Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/h5YMPHFjKwuLwF_I20soPI8Ecww.roa
File:                     h5YMPHFjKwuLwF_I20soPI8Ecww.roa (raw, json)
Hash identifier:          wLEcJes1i/fGRrd2qynP71rTtcrF3dKJErLWvN3jB0w=
Subject key identifier:   87:96:0C:3C:71:63:2B:0B:8B:C0:5F:C8:DB:4B:28:3C:8F:04:73:0C
Certificate issuer:       /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial:       018CC26CF6EB71B98A85810FD9339E7D97CC
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/h5YMPHFjKwuLwF_I20soPI8Ecww.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199312
IP address blocks:        46.28.160.0/21 maxlen: 24
                          185.10.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f6:eb:71:b9:8a:85:81:0f:d9:33:9e:7d:97:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87960c3c71632b0b8bc05fc8db4b283c8f04730c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c6:fa:d8:c2:d1:72:54:fc:75:b7:58:18:ab:
                    45:e9:9e:f4:26:e6:80:e3:3e:cb:fe:6e:8e:ed:24:
                    ab:b8:98:c5:b6:9c:73:fa:81:8d:b6:d8:20:87:07:
                    3c:d3:0c:01:63:d5:5d:c2:23:72:2d:79:2b:fc:d8:
                    a4:d0:cc:f5:90:6c:b5:9f:2a:d8:10:e2:a0:5c:08:
                    95:fd:96:9d:28:59:00:2c:5c:58:a0:af:75:bf:e3:
                    27:f6:40:08:2c:f4:8a:5b:2f:ee:0f:57:33:36:42:
                    71:8e:91:0b:06:a5:6d:a8:00:28:71:17:5f:4c:e7:
                    ab:11:ab:e1:07:c9:bf:f8:b2:3e:5d:f2:a9:cd:81:
                    2a:80:61:41:0a:4c:e4:58:6c:58:a9:c1:5e:f5:10:
                    13:6f:3d:4a:06:66:46:62:3d:1a:aa:17:45:20:9a:
                    e3:c2:e5:ba:57:f9:ae:20:9a:e4:ea:dd:f0:7b:5d:
                    b0:08:17:af:50:b3:e6:20:bd:78:98:6c:04:19:08:
                    6e:4e:2d:0e:65:48:b2:5e:22:a8:64:f2:e7:04:5c:
                    04:7a:16:03:b5:29:e6:2e:05:14:3e:fa:e7:b5:76:
                    23:20:3e:cb:d4:01:d4:00:ac:5c:fd:6f:56:cb:34:
                    06:d1:68:9d:dd:b1:7d:c3:fc:30:1b:f8:51:9d:cd:
                    78:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:96:0C:3C:71:63:2B:0B:8B:C0:5F:C8:DB:4B:28:3C:8F:04:73:0C
            X509v3 Authority Key Identifier:
                keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/h5YMPHFjKwuLwF_I20soPI8Ecww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.160.0/21
                  185.10.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c5:fe:72:06:9f:58:0f:dc:dc:48:97:6f:e8:6c:e5:74:a9:15:
         fe:0a:d7:80:2d:45:f9:24:8f:98:0c:2a:23:96:0c:12:5e:03:
         7c:e8:47:e8:02:03:2d:9e:02:e4:6e:62:82:b5:67:ca:8d:d6:
         43:4a:83:ac:02:d0:f1:13:be:61:7e:fa:8b:19:76:8c:3a:90:
         37:41:42:46:8c:7f:fa:84:c7:69:27:a3:c3:70:89:4a:75:68:
         bf:94:b2:b8:c9:5b:02:55:3a:6b:34:2a:66:99:a7:6b:a9:a1:
         01:2a:d5:44:ee:9f:98:24:f4:d6:9d:35:a3:e0:c6:5a:f0:58:
         36:7f:a5:16:80:90:9b:b5:d3:69:6a:b1:ee:97:08:aa:dc:8e:
         17:00:66:d8:ef:5d:23:72:6e:09:ea:56:69:c1:92:3c:c5:77:
         9a:8b:d7:1e:2e:e0:0a:0d:05:b3:85:3e:e1:b7:2c:57:00:5d:
         33:28:66:96:69:1b:da:e3:3c:98:dc:8d:2a:24:e3:26:8a:be:
         ec:94:44:46:5a:9a:c0:18:c3:bb:86:b7:41:9d:14:35:96:2e:
         49:6e:1f:58:2f:d4:62:5a:d4:78:ad:a9:2c:4a:ed:48:08:a0:
         c8:4f:74:f7:05:7e:a2:b2:6c:59:c3:aa:45:42:c8:4e:c9:e2:
         03:09:a9:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbPbrcbmKhYEP2TOefZfMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzk2MGMzYzcxNjMyYjBiOGJjMDVmYzhkYjRiMjgzYzhmMDQ3MzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8b62MLRclT8dbdYGKtF6Z70JuaA
4z7L/m6O7SSruJjFtpxz+oGNttgghwc80wwBY9VdwiNyLXkr/Nik0Mz1kGy1nyrY
EOKgXAiV/ZadKFkALFxYoK91v+Mn9kAILPSKWy/uD1czNkJxjpELBqVtqAAocRdf
TOerEavhB8m/+LI+XfKpzYEqgGFBCkzkWGxYqcFe9RATbz1KBmZGYj0aqhdFIJrj
wuW6V/muIJrk6t3we12wCBevULPmIL14mGwEGQhuTi0OZUiyXiKoZPLnBFwEehYD
tSnmLgUUPvrntXYjID7L1AHUAKxc/W9WyzQG0Wid3bF9w/wwG/hRnc14TQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIeWDDxxYysLi8BfyNtLKDyPBHMMMB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEvaDVZTVBIRmpLd3VMd0ZfSTIwc29QSThFY3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLhygAwQC
uQr4MA0GCSqGSIb3DQEBCwUAA4IBAQDF/nIGn1gP3NxIl2/obOV0qRX+CteALUX5
JI+YDCojlgwSXgN86EfoAgMtngLkbmKCtWfKjdZDSoOsAtDxE75hfvqLGXaMOpA3
QUJGjH/6hMdpJ6PDcIlKdWi/lLK4yVsCVTprNCpmmadrqaEBKtVE7p+YJPTWnTWj
4MZa8Fg2f6UWgJCbtdNparHulwiq3I4XAGbY710jcm4J6lZpwZI8xXeai9ceLuAK
DQWzhT7htyxXAF0zKGaWaRva4zyY3I0qJOMmir7slERGWprAGMO7hrdBnRQ1li5J
bh9YL9RiWtR4raksSu1ICKDIT3T3BX6ismxZw6pFQshOyeIDCakm
-----END CERTIFICATE-----