Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/456de2-99ed-47ae-aa5e-0b1dc736d9dd/1/R0S13_V-urKtQXjdxg1aUDYBxyE.roa
File:                     R0S13_V-urKtQXjdxg1aUDYBxyE.roa (raw, json)
Hash identifier:          TnIBr21nA4i68sEgTiNI0QWAUs2A1u4IcnkFjH6sJOw=
Subject key identifier:   47:44:B5:DF:F5:7E:BA:B2:AD:41:78:DD:C6:0D:5A:50:36:01:C7:21
Certificate issuer:       /CN=c5e19b25497f601f747be6b0b5c95c0205faa9c5
Certificate serial:       018E3826B75FA1532291D652BF08498F51A6
Authority key identifier: C5:E1:9B:25:49:7F:60:1F:74:7B:E6:B0:B5:C9:5C:02:05:FA:A9:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xeGbJUl_YB90e-awtclcAgX6qcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/456de2-99ed-47ae-aa5e-0b1dc736d9dd/1/R0S13_V-urKtQXjdxg1aUDYBxyE.roa
Signing time:             Wed 13 Mar 2024 14:10:45 +0000
ROA not before:           Wed 13 Mar 2024 14:10:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209956
IP address blocks:        194.48.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/456de2-99ed-47ae-aa5e-0b1dc736d9dd/1/xeGbJUl_YB90e-awtclcAgX6qcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/456de2-99ed-47ae-aa5e-0b1dc736d9dd/1/xeGbJUl_YB90e-awtclcAgX6qcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xeGbJUl_YB90e-awtclcAgX6qcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 08:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:38:26:b7:5f:a1:53:22:91:d6:52:bf:08:49:8f:51:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5e19b25497f601f747be6b0b5c95c0205faa9c5
        Validity
            Not Before: Mar 13 14:10:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4744b5dff57ebab2ad4178ddc60d5a503601c721
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c7:e7:14:48:52:16:58:d3:60:23:51:65:9d:
                    fb:4a:23:7e:d5:17:2a:cc:db:2e:fc:bf:d0:d2:67:
                    7c:62:d4:85:4a:63:94:ec:7e:32:d8:98:7f:d4:4e:
                    0f:02:9c:a9:41:42:50:76:63:3d:d4:7c:38:11:bf:
                    ab:3e:f0:b4:e5:af:00:77:5f:f0:6a:53:46:df:4f:
                    27:b6:4a:88:de:39:14:07:d2:2e:bd:dd:4f:ce:f2:
                    08:ba:82:a3:df:c2:2b:c5:51:04:ba:81:33:f9:71:
                    b5:a4:45:40:1d:51:6b:a3:4c:ff:e5:0d:34:54:1d:
                    6e:79:59:91:62:7b:de:a9:a8:75:9e:49:6e:47:40:
                    23:fb:33:e6:1d:86:ee:92:86:c4:23:79:52:b9:d4:
                    4a:54:42:16:ac:e7:6e:ca:68:b7:4c:6f:8e:91:cc:
                    b2:bb:66:9c:df:fb:bf:15:f4:8d:4c:35:82:01:fe:
                    d8:56:e8:af:3a:3f:2a:a1:2e:59:8d:b8:d9:ee:1f:
                    ab:10:e5:c4:35:b6:44:a7:57:3d:65:8f:48:ad:ea:
                    09:a1:c7:30:1c:ba:54:bd:5f:b8:ad:f7:7a:a1:6c:
                    e1:04:6e:65:60:f8:a6:c3:79:69:ab:a7:66:3a:cb:
                    2d:53:f4:74:92:32:47:dd:2b:aa:4b:af:27:d3:f7:
                    66:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:44:B5:DF:F5:7E:BA:B2:AD:41:78:DD:C6:0D:5A:50:36:01:C7:21
            X509v3 Authority Key Identifier:
                keyid:C5:E1:9B:25:49:7F:60:1F:74:7B:E6:B0:B5:C9:5C:02:05:FA:A9:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xeGbJUl_YB90e-awtclcAgX6qcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/456de2-99ed-47ae-aa5e-0b1dc736d9dd/1/R0S13_V-urKtQXjdxg1aUDYBxyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/456de2-99ed-47ae-aa5e-0b1dc736d9dd/1/xeGbJUl_YB90e-awtclcAgX6qcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:2d:2b:8b:0f:49:4a:1c:31:30:fc:29:7b:14:38:ee:de:50:
         12:8b:6a:aa:ce:14:db:fa:f8:64:a8:5c:21:df:23:9b:85:4f:
         05:e3:d4:c3:78:ce:c9:3e:de:4d:7a:4f:eb:67:a8:40:05:63:
         98:ed:c5:28:58:c0:54:1f:e6:ea:60:ce:cc:2d:e9:b3:77:2d:
         66:4f:64:2f:08:21:e3:8f:94:15:d9:2a:67:26:68:c4:13:f4:
         8a:78:a1:7a:7a:89:17:18:51:a1:3a:65:f4:49:b1:81:78:2e:
         b3:55:0f:45:77:3d:6b:67:6a:60:eb:b0:a6:16:5c:04:bb:ef:
         e4:39:9c:cc:ea:c9:6c:ce:bd:30:d3:44:7e:5a:9e:05:4c:f1:
         dc:c1:77:0a:4c:e8:dd:4b:15:c4:f0:1b:5b:5f:a4:78:c5:dd:
         c9:cd:93:8d:a0:e8:4c:21:82:8b:ed:c1:20:62:e8:86:80:06:
         96:44:1b:61:2d:9a:54:49:85:08:30:81:5e:68:12:74:c2:bd:
         e6:2e:07:bf:90:de:fe:ef:18:eb:5f:10:38:75:49:08:72:d8:
         97:86:49:bc:e6:ab:bc:e3:d0:ca:fa:d9:b2:9f:1e:85:17:cd:
         86:89:67:0a:49:80:d4:b8:86:8d:c4:b0:e5:8b:ab:02:0e:25:
         88:23:b7:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY44JrdfoVMikdZSvwhJj1GmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ZTE5YjI1NDk3ZjYwMWY3NDdiZTZiMGI1Yzk1YzAyMDVm
YWE5YzUwHhcNMjQwMzEzMTQxMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzQ0YjVkZmY1N2ViYWIyYWQ0MTc4ZGRjNjBkNWE1MDM2MDFjNzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksfnFEhSFljTYCNRZZ37SiN+1Rcq
zNsu/L/Q0md8YtSFSmOU7H4y2Jh/1E4PApypQUJQdmM91Hw4Eb+rPvC05a8Ad1/w
alNG308ntkqI3jkUB9Iuvd1PzvIIuoKj38IrxVEEuoEz+XG1pEVAHVFro0z/5Q00
VB1ueVmRYnveqah1nkluR0Aj+zPmHYbukobEI3lSudRKVEIWrOduymi3TG+Okcyy
u2ac3/u/FfSNTDWCAf7YVuivOj8qoS5ZjbjZ7h+rEOXENbZEp1c9ZY9IreoJoccw
HLpUvV+4rfd6oWzhBG5lYPimw3lpq6dmOsstU/R0kjJH3SuqS68n0/dmewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdEtd/1frqyrUF43cYNWlA2AcchMB8GA1UdIwQY
MBaAFMXhmyVJf2AfdHvmsLXJXAIF+qnFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGVHYkpVbF9ZQjkwZS1hd3RjbGNBZ1g2cWNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC80NTZkZTItOTllZC00N2FlLWFhNWUt
MGIxZGM3MzZkOWRkLzEvUjBTMTNfVi11ckt0UVhqZHhnMWFVRFlCeHlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC80NTZkZTItOTllZC00N2FlLWFhNWUtMGIxZGM3MzZkOWRk
LzEveGVHYkpVbF9ZQjkwZS1hd3RjbGNBZ1g2cWNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjBfMA0G
CSqGSIb3DQEBCwUAA4IBAQBlLSuLD0lKHDEw/Cl7FDju3lASi2qqzhTb+vhkqFwh
3yObhU8F49TDeM7JPt5Nek/rZ6hABWOY7cUoWMBUH+bqYM7MLemzdy1mT2QvCCHj
j5QV2SpnJmjEE/SKeKF6eokXGFGhOmX0SbGBeC6zVQ9Fdz1rZ2pg67CmFlwEu+/k
OZzM6slszr0w00R+Wp4FTPHcwXcKTOjdSxXE8BtbX6R4xd3JzZONoOhMIYKL7cEg
YuiGgAaWRBthLZpUSYUIMIFeaBJ0wr3mLge/kN7+7xjrXxA4dUkIctiXhkm85qu8
49DK+tmynx6FF82GiWcKSYDUuIaNxLDli6sCDiWII7f9
-----END CERTIFICATE-----