Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/t832DGNWHlGgZRG39ZEV_T3_Nj4.roa
File:                     t832DGNWHlGgZRG39ZEV_T3_Nj4.roa (raw, json)
Hash identifier:          2yzpJuMrYb2rwEhGq2/4kOhST/gEcP1c1XpuqoXcuwk=
Subject key identifier:   B7:CD:F6:0C:63:56:1E:51:A0:65:11:B7:F5:91:15:FD:3D:FF:36:3E
Certificate issuer:       /CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
Certificate serial:       018CC5001465BC37E201DA0DBE73AC12D15F
Authority key identifier: 5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/t832DGNWHlGgZRG39ZEV_T3_Nj4.roa
Signing time:             Mon 01 Jan 2024 12:29:25 +0000
ROA not before:           Mon 01 Jan 2024 12:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207992
IP address blocks:        193.160.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:14:65:bc:37:e2:01:da:0d:be:73:ac:12:d1:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
        Validity
            Not Before: Jan  1 12:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7cdf60c63561e51a06511b7f59115fd3dff363e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3f:bb:b7:ce:80:cf:5f:98:75:0f:1f:c1:4f:
                    5b:ea:43:ee:63:19:d3:04:12:56:f2:73:42:fb:9a:
                    08:05:3b:22:9a:4d:87:05:a8:65:86:8c:a9:e0:84:
                    01:88:88:49:17:f9:f3:ca:7c:46:21:9b:f4:bf:e6:
                    c0:15:41:99:47:be:27:aa:33:55:ab:90:07:84:3d:
                    d9:ba:db:30:60:5d:34:f6:1b:e3:17:72:3b:2d:db:
                    81:4b:ab:0b:c0:8e:d5:eb:a4:79:92:86:3f:5b:6f:
                    15:30:63:70:1d:7a:b0:de:97:7b:c6:b7:20:35:df:
                    36:f1:07:5d:b7:28:5b:56:33:40:5b:47:c4:1f:3b:
                    55:3d:a9:e9:c5:30:6a:84:b8:e9:43:7a:c5:a2:58:
                    d2:19:d5:8f:33:62:e3:ba:32:fc:84:a7:f5:ff:76:
                    35:8c:2d:c2:ab:3b:5a:57:94:53:db:d9:94:3e:88:
                    fb:1c:1d:d0:6d:98:4d:64:c2:3b:09:d1:9c:70:3c:
                    ce:54:6e:02:4e:0f:17:a4:0d:32:bc:84:e3:c2:2f:
                    69:e5:7f:17:8c:7c:df:88:c8:ba:db:59:b9:03:1f:
                    43:5f:44:58:ad:11:55:a2:c4:8d:43:06:6b:1d:7b:
                    f0:a9:9b:3a:6a:90:73:36:2a:4c:87:0d:d2:70:c2:
                    b3:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:CD:F6:0C:63:56:1E:51:A0:65:11:B7:F5:91:15:FD:3D:FF:36:3E
            X509v3 Authority Key Identifier:
                keyid:5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/t832DGNWHlGgZRG39ZEV_T3_Nj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:c0:e5:79:bf:25:fb:fa:cb:ea:77:76:59:5c:2e:23:75:26:
         91:c9:87:8a:7f:45:ca:21:ab:3e:cf:82:e4:e4:44:6b:3c:b9:
         1f:a2:7d:23:9d:3a:37:ce:c9:41:e1:a4:62:00:c6:9e:79:9c:
         51:c3:bd:df:21:d9:5d:83:c5:d4:e8:12:15:17:f0:57:08:4f:
         b6:e5:65:4c:0e:bd:84:59:cb:be:1f:16:76:41:aa:8d:ae:29:
         1c:ef:b8:2b:d3:8c:1a:1f:8a:96:a9:ee:66:77:0e:03:9c:04:
         77:ca:1d:51:49:f9:86:8b:d6:6a:e4:34:3e:b6:50:ee:bc:01:
         4f:80:8e:03:e1:2f:fd:48:34:ff:80:79:b9:26:98:94:9a:99:
         b3:fc:44:18:36:87:0d:05:cb:4b:df:1a:e5:6b:e2:5c:50:c4:
         fb:84:02:77:3a:22:5e:e4:b0:44:9b:2d:77:75:9e:83:db:15:
         6f:37:c1:4b:f6:37:fc:cd:c5:55:de:aa:14:8c:48:3c:26:53:
         4a:db:c4:17:b7:6f:99:f1:30:bb:6e:b6:1d:18:7c:89:fc:df:
         ef:7e:9c:d7:58:0a:3a:0e:f0:1b:43:ad:ec:ba:7e:28:80:44:
         18:72:20:f9:31:25:46:59:d7:14:05:53:6c:f1:98:e0:aa:55:
         65:c0:73:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABRlvDfiAdoNvnOsEtFfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZWUwZDdlNzMwODRhNDJlNGM3ZjcxMThmMjM4M2ZjZmYz
NjliYTQwHhcNMjQwMTAxMTIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2NkZjYwYzYzNTYxZTUxYTA2NTExYjdmNTkxMTVmZDNkZmYzNjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoj+7t86Az1+YdQ8fwU9b6kPuYxnT
BBJW8nNC+5oIBTsimk2HBahlhoyp4IQBiIhJF/nzynxGIZv0v+bAFUGZR74nqjNV
q5AHhD3ZutswYF009hvjF3I7LduBS6sLwI7V66R5koY/W28VMGNwHXqw3pd7xrcg
Nd828QddtyhbVjNAW0fEHztVPanpxTBqhLjpQ3rFoljSGdWPM2LjujL8hKf1/3Y1
jC3CqztaV5RT29mUPoj7HB3QbZhNZMI7CdGccDzOVG4CTg8XpA0yvITjwi9p5X8X
jHzfiMi621m5Ax9DX0RYrRFVosSNQwZrHXvwqZs6apBzNipMhw3ScMKzzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfN9gxjVh5RoGURt/WRFf09/zY+MB8GA1UdIwQY
MBaAFF7uDX5zCEpC5Mf3EY8jg/z/NpukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgt
ZGRjMjY2NTY0NmNjLzEvdDgzMkRHTldIbEdnWlJHMzlaRVZfVDNfTmo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgtZGRjMjY2NTY0NmNj
LzEvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaCCMA0G
CSqGSIb3DQEBCwUAA4IBAQBDwOV5vyX7+svqd3ZZXC4jdSaRyYeKf0XKIas+z4Lk
5ERrPLkfon0jnTo3zslB4aRiAMaeeZxRw73fIdldg8XU6BIVF/BXCE+25WVMDr2E
Wcu+HxZ2QaqNrikc77gr04waH4qWqe5mdw4DnAR3yh1RSfmGi9Zq5DQ+tlDuvAFP
gI4D4S/9SDT/gHm5JpiUmpmz/EQYNocNBctL3xrla+JcUMT7hAJ3OiJe5LBEmy13
dZ6D2xVvN8FL9jf8zcVV3qoUjEg8JlNK28QXt2+Z8TC7brYdGHyJ/N/vfpzXWAo6
DvAbQ63sun4ogEQYciD5MSVGWdcUBVNs8ZjgqlVlwHNI
-----END CERTIFICATE-----