Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/2f5fd6-1904-4dca-abb2-8837ca69e396/1/5ytILKPJIJOlHUDq7m-vLGG036I.roa
File:                     5ytILKPJIJOlHUDq7m-vLGG036I.roa (raw, json)
Hash identifier:          ZUpMnIThWL3f76Wo38IALkRNAHdjP7I+Q8IYffxTWFg=
Subject key identifier:   E7:2B:48:2C:A3:C9:20:93:A5:1D:40:EA:EE:6F:AF:2C:61:B4:DF:A2
Certificate issuer:       /CN=aebdead4f1d1c8dda96d1cd1789d9dd3e23bf153
Certificate serial:       018CC86F742EA35B7D9D1FB63718CBA61149
Authority key identifier: AE:BD:EA:D4:F1:D1:C8:DD:A9:6D:1C:D1:78:9D:9D:D3:E2:3B:F1:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rr3q1PHRyN2pbRzReJ2d0-I78VM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/2f5fd6-1904-4dca-abb2-8837ca69e396/1/5ytILKPJIJOlHUDq7m-vLGG036I.roa
Signing time:             Tue 02 Jan 2024 04:29:56 +0000
ROA not before:           Tue 02 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        195.250.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/2f5fd6-1904-4dca-abb2-8837ca69e396/1/rr3q1PHRyN2pbRzReJ2d0-I78VM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/2f5fd6-1904-4dca-abb2-8837ca69e396/1/rr3q1PHRyN2pbRzReJ2d0-I78VM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rr3q1PHRyN2pbRzReJ2d0-I78VM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:74:2e:a3:5b:7d:9d:1f:b6:37:18:cb:a6:11:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aebdead4f1d1c8dda96d1cd1789d9dd3e23bf153
        Validity
            Not Before: Jan  2 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e72b482ca3c92093a51d40eaee6faf2c61b4dfa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:6c:b8:bb:14:0f:55:58:29:91:bd:f6:c3:64:
                    14:a9:1a:48:49:ef:ef:81:d1:44:7c:7b:8d:83:9a:
                    18:f3:23:6c:1b:6f:4c:a0:85:3c:df:bf:47:be:74:
                    02:3a:8f:81:13:92:2b:23:70:3a:00:ef:9e:73:3e:
                    00:0c:32:e0:79:8d:ba:32:bd:67:c6:37:fe:42:78:
                    fa:85:02:fe:ae:32:63:7e:f7:38:5c:40:95:e8:f1:
                    e7:19:b3:8a:84:00:23:cc:47:82:05:e8:c1:ec:4c:
                    db:f6:3d:27:67:2f:8d:0b:bd:eb:8a:0a:82:c5:da:
                    a4:d6:98:76:f4:83:be:7a:6a:d1:37:60:5d:09:da:
                    e5:78:6c:9d:61:51:96:1b:5a:3d:ac:7b:e7:ee:97:
                    f3:49:5c:a1:1b:95:29:88:c3:e1:9e:10:50:86:38:
                    05:fe:aa:a6:0e:15:2c:e7:53:90:fd:ff:44:5c:1f:
                    5f:ad:c3:48:3c:16:c3:26:87:44:1a:13:03:7c:c8:
                    09:46:b6:89:94:bb:d2:4d:71:6f:79:78:f2:78:69:
                    a3:00:a7:52:4f:2f:73:df:0f:3b:23:9a:b6:c1:59:
                    96:6a:8b:d0:b2:2a:87:70:67:fc:a7:4b:98:d1:b8:
                    1a:ad:bb:a3:6a:db:23:e9:6e:28:10:57:e4:f7:e4:
                    2e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:2B:48:2C:A3:C9:20:93:A5:1D:40:EA:EE:6F:AF:2C:61:B4:DF:A2
            X509v3 Authority Key Identifier:
                keyid:AE:BD:EA:D4:F1:D1:C8:DD:A9:6D:1C:D1:78:9D:9D:D3:E2:3B:F1:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rr3q1PHRyN2pbRzReJ2d0-I78VM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/2f5fd6-1904-4dca-abb2-8837ca69e396/1/5ytILKPJIJOlHUDq7m-vLGG036I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/2f5fd6-1904-4dca-abb2-8837ca69e396/1/rr3q1PHRyN2pbRzReJ2d0-I78VM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.250.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:7c:cc:3a:76:35:4b:e7:b7:85:a3:9f:f6:b1:dd:26:a9:57:
         13:80:11:0e:42:c6:da:69:ce:60:f8:25:01:9d:0d:ce:76:2b:
         1a:7f:72:36:69:d9:3f:76:85:4b:b2:2a:7c:fe:4c:7e:14:40:
         3f:61:44:81:13:11:36:e4:2d:c2:22:d1:36:8f:26:c0:ed:b8:
         1a:f2:96:7d:f4:f6:fc:35:5c:b8:0e:5b:b5:fd:77:37:83:34:
         6e:91:34:3b:1e:06:0e:f8:3e:60:6c:d7:91:2b:62:4b:9e:09:
         63:0a:bb:6f:80:c6:fa:a6:f7:cd:55:0c:46:74:07:c8:43:f3:
         81:28:ce:93:be:98:db:e2:8d:25:dd:a0:84:30:1b:ff:d7:64:
         34:5b:aa:1b:4b:84:76:65:fc:38:c6:69:3a:32:8c:ee:f5:60:
         55:75:b6:d4:7a:31:a8:c5:ba:1b:65:86:09:1d:7b:3e:99:37:
         30:8b:e9:18:20:a9:42:3f:09:4f:3e:41:27:93:aa:29:a2:65:
         62:89:42:cd:d8:17:6f:fa:19:1f:bd:9b:96:02:6d:73:52:30:
         63:15:3a:84:15:90:b7:05:b3:b2:60:eb:e4:ac:d7:02:16:65:
         56:cc:ce:bc:54:4f:85:3e:d3:6a:d3:92:31:cf:21:08:76:89:
         45:9d:a8:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb3Quo1t9nR+2NxjLphFJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYmRlYWQ0ZjFkMWM4ZGRhOTZkMWNkMTc4OWQ5ZGQzZTIz
YmYxNTMwHhcNMjQwMTAyMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzJiNDgyY2EzYzkyMDkzYTUxZDQwZWFlZTZmYWYyYzYxYjRkZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmy4uxQPVVgpkb32w2QUqRpISe/v
gdFEfHuNg5oY8yNsG29MoIU8379HvnQCOo+BE5IrI3A6AO+ecz4ADDLgeY26Mr1n
xjf+Qnj6hQL+rjJjfvc4XECV6PHnGbOKhAAjzEeCBejB7Ezb9j0nZy+NC73rigqC
xdqk1ph29IO+emrRN2BdCdrleGydYVGWG1o9rHvn7pfzSVyhG5UpiMPhnhBQhjgF
/qqmDhUs51OQ/f9EXB9frcNIPBbDJodEGhMDfMgJRraJlLvSTXFveXjyeGmjAKdS
Ty9z3w87I5q2wVmWaovQsiqHcGf8p0uY0bgarbujatsj6W4oEFfk9+Qu+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcrSCyjySCTpR1A6u5vryxhtN+iMB8GA1UdIwQY
MBaAFK696tTx0cjdqW0c0XidndPiO/FTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnIzcTFQSFJ5TjJwYlJ6UmVKMmQwLUk3OFZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8yZjVmZDYtMTkwNC00ZGNhLWFiYjIt
ODgzN2NhNjllMzk2LzEvNXl0SUxLUEpJSk9sSFVEcTdtLXZMR0cwMzZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8yZjVmZDYtMTkwNC00ZGNhLWFiYjItODgzN2NhNjllMzk2
LzEvcnIzcTFQSFJ5TjJwYlJ6UmVKMmQwLUk3OFZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/ouMA0G
CSqGSIb3DQEBCwUAA4IBAQBxfMw6djVL57eFo5/2sd0mqVcTgBEOQsbaac5g+CUB
nQ3Odisaf3I2adk/doVLsip8/kx+FEA/YUSBExE25C3CItE2jybA7bga8pZ99Pb8
NVy4Dlu1/Xc3gzRukTQ7HgYO+D5gbNeRK2JLngljCrtvgMb6pvfNVQxGdAfIQ/OB
KM6Tvpjb4o0l3aCEMBv/12Q0W6obS4R2Zfw4xmk6Mozu9WBVdbbUejGoxbobZYYJ
HXs+mTcwi+kYIKlCPwlPPkEnk6opomViiULN2Bdv+hkfvZuWAm1zUjBjFTqEFZC3
BbOyYOvkrNcCFmVWzM68VE+FPtNq05IxzyEIdolFnag2
-----END CERTIFICATE-----