Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/5gioQgU7pSUf_Ie4BHJt8wsgRnI.roa
File:                     5gioQgU7pSUf_Ie4BHJt8wsgRnI.roa (raw, json)
Hash identifier:          +8WoOXdVqJJtvSdO3/fEpQfXyiYk9hfWFYVGPsCaAgI=
Subject key identifier:   E6:08:A8:42:05:3B:A5:25:1F:FC:87:B8:04:72:6D:F3:0B:20:46:72
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E179B93B9834EED919B396F082C62
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/5gioQgU7pSUf_Ie4BHJt8wsgRnI.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204821
IP address blocks:        185.231.184.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:17:9b:93:b9:83:4e:ed:91:9b:39:6f:08:2c:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e608a842053ba5251ffc87b804726df30b204672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:11:72:da:46:dc:3b:1e:ea:63:0b:98:06:02:
                    ec:aa:19:30:49:75:5c:57:0c:7d:e7:9f:80:33:03:
                    7b:3c:3c:1e:fc:10:7e:4f:f6:51:2e:46:83:31:bf:
                    86:fd:98:51:c3:76:2e:1e:ac:da:42:8b:64:f4:e4:
                    c7:f7:5a:01:ec:e1:bd:a0:4c:2a:74:c9:82:5a:60:
                    80:9e:71:82:5e:13:40:92:f7:9a:9f:b7:b9:5a:49:
                    82:8e:40:1b:17:ba:b6:19:f3:44:ca:38:3e:94:79:
                    3a:27:f5:5b:77:50:2e:03:9d:57:97:36:f6:e2:82:
                    7f:79:cd:36:92:83:a1:f6:24:43:8a:81:a5:7f:e6:
                    2f:22:b5:d4:6f:d5:fe:17:43:db:35:b3:34:c6:13:
                    1b:af:8c:e6:1d:61:3d:f0:7a:bc:72:d9:a7:9a:bf:
                    87:f9:1e:01:39:6f:54:a0:fe:ac:21:7d:1b:fb:48:
                    81:b7:e0:ca:fa:e6:65:a3:c8:86:de:01:6e:e3:ab:
                    07:e0:8f:03:2c:c0:02:f2:9f:23:57:af:75:aa:fb:
                    3f:1e:94:82:7d:40:05:6a:96:5f:ff:ac:cc:55:2b:
                    ea:6d:57:d6:12:ab:f8:bd:79:31:14:49:d5:00:bf:
                    1e:62:48:1c:88:c6:44:15:20:1d:02:bf:9e:98:6c:
                    96:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:08:A8:42:05:3B:A5:25:1F:FC:87:B8:04:72:6D:F3:0B:20:46:72
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/5gioQgU7pSUf_Ie4BHJt8wsgRnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:f6:dd:2a:3f:31:b0:28:3e:31:ad:26:d9:a9:be:d6:80:88:
         9a:0a:5f:04:7d:b5:bb:de:84:aa:75:50:9d:40:d9:71:04:20:
         cd:f7:57:48:30:ed:65:bc:3b:9c:d3:e6:2a:f2:e6:34:ae:0b:
         68:c1:59:1e:53:81:54:b7:a8:5f:d3:b3:bd:57:51:18:92:57:
         fa:8d:b8:f2:1c:5c:0d:ec:66:36:14:81:1c:5c:6c:4a:a1:9a:
         c8:48:4e:6f:7a:fb:46:e6:24:2f:ba:85:8e:aa:a4:09:7c:63:
         e2:b8:82:fa:44:27:c4:62:b2:1a:7a:41:c9:5a:1e:ed:ea:68:
         6a:ec:43:5c:7b:7e:24:18:b5:26:8c:b1:75:92:89:a4:05:e8:
         30:58:9a:03:75:30:a2:ee:2a:99:66:29:07:08:d4:a1:34:b6:
         7c:ba:16:2b:9b:f0:81:f8:35:89:b6:2f:6e:d7:78:b4:31:ad:
         5b:69:68:ff:be:5c:80:da:5f:61:1b:54:26:54:92:75:b7:7a:
         b8:bf:f0:32:51:f3:6a:3d:80:3b:70:fb:3b:e5:b0:7e:2f:60:
         17:89:0a:68:4d:85:43:8b:d0:e2:fa:4e:d7:76:ae:45:9d:be:
         07:83:2d:0f:af:c0:ae:2e:98:5f:5b:8f:59:af:b1:26:38:b5:
         b4:20:f9:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhebk7mDTu2RmzlvCCxiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjA4YTg0MjA1M2JhNTI1MWZmYzg3YjgwNDcyNmRmMzBiMjA0NjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRFy2kbcOx7qYwuYBgLsqhkwSXVc
Vwx955+AMwN7PDwe/BB+T/ZRLkaDMb+G/ZhRw3YuHqzaQotk9OTH91oB7OG9oEwq
dMmCWmCAnnGCXhNAkvean7e5WkmCjkAbF7q2GfNEyjg+lHk6J/Vbd1AuA51Xlzb2
4oJ/ec02koOh9iRDioGlf+YvIrXUb9X+F0PbNbM0xhMbr4zmHWE98Hq8ctmnmr+H
+R4BOW9UoP6sIX0b+0iBt+DK+uZlo8iG3gFu46sH4I8DLMAC8p8jV691qvs/HpSC
fUAFapZf/6zMVSvqbVfWEqv4vXkxFEnVAL8eYkgciMZEFSAdAr+emGyWIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYIqEIFO6UlH/yHuARybfMLIEZyMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvNWdpb1FnVTdwU1VmX0llNEJISnQ4d3NnUm5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuee4MA0G
CSqGSIb3DQEBCwUAA4IBAQBl9t0qPzGwKD4xrSbZqb7WgIiaCl8EfbW73oSqdVCd
QNlxBCDN91dIMO1lvDuc0+Yq8uY0rgtowVkeU4FUt6hf07O9V1EYklf6jbjyHFwN
7GY2FIEcXGxKoZrISE5vevtG5iQvuoWOqqQJfGPiuIL6RCfEYrIaekHJWh7t6mhq
7ENce34kGLUmjLF1komkBegwWJoDdTCi7iqZZikHCNShNLZ8uhYrm/CB+DWJti9u
13i0Ma1baWj/vlyA2l9hG1QmVJJ1t3q4v/AyUfNqPYA7cPs75bB+L2AXiQpoTYVD
i9Di+k7Xdq5Fnb4Hgy0Pr8CuLphfW49Zr7EmOLW0IPlT
-----END CERTIFICATE-----