Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/fcfd27-14c8-4844-9fff-b388110a3078/1/5w_9JQX98jnIEcg67nkgGTJIRO0.roa
File:                     5w_9JQX98jnIEcg67nkgGTJIRO0.roa (raw, json)
Hash identifier:          UWly5Q/cVxLTnL0NxMmtD+E+9W1QFCDtSfYzLoDl3EA=
Subject key identifier:   E7:0F:FD:25:05:FD:F2:39:C8:11:C8:3A:EE:79:20:19:32:48:44:ED
Certificate issuer:       /CN=b7b195b6512ec8787d99a1b2e4ebd80884f980b2
Certificate serial:       0194B704ED8F902E59A7C040F3FAA456B217
Authority key identifier: B7:B1:95:B6:51:2E:C8:78:7D:99:A1:B2:E4:EB:D8:08:84:F9:80:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t7GVtlEuyHh9maGy5OvYCIT5gLI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/fcfd27-14c8-4844-9fff-b388110a3078/1/5w_9JQX98jnIEcg67nkgGTJIRO0.roa
Signing time:             Thu 30 Jan 2025 11:42:20 +0000
ROA not before:           Thu 30 Jan 2025 11:42:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35695
IP address blocks:        178.216.136.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/fcfd27-14c8-4844-9fff-b388110a3078/1/t7GVtlEuyHh9maGy5OvYCIT5gLI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/fcfd27-14c8-4844-9fff-b388110a3078/1/t7GVtlEuyHh9maGy5OvYCIT5gLI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t7GVtlEuyHh9maGy5OvYCIT5gLI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b7:04:ed:8f:90:2e:59:a7:c0:40:f3:fa:a4:56:b2:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7b195b6512ec8787d99a1b2e4ebd80884f980b2
        Validity
            Not Before: Jan 30 11:42:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e70ffd2505fdf239c811c83aee792019324844ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:38:a3:82:d8:5c:1b:5e:20:a1:15:2c:f4:40:
                    d7:40:3d:85:ac:68:02:95:00:29:eb:68:88:aa:52:
                    0f:39:19:8c:34:62:d5:76:d5:1b:39:de:83:94:40:
                    b7:fe:d7:e1:63:1a:dc:5a:55:8a:2a:89:06:2a:6b:
                    23:e6:84:3d:f7:19:1b:19:88:f3:bc:83:df:24:8c:
                    11:55:de:67:0c:29:83:98:d4:e9:c2:39:45:19:7c:
                    00:5c:20:ac:01:ad:bd:84:62:ca:7d:a0:6c:0f:c6:
                    e7:0e:d9:b9:c8:6f:85:50:ec:2d:21:e8:f6:e8:86:
                    21:a2:a1:f4:74:61:07:88:fa:1e:32:78:71:30:14:
                    cf:9d:df:73:9b:73:a1:a6:a5:24:4e:31:76:eb:4e:
                    70:c6:52:1a:54:a2:b7:93:fa:cf:bd:32:7f:3d:f4:
                    00:05:55:9c:e2:53:03:10:c7:8e:29:52:da:ae:1f:
                    a4:9c:70:73:07:b5:4e:7a:bd:4a:3f:9d:01:a0:dc:
                    c5:b3:5c:da:33:4e:70:4a:83:86:56:5a:fe:4b:2e:
                    c2:e0:b8:71:20:de:39:5b:08:2e:91:83:3f:f4:a2:
                    57:ed:8f:3e:87:80:d8:49:22:79:97:6b:35:96:03:
                    9c:47:1d:b9:4f:3c:e6:b0:a0:dd:d0:90:e7:de:d7:
                    f2:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:0F:FD:25:05:FD:F2:39:C8:11:C8:3A:EE:79:20:19:32:48:44:ED
            X509v3 Authority Key Identifier:
