Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/FbYxfY8iQ_Eqh0BaXohX9ucRgJc.roa
File:                     FbYxfY8iQ_Eqh0BaXohX9ucRgJc.roa (raw, json)
Hash identifier:          s+/HwBQ+DfJx0sZSDXNdKaTTZN5wUXkWlQruG4ShePA=
Subject key identifier:   15:B6:31:7D:8F:22:43:F1:2A:87:40:5A:5E:88:57:F6:E7:11:80:97
Certificate issuer:       /CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
Certificate serial:       018DE5D2692081CBB25858C812A85FA8A6EE
Authority key identifier: EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/FbYxfY8iQ_Eqh0BaXohX9ucRgJc.roa
Signing time:             Mon 26 Feb 2024 14:29:48 +0000
ROA not before:           Mon 26 Feb 2024 14:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202766
IP address blocks:        195.5.64.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e5:d2:69:20:81:cb:b2:58:58:c8:12:a8:5f:a8:a6:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
        Validity
            Not Before: Feb 26 14:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15b6317d8f2243f12a87405a5e8857f6e7118097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:12:78:3b:b9:ba:60:d9:52:34:0c:61:0b:33:
                    6a:b4:25:2d:ef:15:b5:09:93:e8:b1:f4:e6:7b:69:
                    e2:ac:1e:d3:23:47:d0:c8:c2:72:24:a0:44:1c:07:
                    bf:42:8e:31:9d:00:d9:38:4b:29:88:19:26:72:4a:
                    61:df:1c:34:94:76:50:f8:72:17:b8:74:89:69:a0:
                    47:e3:85:79:2b:ff:8e:57:3c:4f:80:0c:e9:6e:42:
                    b3:51:3c:b7:d8:8c:9c:e6:90:31:c3:ca:f7:55:00:
                    1d:85:18:39:02:23:b9:e2:db:b6:c4:1c:1e:0b:1c:
                    d5:f4:5a:88:1c:84:ce:52:02:90:1d:15:70:d2:60:
                    ef:2c:69:a1:28:6e:e5:25:a9:18:d8:1e:0b:2b:94:
                    b2:c4:6b:b3:f0:f5:00:59:c6:1d:1b:3d:d1:05:ec:
                    35:18:e2:ba:b9:26:5c:ba:52:fb:15:3a:f7:e1:ab:
                    19:83:da:52:83:96:bf:2a:cd:bb:2d:e0:e0:6a:09:
                    d2:7a:f6:57:b7:8f:60:6c:10:8f:34:a0:21:e4:0e:
                    3e:f4:5c:ef:64:7a:64:4d:c4:22:61:d3:d9:89:6d:
                    56:07:df:9c:d8:0d:0a:d2:c1:6f:cd:5a:3b:29:34:
                    8c:06:d5:30:e6:a1:e7:3f:51:e8:3a:55:b6:75:f4:
                    d2:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:B6:31:7D:8F:22:43:F1:2A:87:40:5A:5E:88:57:F6:E7:11:80:97
            X509v3 Authority Key Identifier:
                keyid:EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/FbYxfY8iQ_Eqh0BaXohX9ucRgJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         b7:ec:e8:ba:b4:66:47:36:3f:81:65:58:9c:ba:ab:27:6d:d7:
         22:05:27:3d:35:3a:44:80:dd:88:a4:7d:37:20:a6:bb:1a:c9:
         a3:d6:ed:73:66:13:fa:c5:bd:9a:18:77:68:25:d9:64:c1:9e:
         3e:f2:9b:db:53:9e:80:a8:b5:e6:f1:72:b3:9c:fc:d2:d6:76:
         d2:27:91:f5:cd:c4:86:92:d7:f0:98:15:a4:74:a0:f4:b1:4c:
         ee:d6:25:c5:ce:b5:30:b8:c5:ee:55:61:0f:44:30:99:23:64:
         e8:d9:a4:29:de:99:05:ba:d3:c5:8f:98:a2:90:8b:f0:3d:d3:
         d6:8e:69:f1:63:0f:e6:a2:d6:b7:a9:d1:94:6f:a9:42:0f:c2:
         21:45:d7:50:a6:52:56:8c:16:57:0c:38:74:be:0d:ac:5d:e1:
         cf:3a:21:22:41:44:9b:ea:98:88:24:f8:1c:bc:2c:a8:57:6f:
         48:df:d5:b7:79:43:f9:f8:28:10:62:cc:33:56:a5:d1:74:74:
         62:48:4e:a7:cb:d0:8a:2d:74:9f:01:83:41:ec:38:ae:0b:23:
         43:a5:69:60:b2:01:69:f8:d5:b9:25:a4:3e:8a:a6:23:c0:03:
         70:78:93:6e:8e:d9:b1:12:f1:5d:1b:a8:83:e8:c6:d0:f9:77:
         c2:be:b6:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3l0mkggcuyWFjIEqhfqKbuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmM2U3MWI5Njk5MmRhM2Q5MWM4OGRkNzRlZjQxZjliOTVi
OTQ4NWIwHhcNMjQwMjI2MTQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWI2MzE3ZDhmMjI0M2YxMmE4NzQwNWE1ZTg4NTdmNmU3MTE4MDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixJ4O7m6YNlSNAxhCzNqtCUt7xW1
CZPosfTme2nirB7TI0fQyMJyJKBEHAe/Qo4xnQDZOEspiBkmckph3xw0lHZQ+HIX
uHSJaaBH44V5K/+OVzxPgAzpbkKzUTy32Iyc5pAxw8r3VQAdhRg5AiO54tu2xBwe
CxzV9FqIHITOUgKQHRVw0mDvLGmhKG7lJakY2B4LK5SyxGuz8PUAWcYdGz3RBew1
GOK6uSZculL7FTr34asZg9pSg5a/Ks27LeDgagnSevZXt49gbBCPNKAh5A4+9Fzv
ZHpkTcQiYdPZiW1WB9+c2A0K0sFvzVo7KTSMBtUw5qHnP1HoOlW2dfTSkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBW2MX2PIkPxKodAWl6IV/bnEYCXMB8GA1UdIwQY
MBaAFO8+cblpkto9kciN1070H5uVuUhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDIt
OTE5NmNlNDQ2NTI3LzEvRmJZeGZZOGlRX0VxaDBCYVhvaFg5dWNSZ0pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDItOTE5NmNlNDQ2NTI3
LzEvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwwVAMA0G
CSqGSIb3DQEBCwUAA4IBAQC37Oi6tGZHNj+BZVicuqsnbdciBSc9NTpEgN2IpH03
IKa7Gsmj1u1zZhP6xb2aGHdoJdlkwZ4+8pvbU56AqLXm8XKznPzS1nbSJ5H1zcSG
ktfwmBWkdKD0sUzu1iXFzrUwuMXuVWEPRDCZI2To2aQp3pkFutPFj5iikIvwPdPW
jmnxYw/mota3qdGUb6lCD8IhRddQplJWjBZXDDh0vg2sXeHPOiEiQUSb6piIJPgc
vCyoV29I39W3eUP5+CgQYswzVqXRdHRiSE6ny9CKLXSfAYNB7DiuCyNDpWlgsgFp
+NW5JaQ+iqYjwANweJNujtmxEvFdG6iD6MbQ+XfCvrZd
-----END CERTIFICATE-----