Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/I5ePMhMkGxa7xS15mA11fvVwwbY.roa
File:                     I5ePMhMkGxa7xS15mA11fvVwwbY.roa (raw, json)
Hash identifier:          n6O9TN05rqxjXOtC9RZiuqydBUJ90eysmfSmqgC4tvw=
Subject key identifier:   23:97:8F:32:13:24:1B:16:BB:C5:2D:79:98:0D:75:7E:F5:70:C1:B6
Certificate issuer:       /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial:       018CC26D1AC457D11F8D8BABEE973CE03E4C
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/I5ePMhMkGxa7xS15mA11fvVwwbY.roa
Signing time:             Mon 01 Jan 2024 00:29:39 +0000
ROA not before:           Mon 01 Jan 2024 00:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48291
IP address blocks:        185.38.138.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 19:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:1a:c4:57:d1:1f:8d:8b:ab:ee:97:3c:e0:3e:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
        Validity
            Not Before: Jan  1 00:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23978f3213241b16bbc52d79980d757ef570c1b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c7:fe:7c:56:5e:13:0a:4b:a3:1f:18:b5:d8:
                    ab:4a:a0:ab:d3:d1:f2:cd:37:0d:fa:3e:65:0f:71:
                    61:8b:d4:85:21:50:ef:b5:8d:9f:c0:98:c7:71:a7:
                    4c:b5:f4:47:53:e3:0e:ec:de:3a:f5:f4:92:4b:a5:
                    4e:8d:3a:66:23:94:de:d5:01:e0:f7:c4:c8:84:00:
                    91:af:5c:dc:d8:e8:1d:33:15:6f:20:04:45:9e:62:
                    9a:6f:9f:93:d2:4c:76:75:7b:98:ea:25:7e:85:f7:
                    af:a8:bf:cf:b4:0a:93:6e:36:88:5e:6d:ec:fb:cf:
                    a0:63:97:70:5a:b8:68:5c:6a:88:bd:58:59:0e:dd:
                    93:97:15:4b:c9:19:fc:89:30:63:2a:d3:38:4c:11:
                    f5:5f:48:df:b5:15:62:55:5c:08:b4:f9:ad:ee:5c:
                    90:9b:62:e1:6c:35:83:2b:65:f7:75:b4:41:c4:b4:
                    30:d3:30:7d:b7:7a:78:c9:79:06:eb:d1:cf:cb:ec:
                    25:81:55:cf:fb:67:49:b6:e0:30:d3:aa:ee:af:b6:
                    f5:ac:c1:26:bf:36:1d:25:4c:ff:67:db:27:e6:5a:
                    79:26:fd:1d:61:30:5c:b9:e3:35:03:f0:83:d9:16:
                    ba:8f:c8:88:9f:98:a0:5c:d2:5d:aa:27:d6:a7:92:
                    69:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:97:8F:32:13:24:1B:16:BB:C5:2D:79:98:0D:75:7E:F5:70:C1:B6
            X509v3 Authority Key Identifier:
                keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/I5ePMhMkGxa7xS15mA11fvVwwbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.38.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:d0:3a:f9:a5:e2:c2:d5:24:eb:f7:24:68:bd:4a:37:cc:ed:
         1e:f4:57:f1:f6:ab:1a:c2:3a:0e:c9:79:56:a3:5e:e4:0b:33:
         4c:4c:33:12:d8:1e:35:9f:8d:ba:ee:c9:1f:ac:1b:e5:4a:8a:
         d8:4e:da:60:47:93:2b:03:45:40:80:2b:d7:bc:03:9e:12:7b:
         a0:37:c1:51:d8:87:26:9d:80:09:8e:30:51:a1:95:2c:e3:f4:
         e2:c1:44:7c:53:e9:3a:01:90:a4:61:3a:77:88:b2:7d:e9:9c:
         28:ec:ac:e1:72:af:56:f5:e8:f7:34:ea:2c:38:58:3d:6a:da:
         9b:b2:0a:b3:8a:c0:e3:28:c1:95:be:5b:b0:fe:3a:52:8e:0a:
         42:ff:72:d8:f6:fa:ea:f5:66:e7:87:22:02:42:b5:52:c5:71:
         ca:d1:ef:74:60:7a:9f:6e:cd:9f:f8:ea:68:35:c1:b8:fd:cd:
         e2:42:5f:8f:a6:88:59:bc:7e:74:2f:6c:36:e1:74:37:ba:f5:
         a0:d7:a3:b5:f3:cb:5b:66:d2:c5:93:11:1c:bd:66:68:e4:d4:
         df:a3:5b:31:bc:85:f4:64:aa:b7:2c:19:fc:a1:a6:5d:fc:eb:
         18:93:fa:f2:53:cb:93:ab:41:c3:0a:df:24:35:83:2c:eb:72:
         88:82:06:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRrEV9EfjYur7pc84D5MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjQwMTAxMDAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzk3OGYzMjEzMjQxYjE2YmJjNTJkNzk5ODBkNzU3ZWY1NzBjMWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMf+fFZeEwpLox8YtdirSqCr09Hy
zTcN+j5lD3Fhi9SFIVDvtY2fwJjHcadMtfRHU+MO7N469fSSS6VOjTpmI5Te1QHg
98TIhACRr1zc2OgdMxVvIARFnmKab5+T0kx2dXuY6iV+hfevqL/PtAqTbjaIXm3s
+8+gY5dwWrhoXGqIvVhZDt2TlxVLyRn8iTBjKtM4TBH1X0jftRViVVwItPmt7lyQ
m2LhbDWDK2X3dbRBxLQw0zB9t3p4yXkG69HPy+wlgVXP+2dJtuAw06rur7b1rMEm
vzYdJUz/Z9sn5lp5Jv0dYTBcueM1A/CD2Ra6j8iIn5igXNJdqifWp5Jp8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCOXjzITJBsWu8UteZgNdX71cMG2MB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEvSTVlUE1oTWtHeGE3eFMxNW1BMTFmdlZ3d2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSaKMA0G
CSqGSIb3DQEBCwUAA4IBAQB50Dr5peLC1STr9yRovUo3zO0e9Ffx9qsawjoOyXlW
o17kCzNMTDMS2B41n4267skfrBvlSorYTtpgR5MrA0VAgCvXvAOeEnugN8FR2Icm
nYAJjjBRoZUs4/TiwUR8U+k6AZCkYTp3iLJ96Zwo7Kzhcq9W9ej3NOosOFg9atqb
sgqzisDjKMGVvluw/jpSjgpC/3LY9vrq9WbnhyICQrVSxXHK0e90YHqfbs2f+Opo
NcG4/c3iQl+PpohZvH50L2w24XQ3uvWg16O188tbZtLFkxEcvWZo5NTfo1sxvIX0
ZKq3LBn8oaZd/OsYk/ryU8uTq0HDCt8kNYMs63KIggYM
-----END CERTIFICATE-----