Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/kBbN5NdEl7t0u6zJOkhUaCB_Z2U.roa
File:                     kBbN5NdEl7t0u6zJOkhUaCB_Z2U.roa (raw, json)
Hash identifier:          WNjJ3yFrMbjJ4X157iStbwQLPiHreZJBx8CM1U3ANfA=
Subject key identifier:   90:16:CD:E4:D7:44:97:BB:74:BB:AC:C9:3A:48:54:68:20:7F:67:65
Certificate issuer:       /CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
Certificate serial:       018CC5DC461DE3731D3525FBFB69871B3E40
Authority key identifier: E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/kBbN5NdEl7t0u6zJOkhUaCB_Z2U.roa
Signing time:             Mon 01 Jan 2024 16:29:56 +0000
ROA not before:           Mon 01 Jan 2024 16:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     65724
IP address blocks:        160.218.244.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:46:1d:e3:73:1d:35:25:fb:fb:69:87:1b:3e:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5d6c6e8bced40bd032d17718c1b1e39ae841ae8
        Validity
            Not Before: Jan  1 16:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9016cde4d74497bb74bbacc93a485468207f6765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:50:67:a4:2e:01:32:0e:e1:15:75:62:16:2d:
                    12:f7:25:80:27:72:23:89:03:f9:a1:01:4c:82:28:
                    6d:9f:2b:67:53:13:17:0a:65:1a:10:2a:aa:54:fc:
                    c0:d3:e5:1f:ef:19:8a:87:2a:5e:82:6b:ac:86:db:
                    e4:65:50:86:2b:c1:9d:65:37:06:67:b6:12:d4:a0:
                    68:5b:01:9c:86:b0:ea:ab:1e:ef:b5:c1:1b:92:bb:
                    3c:5f:f5:6a:f7:a4:7c:3c:1a:96:a0:6a:d1:50:b5:
                    a0:73:1b:51:7b:b2:9f:60:65:d3:15:e9:82:e5:44:
                    e1:6e:9d:43:de:44:b8:21:ba:05:ee:bd:57:8c:e5:
                    88:0a:28:94:ab:82:24:85:ac:0a:c5:10:80:8d:4a:
                    79:de:f2:76:f8:34:63:29:fe:85:35:c1:5d:b3:63:
                    0e:49:d1:da:b0:dc:c8:80:4c:2c:f3:eb:b2:39:06:
                    ac:f4:43:26:f9:0f:37:9f:6e:49:fd:ee:36:82:3e:
                    3c:24:70:be:8b:32:93:0d:66:c8:2c:0e:34:24:79:
                    0f:d6:0c:71:1f:10:5e:62:43:0a:c3:7a:81:cf:ac:
                    23:e5:e5:83:e3:5d:1a:89:02:41:f3:8b:b8:e4:35:
                    d4:86:69:46:77:28:94:8f:73:d0:91:02:39:39:7a:
                    2d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:16:CD:E4:D7:44:97:BB:74:BB:AC:C9:3A:48:54:68:20:7F:67:65
            X509v3 Authority Key Identifier:
