Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/5FB4JEfOV7_i3vtvu0Ati8yMNUQ.roa
File:                     5FB4JEfOV7_i3vtvu0Ati8yMNUQ.roa (raw, json)
Hash identifier:          NQER+xmkWhQ/YjWycDJDEXCW3dujHKE/dZPvZjR22jg=
Subject key identifier:   E4:50:78:24:47:CE:57:BF:E2:DE:FB:6F:BB:40:2D:8B:CC:8C:35:44
Certificate issuer:       /CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
Certificate serial:       018D7D1EEEA0F45ACF66BC1C5251985C8281
Authority key identifier: E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/5FB4JEfOV7_i3vtvu0Ati8yMNUQ.roa
Signing time:             Tue 06 Feb 2024 06:33:15 +0000
ROA not before:           Tue 06 Feb 2024 06:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204395
IP address blocks:        94.188.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7d:1e:ee:a0:f4:5a:cf:66:bc:1c:52:51:98:5c:82:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
        Validity
            Not Before: Feb  6 06:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e450782447ce57bfe2defb6fbb402d8bcc8c3544
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:21:e8:3e:15:3d:62:e4:08:1b:ec:00:38:37:
                    d0:65:42:f6:13:45:cd:28:60:e3:21:90:f3:4f:7c:
                    f4:99:bd:5b:bc:32:4e:b0:d7:c4:3c:54:bd:3a:fc:
                    75:b9:93:8f:0f:8c:56:97:76:b7:0b:7a:57:b0:af:
                    65:a1:8c:9f:81:08:f6:6c:80:08:ef:2d:a1:60:c9:
                    6a:12:c9:fd:54:fb:ab:fd:5d:f1:0b:e5:e9:ed:99:
                    c5:83:c8:6e:11:2b:06:f0:26:e3:7d:30:86:88:a4:
                    bf:b8:4a:d6:cd:86:29:f4:ed:33:2b:1d:3e:91:a3:
                    ab:42:50:b5:af:f1:10:8d:fb:15:de:21:a4:72:a5:
                    60:b0:e8:46:2d:9a:33:d7:02:e9:55:81:08:9a:be:
                    97:70:a6:b9:21:cb:72:2a:1b:3a:6b:ef:21:cb:c6:
                    32:12:3c:41:33:ca:e9:a9:04:79:26:44:ae:a9:62:
                    0e:b8:9c:44:ac:c7:bd:b6:df:3f:b1:c2:45:a6:ea:
                    da:69:67:c9:c1:ec:51:e1:d1:0e:84:22:f5:86:6f:
                    df:cd:47:36:f1:eb:6a:35:4f:11:c7:e2:22:5c:eb:
                    8d:0e:76:4d:06:18:a5:52:a8:d6:db:6e:f2:43:29:
                    bd:c5:91:6a:22:8d:61:75:4a:c4:55:9c:bd:3b:5a:
                    48:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:50:78:24:47:CE:57:BF:E2:DE:FB:6F:BB:40:2D:8B:CC:8C:35:44
            X509v3 Authority Key Identifier:
                keyid:E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/5FB4JEfOV7_i3vtvu0Ati8yMNUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.188.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:3a:55:34:a2:b6:ee:20:bc:be:cf:76:f8:2a:7a:38:3a:12:
         57:14:98:ba:87:fa:4a:07:6b:5a:2b:f1:ab:e6:ac:6c:72:6c:
         92:0b:73:cd:df:16:8d:8f:95:9d:1e:11:fd:03:a3:39:3e:fd:
         14:7f:fa:88:58:4d:14:58:00:d1:d5:28:15:f5:ca:d3:a0:85:
         6d:a5:b3:2e:36:f4:3f:de:77:0b:96:c6:a4:0f:52:1d:55:bc:
         22:38:40:e0:e8:62:7c:f3:92:84:c9:45:10:27:6c:a1:14:2e:
         3b:78:f6:8c:e7:d9:4b:0b:5c:37:11:a8:f1:4e:c5:e5:95:d5:
         78:bc:5a:8a:a7:ae:98:a4:1b:8c:8f:bc:f4:c7:8b:3d:f0:70:
         ee:9a:40:f7:25:5c:65:fb:52:30:ee:6d:29:ed:d4:95:c6:e9:
         fe:a9:68:d9:00:bf:a1:4d:df:8f:67:99:e2:82:3b:ff:d8:57:
         1f:b0:83:cd:0c:9a:16:f0:1f:fd:a6:50:fa:32:73:b3:fc:8a:
         4a:59:b0:df:fa:90:16:b4:35:db:0c:c4:49:51:9a:e9:32:5e:
         24:14:65:02:b6:9f:10:65:19:0a:13:8f:b6:4c:78:f1:24:8c:
         aa:b1:f6:77:f9:91:2f:96:bb:2b:2b:7d:5e:d4:63:e8:8e:16:
         05:44:49:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY19Hu6g9FrPZrwcUlGYXIKBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDViYjQwMTE4MGU1NWY1YzE2NWQ0NzkwOGRmZjRmZTI5
YTBkODYwHhcNMjQwMjA2MDYzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDUwNzgyNDQ3Y2U1N2JmZTJkZWZiNmZiYjQwMmQ4YmNjOGMzNTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6SHoPhU9YuQIG+wAODfQZUL2E0XN
KGDjIZDzT3z0mb1bvDJOsNfEPFS9Ovx1uZOPD4xWl3a3C3pXsK9loYyfgQj2bIAI
7y2hYMlqEsn9VPur/V3xC+Xp7ZnFg8huESsG8CbjfTCGiKS/uErWzYYp9O0zKx0+
kaOrQlC1r/EQjfsV3iGkcqVgsOhGLZoz1wLpVYEImr6XcKa5IctyKhs6a+8hy8Yy
EjxBM8rpqQR5JkSuqWIOuJxErMe9tt8/scJFpuraaWfJwexR4dEOhCL1hm/fzUc2
8etqNU8Rx+IiXOuNDnZNBhilUqjW227yQym9xZFqIo1hdUrEVZy9O1pIswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORQeCRHzle/4t77b7tALYvMjDVEMB8GA1UdIwQY
MBaAFOLVu0ARgOVfXBZdR5CN/0/img2GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEt
NDIxZTZiYzdlMmU4LzEvNUZCNEpFZk9WN19pM3Z0dnUwQXRpOHlNTlVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEtNDIxZTZiYzdlMmU4
LzEvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrzVMA0G
CSqGSIb3DQEBCwUAA4IBAQB+OlU0orbuILy+z3b4Kno4OhJXFJi6h/pKB2taK/Gr
5qxscmySC3PN3xaNj5WdHhH9A6M5Pv0Uf/qIWE0UWADR1SgV9crToIVtpbMuNvQ/
3ncLlsakD1IdVbwiOEDg6GJ885KEyUUQJ2yhFC47ePaM59lLC1w3EajxTsXlldV4
vFqKp66YpBuMj7z0x4s98HDumkD3JVxl+1Iw7m0p7dSVxun+qWjZAL+hTd+PZ5ni
gjv/2FcfsIPNDJoW8B/9plD6MnOz/IpKWbDf+pAWtDXbDMRJUZrpMl4kFGUCtp8Q
ZRkKE4+2THjxJIyqsfZ3+ZEvlrsrK31e1GPojhYFREn4
-----END CERTIFICATE-----