Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ea9402-be4d-49f3-81fb-4df728c58d17/1/5vnUrz2qBBJhvCj14bDHP9RmEig.roa
File:                     5vnUrz2qBBJhvCj14bDHP9RmEig.roa (raw, json)
Hash identifier:          /pGb/F/eRxwZGMVOuw2gPgL5Sm9MXBAT1VvWzzhtVu4=
Subject key identifier:   E6:F9:D4:AF:3D:AA:04:12:61:BC:28:F5:E1:B0:C7:3F:D4:66:12:28
Certificate issuer:       /CN=e938f9182b7da44003591eeae2560f8451b3393a
Certificate serial:       018CC56DF4427BBD7007368DA3BC55649FE3
Authority key identifier: E9:38:F9:18:2B:7D:A4:40:03:59:1E:EA:E2:56:0F:84:51:B3:39:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Tj5GCt9pEADWR7q4lYPhFGzOTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ea9402-be4d-49f3-81fb-4df728c58d17/1/5vnUrz2qBBJhvCj14bDHP9RmEig.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48715
IP address blocks:        158.255.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ea9402-be4d-49f3-81fb-4df728c58d17/1/6Tj5GCt9pEADWR7q4lYPhFGzOTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ea9402-be4d-49f3-81fb-4df728c58d17/1/6Tj5GCt9pEADWR7q4lYPhFGzOTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Tj5GCt9pEADWR7q4lYPhFGzOTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f4:42:7b:bd:70:07:36:8d:a3:bc:55:64:9f:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e938f9182b7da44003591eeae2560f8451b3393a
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6f9d4af3daa041261bc28f5e1b0c73fd4661228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3e:6b:dd:91:0c:f9:b4:bb:9d:ab:5c:a8:b7:
                    98:47:c0:67:89:e0:5f:06:1a:65:43:d2:df:ff:b7:
                    a0:79:4f:33:87:f1:11:64:f4:ee:dd:ad:ae:e0:28:
                    af:ff:28:72:e8:4e:1d:e8:52:8e:fe:ce:ca:1c:4c:
                    11:c4:fc:23:b5:98:6a:79:ba:9a:8f:cf:f6:82:56:
                    6c:6d:ba:68:d6:cb:f2:a2:5b:c5:3d:a6:bf:85:b1:
                    ef:78:ce:e8:cd:4a:62:fe:2b:13:e8:af:0f:84:8d:
                    c5:ef:f4:f6:45:42:94:ab:93:c0:d2:0a:db:9a:e1:
                    66:e9:05:15:d1:1f:98:de:eb:20:b8:ed:0f:34:67:
                    1f:c9:99:79:f2:0c:30:0c:cc:4e:34:1c:89:87:b5:
                    a3:2e:a2:c7:fe:3f:0a:c3:79:ff:ce:8a:11:5a:91:
                    99:e7:c5:7e:55:6e:75:bd:e2:af:31:34:3a:ad:ef:
                    14:ab:b7:a4:48:e3:5d:dc:8c:28:2a:c4:9d:bb:37:
                    c2:ef:99:6a:31:3d:4c:7e:4e:20:87:51:04:79:5a:
                    df:25:95:98:f1:0b:e1:fc:90:24:2b:36:9e:c7:b7:
                    3d:e2:b1:e7:bb:9c:27:24:0e:19:23:db:50:d9:36:
                    b4:0e:c0:92:41:dc:aa:fc:8f:8e:57:29:d3:f0:36:
                    af:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:F9:D4:AF:3D:AA:04:12:61:BC:28:F5:E1:B0:C7:3F:D4:66:12:28
            X509v3 Authority Key Identifier:
                keyid:E9:38:F9:18:2B:7D:A4:40:03:59:1E:EA:E2:56:0F:84:51:B3:39:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Tj5GCt9pEADWR7q4lYPhFGzOTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ea9402-be4d-49f3-81fb-4df728c58d17/1/5vnUrz2qBBJhvCj14bDHP9RmEig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ea9402-be4d-49f3-81fb-4df728c58d17/1/6Tj5GCt9pEADWR7q4lYPhFGzOTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.255.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:ac:a4:05:9b:48:e6:89:1b:c2:b6:6a:54:73:26:1f:75:6f:
         7b:4d:37:03:a6:0f:10:f3:0a:2d:7f:7a:16:82:eb:a7:f4:1d:
         0f:bd:60:ed:50:e7:46:a0:72:06:c2:51:25:58:e7:1d:42:6c:
         bc:ba:f9:5d:14:be:3d:7c:e9:04:f2:e1:fd:ec:5f:5f:15:75:
         25:5b:40:4a:2c:50:18:c8:de:f6:44:3a:f4:bb:4c:3e:0d:38:
         b8:11:e7:af:e9:31:bd:98:a3:a9:bb:f5:42:19:5a:14:44:f3:
         97:98:64:1e:1c:c8:c9:cc:e7:48:d7:f9:85:55:2e:63:97:88:
         42:fc:ba:d6:50:ed:13:0b:98:5a:92:18:47:93:98:95:e2:2a:
         f9:2c:59:15:14:92:95:ba:e2:90:d0:08:35:00:23:f4:c1:d9:
         a5:eb:be:89:06:8b:33:dc:a7:5b:ce:02:a6:0b:dd:aa:c5:07:
         6a:20:82:27:b0:a6:47:3a:2a:a7:92:15:8d:a1:5d:2e:8c:8a:
         1a:b5:bc:53:4b:e2:1f:ff:2a:b7:e7:a3:5b:61:1b:ed:23:c2:
         2f:41:d4:e8:40:ed:57:7e:21:65:67:b9:ae:cf:39:c1:d7:cd:
         90:bb:60:5f:d5:f5:56:7b:a8:00:40:7b:90:d0:a2:cd:31:0e:
         65:05:09:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfRCe71wBzaNo7xVZJ/jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MzhmOTE4MmI3ZGE0NDAwMzU5MWVlYWUyNTYwZjg0NTFi
MzM5M2EwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmY5ZDRhZjNkYWEwNDEyNjFiYzI4ZjVlMWIwYzczZmQ0NjYxMjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD5r3ZEM+bS7natcqLeYR8BnieBf
BhplQ9Lf/7egeU8zh/ERZPTu3a2u4Civ/yhy6E4d6FKO/s7KHEwRxPwjtZhqebqa
j8/2glZsbbpo1svyolvFPaa/hbHveM7ozUpi/isT6K8PhI3F7/T2RUKUq5PA0grb
muFm6QUV0R+Y3usguO0PNGcfyZl58gwwDMxONByJh7WjLqLH/j8Kw3n/zooRWpGZ
58V+VW51veKvMTQ6re8Uq7ekSONd3IwoKsSduzfC75lqMT1Mfk4gh1EEeVrfJZWY
8Qvh/JAkKzaex7c94rHnu5wnJA4ZI9tQ2Ta0DsCSQdyq/I+OVynT8DavHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOb51K89qgQSYbwo9eGwxz/UZhIoMB8GA1UdIwQY
MBaAFOk4+RgrfaRAA1ke6uJWD4RRszk6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlRqNUdDdDlwRUFEV1I3cTRsWVBoRkd6T1RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9lYTk0MDItYmU0ZC00OWYzLTgxZmIt
NGRmNzI4YzU4ZDE3LzEvNXZuVXJ6MnFCQkpodkNqMTRiREhQOVJtRWlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9lYTk0MDItYmU0ZC00OWYzLTgxZmItNGRmNzI4YzU4ZDE3
LzEvNlRqNUdDdDlwRUFEV1I3cTRsWVBoRkd6T1RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnv9OMA0G
CSqGSIb3DQEBCwUAA4IBAQCmrKQFm0jmiRvCtmpUcyYfdW97TTcDpg8Q8wotf3oW
guun9B0PvWDtUOdGoHIGwlElWOcdQmy8uvldFL49fOkE8uH97F9fFXUlW0BKLFAY
yN72RDr0u0w+DTi4Eeev6TG9mKOpu/VCGVoURPOXmGQeHMjJzOdI1/mFVS5jl4hC
/LrWUO0TC5hakhhHk5iV4ir5LFkVFJKVuuKQ0Ag1ACP0wdml676JBosz3KdbzgKm
C92qxQdqIIInsKZHOiqnkhWNoV0ujIoatbxTS+If/yq356NbYRvtI8IvQdToQO1X
fiFlZ7muzznB182Qu2Bf1fVWe6gAQHuQ0KLNMQ5lBQkd
-----END CERTIFICATE-----