Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/6b9822-2f3e-45ba-a018-88ba02786d0d/1/RwVCxXAbrlCe47Q8cByTTlucwBQ.roa
File:                     RwVCxXAbrlCe47Q8cByTTlucwBQ.roa (raw, json)
Hash identifier:          7W0p5qHus5woM1i5wJ9yfYu2c2JuOJdA3qdPAIYD8rA=
Subject key identifier:   47:05:42:C5:70:1B:AE:50:9E:E3:B4:3C:70:1C:93:4E:5B:9C:C0:14
Certificate issuer:       /CN=5e81164ce388259186fba015acc4b0eb48beb552
Certificate serial:       018CC2DB0DD60F645E16B348A2398A0B4E11
Authority key identifier: 5E:81:16:4C:E3:88:25:91:86:FB:A0:15:AC:C4:B0:EB:48:BE:B5:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XoEWTOOIJZGG-6AVrMSw60i-tVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/6b9822-2f3e-45ba-a018-88ba02786d0d/1/RwVCxXAbrlCe47Q8cByTTlucwBQ.roa
Signing time:             Mon 01 Jan 2024 02:29:45 +0000
ROA not before:           Mon 01 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197197
IP address blocks:        109.224.64.0/18 maxlen: 18
                          2a00:7e80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/6b9822-2f3e-45ba-a018-88ba02786d0d/1/XoEWTOOIJZGG-6AVrMSw60i-tVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/6b9822-2f3e-45ba-a018-88ba02786d0d/1/XoEWTOOIJZGG-6AVrMSw60i-tVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XoEWTOOIJZGG-6AVrMSw60i-tVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0d:d6:0f:64:5e:16:b3:48:a2:39:8a:0b:4e:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e81164ce388259186fba015acc4b0eb48beb552
        Validity
            Not Before: Jan  1 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=470542c5701bae509ee3b43c701c934e5b9cc014
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:3e:f4:7a:9b:81:62:cd:69:5c:82:56:7b:cb:
                    df:10:7c:c0:38:bc:6a:b8:b8:1a:e1:37:68:1b:f3:
                    ba:c3:fa:83:ec:7e:c6:c2:ea:03:35:cb:8a:7c:60:
                    d6:94:09:68:21:8a:81:55:77:03:d5:5a:d8:10:f4:
                    9a:13:32:95:84:d5:14:86:0e:b6:15:fd:7e:80:8e:
                    6f:87:d4:28:e3:fb:f5:f4:8c:6d:c9:d9:88:a7:ae:
                    59:37:a9:1e:d6:62:a1:29:85:d9:4d:0f:63:18:74:
                    70:98:23:cb:5f:a6:72:2e:24:79:21:66:30:7b:ee:
                    fa:f0:83:83:95:5a:30:e5:70:b7:21:dd:6f:dd:73:
                    1f:1b:ff:3f:a9:fe:18:87:b2:ef:d6:2d:b1:7c:0b:
                    e3:88:37:71:23:7b:bd:0c:b2:de:f6:2f:fe:c5:c1:
                    88:47:ec:e7:43:17:d6:c2:a5:84:3f:0b:78:7d:84:
                    14:c4:85:e5:fe:ec:cb:5c:0c:21:1e:68:3b:c8:18:
                    2e:dd:51:e8:97:63:5b:8b:39:7e:17:55:d6:09:ab:
                    53:3b:ed:9c:a7:51:a5:06:77:41:fc:9b:69:73:de:
                    bb:74:b0:79:3d:40:c4:79:90:47:b2:49:1c:96:2a:
                    fe:df:b4:70:b8:43:b2:56:a0:b7:61:b2:0c:ba:cd:
                    96:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:05:42:C5:70:1B:AE:50:9E:E3:B4:3C:70:1C:93:4E:5B:9C:C0:14
            X509v3 Authority Key Identifier:
