Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/9b783c-9f59-4696-82c4-48b4955f0600/1/spleHyzYgGpzqGHpZDiMz8-L2F8.roa
File:                     spleHyzYgGpzqGHpZDiMz8-L2F8.roa (raw, json)
Hash identifier:          RlO89DtOqCkYqUS366LwGY+4XNcf6UcANfFjH0ztYJc=
Subject key identifier:   B2:99:5E:1F:2C:D8:80:6A:73:A8:61:E9:64:38:8C:CF:CF:8B:D8:5F
Certificate issuer:       /CN=11d19f88b0dc1b890254db94a9b62046d6be794b
Certificate serial:       018CC6B8EB7B6170D53CCD98146FC8F88B02
Authority key identifier: 11:D1:9F:88:B0:DC:1B:89:02:54:DB:94:A9:B6:20:46:D6:BE:79:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EdGfiLDcG4kCVNuUqbYgRta-eUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/9b783c-9f59-4696-82c4-48b4955f0600/1/spleHyzYgGpzqGHpZDiMz8-L2F8.roa
Signing time:             Mon 01 Jan 2024 20:30:56 +0000
ROA not before:           Mon 01 Jan 2024 20:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5598
IP address blocks:        176.101.96.0/19 maxlen: 24
                          176.101.97.144/28 maxlen: 28
                          176.101.97.128/28 maxlen: 28
                          176.101.96.96/27 maxlen: 27

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/9b783c-9f59-4696-82c4-48b4955f0600/1/EdGfiLDcG4kCVNuUqbYgRta-eUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/9b783c-9f59-4696-82c4-48b4955f0600/1/EdGfiLDcG4kCVNuUqbYgRta-eUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EdGfiLDcG4kCVNuUqbYgRta-eUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 19:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:eb:7b:61:70:d5:3c:cd:98:14:6f:c8:f8:8b:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11d19f88b0dc1b890254db94a9b62046d6be794b
        Validity
            Not Before: Jan  1 20:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2995e1f2cd8806a73a861e964388ccfcf8bd85f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f6:fe:42:85:b4:62:96:a3:76:93:94:a5:5e:
                    48:48:ca:63:20:01:86:cd:ca:ae:c4:da:80:15:fb:
                    39:85:57:52:9c:6d:b1:17:a9:c0:3d:be:9e:22:1e:
                    4d:bd:a5:42:28:3f:04:7a:2b:1d:c8:40:00:01:07:
                    60:63:ba:18:d1:da:59:19:21:59:24:46:ec:d2:dd:
                    76:6a:1d:a4:b6:81:d8:aa:a8:36:1e:db:5e:84:0b:
                    cf:2c:c8:c1:fe:5e:57:16:88:07:a4:18:21:99:37:
                    8b:cb:a2:69:c4:46:6d:7b:f5:96:67:72:2c:83:98:
                    50:63:a5:c8:61:e1:b9:72:bf:61:0a:d9:42:f5:79:
                    fe:37:4a:60:83:a0:42:27:d1:d4:9b:7a:38:9a:0b:
                    ee:0e:26:bf:e2:a5:63:8f:96:95:50:fd:52:d8:d0:
                    6f:c8:83:84:24:f1:5b:ff:9e:17:96:fd:6d:9a:79:
                    5f:9d:23:1f:a2:80:62:93:09:a2:ed:30:1c:87:3a:
                    82:6c:1a:56:21:87:5b:af:43:49:18:2d:79:b0:e2:
                    d8:95:0b:7a:f2:21:a2:dc:97:ad:32:82:8e:6e:ad:
                    d9:3e:c8:aa:0b:41:5b:4e:cc:12:4e:9d:3b:21:9e:
                    c5:44:e8:94:9c:5a:a6:0f:b2:9a:70:d4:d0:b2:34:
                    10:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:99:5E:1F:2C:D8:80:6A:73:A8:61:E9:64:38:8C:CF:CF:8B:D8:5F