                keyid:E5:D6:C6:E8:BC:ED:40:BD:03:2D:17:71:8C:1B:1E:39:AE:84:1A:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5dbG6LztQL0DLRdxjBseOa6EGug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/kBbN5NdEl7t0u6zJOkhUaCB_Z2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0894f7-e24d-4728-8cad-bd249b625797/1/5dbG6LztQL0DLRdxjBseOa6EGug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.218.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:e8:21:90:5b:a8:27:8f:e6:4d:94:f9:4e:38:48:51:63:90:
         ed:84:97:24:96:62:02:65:71:26:30:72:0e:90:f5:a2:7a:ec:
         17:40:71:c0:7a:aa:bb:64:01:f2:76:aa:52:8c:aa:d9:8d:03:
         c6:8e:ac:55:31:ec:60:d1:6d:f0:2a:f9:5d:70:dd:df:8b:1a:
         07:97:b9:4f:6d:b4:fd:fd:5b:90:57:63:79:f0:45:13:7c:83:
         15:67:bb:6e:7b:d0:73:cf:24:a6:77:e7:c2:b1:a0:79:dd:ab:
         99:cc:8e:7c:8d:ff:94:77:c2:ee:4d:15:56:77:81:b0:ba:43:
         89:a1:e2:78:6a:20:c6:ff:13:3b:fa:a9:db:99:ac:eb:65:0c:
         38:6e:48:80:01:87:9d:98:ff:f1:55:5b:c3:37:8f:7c:bb:6c:
         54:18:94:6a:1b:50:63:0f:95:62:37:78:84:8a:ef:a0:21:be:
         24:98:78:19:be:c9:38:92:a2:23:59:0f:6d:67:a5:88:d2:fa:
         5c:fc:46:fb:19:34:3a:f7:79:ce:1b:41:11:2b:c3:77:c2:58:
         78:e2:db:e6:b3:68:b8:0a:9a:10:af:40:96:18:99:4c:c7:13:
         5b:52:3a:61:53:71:6a:9e:a8:75:e0:b8:b3:02:00:20:0a:b1:
         f0:55:58:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3EYd43MdNSX7+2mHGz5AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZDZjNmU4YmNlZDQwYmQwMzJkMTc3MThjMWIxZTM5YWU4
NDFhZTgwHhcNMjQwMTAxMTYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDE2Y2RlNGQ3NDQ5N2JiNzRiYmFjYzkzYTQ4NTQ2ODIwN2Y2NzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VBnpC4BMg7hFXViFi0S9yWAJ3Ij
iQP5oQFMgihtnytnUxMXCmUaECqqVPzA0+Uf7xmKhypegmushtvkZVCGK8GdZTcG
Z7YS1KBoWwGchrDqqx7vtcEbkrs8X/Vq96R8PBqWoGrRULWgcxtRe7KfYGXTFemC
5UThbp1D3kS4IboF7r1XjOWICiiUq4IkhawKxRCAjUp53vJ2+DRjKf6FNcFds2MO
SdHasNzIgEws8+uyOQas9EMm+Q83n25J/e42gj48JHC+izKTDWbILA40JHkP1gxx
HxBeYkMKw3qBz6wj5eWD410aiQJB84u45DXUhmlGdyiUj3PQkQI5OXotSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAWzeTXRJe7dLusyTpIVGggf2dlMB8GA1UdIwQY
MBaAFOXWxui87UC9Ay0XcYwbHjmuhBroMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQt
YmQyNDliNjI1Nzk3LzEva0JiTjVOZEVsN3QwdTZ6Sk9raFVhQ0JfWjJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wODk0ZjctZTI0ZC00NzI4LThjYWQtYmQyNDliNjI1Nzk3
LzEvNWRiRzZMenRRTDBETFJkeGpCc2VPYTZFR3VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCoNr0MA0G
CSqGSIb3DQEBCwUAA4IBAQBe6CGQW6gnj+ZNlPlOOEhRY5DthJcklmICZXEmMHIO
kPWieuwXQHHAeqq7ZAHydqpSjKrZjQPGjqxVMexg0W3wKvldcN3fixoHl7lPbbT9
/VuQV2N58EUTfIMVZ7tue9BzzySmd+fCsaB53auZzI58jf+Ud8LuTRVWd4GwukOJ
oeJ4aiDG/xM7+qnbmazrZQw4bkiAAYedmP/xVVvDN498u2xUGJRqG1BjD5ViN3iE
iu+gIb4kmHgZvsk4kqIjWQ9tZ6WI0vpc/Eb7GTQ693nOG0ERK8N3wlh44tvms2i4
CpoQr0CWGJlMxxNbUjphU3Fqnqh14LizAgAgCrHwVVjq
-----END CERTIFICATE-----