:37:4e:0c:
         23:51:9e:3a:a2:bd:f5:0a:8c:eb:d4:27:12:f1:e4:a7:b6:b2:
         21:2d:9d:7f:8b:79:1e:0c:ca:bc:98:ff:04:5f:fc:19:09:9c:
         d6:f1:64:67:1c:a1:13:30:5b:85:1f:47:ed:09:97:cc:a8:81:
         23:e0:ac:53:8c:fe:21:95:97:3c:d5:ad:11:54:05:02:6c:95:
         62:46:17:ff:a2:8c:6d:5c:ca:5e:00:ee:97:5e:4d:bd:13:ab:
         4c:2c:37:bc:dd:ae:b5:2c:e6:8e:ee:cb:4a:f5:0c:e0:ac:7f:
         3f:3d:1a:91:1a:a5:a7:6d:a3:62:01:6c:70:85:a3:c0:4b:70:
         a7:3c:e4:81
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY3vExcfr2tBjFFvUjb2Q+6OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MDE4MTVjNmY5OGYzYTJiNjE4NGFmZWJmMThlYTM0MWJl
ODgyZWEwHhcNMjQwMjI4MDkzNzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTNjNTJkZTA1MjgxYTU2YTUzMmYxMzc5NzdmMmZkYzc2YmViYzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgxJ/U5EiizfL9OIn8AX0Vbc+dEk+
rKaB9HEXfJrrvnno52mcIHWgg2OcLQQ0JRdHv36BnNZ2YG2GGR6NOvBa1hyRIBaY
K0Z0f1OJ/t9NsoryMhF//BqUTqOGy9LwSsbJL/or6dErGlcDCjnJ/oRHBFHK3EtP
Fm1Kty6163MtyxNqZ2qrJhHdQHQcOk+sLwrMrp94jK/RrfVDUIRJqo57ZPevdeuU
EAF3rSEeRPOT6UTmj2i42n0AkFoMN53lATjJQIBj5S2g7dr/MdDfQctVULGg0DwN
UMMXJAvozggGIdkBkvS1rjPxdEAC6I2A+wIwEexIZt7eRz6gaul/oK9QiwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO48Ut4FKBpWpTLxN5d/L9x2vrySMB8GA1UdIwQY
MBaAFOUBgVxvmPOithhK/r8Y6jQb6ILqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWIt
MDA1OWY3MzdlZjA1LzEvN2p4UzNnVW9HbGFsTXZFM2wzOHYzSGEtdkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWItMDA1OWY3MzdlZjA1
LzEvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuWCqMA0E
AgACMAcDBQMqBpFAMA0GCSqGSIb3DQEBCwUAA4IBAQAwMI1lhOnlZSQm47mrviQY
y96MS8XmCB+18HX43tb24P0svqZuRHsSRNZUz58x5FlAASN2URVIMIphX863ipHN
5tMkiv+jeCqoKq/aInO8jbBtKT8Hbv9QMUc+gbUApFLJW2ejpGTz3VRpdbPD4tjW
sXCjGSX3/7jPbBo3TgwjUZ46or31Cozr1CcS8eSntrIhLZ1/i3keDMq8mP8EX/wZ
CZzW8WRnHKETMFuFH0ftCZfMqIEj4KxTjP4hlZc81a0RVAUCbJViRhf/ooxtXMpe
AO6XXk29E6tMLDe83a61LOaO7stK9QzgrH8/PRqRGqWnbaNiAWxwhaPAS3CnPOSB
-----END CERTIFICATE-----