            X509v3 Authority Key Identifier:
                keyid:11:D1:9F:88:B0:DC:1B:89:02:54:DB:94:A9:B6:20:46:D6:BE:79:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EdGfiLDcG4kCVNuUqbYgRta-eUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/9b783c-9f59-4696-82c4-48b4955f0600/1/spleHyzYgGpzqGHpZDiMz8-L2F8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/9b783c-9f59-4696-82c4-48b4955f0600/1/EdGfiLDcG4kCVNuUqbYgRta-eUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.101.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         86:6c:ce:d6:77:f3:0d:a9:20:68:b0:24:6a:05:08:eb:44:51:
         b1:97:04:94:b6:cb:d8:99:9d:94:67:49:0d:8d:d9:41:f1:61:
         26:02:4e:a7:39:ad:22:94:74:cd:47:6f:f0:63:6a:9b:50:77:
         6d:5a:00:e0:d4:c5:c2:8f:d3:1f:79:b2:2c:a4:a6:75:4c:1b:
         19:c5:34:3e:47:fa:73:8f:56:4f:11:ae:3c:a2:ea:76:aa:97:
         bb:2b:22:ec:3d:cb:b1:47:80:73:55:9b:21:24:71:c1:52:23:
         8e:ff:bd:77:f9:fd:02:0b:a5:91:53:bb:97:f5:92:15:69:52:
         ad:c5:dc:04:77:a0:0f:9c:36:f6:98:c3:60:52:21:06:48:d5:
         76:8f:d1:ba:7b:80:8a:d4:9a:0a:69:54:f8:12:6a:a4:7e:b3:
         7c:fb:85:32:ad:2e:b1:a2:9e:98:b7:77:90:21:fb:1d:dd:42:
         6a:58:1a:9e:c1:84:dd:da:5e:be:c7:f6:27:db:93:9e:9d:a8:
         c9:56:75:ba:21:e9:69:99:32:bc:bb:37:e5:eb:22:d3:24:e9:
         95:10:90:7b:4a:d1:08:b6:7a:b1:f3:dc:9a:a5:87:96:bf:1d:
         00:8c:4c:7a:f9:73:00:d2:ae:61:46:7b:3c:57:c2:8e:31:c0:
         46:44:06:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuOt7YXDVPM2YFG/I+IsCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZDE5Zjg4YjBkYzFiODkwMjU0ZGI5NGE5YjYyMDQ2ZDZi
ZTc5NGIwHhcNMjQwMTAxMjAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjk5NWUxZjJjZDg4MDZhNzNhODYxZTk2NDM4OGNjZmNmOGJkODVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfb+QoW0YpajdpOUpV5ISMpjIAGG
zcquxNqAFfs5hVdSnG2xF6nAPb6eIh5NvaVCKD8EeisdyEAAAQdgY7oY0dpZGSFZ
JEbs0t12ah2ktoHYqqg2HttehAvPLMjB/l5XFogHpBghmTeLy6JpxEZte/WWZ3Is
g5hQY6XIYeG5cr9hCtlC9Xn+N0pgg6BCJ9HUm3o4mgvuDia/4qVjj5aVUP1S2NBv
yIOEJPFb/54Xlv1tmnlfnSMfooBikwmi7TAchzqCbBpWIYdbr0NJGC15sOLYlQt6
8iGi3JetMoKObq3ZPsiqC0FbTswSTp07IZ7FROiUnFqmD7KacNTQsjQQKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKZXh8s2IBqc6hh6WQ4jM/Pi9hfMB8GA1UdIwQY
MBaAFBHRn4iw3BuJAlTblKm2IEbWvnlLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWRHZmlMRGNHNGtDVk51VXFiWWdSdGEtZVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS85Yjc4M2MtOWY1OS00Njk2LTgyYzQt
NDhiNDk1NWYwNjAwLzEvc3BsZUh5ellnR3B6cUdIcFpEaU16OC1MMkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS85Yjc4M2MtOWY1OS00Njk2LTgyYzQtNDhiNDk1NWYwNjAw
LzEvRWRHZmlMRGNHNGtDVk51VXFiWWdSdGEtZVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsGVgMA0G
CSqGSIb3DQEBCwUAA4IBAQCGbM7Wd/MNqSBosCRqBQjrRFGxlwSUtsvYmZ2UZ0kN
jdlB8WEmAk6nOa0ilHTNR2/wY2qbUHdtWgDg1MXCj9MfebIspKZ1TBsZxTQ+R/pz
j1ZPEa48oup2qpe7KyLsPcuxR4BzVZshJHHBUiOO/713+f0CC6WRU7uX9ZIVaVKt
xdwEd6APnDb2mMNgUiEGSNV2j9G6e4CK1JoKaVT4EmqkfrN8+4UyrS6xop6Yt3eQ
Ifsd3UJqWBqewYTd2l6+x/Yn25OenajJVnW6IelpmTK8uzfl6yLTJOmVEJB7StEI
tnqx89yapYeWvx0AjEx6+XMA0q5hRns8V8KOMcBGRAaU
-----END CERTIFICATE-----