Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/ab7a04-ffe1-4a05-a5ef-8f539b64b8db/1/N5eqZLheam19zDB2WH-6YleqX6o.roa
File:                     N5eqZLheam19zDB2WH-6YleqX6o.roa (raw, json)
Hash identifier:          lXlbDlnKxXRcFwNvbJa/vTEsLI9kVpW1/5ldh3PhPP4=
Subject key identifier:   37:97:AA:64:B8:5E:6A:6D:7D:CC:30:76:58:7F:BA:62:57:AA:5F:AA
Certificate issuer:       /CN=7b8254253dc0213fe58a7aff4b82463e47978063
Certificate serial:       018CC7270F260BB118DBAB4AE78CD1B6BBA4
Authority key identifier: 7B:82:54:25:3D:C0:21:3F:E5:8A:7A:FF:4B:82:46:3E:47:97:80:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e4JUJT3AIT_linr_S4JGPkeXgGM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/ab7a04-ffe1-4a05-a5ef-8f539b64b8db/1/N5eqZLheam19zDB2WH-6YleqX6o.roa
Signing time:             Mon 01 Jan 2024 22:31:14 +0000
ROA not before:           Mon 01 Jan 2024 22:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50533
IP address blocks:        178.213.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/ab7a04-ffe1-4a05-a5ef-8f539b64b8db/1/e4JUJT3AIT_linr_S4JGPkeXgGM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/ab7a04-ffe1-4a05-a5ef-8f539b64b8db/1/e4JUJT3AIT_linr_S4JGPkeXgGM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e4JUJT3AIT_linr_S4JGPkeXgGM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:0f:26:0b:b1:18:db:ab:4a:e7:8c:d1:b6:bb:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b8254253dc0213fe58a7aff4b82463e47978063
        Validity
            Not Before: Jan  1 22:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3797aa64b85e6a6d7dcc3076587fba6257aa5faa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:58:13:95:f7:cc:fc:0d:d0:df:12:b0:ce:99:
                    a2:86:be:38:fe:5a:a4:1e:92:de:09:df:1c:8f:a3:
                    cf:d0:c0:d1:1a:98:57:51:9f:b6:e6:b2:f8:27:29:
                    d8:d4:49:e6:1e:d4:09:4e:61:2a:cd:69:47:8a:74:
                    00:c8:37:49:ac:38:f7:ff:c8:87:91:2c:32:da:7f:
                    67:9b:81:ac:b8:27:ee:75:75:a4:49:bc:a8:70:36:
                    80:67:4f:01:7b:1b:f6:50:03:51:52:98:be:62:d5:
                    f5:57:b4:26:4e:5a:d1:c1:66:36:1d:6c:2f:87:1c:
                    5a:b1:e9:7d:93:5c:e3:01:4e:6a:db:36:6c:10:a3:
                    10:03:74:46:b1:cd:3d:c4:76:e7:3d:80:6f:d3:94:
                    81:32:e8:41:a4:ae:57:1a:05:54:3c:ea:15:28:60:
                    00:a8:1d:60:15:f3:7f:6d:99:39:3c:76:d2:97:7c:
                    7b:d7:ae:c7:27:34:f3:95:a4:b5:80:31:d9:e1:f3:
                    d4:96:ef:c8:03:0f:f2:47:d9:4d:84:a4:2f:72:61:
                    23:91:7f:60:a1:47:48:d2:84:94:42:57:4c:6b:82:
                    fb:96:4a:78:08:5b:57:e7:13:6d:cb:31:23:85:36:
                    45:01:17:bf:41:8f:0d:e3:76:06:4b:6c:0a:b5:a9:
                    9a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:97:AA:64:B8:5E:6A:6D:7D:CC:30:76:58:7F:BA:62:57:AA:5F:AA
            X509v3 Authority Key Identifier:
                keyid:7B:82:54:25:3D:C0:21:3F:E5:8A:7A:FF:4B:82:46:3E:47:97:80:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4JUJT3AIT_linr_S4JGPkeXgGM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ab7a04-ffe1-4a05-a5ef-8f539b64b8db/1/N5eqZLheam19zDB2WH-6YleqX6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ab7a04-ffe1-4a05-a5ef-8f539b64b8db/1/e4JUJT3AIT_linr_S4JGPkeXgGM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:15:dc:e2:f9:29:29:a6:1f:61:e1:cb:19:92:e4:00:96:45:
         80:e3:75:20:0c:83:a8:08:80:7d:39:fc:00:7a:73:9f:71:56:
         e2:30:15:1c:41:75:34:d6:b2:12:6b:d9:83:88:65:20:cd:ff:
         3f:09:61:ca:9b:53:f4:c9:79:28:6d:47:d2:2c:c4:f2:2b:46:
         1c:5b:9a:2e:aa:51:83:b0:65:2d:08:5a:1c:d2:94:89:91:9e:
         63:ea:b6:9c:20:27:81:1b:cb:55:1a:e4:08:df:f4:0b:0b:70:
         c1:69:cd:e1:10:f1:56:86:f0:f2:1e:44:aa:61:26:bc:4f:6e:
         92:a0:e8:47:f3:6c:8f:30:03:b6:60:08:3d:fe:c6:28:16:c0:
         2b:4d:28:8e:a7:f9:18:12:9f:bb:28:8d:65:be:33:be:92:78:
         a8:54:fa:7f:96:55:f7:c8:40:d8:65:26:2e:b1:e8:cd:42:8e:
         4f:56:77:07:c1:4d:07:ad:b0:40:22:9b:74:73:b1:00:89:0d:
         b7:b3:8d:40:36:51:53:bf:38:31:2a:4d:5b:de:7b:ba:4a:f3:
         fc:9e:57:e8:6e:90:90:85:e0:19:e3:4c:4e:1e:8d:21:7b:8b:
         73:2a:6c:f7:a9:f6:47:30:0c:88:1c:66:7a:aa:7b:82:b2:b6:
         de:6f:82:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJw8mC7EY26tK54zRtrukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiODI1NDI1M2RjMDIxM2ZlNThhN2FmZjRiODI0NjNlNDc5
NzgwNjMwHhcNMjQwMTAxMjIzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzk3YWE2NGI4NWU2YTZkN2RjYzMwNzY1ODdmYmE2MjU3YWE1ZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFgTlffM/A3Q3xKwzpmihr44/lqk
HpLeCd8cj6PP0MDRGphXUZ+25rL4JynY1EnmHtQJTmEqzWlHinQAyDdJrDj3/8iH
kSwy2n9nm4GsuCfudXWkSbyocDaAZ08Bexv2UANRUpi+YtX1V7QmTlrRwWY2HWwv
hxxasel9k1zjAU5q2zZsEKMQA3RGsc09xHbnPYBv05SBMuhBpK5XGgVUPOoVKGAA
qB1gFfN/bZk5PHbSl3x7167HJzTzlaS1gDHZ4fPUlu/IAw/yR9lNhKQvcmEjkX9g
oUdI0oSUQldMa4L7lkp4CFtX5xNtyzEjhTZFARe/QY8N43YGS2wKtamahwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDeXqmS4Xmptfcwwdlh/umJXql+qMB8GA1UdIwQY
MBaAFHuCVCU9wCE/5Yp6/0uCRj5Hl4BjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTRKVUpUM0FJVF9saW5yX1M0SkdQa2VYZ0dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9hYjdhMDQtZmZlMS00YTA1LWE1ZWYt
OGY1MzliNjRiOGRiLzEvTjVlcVpMaGVhbTE5ekRCMldILTZZbGVxWDZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9hYjdhMDQtZmZlMS00YTA1LWE1ZWYtOGY1MzliNjRiOGRi
LzEvZTRKVUpUM0FJVF9saW5yX1M0SkdQa2VYZ0dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstVKMA0G
CSqGSIb3DQEBCwUAA4IBAQAeFdzi+Skpph9h4csZkuQAlkWA43UgDIOoCIB9OfwA
enOfcVbiMBUcQXU01rISa9mDiGUgzf8/CWHKm1P0yXkobUfSLMTyK0YcW5ouqlGD
sGUtCFoc0pSJkZ5j6racICeBG8tVGuQI3/QLC3DBac3hEPFWhvDyHkSqYSa8T26S
oOhH82yPMAO2YAg9/sYoFsArTSiOp/kYEp+7KI1lvjO+knioVPp/llX3yEDYZSYu
sejNQo5PVncHwU0HrbBAIpt0c7EAiQ23s41ANlFTvzgxKk1b3nu6SvP8nlfobpCQ
heAZ40xOHo0he4tzKmz3qfZHMAyIHGZ6qnuCsrbeb4I0
-----END CERTIFICATE-----