Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/K99JHJRTmdTfyZejYJDHi7KsOGQ.roa
File:                     K99JHJRTmdTfyZejYJDHi7KsOGQ.roa (raw, json)
Hash identifier:          Etfwid0/9IRub/DpPf9cLA4S8WI28hB+7Ni7ONnl/eA=
Subject key identifier:   2B:DF:49:1C:94:53:99:D4:DF:C9:97:A3:60:90:C7:8B:B2:AC:38:64
Certificate issuer:       /CN=e5825fbee7c43a29838eabe4fc87d794349c0c80
Certificate serial:       018CC94E660B23B8F02F929C9C40B84233A5
Authority key identifier: E5:82:5F:BE:E7:C4:3A:29:83:8E:AB:E4:FC:87:D7:94:34:9C:0C:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/K99JHJRTmdTfyZejYJDHi7KsOGQ.roa
Signing time:             Tue 02 Jan 2024 08:33:27 +0000
ROA not before:           Tue 02 Jan 2024 08:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15377
IP address blocks:        94.240.160.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/5YJfvufEOimDjqvk_IfXlDScDIA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/5YJfvufEOimDjqvk_IfXlDScDIA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:66:0b:23:b8:f0:2f:92:9c:9c:40:b8:42:33:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5825fbee7c43a29838eabe4fc87d794349c0c80
        Validity
            Not Before: Jan  2 08:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bdf491c945399d4dfc997a36090c78bb2ac3864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:98:e4:50:61:f9:45:dd:39:ae:d9:3c:47:ad:
                    9f:e2:9b:cc:bf:fd:f8:49:db:f3:ac:ac:de:73:e3:
                    35:bf:aa:84:b2:f8:75:f6:c6:22:96:a3:60:d6:4f:
                    07:82:8f:9a:2d:e1:f5:7f:4d:25:26:0d:3b:29:68:
                    0a:27:10:f7:bd:e2:f5:6a:e5:8a:d4:c0:8c:c9:30:
                    ac:8e:ec:69:90:92:32:10:9c:42:27:69:01:23:20:
                    cf:2a:5c:b6:20:8b:d3:f6:20:01:07:8b:10:64:ed:
                    27:fc:5c:52:6e:06:c1:43:af:2d:05:b7:3e:07:d7:
                    dc:5c:a2:42:4a:f9:65:4e:25:ba:29:56:b2:58:32:
                    89:74:0d:d3:4f:d5:d6:59:fc:7c:e6:ad:62:40:a0:
                    80:00:8f:84:56:25:ae:26:65:ef:1f:b5:87:8a:c6:
                    bf:81:df:84:81:9f:f0:db:f6:2f:9f:77:80:dc:04:
                    ab:10:df:c1:91:a2:92:9a:2b:68:c5:3c:b6:91:cf:
                    d7:84:4f:49:5d:5b:8b:6c:15:ed:dd:45:40:7c:71:
                    30:7d:28:15:e7:e4:3a:82:fe:b5:61:a2:3e:0d:8b:
                    88:44:52:f8:e5:56:b9:06:9e:80:77:e1:30:86:2b:
                    f5:65:dc:7f:90:f0:43:42:d6:71:6a:a6:09:d8:e3:
                    d3:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:DF:49:1C:94:53:99:D4:DF:C9:97:A3:60:90:C7:8B:B2:AC:38:64
            X509v3 Authority Key Identifier:
                keyid:E5:82:5F:BE:E7:C4:3A:29:83:8E:AB:E4:FC:87:D7:94:34:9C:0C:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/K99JHJRTmdTfyZejYJDHi7KsOGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/5YJfvufEOimDjqvk_IfXlDScDIA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.240.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         5c:88:00:74:f5:19:33:7f:06:1b:76:45:9d:90:24:71:64:93:
         fc:62:b6:07:50:46:fb:5d:c9:a3:08:47:c4:c9:c9:77:e3:b8:
         9a:20:60:ae:d5:dc:a1:6b:f6:62:ef:37:0a:91:60:39:2f:69:
         d6:30:3e:20:fc:81:a2:97:bb:81:50:b2:92:5d:b1:c9:74:18:
         a3:bb:a2:07:82:92:0c:bb:fe:e1:a9:15:7f:d9:49:c6:82:fc:
         aa:fd:a2:9b:d6:d6:72:75:d4:e9:83:61:c9:f0:87:29:e1:09:
         55:f4:96:ae:d6:b7:42:ed:bc:af:de:91:36:38:40:c1:62:39:
         b7:b3:35:95:14:10:09:90:8c:36:04:2c:b3:11:ca:ee:90:a3:
         ff:91:6d:1f:49:be:92:a1:a7:f5:3b:64:98:a1:fa:f2:0f:d2:
         3e:a4:42:5a:78:cd:a5:9b:46:ff:b5:a0:0d:2a:5e:8c:7f:dd:
         e0:ef:c9:bb:f1:44:8f:b6:3d:cc:77:de:2a:d4:ea:3e:b2:e9:
         81:64:d8:cd:00:06:a1:80:36:84:89:35:3d:49:fe:e8:56:17:
         35:c0:4b:5d:db:64:9f:cd:b4:20:ff:8b:df:47:97:41:83:5b:
         8e:7a:cb:dc:ae:c3:e7:c4:5c:cf:ae:ba:a5:69:09:f5:17:5b:
         6b:05:23:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmYLI7jwL5KcnEC4QjOlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODI1ZmJlZTdjNDNhMjk4MzhlYWJlNGZjODdkNzk0MzQ5
YzBjODAwHhcNMjQwMTAyMDgzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmRmNDkxYzk0NTM5OWQ0ZGZjOTk3YTM2MDkwYzc4YmIyYWMzODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5jkUGH5Rd05rtk8R62f4pvMv/34
SdvzrKzec+M1v6qEsvh19sYilqNg1k8Hgo+aLeH1f00lJg07KWgKJxD3veL1auWK
1MCMyTCsjuxpkJIyEJxCJ2kBIyDPKly2IIvT9iABB4sQZO0n/FxSbgbBQ68tBbc+
B9fcXKJCSvllTiW6KVayWDKJdA3TT9XWWfx85q1iQKCAAI+EViWuJmXvH7WHisa/
gd+EgZ/w2/Yvn3eA3ASrEN/BkaKSmitoxTy2kc/XhE9JXVuLbBXt3UVAfHEwfSgV
5+Q6gv61YaI+DYuIRFL45Va5Bp6Ad+Ewhiv1Zdx/kPBDQtZxaqYJ2OPTFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvfSRyUU5nU38mXo2CQx4uyrDhkMB8GA1UdIwQY
MBaAFOWCX77nxDopg46r5PyH15Q0nAyAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlKZnZ1ZkVPaW1EanF2a19JZlhsRFNjRElBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS83NThjOTYtNjExZC00MTY3LTgwY2Qt
MDQxYWIzMDJjMmY5LzEvSzk5SkhKUlRtZFRmeVplallKREhpN0tzT0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS83NThjOTYtNjExZC00MTY3LTgwY2QtMDQxYWIzMDJjMmY5
LzEvNVlKZnZ1ZkVPaW1EanF2a19JZlhsRFNjRElBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFXvCgMA0G
CSqGSIb3DQEBCwUAA4IBAQBciAB09RkzfwYbdkWdkCRxZJP8YrYHUEb7XcmjCEfE
ycl347iaIGCu1dyha/Zi7zcKkWA5L2nWMD4g/IGil7uBULKSXbHJdBiju6IHgpIM
u/7hqRV/2UnGgvyq/aKb1tZyddTpg2HJ8Icp4QlV9Jau1rdC7byv3pE2OEDBYjm3
szWVFBAJkIw2BCyzEcrukKP/kW0fSb6Soaf1O2SYofryD9I+pEJaeM2lm0b/taAN
Kl6Mf93g78m78USPtj3Md94q1Oo+sumBZNjNAAahgDaEiTU9Sf7oVhc1wEtd22Sf
zbQg/4vfR5dBg1uOesvcrsPnxFzPrrqlaQn1F1trBSOk
-----END CERTIFICATE-----