Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/xfHfb7X1cZlm-ppZC1Q8zPQ2pMw.roa
File:                     xfHfb7X1cZlm-ppZC1Q8zPQ2pMw.roa (raw, json)
Hash identifier:          ryV+w4kAG9q4wgVSjGuq2V/jKLzDyXQ2028P/KR5a0o=
Subject key identifier:   C5:F1:DF:6F:B5:F5:71:99:66:FA:9A:59:0B:54:3C:CC:F4:36:A4:CC
Certificate issuer:       /CN=ea1c951d61b87da19439784d23667a89cb3290a4
Certificate serial:       018E0D4A5EA266637666671635A8AF0829FA
Authority key identifier: EA:1C:95:1D:61:B8:7D:A1:94:39:78:4D:23:66:7A:89:CB:32:90:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6hyVHWG4faGUOXhNI2Z6icsykKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/xfHfb7X1cZlm-ppZC1Q8zPQ2pMw.roa
Signing time:             Tue 05 Mar 2024 06:26:01 +0000
ROA not before:           Tue 05 Mar 2024 06:26:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209984
IP address blocks:        213.226.84.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/6hyVHWG4faGUOXhNI2Z6icsykKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/6hyVHWG4faGUOXhNI2Z6icsykKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6hyVHWG4faGUOXhNI2Z6icsykKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 12:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0d:4a:5e:a2:66:63:76:66:67:16:35:a8:af:08:29:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea1c951d61b87da19439784d23667a89cb3290a4
        Validity
            Not Before: Mar  5 06:26:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5f1df6fb5f5719966fa9a590b543cccf436a4cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5d:06:6b:57:d4:8b:5c:fc:a9:4e:eb:41:48:
                    02:7b:88:67:65:99:5c:ba:7d:74:a1:1b:77:0e:17:
                    a4:67:0d:65:2a:fd:8d:8c:4d:fd:f9:44:be:c9:de:
                    44:63:15:72:d8:ba:46:f5:92:13:05:f6:dd:35:24:
                    ac:df:71:ea:8a:57:d5:33:fd:80:f5:1a:fb:fa:10:
                    cb:80:8f:0a:6f:94:8a:0d:26:85:e1:dd:ff:89:77:
                    65:7d:41:08:eb:c8:29:c9:95:ae:19:96:d0:f2:2d:
                    60:b9:fb:c5:70:ee:dd:22:e5:92:ce:4b:70:aa:19:
                    88:62:84:9f:ac:36:18:86:bd:3d:74:49:6b:c9:b7:
                    0d:1b:af:c1:66:44:e7:1c:6a:c8:70:36:2c:6f:98:
                    11:de:14:20:76:a8:e1:35:73:10:4d:82:59:75:75:
                    6d:db:cd:fb:b9:aa:d0:c4:d7:7c:94:56:5b:6a:b3:
                    bb:48:fa:84:20:8c:41:ca:11:70:49:08:94:be:01:
                    8e:c1:2d:e1:8d:e8:34:bc:7d:9a:74:6e:dc:ff:09:
                    a7:e2:e6:65:15:8b:c5:b3:6f:28:34:55:9a:ad:22:
                    96:12:f7:33:dd:ac:3a:63:c1:bf:f0:26:51:06:6a:
                    90:d8:9e:53:f0:c4:bb:7b:20:97:26:d5:a4:c5:29:
                    94:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:F1:DF:6F:B5:F5:71:99:66:FA:9A:59:0B:54:3C:CC:F4:36:A4:CC
            X509v3 Authority Key Identifier:
                keyid:EA:1C:95:1D:61:B8:7D:A1:94:39:78:4D:23:66:7A:89:CB:32:90:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6hyVHWG4faGUOXhNI2Z6icsykKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/xfHfb7X1cZlm-ppZC1Q8zPQ2pMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/617715-9484-40f9-896c-724b1a0212d4/1/6hyVHWG4faGUOXhNI2Z6icsykKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.226.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:6b:44:d4:bc:9d:38:90:21:6a:84:90:ac:e3:f5:c8:42:40:
         12:a5:00:42:44:f7:32:12:df:63:4d:f5:d2:ac:91:d9:4d:5c:
         20:cd:cc:a1:dc:bd:3e:4e:47:c3:f0:93:4f:09:3a:19:6f:c1:
         c8:95:6c:c2:ff:82:f0:bc:55:9b:88:7a:bb:87:79:bc:0b:fc:
         f5:08:b0:9b:43:98:58:5f:ca:98:5c:5f:50:aa:99:33:47:f9:
         3c:db:e8:89:d5:06:86:66:b5:98:d6:91:be:3d:d9:af:95:07:
         95:9e:f7:78:09:ab:53:bf:e1:8c:34:c5:69:5d:b4:d1:c8:d8:
         fb:f4:9d:7d:47:3d:da:fe:25:3e:66:43:ca:6e:41:63:05:0f:
         86:56:70:03:1f:21:7e:6a:da:85:25:c1:60:62:92:f2:0c:92:
         b9:cf:49:69:3e:4a:94:17:70:15:49:1b:4e:fe:43:e7:4e:a0:
         9e:21:b5:ac:53:65:3a:2e:e6:a6:3f:d8:37:4b:2e:20:71:00:
         9b:b6:39:f9:1d:13:8e:1f:d9:84:aa:5b:ae:da:46:c4:76:2a:
         b7:12:57:68:e9:c3:6d:83:f5:d0:f5:67:ac:b5:de:d8:de:93:
         bc:02:a8:ed:d0:48:d7:35:72:88:11:df:dc:a1:4f:bc:ec:f3:
         08:0e:57:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4NSl6iZmN2ZmcWNaivCCn6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMWM5NTFkNjFiODdkYTE5NDM5Nzg0ZDIzNjY3YTg5Y2Iz
MjkwYTQwHhcNMjQwMzA1MDYyNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWYxZGY2ZmI1ZjU3MTk5NjZmYTlhNTkwYjU0M2NjY2Y0MzZhNGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApV0Ga1fUi1z8qU7rQUgCe4hnZZlc
un10oRt3DhekZw1lKv2NjE39+US+yd5EYxVy2LpG9ZITBfbdNSSs33HqilfVM/2A
9Rr7+hDLgI8Kb5SKDSaF4d3/iXdlfUEI68gpyZWuGZbQ8i1gufvFcO7dIuWSzktw
qhmIYoSfrDYYhr09dElrybcNG6/BZkTnHGrIcDYsb5gR3hQgdqjhNXMQTYJZdXVt
2837uarQxNd8lFZbarO7SPqEIIxByhFwSQiUvgGOwS3hjeg0vH2adG7c/wmn4uZl
FYvFs28oNFWarSKWEvcz3aw6Y8G/8CZRBmqQ2J5T8MS7eyCXJtWkxSmUbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXx32+19XGZZvqaWQtUPMz0NqTMMB8GA1UdIwQY
MBaAFOoclR1huH2hlDl4TSNmeonLMpCkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmh5VkhXRzRmYUdVT1hoTkkyWjZpY3N5a0tRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS82MTc3MTUtOTQ4NC00MGY5LTg5NmMt
NzI0YjFhMDIxMmQ0LzEveGZIZmI3WDFjWmxtLXBwWkMxUTh6UFEycE13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS82MTc3MTUtOTQ4NC00MGY5LTg5NmMtNzI0YjFhMDIxMmQ0
LzEvNmh5VkhXRzRmYUdVT1hoTkkyWjZpY3N5a0tRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1eJUMA0G
CSqGSIb3DQEBCwUAA4IBAQBwa0TUvJ04kCFqhJCs4/XIQkASpQBCRPcyEt9jTfXS
rJHZTVwgzcyh3L0+TkfD8JNPCToZb8HIlWzC/4LwvFWbiHq7h3m8C/z1CLCbQ5hY
X8qYXF9QqpkzR/k82+iJ1QaGZrWY1pG+PdmvlQeVnvd4CatTv+GMNMVpXbTRyNj7
9J19Rz3a/iU+ZkPKbkFjBQ+GVnADHyF+atqFJcFgYpLyDJK5z0lpPkqUF3AVSRtO
/kPnTqCeIbWsU2U6LuamP9g3Sy4gcQCbtjn5HROOH9mEqluu2kbEdiq3Eldo6cNt
g/XQ9Westd7Y3pO8Aqjt0EjXNXKIEd/coU+87PMIDldx
-----END CERTIFICATE-----