Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/fc9927-63fe-4e3b-bf28-62877fe48618/1/S5ivU2r8Cuu-w_aiAtlP1pvCGw0.roa
File:                     S5ivU2r8Cuu-w_aiAtlP1pvCGw0.roa (raw, json)
Hash identifier:          tM9XiMVhFJThfqwFzCBglkaUFkaPLedEwp33jKDiHEs=
Subject key identifier:   4B:98:AF:53:6A:FC:0A:EB:BE:C3:F6:A2:02:D9:4F:D6:9B:C2:1B:0D
Certificate issuer:       /CN=69af70bda77cf858e164d6b7c709e878fd1a6045
Certificate serial:       018CC26D3A349D1BD54C109032A56D45C7F7
Authority key identifier: 69:AF:70:BD:A7:7C:F8:58:E1:64:D6:B7:C7:09:E8:78:FD:1A:60:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aa9wvad8-FjhZNa3xwnoeP0aYEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/fc9927-63fe-4e3b-bf28-62877fe48618/1/S5ivU2r8Cuu-w_aiAtlP1pvCGw0.roa
Signing time:             Mon 01 Jan 2024 00:29:47 +0000
ROA not before:           Mon 01 Jan 2024 00:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28878
IP address blocks:        194.53.72.0/22 maxlen: 22
                          193.177.160.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/fc9927-63fe-4e3b-bf28-62877fe48618/1/aa9wvad8-FjhZNa3xwnoeP0aYEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/fc9927-63fe-4e3b-bf28-62877fe48618/1/aa9wvad8-FjhZNa3xwnoeP0aYEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aa9wvad8-FjhZNa3xwnoeP0aYEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3a:34:9d:1b:d5:4c:10:90:32:a5:6d:45:c7:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69af70bda77cf858e164d6b7c709e878fd1a6045
        Validity
            Not Before: Jan  1 00:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b98af536afc0aebbec3f6a202d94fd69bc21b0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5a:3d:06:60:d5:9e:65:49:4d:b4:4a:dc:6d:
                    e1:3f:c6:b0:cc:d7:8b:4b:ec:4f:8f:7a:0e:28:50:
                    77:4f:55:6a:90:3c:38:b0:3a:23:03:9a:ff:2f:40:
                    33:48:8c:54:f3:5d:8b:6b:76:88:d6:d9:c2:2d:f5:
                    9c:77:3f:e7:f5:94:43:60:09:36:49:59:33:c4:e4:
                    0c:98:4f:c3:69:84:99:b8:d0:92:e6:6f:f6:70:84:
                    72:00:8a:36:9a:1d:cc:d0:93:2a:4c:4e:d1:67:78:
                    8d:32:63:36:59:43:93:79:13:76:26:b4:21:4f:39:
                    d0:f7:54:c1:10:86:d0:31:c5:7c:50:e8:fe:7e:59:
                    8d:0f:f2:86:da:37:a0:16:2a:15:22:13:33:ca:7a:
                    fd:9c:c9:e3:12:35:71:65:40:a9:d5:13:7c:1a:1c:
                    63:44:4f:1a:02:02:ff:4b:4d:0e:0d:c1:04:a4:b3:
                    6e:43:8b:3f:56:60:1b:5b:8b:4c:39:04:53:e2:f9:
                    7a:97:0c:5f:c9:28:b1:e0:99:0c:f1:5a:11:e8:34:
                    af:6c:da:e7:4b:aa:7e:33:50:ee:2d:9b:a0:e6:4f:
                    aa:65:a4:07:53:7f:3b:43:b5:ec:1d:cf:8a:ce:7f:
                    86:d3:06:bc:89:32:98:da:5a:2e:3a:93:37:86:86:
                    a1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:98:AF:53:6A:FC:0A:EB:BE:C3:F6:A2:02:D9:4F:D6:9B:C2:1B:0D
            X509v3 Authority Key Identifier:
                keyid:69:AF:70:BD:A7:7C:F8:58:E1:64:D6:B7:C7:09:E8:78:FD:1A:60:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa9wvad8-FjhZNa3xwnoeP0aYEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/fc9927-63fe-4e3b-bf28-62877fe48618/1/S5ivU2r8Cuu-w_aiAtlP1pvCGw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/fc9927-63fe-4e3b-bf28-62877fe48618/1/aa9wvad8-FjhZNa3xwnoeP0aYEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.177.160.0/23
                  194.53.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:eb:4a:a6:03:5e:6a:99:b5:be:28:fb:c3:a0:cd:d0:8d:6c:
         77:37:56:df:94:cd:b0:28:fe:5a:8a:59:17:03:b5:0c:32:0d:
         f3:4e:09:71:ca:13:83:05:87:38:9c:e2:25:03:27:51:1f:2d:
         00:0f:e2:ce:e2:ac:b2:00:9b:c9:35:80:8c:4e:e0:2c:ce:45:
         21:a1:6f:39:a0:3c:dc:6b:26:7a:6a:a8:5f:1f:e8:c1:29:7e:
         6b:c5:b0:24:5c:8e:c2:50:71:43:f2:6d:b3:21:76:df:fa:b5:
         95:8b:05:b4:48:4f:6e:75:f3:ca:57:06:75:5b:c1:47:a7:a0:
         fc:0f:d8:cb:6d:c4:73:53:59:ab:f5:63:36:5d:e3:32:aa:a8:
         63:52:3e:9f:77:de:ce:d6:62:cd:de:e4:01:b5:7c:cd:cf:dc:
         df:8a:6d:19:38:34:3d:64:ac:23:79:21:57:2c:ab:6c:f3:93:
         9c:c6:6d:92:26:8d:e2:9e:8c:78:27:f2:2c:32:ae:5a:9d:24:
         78:dc:5d:d6:1b:0a:da:c3:e7:25:f6:91:5a:d9:33:f7:74:71:
         86:23:91:20:0e:dc:4f:4f:4e:20:90:84:29:79:7d:7d:a6:b0:
         04:83:7d:eb:f6:70:6d:3f:f9:f6:20:22:25:f9:bb:61:32:0b:
         c9:47:5d:eb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbTo0nRvVTBCQMqVtRcf3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YWY3MGJkYTc3Y2Y4NThlMTY0ZDZiN2M3MDllODc4ZmQx
YTYwNDUwHhcNMjQwMTAxMDAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yjk4YWY1MzZhZmMwYWViYmVjM2Y2YTIwMmQ5NGZkNjliYzIxYjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVo9BmDVnmVJTbRK3G3hP8awzNeL
S+xPj3oOKFB3T1VqkDw4sDojA5r/L0AzSIxU812La3aI1tnCLfWcdz/n9ZRDYAk2
SVkzxOQMmE/DaYSZuNCS5m/2cIRyAIo2mh3M0JMqTE7RZ3iNMmM2WUOTeRN2JrQh
TznQ91TBEIbQMcV8UOj+flmND/KG2jegFioVIhMzynr9nMnjEjVxZUCp1RN8Ghxj
RE8aAgL/S00ODcEEpLNuQ4s/VmAbW4tMOQRT4vl6lwxfySix4JkM8VoR6DSvbNrn
S6p+M1DuLZug5k+qZaQHU387Q7XsHc+Kzn+G0wa8iTKY2louOpM3hoahKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEuYr1Nq/ArrvsP2ogLZT9abwhsNMB8GA1UdIwQY
MBaAFGmvcL2nfPhY4WTWt8cJ6Hj9GmBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWE5d3ZhZDgtRmpoWk5hM3h3bm9lUDBhWUVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mYzk5MjctNjNmZS00ZTNiLWJmMjgt
NjI4NzdmZTQ4NjE4LzEvUzVpdlUycjhDdXUtd19haUF0bFAxcHZDR3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mYzk5MjctNjNmZS00ZTNiLWJmMjgtNjI4NzdmZTQ4NjE4
LzEvYWE5d3ZhZDgtRmpoWk5hM3h3bm9lUDBhWUVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwbGgAwQC
wjVIMA0GCSqGSIb3DQEBCwUAA4IBAQBi60qmA15qmbW+KPvDoM3QjWx3N1bflM2w
KP5ailkXA7UMMg3zTglxyhODBYc4nOIlAydRHy0AD+LO4qyyAJvJNYCMTuAszkUh
oW85oDzcayZ6aqhfH+jBKX5rxbAkXI7CUHFD8m2zIXbf+rWViwW0SE9udfPKVwZ1
W8FHp6D8D9jLbcRzU1mr9WM2XeMyqqhjUj6fd97O1mLN3uQBtXzNz9zfim0ZODQ9
ZKwjeSFXLKts85Ocxm2SJo3inox4J/IsMq5anSR43F3WGwraw+cl9pFa2TP3dHGG
I5EgDtxPT04gkIQpeX19prAEg33r9nBtP/n2ICIl+bthMgvJR13r
-----END CERTIFICATE-----