                keyid:5E:81:16:4C:E3:88:25:91:86:FB:A0:15:AC:C4:B0:EB:48:BE:B5:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XoEWTOOIJZGG-6AVrMSw60i-tVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/6b9822-2f3e-45ba-a018-88ba02786d0d/1/RwVCxXAbrlCe47Q8cByTTlucwBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/6b9822-2f3e-45ba-a018-88ba02786d0d/1/XoEWTOOIJZGG-6AVrMSw60i-tVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.224.64.0/18
                IPv6:
                  2a00:7e80::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:e5:29:a9:1a:c2:a1:52:ce:62:d6:3b:af:20:9d:7a:2c:5f:
         3d:65:59:a4:40:92:a3:af:03:b5:9d:52:ee:5a:26:e5:a8:c0:
         aa:84:b0:33:dc:32:cf:7d:c9:4a:ad:75:45:f0:7d:29:eb:bf:
         bd:a7:33:96:26:c4:35:b2:8d:65:ec:5a:2b:ea:24:c7:4d:96:
         be:f2:7d:10:88:7d:2c:38:96:d5:58:96:5c:10:5d:c1:ae:ba:
         8d:81:01:a4:04:a4:22:85:cc:2c:1f:6d:8e:3f:9c:88:a7:29:
         15:fd:42:f2:94:62:d1:f1:43:50:b8:88:ab:a6:32:ef:76:9b:
         ab:fb:34:67:ca:a7:19:8c:98:c3:2f:cb:00:be:f1:a4:02:7b:
         37:e3:21:42:b0:ea:be:48:d7:e1:7f:21:b9:1d:9d:c4:4c:43:
         5e:09:47:d4:fc:b8:61:f3:95:0d:ed:7e:5e:42:12:94:13:9e:
         83:c4:aa:78:68:8f:39:05:dc:5d:9c:ac:83:7e:4b:4c:ac:1e:
         b8:18:38:a1:70:aa:52:5e:33:14:a3:ba:bc:80:ef:31:f7:30:
         f8:ba:d4:ad:ab:8b:7c:aa:35:23:d6:b2:0d:57:a9:60:8f:45:
         f4:f7:28:63:bf:2f:1e:13:05:e5:3b:94:0c:56:d0:59:f5:f5:
         1b:e2:62:4c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2w3WD2ReFrNIojmKC04RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlODExNjRjZTM4ODI1OTE4NmZiYTAxNWFjYzRiMGViNDhi
ZWI1NTIwHhcNMjQwMTAxMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzA1NDJjNTcwMWJhZTUwOWVlM2I0M2M3MDFjOTM0ZTViOWNjMDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApT70epuBYs1pXIJWe8vfEHzAOLxq
uLga4TdoG/O6w/qD7H7GwuoDNcuKfGDWlAloIYqBVXcD1VrYEPSaEzKVhNUUhg62
Ff1+gI5vh9Qo4/v19IxtydmIp65ZN6ke1mKhKYXZTQ9jGHRwmCPLX6ZyLiR5IWYw
e+768IODlVow5XC3Id1v3XMfG/8/qf4Yh7Lv1i2xfAvjiDdxI3u9DLLe9i/+xcGI
R+znQxfWwqWEPwt4fYQUxIXl/uzLXAwhHmg7yBgu3VHol2Nbizl+F1XWCatTO+2c
p1GlBndB/Jtpc967dLB5PUDEeZBHskkclir+37RwuEOyVqC3YbIMus2WHQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEcFQsVwG65QnuO0PHAck05bnMAUMB8GA1UdIwQY
MBaAFF6BFkzjiCWRhvugFazEsOtIvrVSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG9FV1RPT0lKWkdHLTZBVnJNU3c2MGktdFZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC82Yjk4MjItMmYzZS00NWJhLWEwMTgt
ODhiYTAyNzg2ZDBkLzEvUndWQ3hYQWJybENlNDdROGNCeVRUbHVjd0JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC82Yjk4MjItMmYzZS00NWJhLWEwMTgtODhiYTAyNzg2ZDBk
LzEvWG9FV1RPT0lKWkdHLTZBVnJNU3c2MGktdFZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGbeBAMA0E
AgACMAcDBQAqAH6AMA0GCSqGSIb3DQEBCwUAA4IBAQAq5SmpGsKhUs5i1juvIJ16
LF89ZVmkQJKjrwO1nVLuWiblqMCqhLAz3DLPfclKrXVF8H0p67+9pzOWJsQ1so1l
7For6iTHTZa+8n0QiH0sOJbVWJZcEF3BrrqNgQGkBKQihcwsH22OP5yIpykV/ULy
lGLR8UNQuIirpjLvdpur+zRnyqcZjJjDL8sAvvGkAns34yFCsOq+SNfhfyG5HZ3E
TENeCUfU/Lhh85UN7X5eQhKUE56DxKp4aI85BdxdnKyDfktMrB64GDihcKpSXjMU
o7q8gO8x9zD4utStq4t8qjUj1rINV6lgj0X09yhjvy8eEwXlO5QMVtBZ9fUb4mJM
-----END CERTIFICATE-----