                keyid:B7:B1:95:B6:51:2E:C8:78:7D:99:A1:B2:E4:EB:D8:08:84:F9:80:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t7GVtlEuyHh9maGy5OvYCIT5gLI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/fcfd27-14c8-4844-9fff-b388110a3078/1/5w_9JQX98jnIEcg67nkgGTJIRO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/fcfd27-14c8-4844-9fff-b388110a3078/1/t7GVtlEuyHh9maGy5OvYCIT5gLI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.216.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         46:e8:8b:ee:4a:ce:e6:db:e8:85:e0:b5:e1:84:2c:8e:1d:89:
         0c:3a:bd:5d:c1:0a:36:d0:73:78:59:eb:db:21:56:16:bf:1d:
         b7:3d:05:21:cd:6b:fb:56:ca:dc:e0:01:b6:69:c8:b4:11:e3:
         26:9e:85:aa:a7:69:84:c5:06:94:3d:c1:eb:69:9d:6e:88:a7:
         6f:5f:a2:03:9e:68:28:49:48:aa:d2:34:17:eb:bd:6a:d9:ea:
         aa:c0:53:96:ff:d7:61:da:b8:4b:d5:b0:89:3b:8e:c9:71:ee:
         2a:8a:c2:3b:2c:55:af:c4:3a:06:21:fe:e8:72:0e:ae:f3:55:
         5a:85:d3:9f:21:45:0f:e9:fb:5f:0d:8a:45:5e:1d:f5:d2:8b:
         fd:3e:d1:3e:b2:91:4e:62:16:ac:2c:c1:3c:d8:d8:75:a9:3b:
         7b:f3:f9:79:01:5e:80:3a:db:29:fc:bc:f7:51:cb:c4:9f:46:
         85:a6:36:e7:91:a8:ca:fa:56:1a:2e:38:77:b2:4e:45:af:20:
         f3:4e:65:ff:94:bc:02:df:21:5c:e7:f2:e1:03:e4:47:83:fb:
         3a:d7:c8:a7:9e:b7:ba:58:a6:94:1c:46:83:d0:6f:d1:a2:93:
         7f:22:c4:bd:ef:bc:10:ca:6b:40:e0:38:7d:ca:85:f2:92:3f:
         67:43:ba:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS3BO2PkC5Zp8BA8/qkVrIXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YjE5NWI2NTEyZWM4Nzg3ZDk5YTFiMmU0ZWJkODA4ODRm
OTgwYjIwHhcNMjUwMTMwMTE0MjIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzBmZmQyNTA1ZmRmMjM5YzgxMWM4M2FlZTc5MjAxOTMyNDg0NGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTijgthcG14goRUs9EDXQD2FrGgC
lQAp62iIqlIPORmMNGLVdtUbOd6DlEC3/tfhYxrcWlWKKokGKmsj5oQ99xkbGYjz
vIPfJIwRVd5nDCmDmNTpwjlFGXwAXCCsAa29hGLKfaBsD8bnDtm5yG+FUOwtIej2
6IYhoqH0dGEHiPoeMnhxMBTPnd9zm3OhpqUkTjF2605wxlIaVKK3k/rPvTJ/PfQA
BVWc4lMDEMeOKVLarh+knHBzB7VOer1KP50BoNzFs1zaM05wSoOGVlr+Sy7C4Lhx
IN45WwgukYM/9KJX7Y8+h4DYSSJ5l2s1lgOcRx25TzzmsKDd0JDn3tfylQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcP/SUF/fI5yBHIOu55IBkySETtMB8GA1UdIwQY
MBaAFLexlbZRLsh4fZmhsuTr2AiE+YCyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDdHVnRsRXV5SGg5bWFHeTVPdllDSVQ1Z0xJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9mY2ZkMjctMTRjOC00ODQ0LTlmZmYt
YjM4ODExMGEzMDc4LzEvNXdfOUpRWDk4am5JRWNnNjdua2dHVEpJUk8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9mY2ZkMjctMTRjOC00ODQ0LTlmZmYtYjM4ODExMGEzMDc4
LzEvdDdHVnRsRXV5SGg5bWFHeTVPdllDSVQ1Z0xJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstiIMA0G
CSqGSIb3DQEBCwUAA4IBAQBG6IvuSs7m2+iF4LXhhCyOHYkMOr1dwQo20HN4Wevb
IVYWvx23PQUhzWv7Vsrc4AG2aci0EeMmnoWqp2mExQaUPcHraZ1uiKdvX6IDnmgo
SUiq0jQX671q2eqqwFOW/9dh2rhL1bCJO47Jce4qisI7LFWvxDoGIf7ocg6u81Va
hdOfIUUP6ftfDYpFXh310ov9PtE+spFOYhasLME82Nh1qTt78/l5AV6AOtsp/Lz3
UcvEn0aFpjbnkajK+lYaLjh3sk5FryDzTmX/lLwC3yFc5/LhA+RHg/s618innre6
WKaUHEaD0G/RopN/IsS977wQymtA4Dh9yoXykj9nQ7pQ
-----END CERTIFICATE-----