Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b0c0af-619b-4ad5-b95f-937e2523d6f7/1/5OGJCwvpwpDayfvxJRAxGdQvU6I.roa
File:                     5OGJCwvpwpDayfvxJRAxGdQvU6I.roa (raw, json)
Hash identifier:          7eIVaE65XH8e5C0n2iLRHLCwFjzrRCDSFWXdXIZrmQU=
Subject key identifier:   E4:E1:89:0B:0B:E9:C2:90:DA:C9:FB:F1:25:10:31:19:D4:2F:53:A2
Certificate issuer:       /CN=db30f2fff4fe10b1a79c127a6a4ad82ca5326064
Certificate serial:       018DFA5439ADB4173C0649F8A1D888D5AA68
Authority key identifier: DB:30:F2:FF:F4:FE:10:B1:A7:9C:12:7A:6A:4A:D8:2C:A5:32:60:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2zDy__T-ELGnnBJ6akrYLKUyYGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b0c0af-619b-4ad5-b95f-937e2523d6f7/1/5OGJCwvpwpDayfvxJRAxGdQvU6I.roa
Signing time:             Fri 01 Mar 2024 14:04:00 +0000
ROA not before:           Fri 01 Mar 2024 14:04:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        193.53.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b0c0af-619b-4ad5-b95f-937e2523d6f7/1/2zDy__T-ELGnnBJ6akrYLKUyYGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b0c0af-619b-4ad5-b95f-937e2523d6f7/1/2zDy__T-ELGnnBJ6akrYLKUyYGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2zDy__T-ELGnnBJ6akrYLKUyYGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fa:54:39:ad:b4:17:3c:06:49:f8:a1:d8:88:d5:aa:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db30f2fff4fe10b1a79c127a6a4ad82ca5326064
        Validity
            Not Before: Mar  1 14:04:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4e1890b0be9c290dac9fbf125103119d42f53a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ed:0f:70:e7:e5:2c:c5:42:a0:64:d7:d0:c1:
                    8b:ac:b4:b3:6e:f8:ee:18:c3:4e:02:5c:ea:94:47:
                    6b:28:b8:2a:74:41:d9:63:b5:78:72:a0:ae:f0:29:
                    41:07:78:25:cf:0b:4c:02:fb:cc:9f:6b:6c:fd:bd:
                    21:30:51:48:7a:e1:0c:86:f0:f4:05:c7:6b:11:f3:
                    54:01:de:34:76:9d:c1:7c:37:8b:43:a6:85:07:98:
                    87:a5:9b:92:c8:4e:a5:3f:13:9b:7d:48:71:65:5f:
                    42:4b:8e:da:58:da:83:72:9f:ad:75:76:32:89:1e:
                    f6:3f:17:b9:4d:b7:2b:d2:3d:06:a8:93:66:53:ce:
                    28:16:a8:9a:9c:b5:bb:b8:de:36:a1:ed:31:39:16:
                    23:35:78:ac:f1:c6:af:7a:44:cd:ff:23:fb:0f:a0:
                    85:c1:8e:df:a3:b2:80:6d:3b:87:f6:6c:da:e0:00:
                    05:b6:31:44:40:bd:ae:84:2c:8b:a7:20:9d:9e:7c:
                    ab:7e:e3:f1:84:d8:bc:17:6a:12:61:d9:ea:63:ef:
                    55:1c:af:0d:41:ae:7c:e5:75:7a:c6:df:1f:74:e2:
                    2f:3f:ea:6f:96:e2:4b:67:5b:bc:40:eb:97:2f:b5:
                    12:30:88:e8:a4:6a:74:81:38:9c:83:1f:29:b6:51:
                    01:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:E1:89:0B:0B:E9:C2:90:DA:C9:FB:F1:25:10:31:19:D4:2F:53:A2
            X509v3 Authority Key Identifier:
                keyid:DB:30:F2:FF:F4:FE:10:B1:A7:9C:12:7A:6A:4A:D8:2C:A5:32:60:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2zDy__T-ELGnnBJ6akrYLKUyYGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b0c0af-619b-4ad5-b95f-937e2523d6f7/1/5OGJCwvpwpDayfvxJRAxGdQvU6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b0c0af-619b-4ad5-b95f-937e2523d6f7/1/2zDy__T-ELGnnBJ6akrYLKUyYGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:4b:71:05:4f:7d:80:81:99:70:df:c9:da:03:fe:6c:fb:25:
         10:33:6b:b6:1a:9a:6b:a0:20:27:f5:e4:a3:ca:90:84:ef:ac:
         96:d8:81:b9:8c:36:7d:12:c5:b0:14:14:55:a5:24:66:d0:b3:
         29:63:ec:b3:4e:6f:cf:8c:d5:77:53:d0:3f:ef:0b:6e:5b:3d:
         9d:36:d8:f1:3b:c1:cf:99:4a:99:68:bb:17:b6:d4:b6:6c:ca:
         c9:91:88:d2:6c:58:5f:94:02:41:92:df:f4:51:99:e4:58:84:
         72:7a:db:1e:44:14:94:70:64:3a:84:87:cb:30:26:7d:d7:05:
         b4:99:69:62:83:43:69:85:7d:b2:16:4f:f3:b6:7c:a7:5b:71:
         0f:f6:14:e3:44:a0:d1:06:13:73:88:e2:9c:0d:1a:5e:87:72:
         bf:3f:c9:36:1b:4d:b6:7b:d4:67:30:e0:7f:ad:8a:66:65:76:
         58:22:64:46:d4:7e:e7:01:3a:05:b4:fd:0c:0e:95:02:4e:91:
         3c:f1:e1:e3:72:5d:c2:45:df:0e:f6:6c:53:9b:f8:ee:c5:d5:
         d3:88:36:27:9a:17:f5:50:24:18:f4:c4:14:eb:d2:9a:07:37:
         0b:46:71:ee:ce:1c:1c:92:ff:0c:e1:71:96:54:02:67:c1:29:
         90:04:1b:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY36VDmttBc8Bkn4odiI1apoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMzBmMmZmZjRmZTEwYjFhNzljMTI3YTZhNGFkODJjYTUz
MjYwNjQwHhcNMjQwMzAxMTQwNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGUxODkwYjBiZTljMjkwZGFjOWZiZjEyNTEwMzExOWQ0MmY1M2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+0PcOflLMVCoGTX0MGLrLSzbvju
GMNOAlzqlEdrKLgqdEHZY7V4cqCu8ClBB3glzwtMAvvMn2ts/b0hMFFIeuEMhvD0
BcdrEfNUAd40dp3BfDeLQ6aFB5iHpZuSyE6lPxObfUhxZV9CS47aWNqDcp+tdXYy
iR72Pxe5Tbcr0j0GqJNmU84oFqianLW7uN42oe0xORYjNXis8cavekTN/yP7D6CF
wY7fo7KAbTuH9mza4AAFtjFEQL2uhCyLpyCdnnyrfuPxhNi8F2oSYdnqY+9VHK8N
Qa585XV6xt8fdOIvP+pvluJLZ1u8QOuXL7USMIjopGp0gTicgx8ptlEBBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOThiQsL6cKQ2sn78SUQMRnUL1OiMB8GA1UdIwQY
MBaAFNsw8v/0/hCxp5wSempK2CylMmBkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnpEeV9fVC1FTEdubkJKNmFrcllMS1V5WUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iMGMwYWYtNjE5Yi00YWQ1LWI5NWYt
OTM3ZTI1MjNkNmY3LzEvNU9HSkN3dnB3cERheWZ2eEpSQXhHZFF2VTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iMGMwYWYtNjE5Yi00YWQ1LWI5NWYtOTM3ZTI1MjNkNmY3
LzEvMnpEeV9fVC1FTEdubkJKNmFrcllMS1V5WUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTWbMA0G
CSqGSIb3DQEBCwUAA4IBAQBAS3EFT32AgZlw38naA/5s+yUQM2u2GpproCAn9eSj
ypCE76yW2IG5jDZ9EsWwFBRVpSRm0LMpY+yzTm/PjNV3U9A/7wtuWz2dNtjxO8HP
mUqZaLsXttS2bMrJkYjSbFhflAJBkt/0UZnkWIRyetseRBSUcGQ6hIfLMCZ91wW0
mWlig0NphX2yFk/ztnynW3EP9hTjRKDRBhNziOKcDRpeh3K/P8k2G022e9RnMOB/
rYpmZXZYImRG1H7nAToFtP0MDpUCTpE88eHjcl3CRd8O9mxTm/juxdXTiDYnmhf1
UCQY9MQU69KaBzcLRnHuzhwckv8M4XGWVAJnwSmQBBtU
-----END CERTIFICATE-----