Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/5c-0w6aFahfL-9fnU28RGSFRCeo.roa
File:                     5c-0w6aFahfL-9fnU28RGSFRCeo.roa (raw, json)
Hash identifier:          uG2DdbIC28vTwSXsN9nSmrj1NKOJXIqHJC912h/GU2I=
Subject key identifier:   E5:CF:B4:C3:A6:85:6A:17:CB:FB:D7:E7:53:6F:11:19:21:51:09:EA
Certificate issuer:       /CN=dab740f6665f9983f54061dca1650261ad6f2138
Certificate serial:       019427B46F327444A1D7A25DA3677A86BFB8
Authority key identifier: DA:B7:40:F6:66:5F:99:83:F5:40:61:DC:A1:65:02:61:AD:6F:21:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2rdA9mZfmYP1QGHcoWUCYa1vITg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/5c-0w6aFahfL-9fnU28RGSFRCeo.roa
Signing time:             Thu 02 Jan 2025 15:48:43 +0000
ROA not before:           Thu 02 Jan 2025 15:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201333
IP address blocks:        185.100.16.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/2rdA9mZfmYP1QGHcoWUCYa1vITg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/2rdA9mZfmYP1QGHcoWUCYa1vITg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2rdA9mZfmYP1QGHcoWUCYa1vITg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:6f:32:74:44:a1:d7:a2:5d:a3:67:7a:86:bf:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dab740f6665f9983f54061dca1650261ad6f2138
        Validity
            Not Before: Jan  2 15:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5cfb4c3a6856a17cbfbd7e7536f1119215109ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:76:4e:10:05:be:38:81:04:8e:e9:43:ff:77:
                    bb:39:8e:15:2a:69:71:8c:de:f9:5a:27:50:0a:a1:
                    f4:63:38:20:2c:eb:15:dc:ce:1f:75:d0:d4:27:4e:
                    18:1d:25:54:4c:aa:73:c9:eb:97:fe:87:e4:36:32:
                    0c:6c:ec:68:31:04:3b:f8:11:e5:b4:28:a5:c0:0e:
                    86:c9:00:9d:e4:e5:62:9d:4c:fa:d2:5e:59:74:73:
                    f4:50:37:d4:f2:7c:9a:a2:8e:17:33:dc:68:0f:dd:
                    f2:76:ff:54:9e:6d:b2:cd:81:3c:19:f6:df:ce:84:
                    97:6a:98:d6:fd:37:74:da:6e:9b:fc:f2:ee:f2:62:
                    07:7c:f0:f9:57:27:3a:fd:54:ef:1c:d1:94:e7:63:
                    58:c3:8f:8c:19:60:35:8f:0c:ad:a0:98:6b:30:e7:
                    19:d6:6f:7a:11:4f:9b:d9:bf:34:01:a5:a5:63:13:
                    97:db:98:89:70:65:18:9b:d6:b6:f2:15:b7:f0:f6:
                    cc:6a:6e:3a:4f:bb:88:0c:79:fa:b3:f0:8c:14:b7:
                    c3:cd:c4:df:14:65:27:4e:bf:f6:1e:4b:e1:b2:b4:
                    9f:a2:ba:3d:2e:a0:c4:45:10:09:ac:1b:79:61:bf:
                    40:6d:f0:e7:2f:70:b1:5b:5a:5b:f1:69:e7:3a:41:
                    41:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:CF:B4:C3:A6:85:6A:17:CB:FB:D7:E7:53:6F:11:19:21:51:09:EA
            X509v3 Authority Key Identifier:
