Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/cf10db-7582-4553-bf1b-17911594ae51/1/o5_EKvdvV7oitSCNWdioniMjOyw.roa
File:                     o5_EKvdvV7oitSCNWdioniMjOyw.roa (raw, json)
Hash identifier:          Bv+X+IgiLuxxRTOaLlh6PF16XGU0f3iX0IJ1qFOQeSE=
Subject key identifier:   A3:9F:C4:2A:F7:6F:57:BA:22:B5:20:8D:59:D8:A8:9E:23:23:3B:2C
Certificate issuer:       /CN=babc1ecc17f660d5bd89e16167b9d5031bf6a0cb
Certificate serial:       018CC725908D1AE9BE2A027FC4B6B1A404FA
Authority key identifier: BA:BC:1E:CC:17:F6:60:D5:BD:89:E1:61:67:B9:D5:03:1B:F6:A0:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/urwezBf2YNW9ieFhZ7nVAxv2oMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/cf10db-7582-4553-bf1b-17911594ae51/1/o5_EKvdvV7oitSCNWdioniMjOyw.roa
Signing time:             Mon 01 Jan 2024 22:29:36 +0000
ROA not before:           Mon 01 Jan 2024 22:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199697
IP address blocks:        193.37.158.0/24 maxlen: 24
                          2a12:6040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/cf10db-7582-4553-bf1b-17911594ae51/1/urwezBf2YNW9ieFhZ7nVAxv2oMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/cf10db-7582-4553-bf1b-17911594ae51/1/urwezBf2YNW9ieFhZ7nVAxv2oMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/urwezBf2YNW9ieFhZ7nVAxv2oMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:90:8d:1a:e9:be:2a:02:7f:c4:b6:b1:a4:04:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=babc1ecc17f660d5bd89e16167b9d5031bf6a0cb
        Validity
            Not Before: Jan  1 22:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a39fc42af76f57ba22b5208d59d8a89e23233b2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:13:2e:7e:1e:c5:84:1b:3d:47:6c:dc:d6:3b:
                    75:76:00:d4:a7:22:d4:83:94:c1:13:db:3a:ba:64:
                    cd:7b:28:d7:69:26:66:a3:2a:d8:96:1c:95:b8:30:
                    15:c9:bc:4e:79:ba:16:27:f7:5a:fb:82:23:3a:0b:
                    05:ac:19:79:47:c1:65:e8:d5:c6:5f:b2:1c:e5:66:
                    2b:f2:5a:f5:42:3c:a8:30:ab:43:d9:19:9d:82:ab:
                    28:3a:92:2f:f1:46:86:63:11:03:1b:e5:52:b7:00:
                    e3:bf:0b:7c:57:f3:3f:ae:c2:9e:aa:f1:ba:13:a6:
                    04:39:3f:f8:ec:91:40:1f:69:af:58:10:1c:b5:28:
                    a4:d7:1d:c3:bf:3e:17:6e:28:98:e8:c4:ad:17:70:
                    73:e6:0d:18:a4:5a:23:25:fe:5b:b6:e7:22:e0:8c:
                    54:dc:65:f7:af:9c:00:68:30:66:32:4f:fb:77:dd:
                    58:64:2a:f6:11:c5:0d:17:92:24:a6:9a:66:92:35:
                    20:50:f4:5c:4e:7d:e0:8e:72:10:53:af:58:1d:26:
                    e0:e6:ab:fd:79:72:2b:d7:22:05:69:3a:bf:55:2a:
                    6b:af:35:cf:f9:ff:45:08:ca:83:e1:c4:87:01:58:
                    f2:a7:bd:03:bb:57:2d:77:60:74:8c:29:65:92:b0:
                    9f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:9F:C4:2A:F7:6F:57:BA:22:B5:20:8D:59:D8:A8:9E:23:23:3B:2C
            X509v3 Authority Key Identifier:
                keyid:BA:BC:1E:CC:17:F6:60:D5:BD:89:E1:61:67:B9:D5:03:1B:F6:A0:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/urwezBf2YNW9ieFhZ7nVAxv2oMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/cf10db-7582-4553-bf1b-17911594ae51/1/o5_EKvdvV7oitSCNWdioniMjOyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/cf10db-7582-4553-bf1b-17911594ae51/1/urwezBf2YNW9ieFhZ7nVAxv2oMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.158.0/24
                IPv6:
                  2a12:6040::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:fb:df:2f:cc:5a:a2:31:0a:00:00:ab:7f:eb:01:50:7b:12:
         e8:4f:39:f8:75:4c:a3:52:cb:28:23:21:4a:8f:33:f5:9d:c2:
         db:66:67:d6:4f:66:cc:10:5c:eb:6c:0f:7b:df:eb:cf:2c:43:
         32:38:56:71:94:f9:28:f3:1b:15:43:f9:0b:40:6e:4b:83:b5:
         b9:1e:59:6d:c1:d9:c6:7c:f9:47:20:02:e4:93:ff:82:c9:91:
         ca:d1:3f:f9:d6:5a:6d:6b:cd:7c:d0:9c:9b:39:7b:7e:9a:77:
         ce:93:79:c5:98:9b:eb:9a:db:20:69:a2:a6:40:62:d5:c4:e4:
         3c:8b:ce:96:69:91:ef:34:b3:1b:a7:3a:9d:b2:f5:cf:25:84:
         32:c5:dd:7c:e3:fc:db:70:93:3c:5e:5b:8e:5d:26:56:d7:a2:
         79:12:fc:43:0b:85:0e:d7:29:b6:34:80:80:df:25:2e:35:b1:
         bc:1d:35:a2:06:2a:3f:8d:31:8c:eb:9c:b1:71:53:e6:1f:c4:
         1d:61:3d:00:cb:c5:c7:09:96:66:fb:df:19:75:14:ea:16:f6:
         5b:f1:39:ec:0c:4c:99:b3:62:27:71:bf:bd:cd:a6:e2:36:d6:
         22:6b:39:3a:0f:36:94:2e:04:d5:69:8b:34:1c:6c:c4:7c:c6:
         aa:c7:a9:85
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJZCNGum+KgJ/xLaxpAT6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYmMxZWNjMTdmNjYwZDViZDg5ZTE2MTY3YjlkNTAzMWJm
NmEwY2IwHhcNMjQwMTAxMjIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzlmYzQyYWY3NmY1N2JhMjJiNTIwOGQ1OWQ4YTg5ZTIzMjMzYjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRMufh7FhBs9R2zc1jt1dgDUpyLU
g5TBE9s6umTNeyjXaSZmoyrYlhyVuDAVybxOeboWJ/da+4IjOgsFrBl5R8Fl6NXG
X7Ic5WYr8lr1QjyoMKtD2RmdgqsoOpIv8UaGYxEDG+VStwDjvwt8V/M/rsKeqvG6
E6YEOT/47JFAH2mvWBActSik1x3Dvz4XbiiY6MStF3Bz5g0YpFojJf5btuci4IxU
3GX3r5wAaDBmMk/7d91YZCr2EcUNF5IkpppmkjUgUPRcTn3gjnIQU69YHSbg5qv9
eXIr1yIFaTq/VSprrzXP+f9FCMqD4cSHAVjyp70Du1ctd2B0jCllkrCfCQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKOfxCr3b1e6IrUgjVnYqJ4jIzssMB8GA1UdIwQY
MBaAFLq8HswX9mDVvYnhYWe51QMb9qDLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXJ3ZXpCZjJZTlc5aWVGaFo3blZBeHYyb01zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9jZjEwZGItNzU4Mi00NTUzLWJmMWIt
MTc5MTE1OTRhZTUxLzEvbzVfRUt2ZHZWN29pdFNDTldkaW9uaU1qT3l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9jZjEwZGItNzU4Mi00NTUzLWJmMWItMTc5MTE1OTRhZTUx
LzEvdXJ3ZXpCZjJZTlc5aWVGaFo3blZBeHYyb01zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSWeMA0E
AgACMAcDBQMqEmBAMA0GCSqGSIb3DQEBCwUAA4IBAQBJ+98vzFqiMQoAAKt/6wFQ
exLoTzn4dUyjUssoIyFKjzP1ncLbZmfWT2bMEFzrbA973+vPLEMyOFZxlPko8xsV
Q/kLQG5Lg7W5HlltwdnGfPlHIALkk/+CyZHK0T/51lpta8180JybOXt+mnfOk3nF
mJvrmtsgaaKmQGLVxOQ8i86WaZHvNLMbpzqdsvXPJYQyxd184/zbcJM8XluOXSZW
16J5EvxDC4UO1ym2NICA3yUuNbG8HTWiBio/jTGM65yxcVPmH8QdYT0Ay8XHCZZm
+98ZdRTqFvZb8TnsDEyZs2Incb+9zabiNtYiazk6DzaULgTVaYs0HGzEfMaqx6mF
-----END CERTIFICATE-----