Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/s5OLGPACQZCxzPAUxBS2I1HSBK0.roa
File:                     s5OLGPACQZCxzPAUxBS2I1HSBK0.roa (raw, json)
Hash identifier:          qp0Kr/BuL8GbgYn9XMB52y4y0alQdPjojffLog7j2nM=
Subject key identifier:   B3:93:8B:18:F0:02:41:90:B1:CC:F0:14:C4:14:B6:23:51:D2:04:AD
Certificate issuer:       /CN=37ceaa626cbd89052f3545335dfdb31a13383004
Certificate serial:       018CC500549539B614506BC533873420AED9
Authority key identifier: 37:CE:AA:62:6C:BD:89:05:2F:35:45:33:5D:FD:B3:1A:13:38:30:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N86qYmy9iQUvNUUzXf2zGhM4MAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/s5OLGPACQZCxzPAUxBS2I1HSBK0.roa
Signing time:             Mon 01 Jan 2024 12:29:42 +0000
ROA not before:           Mon 01 Jan 2024 12:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213144
IP address blocks:        194.76.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/N86qYmy9iQUvNUUzXf2zGhM4MAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/N86qYmy9iQUvNUUzXf2zGhM4MAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N86qYmy9iQUvNUUzXf2zGhM4MAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 18:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:54:95:39:b6:14:50:6b:c5:33:87:34:20:ae:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37ceaa626cbd89052f3545335dfdb31a13383004
        Validity
            Not Before: Jan  1 12:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3938b18f0024190b1ccf014c414b62351d204ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:25:4f:2f:4a:07:8d:e7:f3:d9:f2:49:97:d7:
                    ee:94:03:72:a4:9e:d3:e6:47:3b:79:44:b7:67:b5:
                    df:35:11:9c:3d:b9:eb:7b:98:0a:b0:83:4f:f0:38:
                    b1:83:b2:1d:57:83:b1:7a:90:24:96:7e:28:5a:57:
                    6b:25:44:52:d0:43:8a:e5:e3:eb:ef:19:14:57:3c:
                    d8:f1:bc:34:c3:18:95:31:60:31:98:d0:63:51:58:
                    c8:f7:c9:55:c6:8b:e7:7c:7f:f4:f4:fe:09:23:07:
                    25:8e:58:f6:6b:74:37:a2:ac:08:98:7a:da:74:3b:
                    79:e6:65:e8:5b:34:1c:b4:70:70:e0:a9:a0:95:28:
                    39:14:69:50:38:8a:17:b6:b0:47:f8:6c:d6:d7:1a:
                    f6:3d:47:3e:08:af:a5:8d:f4:b6:fb:f6:d2:a3:86:
                    3f:d0:9c:00:8f:02:9d:a9:1a:9c:30:0a:ba:5b:40:
                    4a:6f:04:b5:0f:ce:f8:01:07:d5:83:b3:7b:dd:f9:
                    14:56:20:07:7e:24:12:ad:45:b3:38:19:c0:73:39:
                    62:b1:2d:e7:b4:66:08:ba:2b:d7:25:fc:c3:a4:1e:
                    6f:48:ad:0f:3c:6c:1c:29:1b:f1:a2:bf:5d:dd:3b:
                    78:9a:2d:d1:7e:b5:83:d2:d2:0f:b5:d8:e4:3e:9e:
                    d9:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:93:8B:18:F0:02:41:90:B1:CC:F0:14:C4:14:B6:23:51:D2:04:AD
            X509v3 Authority Key Identifier:
                keyid:37:CE:AA:62:6C:BD:89:05:2F:35:45:33:5D:FD:B3:1A:13:38:30:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N86qYmy9iQUvNUUzXf2zGhM4MAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/s5OLGPACQZCxzPAUxBS2I1HSBK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ad8994-51f1-4b65-aca0-e15a8b70e8d2/1/N86qYmy9iQUvNUUzXf2zGhM4MAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:1a:22:96:37:8c:3e:ab:16:0d:68:63:e6:5d:17:74:93:cb:
         9e:a8:6e:a4:df:f2:72:eb:59:6a:9a:78:66:b2:d2:bd:4c:55:
         4d:cb:f6:7c:38:8d:ad:0a:24:64:8b:28:80:0f:ec:2d:62:ae:
         61:58:9b:d8:6e:5f:c0:5f:3b:d2:97:94:a7:0b:92:65:da:6b:
         84:93:1a:3c:e2:9d:67:39:b8:f7:a4:be:fb:8f:66:00:6d:2f:
         68:e0:80:3c:43:4f:ef:06:05:94:17:2e:6e:22:3f:36:a4:20:
         9e:1d:60:28:2f:cd:d1:dd:d7:91:d5:ec:95:51:8c:47:38:46:
         c8:04:cf:7f:c0:d1:94:8d:55:0b:3f:42:8e:75:03:b3:40:4c:
         fd:44:01:04:e5:1b:77:88:28:f3:d4:45:4e:bc:97:36:d7:b8:
         fc:15:c7:77:58:cb:17:f9:98:39:e5:78:af:e4:ba:d4:75:cf:
         50:e9:e4:ff:af:23:f3:98:e0:8d:ac:a0:d0:d5:3d:99:ba:c0:
         24:88:7e:aa:0b:c4:83:3b:5d:46:18:67:a2:8e:59:80:17:0c:
         68:b5:62:82:06:eb:0a:6a:fa:d0:0b:21:d4:1f:63:4a:37:7f:
         3c:2e:2e:a6:8d:33:9d:00:c7:c4:7c:b4:84:4c:ea:33:fb:f4:
         2f:08:d9:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAFSVObYUUGvFM4c0IK7ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3Y2VhYTYyNmNiZDg5MDUyZjM1NDUzMzVkZmRiMzFhMTMz
ODMwMDQwHhcNMjQwMTAxMTIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzkzOGIxOGYwMDI0MTkwYjFjY2YwMTRjNDE0YjYyMzUxZDIwNGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyVPL0oHjefz2fJJl9fulANypJ7T
5kc7eUS3Z7XfNRGcPbnre5gKsINP8Dixg7IdV4OxepAkln4oWldrJURS0EOK5ePr
7xkUVzzY8bw0wxiVMWAxmNBjUVjI98lVxovnfH/09P4JIwcljlj2a3Q3oqwImHra
dDt55mXoWzQctHBw4KmglSg5FGlQOIoXtrBH+GzW1xr2PUc+CK+ljfS2+/bSo4Y/
0JwAjwKdqRqcMAq6W0BKbwS1D874AQfVg7N73fkUViAHfiQSrUWzOBnAczlisS3n
tGYIuivXJfzDpB5vSK0PPGwcKRvxor9d3Tt4mi3RfrWD0tIPtdjkPp7ZUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOTixjwAkGQsczwFMQUtiNR0gStMB8GA1UdIwQY
MBaAFDfOqmJsvYkFLzVFM139sxoTODAEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjg2cVlteTlpUVV2TlVVelhmMnpHaE00TUFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9hZDg5OTQtNTFmMS00YjY1LWFjYTAt
ZTE1YThiNzBlOGQyLzEvczVPTEdQQUNRWkN4elBBVXhCUzJJMUhTQkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9hZDg5OTQtNTFmMS00YjY1LWFjYTAtZTE1YThiNzBlOGQy
LzEvTjg2cVlteTlpUVV2TlVVelhmMnpHaE00TUFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkyPMA0G
CSqGSIb3DQEBCwUAA4IBAQCOGiKWN4w+qxYNaGPmXRd0k8ueqG6k3/Jy61lqmnhm
stK9TFVNy/Z8OI2tCiRkiyiAD+wtYq5hWJvYbl/AXzvSl5SnC5Jl2muEkxo84p1n
Obj3pL77j2YAbS9o4IA8Q0/vBgWUFy5uIj82pCCeHWAoL83R3deR1eyVUYxHOEbI
BM9/wNGUjVULP0KOdQOzQEz9RAEE5Rt3iCjz1EVOvJc217j8Fcd3WMsX+Zg55Xiv
5LrUdc9Q6eT/ryPzmOCNrKDQ1T2ZusAkiH6qC8SDO11GGGeijlmAFwxotWKCBusK
avrQCyHUH2NKN388Li6mjTOdAMfEfLSETOoz+/QvCNkH
-----END CERTIFICATE-----