Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/tev4lRIdYxrK-Ognh_8MUhpDntE.roa
File:                     tev4lRIdYxrK-Ognh_8MUhpDntE.roa (raw, json)
Hash identifier:          94OLhwDP3KhA6MBYOHr/+88ljoeOGlPjz6gBuDywF/4=
Subject key identifier:   B5:EB:F8:95:12:1D:63:1A:CA:F8:E8:27:87:FF:0C:52:1A:43:9E:D1
Certificate issuer:       /CN=70e7ad0598208a6af9d1500a740d73bcf28f0384
Certificate serial:       018CC26CF7E3B50BEF0AA75AE07BB4FD73D1
Authority key identifier: 70:E7:AD:05:98:20:8A:6A:F9:D1:50:0A:74:0D:73:BC:F2:8F:03:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cOetBZggimr50VAKdA1zvPKPA4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/tev4lRIdYxrK-Ognh_8MUhpDntE.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28681
IP address blocks:        193.201.116.0/24 maxlen: 24
                          2001:67c:5e8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/cOetBZggimr50VAKdA1zvPKPA4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/cOetBZggimr50VAKdA1zvPKPA4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cOetBZggimr50VAKdA1zvPKPA4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f7:e3:b5:0b:ef:0a:a7:5a:e0:7b:b4:fd:73:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70e7ad0598208a6af9d1500a740d73bcf28f0384
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5ebf895121d631acaf8e82787ff0c521a439ed1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:8c:f0:e2:19:61:31:c4:45:78:9d:a4:1c:08:
                    c6:ed:d8:1f:4a:7c:6d:b6:c0:18:92:10:67:09:5c:
                    2e:71:18:f7:ca:62:3c:e1:0a:8d:d4:0a:70:84:5d:
                    59:fe:df:81:1f:e6:88:ad:d9:e6:ef:0a:36:97:f3:
                    a9:76:ad:c6:8b:1b:77:a9:58:aa:3e:30:5e:3f:3c:
                    68:5e:20:31:17:0f:5f:f7:8a:df:94:3d:c2:af:65:
                    6d:40:89:ac:eb:ec:1b:fb:34:60:24:87:3e:44:45:
                    89:3b:04:d2:7c:78:4d:5e:50:23:a9:5c:cc:b5:31:
                    7c:d6:c5:cb:f5:3b:be:4e:9d:c5:b5:8d:93:40:8d:
                    60:00:f2:90:7f:52:bf:76:c9:0d:0f:c0:31:9c:44:
                    6e:37:dc:0f:44:56:3f:5b:6f:7c:ec:95:c5:7b:0d:
                    2f:1a:2a:4d:48:bb:53:9b:d2:0d:1a:24:74:d4:92:
                    52:68:14:13:7d:85:09:8b:c1:63:c7:9b:3a:f9:39:
                    76:79:dd:e9:c3:22:84:ee:7c:18:6a:1e:b0:71:1b:
                    bc:83:94:72:7d:5d:2d:9b:19:04:13:d8:87:f5:a0:
                    df:b4:32:10:06:c0:1d:d1:5b:16:84:82:61:8a:41:
                    af:62:4d:6e:3c:15:fc:5e:55:67:d5:36:65:c6:0b:
                    c0:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:EB:F8:95:12:1D:63:1A:CA:F8:E8:27:87:FF:0C:52:1A:43:9E:D1
            X509v3 Authority Key Identifier:
                keyid:70:E7:AD:05:98:20:8A:6A:F9:D1:50:0A:74:0D:73:BC:F2:8F:03:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cOetBZggimr50VAKdA1zvPKPA4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/tev4lRIdYxrK-Ognh_8MUhpDntE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/666404-c28f-4d29-96e4-607e17aec750/1/cOetBZggimr50VAKdA1zvPKPA4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.116.0/24
                IPv6:
                  2001:67c:5e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:26:90:a8:f8:b3:81:98:1b:a8:23:bd:52:28:51:4a:40:e4:
         e2:14:96:33:e1:a3:9a:d5:0a:af:d6:e4:99:d3:40:0b:4b:be:
         95:3d:11:f5:1c:14:ed:27:c0:df:bf:33:12:b5:b1:15:72:3e:
         d0:2f:b1:58:03:86:f4:a5:aa:c6:d8:3e:bf:07:5f:87:8c:5f:
         c2:74:ee:8f:b7:0a:84:62:61:32:21:17:23:19:7b:af:9c:ae:
         57:ce:60:04:ab:cc:f9:03:1d:87:e6:c9:46:3f:b1:65:9b:3e:
         49:d3:51:2a:29:70:56:22:b7:5a:be:60:65:d3:fa:d9:d6:9a:
         ae:2d:70:c1:16:84:af:7e:0d:88:0d:87:fb:e3:20:4d:9d:ef:
         fa:a7:3d:c1:7f:62:59:e0:f9:84:bd:55:4e:3f:b1:11:e9:01:
         5d:93:5d:35:82:0d:e8:4a:db:e5:39:da:55:c5:1b:b1:c9:58:
         53:43:5b:c3:94:02:8a:f2:1a:a3:56:e5:11:84:c7:d3:05:29:
         93:c2:b3:99:74:7f:e6:96:df:a1:e2:ba:4f:80:5f:84:82:55:
         c1:48:5a:86:13:13:65:d2:94:55:2e:e7:47:23:ad:cb:8e:e7:
         1a:4e:3c:f2:89:80:5e:aa:3b:4f:df:30:45:e3:61:10:87:4f:
         93:d7:1d:25
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbPfjtQvvCqda4Hu0/XPRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZTdhZDA1OTgyMDhhNmFmOWQxNTAwYTc0MGQ3M2JjZjI4
ZjAzODQwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWViZjg5NTEyMWQ2MzFhY2FmOGU4Mjc4N2ZmMGM1MjFhNDM5ZWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIzw4hlhMcRFeJ2kHAjG7dgfSnxt
tsAYkhBnCVwucRj3ymI84QqN1ApwhF1Z/t+BH+aIrdnm7wo2l/Opdq3Gixt3qViq
PjBePzxoXiAxFw9f94rflD3Cr2VtQIms6+wb+zRgJIc+REWJOwTSfHhNXlAjqVzM
tTF81sXL9Tu+Tp3FtY2TQI1gAPKQf1K/dskND8AxnERuN9wPRFY/W2987JXFew0v
GipNSLtTm9INGiR01JJSaBQTfYUJi8Fjx5s6+Tl2ed3pwyKE7nwYah6wcRu8g5Ry
fV0tmxkEE9iH9aDftDIQBsAd0VsWhIJhikGvYk1uPBX8XlVn1TZlxgvA2QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLXr+JUSHWMayvjoJ4f/DFIaQ57RMB8GA1UdIwQY
MBaAFHDnrQWYIIpq+dFQCnQNc7zyjwOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY09ldEJaZ2dpbXI1MFZBS2RBMXp2UEtQQTRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS82NjY0MDQtYzI4Zi00ZDI5LTk2ZTQt
NjA3ZTE3YWVjNzUwLzEvdGV2NGxSSWRZeHJLLU9nbmhfOE1VaHBEbnRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS82NjY0MDQtYzI4Zi00ZDI5LTk2ZTQtNjA3ZTE3YWVjNzUw
LzEvY09ldEJaZ2dpbXI1MFZBS2RBMXp2UEtQQTRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwcl0MA8E
AgACMAkDBwAgAQZ8BegwDQYJKoZIhvcNAQELBQADggEBABwmkKj4s4GYG6gjvVIo
UUpA5OIUljPho5rVCq/W5JnTQAtLvpU9EfUcFO0nwN+/MxK1sRVyPtAvsVgDhvSl
qsbYPr8HX4eMX8J07o+3CoRiYTIhFyMZe6+crlfOYASrzPkDHYfmyUY/sWWbPknT
USopcFYit1q+YGXT+tnWmq4tcMEWhK9+DYgNh/vjIE2d7/qnPcF/Ylng+YS9VU4/
sRHpAV2TXTWCDehK2+U52lXFG7HJWFNDW8OUAoryGqNW5RGEx9MFKZPCs5l0f+aW
36Hiuk+AX4SCVcFIWoYTE2XSlFUu50cjrcuO5xpOPPKJgF6qO0/fMEXjYRCHT5PX
HSU=
-----END CERTIFICATE-----