                keyid:DA:B7:40:F6:66:5F:99:83:F5:40:61:DC:A1:65:02:61:AD:6F:21:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2rdA9mZfmYP1QGHcoWUCYa1vITg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/5c-0w6aFahfL-9fnU28RGSFRCeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/135cf4-086f-4516-a3eb-1b7c92a61df6/1/2rdA9mZfmYP1QGHcoWUCYa1vITg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:db:08:2b:47:3c:7d:f9:3c:d5:d5:bc:32:0f:a6:c9:09:2f:
         ca:9a:51:fb:7d:3d:14:31:15:57:a1:97:15:96:36:81:8b:a5:
         c4:38:bf:ba:87:3d:c2:ff:5b:bd:fa:f4:30:64:46:c6:6a:1d:
         2d:50:5f:32:67:58:77:dd:40:c5:04:0c:2e:8e:be:1a:21:59:
         e1:ea:44:50:e2:aa:98:9e:f5:57:a7:5a:18:d1:1d:99:cd:30:
         26:eb:58:a0:5d:01:54:5f:7a:f9:22:3d:c7:fc:6d:60:17:1d:
         35:98:11:f5:ba:85:7d:db:4b:97:1c:a0:c7:aa:fc:68:91:b2:
         51:2e:22:13:84:3c:69:6a:12:f1:3a:8f:7e:40:d8:f4:1f:41:
         15:f6:2f:86:44:7d:e4:ef:37:5b:9c:85:d0:b1:74:70:ab:47:
         85:98:e6:1a:8c:09:78:67:eb:41:7a:d7:b0:e7:cd:0c:51:61:
         ff:e1:1d:49:89:62:6a:38:b5:5a:8e:3c:78:67:bd:cb:c7:51:
         5a:38:bd:5c:1b:b7:49:4b:b8:43:48:ee:0e:ae:1a:42:66:07:
         29:ad:0b:ea:f1:39:f2:23:8c:fa:bf:c4:59:bf:2e:34:56:c6:
         ea:fd:b8:6e:06:d3:f2:79:26:04:d4:10:fc:36:39:e3:e9:8b:
         44:3b:9d:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntG8ydESh16Jdo2d6hr+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYjc0MGY2NjY1Zjk5ODNmNTQwNjFkY2ExNjUwMjYxYWQ2
ZjIxMzgwHhcNMjUwMTAyMTU0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWNmYjRjM2E2ODU2YTE3Y2JmYmQ3ZTc1MzZmMTExOTIxNTEwOWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3ZOEAW+OIEEjulD/3e7OY4VKmlx
jN75WidQCqH0YzggLOsV3M4fddDUJ04YHSVUTKpzyeuX/ofkNjIMbOxoMQQ7+BHl
tCilwA6GyQCd5OVinUz60l5ZdHP0UDfU8nyaoo4XM9xoD93ydv9Unm2yzYE8Gfbf
zoSXapjW/Td02m6b/PLu8mIHfPD5Vyc6/VTvHNGU52NYw4+MGWA1jwytoJhrMOcZ
1m96EU+b2b80AaWlYxOX25iJcGUYm9a28hW38PbMam46T7uIDHn6s/CMFLfDzcTf
FGUnTr/2HkvhsrSforo9LqDERRAJrBt5Yb9AbfDnL3CxW1pb8WnnOkFBjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXPtMOmhWoXy/vX51NvERkhUQnqMB8GA1UdIwQY
MBaAFNq3QPZmX5mD9UBh3KFlAmGtbyE4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnJkQTltWmZtWVAxUUdIY29XVUNZYTF2SVRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xMzVjZjQtMDg2Zi00NTE2LWEzZWIt
MWI3YzkyYTYxZGY2LzEvNWMtMHc2YUZhaGZMLTlmblUyOFJHU0ZSQ2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xMzVjZjQtMDg2Zi00NTE2LWEzZWItMWI3YzkyYTYxZGY2
LzEvMnJkQTltWmZtWVAxUUdIY29XVUNZYTF2SVRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWQQMA0G
CSqGSIb3DQEBCwUAA4IBAQCH2wgrRzx9+TzV1bwyD6bJCS/KmlH7fT0UMRVXoZcV
ljaBi6XEOL+6hz3C/1u9+vQwZEbGah0tUF8yZ1h33UDFBAwujr4aIVnh6kRQ4qqY
nvVXp1oY0R2ZzTAm61igXQFUX3r5Ij3H/G1gFx01mBH1uoV920uXHKDHqvxokbJR
LiIThDxpahLxOo9+QNj0H0EV9i+GRH3k7zdbnIXQsXRwq0eFmOYajAl4Z+tBetew
580MUWH/4R1JiWJqOLVajjx4Z73Lx1FaOL1cG7dJS7hDSO4OrhpCZgcprQvq8Tny
I4z6v8RZvy40Vsbq/bhuBtPyeSYE1BD8Njnj6YtEO50c
-----END CERTIFICATE-----