Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/aebc77-2b81-40cf-8aad-26a38dc8670b/1/9gF5D7CTTHbLtaMD9vkV_I8CEls.roa
File:                     9gF5D7CTTHbLtaMD9vkV_I8CEls.roa (raw, json)
Hash identifier:          IE323o8+FF6uiL2YPE4R/Yq9DL1rbGu97qEdF8mx/z4=
Subject key identifier:   F6:01:79:0F:B0:93:4C:76:CB:B5:A3:03:F6:F9:15:FC:8F:02:12:5B
Certificate issuer:       /CN=039e78b45b5f59594eb811f3ac69062967f28c77
Certificate serial:       018FB4D05224E4F05D7F07BB2EDBE40D1932
Authority key identifier: 03:9E:78:B4:5B:5F:59:59:4E:B8:11:F3:AC:69:06:29:67:F2:8C:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A554tFtfWVlOuBHzrGkGKWfyjHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/aebc77-2b81-40cf-8aad-26a38dc8670b/1/9gF5D7CTTHbLtaMD9vkV_I8CEls.roa
Signing time:             Sun 26 May 2024 12:11:42 +0000
ROA not before:           Sun 26 May 2024 12:11:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12553
IP address blocks:        193.105.5.0/24 maxlen: 24
                          2001:67c:1028::/47 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/aebc77-2b81-40cf-8aad-26a38dc8670b/1/A554tFtfWVlOuBHzrGkGKWfyjHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/aebc77-2b81-40cf-8aad-26a38dc8670b/1/A554tFtfWVlOuBHzrGkGKWfyjHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A554tFtfWVlOuBHzrGkGKWfyjHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b4:d0:52:24:e4:f0:5d:7f:07:bb:2e:db:e4:0d:19:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=039e78b45b5f59594eb811f3ac69062967f28c77
        Validity
            Not Before: May 26 12:11:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f601790fb0934c76cbb5a303f6f915fc8f02125b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:87:34:63:f1:77:c9:54:3a:33:7e:11:51:7b:
                    05:4b:44:45:9c:6d:55:e3:7b:d9:79:01:3d:48:16:
                    a3:11:e5:69:7b:81:eb:2c:6e:7f:e5:8f:4f:ca:88:
                    cd:3c:f3:a7:a9:e5:d3:6a:29:3e:26:60:4f:fe:d0:
                    c8:fc:51:20:7b:db:b0:65:8c:db:ee:bb:fd:7e:54:
                    b7:a9:f8:7a:16:38:c0:95:4b:69:e0:f6:09:f6:31:
                    55:ef:40:96:38:ac:65:f2:9a:8d:d1:8d:89:aa:ec:
                    09:d1:04:ab:d5:73:3a:6e:af:0d:43:ff:a7:6d:1e:
                    cc:3b:02:99:16:d1:cf:6e:72:da:6b:d9:fe:34:11:
                    c3:92:a8:3a:31:64:83:3d:ed:3b:fa:30:d6:2f:c3:
                    c1:f4:80:1f:33:d1:f4:44:d6:37:5d:fe:bc:18:69:
                    8d:9d:16:b5:fa:04:2d:4c:d8:a5:b8:45:3b:6d:75:
                    f5:13:59:e4:05:fa:a3:c7:5b:ef:4e:bf:06:35:ef:
                    5a:42:c3:70:e2:c8:b1:56:37:6e:7f:9f:9b:4b:e1:
                    86:b3:9b:b9:87:f9:63:99:ce:48:c2:55:24:0a:05:
                    0c:65:dc:18:b2:a1:4b:74:bb:bf:e3:2b:e6:ba:67:
                    88:63:f1:4a:60:c8:8d:f7:84:2c:e8:34:8c:77:8f:
                    eb:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:01:79:0F:B0:93:4C:76:CB:B5:A3:03:F6:F9:15:FC:8F:02:12:5B
            X509v3 Authority Key Identifier:
                keyid:03:9E:78:B4:5B:5F:59:59:4E:B8:11:F3:AC:69:06:29:67:F2:8C:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A554tFtfWVlOuBHzrGkGKWfyjHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/aebc77-2b81-40cf-8aad-26a38dc8670b/1/9gF5D7CTTHbLtaMD9vkV_I8CEls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/aebc77-2b81-40cf-8aad-26a38dc8670b/1/A554tFtfWVlOuBHzrGkGKWfyjHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.5.0/24
                IPv6:
                  2001:67c:1028::/47

    Signature Algorithm: sha256WithRSAEncryption
         83:a9:b3:c2:58:e9:31:ff:d7:86:9f:89:ed:ab:cb:63:dd:c7:
         52:35:c6:13:45:7b:f5:bb:4f:52:8e:32:48:e7:f4:36:92:15:
         9d:24:ab:3f:85:d9:de:e7:84:a4:b8:e6:14:6b:5f:5a:85:1f:
         cb:4c:8e:bc:b5:21:37:79:94:23:55:2c:da:05:08:75:72:ef:
         e9:c1:b2:e4:d7:1a:90:dc:2e:6b:d0:de:b0:f5:56:31:35:96:
         4e:d9:16:6d:65:a2:d9:12:a6:b4:da:61:ad:82:89:ff:99:f5:
         6b:7b:1f:81:8e:31:f8:64:58:2f:3e:a6:f9:ac:6a:d9:68:13:
         dd:6b:d9:6a:05:5b:89:28:90:f6:9c:da:5e:af:7b:88:69:c3:
         ef:22:b5:ee:d0:ce:f5:1d:2a:09:bc:24:3f:0d:b2:9d:7f:d0:
         3b:c2:f4:79:24:39:43:27:c3:c2:56:3b:53:15:a5:df:68:d2:
         b7:f2:1b:07:b1:a8:4e:cc:2f:37:36:d6:c5:1c:a9:21:9d:6e:
         f6:2b:01:70:13:f3:ca:01:04:e2:7b:ba:f2:37:f0:f3:37:f2:
         25:00:02:02:41:1c:59:83:5e:8d:aa:89:61:4f:01:11:43:dc:
         c1:91:f9:54:f6:64:8f:7c:6d:9d:6b:c6:11:bc:7b:1c:ad:27:
         38:e0:80:ee
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY+00FIk5PBdfwe7LtvkDRkyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzOWU3OGI0NWI1ZjU5NTk0ZWI4MTFmM2FjNjkwNjI5Njdm
MjhjNzcwHhcNMjQwNTI2MTIxMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjAxNzkwZmIwOTM0Yzc2Y2JiNWEzMDNmNmY5MTVmYzhmMDIxMjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIc0Y/F3yVQ6M34RUXsFS0RFnG1V
43vZeQE9SBajEeVpe4HrLG5/5Y9PyojNPPOnqeXTaik+JmBP/tDI/FEge9uwZYzb
7rv9flS3qfh6FjjAlUtp4PYJ9jFV70CWOKxl8pqN0Y2JquwJ0QSr1XM6bq8NQ/+n
bR7MOwKZFtHPbnLaa9n+NBHDkqg6MWSDPe07+jDWL8PB9IAfM9H0RNY3Xf68GGmN
nRa1+gQtTNiluEU7bXX1E1nkBfqjx1vvTr8GNe9aQsNw4sixVjduf5+bS+GGs5u5
h/ljmc5IwlUkCgUMZdwYsqFLdLu/4yvmumeIY/FKYMiN94Qs6DSMd4/rZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPYBeQ+wk0x2y7WjA/b5FfyPAhJbMB8GA1UdIwQY
MBaAFAOeeLRbX1lZTrgR86xpBiln8ox3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTU1NHRGdGZXVmxPdUJIenJHa0dLV2Z5akhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9hZWJjNzctMmI4MS00MGNmLThhYWQt
MjZhMzhkYzg2NzBiLzEvOWdGNUQ3Q1RUSGJMdGFNRDl2a1ZfSThDRWxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9hZWJjNzctMmI4MS00MGNmLThhYWQtMjZhMzhkYzg2NzBi
LzEvQTU1NHRGdGZXVmxPdUJIenJHa0dLV2Z5akhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwWkFMA8E
AgACMAkDBwEgAQZ8ECgwDQYJKoZIhvcNAQELBQADggEBAIOps8JY6TH/14afie2r
y2Pdx1I1xhNFe/W7T1KOMkjn9DaSFZ0kqz+F2d7nhKS45hRrX1qFH8tMjry1ITd5
lCNVLNoFCHVy7+nBsuTXGpDcLmvQ3rD1VjE1lk7ZFm1lotkSprTaYa2Cif+Z9Wt7
H4GOMfhkWC8+pvmsatloE91r2WoFW4kokPac2l6ve4hpw+8ite7QzvUdKgm8JD8N
sp1/0DvC9HkkOUMnw8JWO1MVpd9o0rfyGwexqE7MLzc21sUcqSGdbvYrAXAT88oB
BOJ7uvI38PM38iUAAgJBHFmDXo2qiWFPARFD3MGR+VT2ZI98bZ1rxhG8exytJzjg
gO4=
-----END CERTIFICATE-----