Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/11f605-a1f5-4523-85d0-d38495fb09a0/1/el5_TcNDYyekUSA4jvU59D-Tu4w.roa
File:                     el5_TcNDYyekUSA4jvU59D-Tu4w.roa (raw, json)
Hash identifier:          SKH1YUKKq/HYCPz+MnKAjWjXOw4D5P7yFr8LIYWImEE=
Subject key identifier:   7A:5E:7F:4D:C3:43:63:27:A4:51:20:38:8E:F5:39:F4:3F:93:BB:8C
Certificate issuer:       /CN=03515ffe1dbfe76a805fd0dfb2e0c8d7e49af59f
Certificate serial:       018D88DBB09E057898E876D905B14D9C7724
Authority key identifier: 03:51:5F:FE:1D:BF:E7:6A:80:5F:D0:DF:B2:E0:C8:D7:E4:9A:F5:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A1Ff_h2_52qAX9DfsuDI1-Sa9Z8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/11f605-a1f5-4523-85d0-d38495fb09a0/1/el5_TcNDYyekUSA4jvU59D-Tu4w.roa
Signing time:             Thu 08 Feb 2024 13:15:15 +0000
ROA not before:           Thu 08 Feb 2024 13:15:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200638
IP address blocks:        185.26.86.0/24 maxlen: 24
                          2a13:3640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/11f605-a1f5-4523-85d0-d38495fb09a0/1/A1Ff_h2_52qAX9DfsuDI1-Sa9Z8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/11f605-a1f5-4523-85d0-d38495fb09a0/1/A1Ff_h2_52qAX9DfsuDI1-Sa9Z8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A1Ff_h2_52qAX9DfsuDI1-Sa9Z8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:88:db:b0:9e:05:78:98:e8:76:d9:05:b1:4d:9c:77:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03515ffe1dbfe76a805fd0dfb2e0c8d7e49af59f
        Validity
            Not Before: Feb  8 13:15:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a5e7f4dc3436327a45120388ef539f43f93bb8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:77:63:b8:f3:b4:bf:49:25:bc:23:28:c1:eb:
                    60:17:06:93:16:ce:33:66:d9:af:4b:0c:30:50:62:
                    d2:ab:5f:73:31:09:98:70:d7:40:7f:89:8c:a5:01:
                    67:bb:22:e1:21:db:ec:5c:64:1a:94:7a:a0:2e:c0:
                    35:5b:ed:f3:88:8f:3c:f4:c4:74:0e:af:d0:3d:5c:
                    3e:a9:54:b3:4a:37:63:21:6c:c9:31:40:da:b6:0a:
                    7b:99:fe:d4:27:fd:6b:48:c3:c6:c3:32:76:5e:9c:
                    69:dc:45:14:00:b1:c6:9e:46:2d:20:5c:c2:84:cd:
                    5c:89:22:e5:a0:07:ec:dd:b4:2b:c0:db:1a:ee:b1:
                    05:2c:4b:8c:76:67:12:42:1d:b2:0c:fc:25:2d:08:
                    27:60:4b:94:ce:a8:68:22:b5:05:33:13:4d:91:78:
                    d3:5e:c1:52:29:ac:af:f0:a4:10:2f:14:aa:ca:75:
                    b2:98:15:72:de:d3:4d:cb:97:54:b4:c5:f2:0b:8d:
                    92:86:f8:b7:f9:d8:54:6a:82:8e:de:ee:a8:3d:43:
                    91:8e:85:e0:3e:0c:9f:4d:39:45:55:d0:02:6e:d7:
                    93:a0:5a:a8:1e:86:19:a2:26:83:87:0e:27:c6:fc:
                    c2:f8:eb:61:5d:1d:08:21:92:d2:7e:56:4b:c5:9b:
                    9d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:5E:7F:4D:C3:43:63:27:A4:51:20:38:8E:F5:39:F4:3F:93:BB:8C
            X509v3 Authority Key Identifier:
                keyid:03:51:5F:FE:1D:BF:E7:6A:80:5F:D0:DF:B2:E0:C8:D7:E4:9A:F5:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A1Ff_h2_52qAX9DfsuDI1-Sa9Z8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/11f605-a1f5-4523-85d0-d38495fb09a0/1/el5_TcNDYyekUSA4jvU59D-Tu4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/11f605-a1f5-4523-85d0-d38495fb09a0/1/A1Ff_h2_52qAX9DfsuDI1-Sa9Z8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.86.0/24
                IPv6:
                  2a13:3640::/29

    Signature Algorithm: sha256WithRSAEncryption
         aa:1e:d6:da:f2:98:a0:ed:84:d1:63:c0:9b:05:83:f9:0f:89:
         c9:bc:f1:b0:a3:df:02:e5:d4:53:89:7e:4b:c9:c8:4a:72:a7:
         7f:1e:11:c0:1f:9c:13:24:9b:22:ff:7c:04:7c:e9:cf:aa:ca:
         e3:38:d8:5e:d3:2b:c0:1a:bf:2e:ca:bc:8d:fc:46:39:dc:8f:
         82:e8:2c:8f:b9:b5:7f:62:64:78:0c:40:62:d6:27:05:ab:17:
         7c:8b:8c:a6:ba:3a:b2:37:e5:76:a7:02:44:c8:12:37:15:7a:
         71:91:d0:b6:53:c7:2f:0c:59:44:b8:83:3d:03:88:3f:b4:43:
         55:e9:b9:21:31:ca:60:bb:fd:f2:06:eb:0b:39:91:71:c4:5f:
         49:dd:24:91:35:d7:33:47:c2:b9:90:68:5a:b5:72:15:5b:08:
         2f:8d:04:b0:1a:e2:8d:08:df:82:c2:c4:22:96:2a:f6:cc:32:
         ba:ee:31:ae:a6:84:4a:b2:ca:3e:d9:83:06:64:c1:59:f8:97:
         d9:9e:04:1c:90:ee:d4:bc:96:fc:c1:6e:c6:8e:2d:a3:ed:2a:
         55:8c:07:0b:77:18:f3:77:e7:76:b8:22:f8:f3:44:bb:1a:3f:
         3e:95:01:70:50:44:01:cf:43:a7:ad:5a:fc:93:5f:d8:55:a3:
         2b:9a:71:1a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2I27CeBXiY6HbZBbFNnHckMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzNTE1ZmZlMWRiZmU3NmE4MDVmZDBkZmIyZTBjOGQ3ZTQ5
YWY1OWYwHhcNMjQwMjA4MTMxNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTVlN2Y0ZGMzNDM2MzI3YTQ1MTIwMzg4ZWY1MzlmNDNmOTNiYjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlndjuPO0v0klvCMowetgFwaTFs4z
ZtmvSwwwUGLSq19zMQmYcNdAf4mMpQFnuyLhIdvsXGQalHqgLsA1W+3ziI889MR0
Dq/QPVw+qVSzSjdjIWzJMUDatgp7mf7UJ/1rSMPGwzJ2Xpxp3EUUALHGnkYtIFzC
hM1ciSLloAfs3bQrwNsa7rEFLEuMdmcSQh2yDPwlLQgnYEuUzqhoIrUFMxNNkXjT
XsFSKayv8KQQLxSqynWymBVy3tNNy5dUtMXyC42Shvi3+dhUaoKO3u6oPUORjoXg
PgyfTTlFVdACbteToFqoHoYZoiaDhw4nxvzC+OthXR0IIZLSflZLxZudxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHpef03DQ2MnpFEgOI71OfQ/k7uMMB8GA1UdIwQY
MBaAFANRX/4dv+dqgF/Q37LgyNfkmvWfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTFGZl9oMl81MnFBWDlEZnN1REkxLVNhOVo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8xMWY2MDUtYTFmNS00NTIzLTg1ZDAt
ZDM4NDk1ZmIwOWEwLzEvZWw1X1RjTkRZeWVrVVNBNGp2VTU5RC1UdTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8xMWY2MDUtYTFmNS00NTIzLTg1ZDAtZDM4NDk1ZmIwOWEw
LzEvQTFGZl9oMl81MnFBWDlEZnN1REkxLVNhOVo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRpWMA0E
AgACMAcDBQMqEzZAMA0GCSqGSIb3DQEBCwUAA4IBAQCqHtba8pig7YTRY8CbBYP5
D4nJvPGwo98C5dRTiX5LychKcqd/HhHAH5wTJJsi/3wEfOnPqsrjONhe0yvAGr8u
yryN/EY53I+C6CyPubV/YmR4DEBi1icFqxd8i4ymujqyN+V2pwJEyBI3FXpxkdC2
U8cvDFlEuIM9A4g/tENV6bkhMcpgu/3yBusLOZFxxF9J3SSRNdczR8K5kGhatXIV
WwgvjQSwGuKNCN+CwsQilir2zDK67jGupoRKsso+2YMGZMFZ+JfZngQckO7UvJb8
wW7Gji2j7SpVjAcLdxjzd+d2uCL480S7Gj8+lQFwUEQBz0OnrVr8k1/YVaMrmnEa
-----END CERTIFICATE-----