Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/r96dihwFTvNmiKTnh3g1Hm3o2wY.roa
File:                     r96dihwFTvNmiKTnh3g1Hm3o2wY.roa (raw, json)
Hash identifier:          8uAua5b++XTXL2qoE/sk50mfYsXakS0VOoEHcEXPgsk=
Subject key identifier:   AF:DE:9D:8A:1C:05:4E:F3:66:88:A4:E7:87:78:35:1E:6D:E8:DB:06
Certificate issuer:       /CN=75b795066150a1c367dabccf69c970ab0c723215
Certificate serial:       018D3B11FF62BE4244317B992D6D5571DFD8
Authority key identifier: 75:B7:95:06:61:50:A1:C3:67:DA:BC:CF:69:C9:70:AB:0C:72:32:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/r96dihwFTvNmiKTnh3g1Hm3o2wY.roa
Signing time:             Wed 24 Jan 2024 10:44:11 +0000
ROA not before:           Wed 24 Jan 2024 10:44:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48214
IP address blocks:        194.5.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:11:ff:62:be:42:44:31:7b:99:2d:6d:55:71:df:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75b795066150a1c367dabccf69c970ab0c723215
        Validity
            Not Before: Jan 24 10:44:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afde9d8a1c054ef36688a4e78778351e6de8db06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:38:48:a0:8f:0e:03:41:13:0f:71:87:00:81:
                    c5:04:c8:df:ba:26:08:ff:4c:75:9c:17:c7:82:9b:
                    e0:b9:a4:5f:ea:72:2d:b4:6f:92:42:52:cd:4c:fd:
                    2a:69:95:6b:a5:68:6c:0b:c7:03:f3:6f:9d:97:32:
                    7e:58:fb:e4:7a:9c:7e:98:62:f4:35:d5:fc:4b:1a:
                    bc:28:05:10:b7:64:ae:7d:e0:6a:01:1b:00:95:f1:
                    33:06:d3:98:b1:19:34:92:49:fd:73:dc:56:cd:e0:
                    58:c8:81:72:67:98:21:f9:f4:fb:a0:27:14:e2:6e:
                    8c:22:6e:c3:67:1e:4e:e2:16:82:01:11:d3:4d:4b:
                    32:63:e2:c1:b6:21:23:fb:f0:2e:66:10:55:3a:de:
                    25:ef:f2:58:e7:05:d8:fe:31:d1:d5:82:11:52:83:
                    37:26:5b:e3:a5:28:97:11:d8:6c:32:8d:dd:f8:8c:
                    9e:9a:85:31:57:99:1e:f4:6f:d3:11:be:d7:cc:d8:
                    52:b6:60:e8:4a:04:2e:9a:33:e4:d8:6c:93:22:7c:
                    6d:60:e0:aa:3f:f8:01:40:98:78:a0:12:cb:b1:ad:
                    62:67:72:1f:d6:0a:7a:fb:c9:25:ca:6a:f4:51:fe:
                    ee:c8:63:c7:eb:18:e9:78:2f:7a:8c:dc:e0:19:e0:
                    9e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:DE:9D:8A:1C:05:4E:F3:66:88:A4:E7:87:78:35:1E:6D:E8:DB:06
            X509v3 Authority Key Identifier:
                keyid:75:B7:95:06:61:50:A1:C3:67:DA:BC:CF:69:C9:70:AB:0C:72:32:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/r96dihwFTvNmiKTnh3g1Hm3o2wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:44:22:1f:55:68:0c:ac:27:d8:ea:3a:87:c8:85:8f:cf:78:
         3d:80:0a:b2:1d:84:d3:69:9b:cd:f9:07:31:47:7f:cc:85:17:
         f0:a7:ab:1b:d6:62:8a:a1:65:17:09:aa:35:b6:ea:78:f5:73:
         f4:95:68:ea:33:ef:f4:22:5b:f1:72:52:f4:d7:a2:52:ce:0f:
         1e:58:89:31:41:24:22:ad:87:e4:f9:4a:eb:88:b5:51:31:57:
         f8:f2:86:ba:87:2b:f3:20:7d:13:70:a1:26:61:a7:31:4d:6a:
         9b:24:d2:68:29:48:22:76:2f:fa:49:61:d4:d8:48:7c:0a:b5:
         c6:97:5d:67:28:8d:aa:3c:d3:10:35:e2:8c:a2:02:9c:98:c8:
         4c:e8:f6:82:c6:7a:4e:1c:19:a2:89:91:24:99:d7:82:73:9e:
         e8:41:24:d4:e9:66:ba:fd:41:8b:dd:02:41:97:6d:83:a0:d0:
         30:86:f2:37:fc:b1:79:47:43:a6:34:30:8c:fc:23:26:4b:4f:
         b3:74:0e:29:ba:e7:78:12:64:c3:72:94:c1:23:95:41:da:dc:
         76:37:98:f4:b0:a3:5c:5b:82:61:c5:43:9f:15:ef:23:4d:65:
         4b:a4:32:b0:75:8a:9b:65:c1:80:1d:d5:0e:e8:cf:b2:39:ec:
         df:e0:27:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY07Ef9ivkJEMXuZLW1Vcd/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1Yjc5NTA2NjE1MGExYzM2N2RhYmNjZjY5Yzk3MGFiMGM3
MjMyMTUwHhcNMjQwMTI0MTA0NDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmRlOWQ4YTFjMDU0ZWYzNjY4OGE0ZTc4Nzc4MzUxZTZkZThkYjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDhIoI8OA0ETD3GHAIHFBMjfuiYI
/0x1nBfHgpvguaRf6nIttG+SQlLNTP0qaZVrpWhsC8cD82+dlzJ+WPvkepx+mGL0
NdX8Sxq8KAUQt2SufeBqARsAlfEzBtOYsRk0kkn9c9xWzeBYyIFyZ5gh+fT7oCcU
4m6MIm7DZx5O4haCARHTTUsyY+LBtiEj+/AuZhBVOt4l7/JY5wXY/jHR1YIRUoM3
JlvjpSiXEdhsMo3d+IyemoUxV5ke9G/TEb7XzNhStmDoSgQumjPk2GyTInxtYOCq
P/gBQJh4oBLLsa1iZ3If1gp6+8klymr0Uf7uyGPH6xjpeC96jNzgGeCefQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/enYocBU7zZoik54d4NR5t6NsGMB8GA1UdIwQY
MBaAFHW3lQZhUKHDZ9q8z2nJcKsMcjIVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGJlVkJtRlFvY05uMnJ6UGFjbHdxd3h5TWhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80NjZhYWItYTQ3MC00MzQ0LWEzNjct
NTQ3YmU0Y2ZhNDU3LzEvcjk2ZGlod0ZUdk5taUtUbmgzZzFIbTNvMndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS80NjZhYWItYTQ3MC00MzQ0LWEzNjctNTQ3YmU0Y2ZhNDU3
LzEvZGJlVkJtRlFvY05uMnJ6UGFjbHdxd3h5TWhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgU2MA0G
CSqGSIb3DQEBCwUAA4IBAQBeRCIfVWgMrCfY6jqHyIWPz3g9gAqyHYTTaZvN+Qcx
R3/MhRfwp6sb1mKKoWUXCao1tup49XP0lWjqM+/0IlvxclL016JSzg8eWIkxQSQi
rYfk+UrriLVRMVf48oa6hyvzIH0TcKEmYacxTWqbJNJoKUgidi/6SWHU2Eh8CrXG
l11nKI2qPNMQNeKMogKcmMhM6PaCxnpOHBmiiZEkmdeCc57oQSTU6Wa6/UGL3QJB
l22DoNAwhvI3/LF5R0OmNDCM/CMmS0+zdA4puud4EmTDcpTBI5VB2tx2N5j0sKNc
W4JhxUOfFe8jTWVLpDKwdYqbZcGAHdUO6M+yOezf4Cd4
-----END CERTIFICATE-----