Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/9ca0df-d474-40cd-8688-1715919567c9/1/Br0DwnxwstqIUAJl-nTtLZDWmYE.roa
File:                     Br0DwnxwstqIUAJl-nTtLZDWmYE.roa (raw, json)
Hash identifier:          Tm0t5/0naGvAdlHVI182BkgVPZFLDrhE2ux9msF8AjQ=
Subject key identifier:   06:BD:03:C2:7C:70:B2:DA:88:50:02:65:FA:74:ED:2D:90:D6:99:81
Certificate issuer:       /CN=5e05cb67209bbd1983f4327716523eb1777fd4fa
Certificate serial:       018CC56F03A54779A74295279161C151AEF4
Authority key identifier: 5E:05:CB:67:20:9B:BD:19:83:F4:32:77:16:52:3E:B1:77:7F:D4:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XgXLZyCbvRmD9DJ3FlI-sXd_1Po.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/9ca0df-d474-40cd-8688-1715919567c9/1/Br0DwnxwstqIUAJl-nTtLZDWmYE.roa
Signing time:             Mon 01 Jan 2024 14:30:36 +0000
ROA not before:           Mon 01 Jan 2024 14:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57651
IP address blocks:        193.247.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/9ca0df-d474-40cd-8688-1715919567c9/1/XgXLZyCbvRmD9DJ3FlI-sXd_1Po.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/9ca0df-d474-40cd-8688-1715919567c9/1/XgXLZyCbvRmD9DJ3FlI-sXd_1Po.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XgXLZyCbvRmD9DJ3FlI-sXd_1Po.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:03:a5:47:79:a7:42:95:27:91:61:c1:51:ae:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e05cb67209bbd1983f4327716523eb1777fd4fa
        Validity
            Not Before: Jan  1 14:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06bd03c27c70b2da88500265fa74ed2d90d69981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a6:b2:f3:ad:12:dc:c3:22:19:b9:9a:69:3f:
                    3b:a6:4c:5c:9d:1d:96:ed:4d:79:32:6a:32:42:15:
                    8e:b3:23:68:b2:30:6c:16:9b:7b:7c:5e:80:7b:7e:
                    d8:7f:ed:62:43:13:f4:bd:64:f7:4e:f3:b2:15:eb:
                    ea:e7:31:d7:f5:33:c4:99:27:0a:0e:3a:52:91:c6:
                    2e:d0:6b:7f:14:c6:78:3e:7d:6f:63:70:97:b9:5f:
                    47:f7:6f:5e:95:6d:53:22:27:fe:d8:eb:8a:f8:4c:
                    fe:f1:4e:bb:94:02:29:cd:20:cc:a9:d9:40:b7:c1:
                    61:d9:d2:2d:3d:d8:79:73:1b:08:55:1c:5c:f0:70:
                    22:b2:d7:26:4d:0c:19:0d:fe:d9:e8:f5:6c:96:8e:
                    36:7e:84:25:fb:1a:fd:db:ad:af:0a:07:f1:3e:a5:
                    2e:10:ab:48:f9:b9:a3:ca:31:05:b1:e5:d0:f9:1e:
                    e7:f3:4c:5b:7a:64:55:11:b7:f5:87:70:f8:7d:09:
                    6c:6c:13:4b:4a:20:85:4f:ca:1e:15:a6:14:d5:c4:
                    14:4d:a4:c3:7e:89:d6:4a:29:ea:cf:51:19:d4:a3:
                    78:9d:c3:a7:39:e2:e1:67:ef:d2:04:5b:c7:78:80:
                    b9:a6:67:cd:f9:bb:cc:c9:72:22:15:7f:0d:57:9a:
                    32:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:BD:03:C2:7C:70:B2:DA:88:50:02:65:FA:74:ED:2D:90:D6:99:81
            X509v3 Authority Key Identifier:
                keyid:5E:05:CB:67:20:9B:BD:19:83:F4:32:77:16:52:3E:B1:77:7F:D4:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XgXLZyCbvRmD9DJ3FlI-sXd_1Po.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/9ca0df-d474-40cd-8688-1715919567c9/1/Br0DwnxwstqIUAJl-nTtLZDWmYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/9ca0df-d474-40cd-8688-1715919567c9/1/XgXLZyCbvRmD9DJ3FlI-sXd_1Po.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:5b:1e:90:ef:94:96:57:a0:a1:1e:91:b0:1c:0b:28:d3:94:
         60:37:f0:c0:c3:3f:35:d0:d7:a7:c2:0c:52:ea:f0:4a:b0:a0:
         98:cf:9c:88:ac:09:04:26:43:34:ae:5f:01:5a:45:d5:31:84:
         a0:e1:b0:f8:ac:ea:fd:1a:21:06:0a:88:fa:e7:7f:94:78:dd:
         1e:c9:a3:84:4c:99:da:e6:cf:3b:87:46:a4:48:20:a6:db:31:
         3a:3a:ff:77:3d:0a:d2:cf:a4:d3:a7:d5:e7:31:d5:bc:6a:e9:
         51:13:ac:36:ed:1e:a7:93:73:fa:af:81:bb:f6:9d:f4:1e:dc:
         86:72:76:f3:75:2f:28:21:6a:4b:fa:21:f8:fd:f4:40:a7:f4:
         87:90:31:5d:d1:9e:5a:ae:dc:c1:12:45:45:d3:b4:32:0f:69:
         f3:04:71:55:a9:e0:1f:1b:9d:90:65:59:c7:bf:0c:2f:38:2f:
         d7:8b:e1:44:fc:b3:35:48:51:21:fb:8f:7b:45:97:74:d9:dd:
         2d:58:58:0d:7c:0a:a5:81:57:68:78:46:17:81:51:62:bc:92:
         ed:c0:44:a9:0d:d8:a2:68:44:d5:10:10:14:44:e5:3c:6f:d6:
         2d:90:88:a3:36:b7:3b:03:f1:ff:49:52:eb:3f:e9:27:40:85:
         50:7a:a6:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbwOlR3mnQpUnkWHBUa70MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMDVjYjY3MjA5YmJkMTk4M2Y0MzI3NzE2NTIzZWIxNzc3
ZmQ0ZmEwHhcNMjQwMTAxMTQzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmJkMDNjMjdjNzBiMmRhODg1MDAyNjVmYTc0ZWQyZDkwZDY5OTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKay860S3MMiGbmaaT87pkxcnR2W
7U15MmoyQhWOsyNosjBsFpt7fF6Ae37Yf+1iQxP0vWT3TvOyFevq5zHX9TPEmScK
DjpSkcYu0Gt/FMZ4Pn1vY3CXuV9H929elW1TIif+2OuK+Ez+8U67lAIpzSDMqdlA
t8Fh2dItPdh5cxsIVRxc8HAistcmTQwZDf7Z6PVslo42foQl+xr9262vCgfxPqUu
EKtI+bmjyjEFseXQ+R7n80xbemRVEbf1h3D4fQlsbBNLSiCFT8oeFaYU1cQUTaTD
fonWSinqz1EZ1KN4ncOnOeLhZ+/SBFvHeIC5pmfN+bvMyXIiFX8NV5oynQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAa9A8J8cLLaiFACZfp07S2Q1pmBMB8GA1UdIwQY
MBaAFF4Fy2cgm70Zg/QydxZSPrF3f9T6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdYTFp5Q2J2Um1EOURKM0ZsSS1zWGRfMVBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS85Y2EwZGYtZDQ3NC00MGNkLTg2ODgt
MTcxNTkxOTU2N2M5LzEvQnIwRHdueHdzdHFJVUFKbC1uVHRMWkRXbVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS85Y2EwZGYtZDQ3NC00MGNkLTg2ODgtMTcxNTkxOTU2N2M5
LzEvWGdYTFp5Q2J2Um1EOURKM0ZsSS1zWGRfMVBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwffuMA0G
CSqGSIb3DQEBCwUAA4IBAQAiWx6Q75SWV6ChHpGwHAso05RgN/DAwz810NenwgxS
6vBKsKCYz5yIrAkEJkM0rl8BWkXVMYSg4bD4rOr9GiEGCoj653+UeN0eyaOETJna
5s87h0akSCCm2zE6Ov93PQrSz6TTp9XnMdW8aulRE6w27R6nk3P6r4G79p30HtyG
cnbzdS8oIWpL+iH4/fRAp/SHkDFd0Z5artzBEkVF07QyD2nzBHFVqeAfG52QZVnH
vwwvOC/Xi+FE/LM1SFEh+497RZd02d0tWFgNfAqlgVdoeEYXgVFivJLtwESpDdii
aETVEBAUROU8b9YtkIijNrc7A/H/SVLrP+knQIVQeqY6
-----END CERTIFICATE-----