Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/68e857-e2e9-42d5-864e-cc7ad16d1b0c/1/5s_MKBT6kcR7SZU1R-3uvTc_uis.roa
File:                     5s_MKBT6kcR7SZU1R-3uvTc_uis.roa (raw, json)
Hash identifier:          zSWBNYLNZucctZn7QH/7oQ/09cTVHdqD8p+gc1757e4=
Subject key identifier:   E6:CF:CC:28:14:FA:91:C4:7B:49:95:35:47:ED:EE:BD:37:3F:BA:2B
Certificate issuer:       /CN=d39696a7680e955291feafa1efba9fbcff2f888b
Certificate serial:       018CC7935F2C2B58079842DDB90823B0E5F9
Authority key identifier: D3:96:96:A7:68:0E:95:52:91:FE:AF:A1:EF:BA:9F:BC:FF:2F:88:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/05aWp2gOlVKR_q-h77qfvP8viIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/68e857-e2e9-42d5-864e-cc7ad16d1b0c/1/5s_MKBT6kcR7SZU1R-3uvTc_uis.roa
Signing time:             Tue 02 Jan 2024 00:29:33 +0000
ROA not before:           Tue 02 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     702
IP address blocks:        213.208.0.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/68e857-e2e9-42d5-864e-cc7ad16d1b0c/1/05aWp2gOlVKR_q-h77qfvP8viIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/68e857-e2e9-42d5-864e-cc7ad16d1b0c/1/05aWp2gOlVKR_q-h77qfvP8viIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/05aWp2gOlVKR_q-h77qfvP8viIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 21:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:5f:2c:2b:58:07:98:42:dd:b9:08:23:b0:e5:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d39696a7680e955291feafa1efba9fbcff2f888b
        Validity
            Not Before: Jan  2 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6cfcc2814fa91c47b49953547edeebd373fba2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:14:7c:36:21:29:5f:64:fa:16:e3:d3:88:a8:
                    a1:62:12:e6:31:63:b8:30:7d:03:17:7c:d1:0d:fd:
                    f5:17:45:50:77:1b:67:83:87:43:78:f0:99:37:b4:
                    d4:09:6c:83:33:5d:da:c6:2d:f9:af:aa:3e:05:34:
                    2f:42:a5:4b:86:85:f7:23:b4:9b:42:a6:77:5a:74:
                    3e:6d:e6:3a:d0:54:72:0d:eb:25:b7:a9:f9:0d:7e:
                    af:27:59:9f:e8:67:a4:99:96:f4:d8:1d:0d:ab:69:
                    3b:37:ff:d7:a9:39:b3:81:ba:2f:c5:d8:64:eb:26:
                    52:f1:d5:54:1e:87:a9:e9:f4:a6:ff:ac:fc:52:61:
                    23:61:65:18:ac:7e:8d:da:7b:dc:aa:e6:ec:be:59:
                    f0:1a:98:02:87:5b:83:d8:1c:b0:48:53:11:4e:a3:
                    ba:36:26:a1:89:fa:08:f1:1c:0b:44:66:3d:79:76:
                    22:36:7e:c6:82:75:93:73:30:3c:18:94:67:e9:cd:
                    78:72:aa:3e:23:5a:bb:cb:05:54:78:76:ce:12:39:
                    9f:b2:16:05:e1:f0:e8:9e:e9:ed:ed:72:39:eb:47:
                    7a:5f:8d:6f:a4:03:e3:7f:c0:fc:26:e3:34:34:d2:
                    c5:48:4f:8b:a5:08:0e:71:46:ad:42:5f:86:b1:c8:
                    a8:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:CF:CC:28:14:FA:91:C4:7B:49:95:35:47:ED:EE:BD:37:3F:BA:2B
            X509v3 Authority Key Identifier:
