Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/p-e5GeJ2GYGginiuedMVq05GQwI.roa
File:                     p-e5GeJ2GYGginiuedMVq05GQwI.roa (raw, json)
Hash identifier:          Q5+gbCrlITSZ7YIV+funm97Giz6I31FEJciFyMKUJDM=
Subject key identifier:   A7:E7:B9:19:E2:76:19:81:A0:8A:78:AE:79:D3:15:AB:4E:46:43:02
Certificate issuer:       /CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Certificate serial:       018CC7273022E2613D06C42A6EE6490EB6F3
Authority key identifier: 94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/p-e5GeJ2GYGginiuedMVq05GQwI.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54252
IP address blocks:        185.81.127.0/24 maxlen: 24
                          194.107.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 01:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:30:22:e2:61:3d:06:c4:2a:6e:e6:49:0e:b6:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7e7b919e2761981a08a78ae79d315ab4e464302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d8:23:0a:33:0b:45:22:53:2e:08:51:96:7a:
                    c8:72:83:17:71:bc:0c:b4:ef:04:ca:8a:e9:66:cc:
                    f4:7f:1c:cc:af:21:24:93:1d:86:92:9c:92:a1:38:
                    14:74:c7:56:f5:6e:a8:66:c5:9c:0d:3e:cd:e2:ff:
                    e6:b4:39:6f:ae:db:2d:b2:c2:c9:32:d4:04:7e:5f:
                    c0:f2:a8:e8:21:70:5b:72:eb:33:3d:c1:83:55:6e:
                    76:a3:b7:08:9e:7b:2c:db:a2:b4:e0:02:9c:f0:7b:
                    a6:fb:03:29:bf:2c:43:2c:fa:68:64:49:f5:ff:f2:
                    a2:f3:b3:75:da:87:08:0d:d9:6f:ca:57:2d:5d:d1:
                    98:ff:94:b9:4d:53:78:7f:e2:d0:5f:d4:f4:35:65:
                    af:23:46:9a:d8:a4:b4:5c:28:24:ed:88:d2:60:04:
                    7b:98:d8:ba:01:63:bb:f3:49:bc:bf:55:dc:77:ab:
                    1c:90:d2:fb:82:21:8b:b2:bf:c8:f0:3a:d0:c2:9d:
                    a0:a8:b0:c8:53:61:d4:1e:dc:af:9c:a9:84:6c:4a:
                    2d:d3:ce:4b:33:ce:d2:ae:80:a3:d2:61:98:6e:ba:
                    ec:b4:e8:db:d3:0c:b7:41:6a:21:ac:e1:4e:36:c9:
                    c7:13:05:1e:1c:bb:d8:a0:80:89:d0:45:e3:d7:5c:
                    bd:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:E7:B9:19:E2:76:19:81:A0:8A:78:AE:79:D3:15:AB:4E:46:43:02
            X509v3 Authority Key Identifier:
                keyid:94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/p-e5GeJ2GYGginiuedMVq05GQwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.127.0/24
                  194.107.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:66:4f:d7:7e:8d:56:d6:41:83:c4:ad:b5:ad:30:5b:d0:e9:
         38:43:6d:38:ca:e0:87:f7:f1:38:a6:b1:b9:cc:68:14:30:2d:
         f9:76:85:f0:3b:5e:30:ab:72:ee:a3:f0:89:0e:3e:e4:78:fb:
         fc:ae:72:07:89:4c:7e:46:50:5c:fd:94:65:ff:30:9f:28:14:
         c7:ef:d5:94:b8:62:54:95:74:0b:9a:8c:82:00:fb:5a:54:42:
         ca:b1:da:fb:20:2c:08:03:7c:8c:9f:2b:de:d8:55:b2:39:6d:
         5a:96:68:99:62:91:f6:f5:0e:8c:57:9b:68:60:02:e9:90:56:
         00:a4:92:46:70:f9:a2:28:91:28:5d:fb:44:d6:8f:88:67:3f:
         99:ad:4c:89:ea:8e:ac:f7:fd:37:de:f3:8e:55:c4:67:89:c5:
         f5:fd:b2:45:67:1c:a7:a9:c0:a2:a0:ad:70:3e:ec:4b:f3:b7:
         11:b9:95:6e:31:1c:96:62:d6:e7:7b:72:ac:45:f0:b7:7a:d2:
         32:0a:7d:59:14:76:69:c1:3a:b0:ba:49:2d:ce:c0:3d:17:54:
         eb:50:7e:81:11:0e:72:14:62:2a:1a:49:db:d4:f1:61:84:fb:
         c1:7d:c3:d1:17:4e:2b:52:1d:6a:3d:1d:c6:5d:52:c0:40:0f:
         b3:61:0a:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJzAi4mE9BsQqbuZJDrbzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZTU5ZDI0NWQxNTBkYzM4YzQ4OTYyNjNkY2JkY2JiZDY3
NDcwYTcwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2U3YjkxOWUyNzYxOTgxYTA4YTc4YWU3OWQzMTVhYjRlNDY0MzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutgjCjMLRSJTLghRlnrIcoMXcbwM
tO8EyorpZsz0fxzMryEkkx2GkpySoTgUdMdW9W6oZsWcDT7N4v/mtDlvrtstssLJ
MtQEfl/A8qjoIXBbcuszPcGDVW52o7cInnss26K04AKc8Hum+wMpvyxDLPpoZEn1
//Ki87N12ocIDdlvylctXdGY/5S5TVN4f+LQX9T0NWWvI0aa2KS0XCgk7YjSYAR7
mNi6AWO780m8v1Xcd6sckNL7giGLsr/I8DrQwp2gqLDIU2HUHtyvnKmEbEot085L
M87SroCj0mGYbrrstOjb0wy3QWohrOFONsnHEwUeHLvYoICJ0EXj11y96wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKfnuRnidhmBoIp4rnnTFatORkMCMB8GA1UdIwQY
MBaAFJTlnSRdFQ3DjEiWJj3L3LvWdHCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDIt
ZWU5NWI2Y2MzNDc0LzEvcC1lNUdlSjJHWUdnaW5pdWVkTVZxMDVHUXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDItZWU5NWI2Y2MzNDc0
LzEvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVF/AwQA
wmuiMA0GCSqGSIb3DQEBCwUAA4IBAQAiZk/Xfo1W1kGDxK21rTBb0Ok4Q204yuCH
9/E4prG5zGgUMC35doXwO14wq3Luo/CJDj7kePv8rnIHiUx+RlBc/ZRl/zCfKBTH
79WUuGJUlXQLmoyCAPtaVELKsdr7ICwIA3yMnyve2FWyOW1almiZYpH29Q6MV5to
YALpkFYApJJGcPmiKJEoXftE1o+IZz+ZrUyJ6o6s9/033vOOVcRnicX1/bJFZxyn
qcCioK1wPuxL87cRuZVuMRyWYtbne3KsRfC3etIyCn1ZFHZpwTqwukktzsA9F1Tr
UH6BEQ5yFGIqGknb1PFhhPvBfcPRF04rUh1qPR3GXVLAQA+zYQra
-----END CERTIFICATE-----