                keyid:D3:96:96:A7:68:0E:95:52:91:FE:AF:A1:EF:BA:9F:BC:FF:2F:88:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/05aWp2gOlVKR_q-h77qfvP8viIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/68e857-e2e9-42d5-864e-cc7ad16d1b0c/1/5s_MKBT6kcR7SZU1R-3uvTc_uis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/68e857-e2e9-42d5-864e-cc7ad16d1b0c/1/05aWp2gOlVKR_q-h77qfvP8viIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.208.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         06:75:87:a5:72:c5:be:2b:6b:7f:4f:31:e0:a0:65:43:3d:7b:
         cd:2f:76:bb:f7:42:41:3f:b6:dc:c9:6f:8e:69:82:03:c4:da:
         49:b4:ff:76:b3:69:26:78:46:bd:20:2d:f0:b1:b9:92:cf:45:
         c2:40:11:9a:44:0a:68:20:76:c7:65:d8:e9:89:aa:ad:c3:00:
         94:48:d7:b0:98:85:d1:3e:a2:ef:4f:c9:2c:41:19:94:ae:3f:
         af:92:99:24:10:98:36:63:b1:05:e5:da:90:a0:9f:91:a0:82:
         66:25:1c:42:0d:63:8a:8a:40:7a:1b:ff:ba:5b:a7:38:9d:03:
         3a:d8:63:b4:41:a6:a1:8e:82:9d:04:44:a0:54:ea:f6:7b:af:
         da:0e:ff:e3:fe:e4:21:48:d0:58:07:ee:37:38:22:b0:bf:f9:
         96:1d:c1:13:73:d6:5b:a0:b0:a9:be:f9:79:ab:7b:60:60:e3:
         8a:b6:63:92:82:c8:cc:1f:46:fb:67:56:61:5d:fc:a8:20:40:
         0c:a6:77:06:90:e0:5f:bc:a1:f3:de:31:d2:7e:30:cf:46:b4:
         21:21:d4:c9:3d:38:a3:2b:f5:d9:d1:ec:97:d6:cf:ac:bd:cd:
         88:17:5d:ba:ad:93:11:3d:9e:28:a1:17:2d:66:5e:14:20:26:
         3c:43:93:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk18sK1gHmELduQgjsOX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzOTY5NmE3NjgwZTk1NTI5MWZlYWZhMWVmYmE5ZmJjZmYy
Zjg4OGIwHhcNMjQwMTAyMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmNmY2MyODE0ZmE5MWM0N2I0OTk1MzU0N2VkZWViZDM3M2ZiYTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRR8NiEpX2T6FuPTiKihYhLmMWO4
MH0DF3zRDf31F0VQdxtng4dDePCZN7TUCWyDM13axi35r6o+BTQvQqVLhoX3I7Sb
QqZ3WnQ+beY60FRyDeslt6n5DX6vJ1mf6GekmZb02B0Nq2k7N//XqTmzgbovxdhk
6yZS8dVUHoep6fSm/6z8UmEjYWUYrH6N2nvcqubsvlnwGpgCh1uD2BywSFMRTqO6
NiahifoI8RwLRGY9eXYiNn7GgnWTczA8GJRn6c14cqo+I1q7ywVUeHbOEjmfshYF
4fDonunt7XI560d6X41vpAPjf8D8JuM0NNLFSE+LpQgOcUatQl+GscioJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObPzCgU+pHEe0mVNUft7r03P7orMB8GA1UdIwQY
MBaAFNOWlqdoDpVSkf6voe+6n7z/L4iLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDVhV3AyZ09sVktSX3EtaDc3cWZ2UDh2aUlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy82OGU4NTctZTJlOS00MmQ1LTg2NGUt
Y2M3YWQxNmQxYjBjLzEvNXNfTUtCVDZrY1I3U1pVMVItM3V2VGNfdWlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy82OGU4NTctZTJlOS00MmQ1LTg2NGUtY2M3YWQxNmQxYjBj
LzEvMDVhV3AyZ09sVktSX3EtaDc3cWZ2UDh2aUlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1dAAMA0G
CSqGSIb3DQEBCwUAA4IBAQAGdYelcsW+K2t/TzHgoGVDPXvNL3a790JBP7bcyW+O
aYIDxNpJtP92s2kmeEa9IC3wsbmSz0XCQBGaRApoIHbHZdjpiaqtwwCUSNewmIXR
PqLvT8ksQRmUrj+vkpkkEJg2Y7EF5dqQoJ+RoIJmJRxCDWOKikB6G/+6W6c4nQM6
2GO0QaahjoKdBESgVOr2e6/aDv/j/uQhSNBYB+43OCKwv/mWHcETc9ZboLCpvvl5
q3tgYOOKtmOSgsjMH0b7Z1ZhXfyoIEAMpncGkOBfvKHz3jHSfjDPRrQhIdTJPTij
K/XZ0eyX1s+svc2IF126rZMRPZ4ooRctZl4UICY8Q5OP
-----END CERTIFICATE-----