Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/OE5JBJJ67eOTxDj5VQ1Vxc3O5hk.roa
File:                     OE5JBJJ67eOTxDj5VQ1Vxc3O5hk.roa (raw, json)
Hash identifier:          DEHiGec2g0rUiZvfN2CcJjWd3RFH1wC+G/pcGO0lDlA=
Subject key identifier:   38:4E:49:04:92:7A:ED:E3:93:C4:38:F9:55:0D:55:C5:CD:CE:E6:19
Certificate issuer:       /CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
Certificate serial:       018CCA2A27750452FBA6185A00F26D3C4B3A
Authority key identifier: 5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/OE5JBJJ67eOTxDj5VQ1Vxc3O5hk.roa
Signing time:             Tue 02 Jan 2024 12:33:29 +0000
ROA not before:           Tue 02 Jan 2024 12:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204834
IP address blocks:        188.75.108.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:27:75:04:52:fb:a6:18:5a:00:f2:6d:3c:4b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
        Validity
            Not Before: Jan  2 12:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=384e4904927aede393c438f9550d55c5cdcee619
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:53:cc:4f:37:09:d3:7b:05:8c:32:5c:3c:fa:
                    45:47:4b:9d:8a:ee:21:22:f9:8a:69:31:88:d6:5e:
                    14:45:e6:28:60:82:90:c3:a4:41:99:6c:57:a7:d0:
                    f3:a9:8b:3b:ff:0d:15:d8:f1:d5:e8:1a:ca:0d:10:
                    ed:f3:55:19:b9:58:de:0d:f4:1f:93:f4:56:a8:a6:
                    ee:47:bd:19:15:74:4b:1d:dd:b6:e7:27:92:a7:80:
                    a1:e3:5c:1e:a5:6c:f8:04:52:b3:86:44:bf:de:04:
                    dc:01:19:fd:7b:b8:99:08:0d:3c:78:3e:7d:8f:ef:
                    13:cc:95:64:ad:70:65:49:eb:04:e4:cc:ea:1d:6d:
                    6a:d2:54:91:4b:59:0c:f7:d4:93:a5:f5:d2:db:c3:
                    c7:08:bd:29:7e:e4:eb:d6:e3:98:5e:6a:52:d8:e3:
                    17:27:06:d7:22:9f:ee:c1:a6:80:01:56:8a:aa:60:
                    fe:90:2a:29:c8:90:4d:a0:16:03:75:49:d2:31:c7:
                    6c:0b:30:76:2a:35:4d:9f:5d:eb:28:2e:39:a8:44:
                    5c:41:73:3b:a7:0e:ca:af:cb:c5:11:74:78:0d:2e:
                    39:6b:61:58:df:66:ce:64:0e:53:15:fc:77:ca:9c:
                    e6:e6:ef:67:4e:db:d2:68:00:58:00:e8:55:1d:93:
                    e9:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:4E:49:04:92:7A:ED:E3:93:C4:38:F9:55:0D:55:C5:CD:CE:E6:19
            X509v3 Authority Key Identifier:
                keyid:5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/OE5JBJJ67eOTxDj5VQ1Vxc3O5hk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.75.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:93:58:42:1b:c2:eb:50:2b:2e:a5:9b:39:09:9d:ae:d4:d5:
         86:2b:a8:7f:80:d5:ee:27:54:62:13:ef:3d:01:29:3a:68:f8:
         37:a0:37:8c:18:16:9d:2d:12:af:59:f6:b0:a0:bc:40:9a:bf:
         a9:0d:6d:6a:9f:1f:90:89:a2:f3:ef:d9:b9:bf:00:f8:56:cb:
         47:84:3e:d1:07:8e:79:50:4d:ea:a2:dd:a7:cb:6f:98:24:6d:
         9b:b6:ff:1e:54:b3:43:0c:e7:8d:16:1d:b8:48:78:18:8f:5a:
         47:6c:a0:59:b0:52:ba:e7:b9:94:b7:0b:ea:2d:af:f8:5c:cc:
         18:2f:dd:d0:68:2a:86:f9:92:c3:a6:ca:cf:b9:58:52:6d:80:
         b2:d1:f5:fc:55:ad:0a:36:5c:63:6e:7a:5b:ba:f8:06:26:b7:
         90:63:36:11:0a:0b:83:13:10:b5:16:46:37:e4:07:81:d1:50:
         d8:da:a5:a8:9e:fd:70:86:0c:c3:59:8c:fe:ba:86:63:64:90:
         8d:5f:53:1d:f4:05:a1:b8:47:f1:0f:c6:24:b2:0b:49:65:87:
         6a:7d:cf:1a:bb:ba:0c:b7:89:39:76:1e:ac:ab:97:fe:b1:34:
         77:85:d7:91:06:c2:65:1d:c7:bc:1b:83:84:7a:d4:dc:06:56:
         0a:49:4e:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKid1BFL7phhaAPJtPEs6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNjk4YzRiNjEyYWZlZTJjYmIxY2RkNTA5ZTRmMDI0NmZi
YjgwZTEwHhcNMjQwMTAyMTIzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODRlNDkwNDkyN2FlZGUzOTNjNDM4Zjk1NTBkNTVjNWNkY2VlNjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVPMTzcJ03sFjDJcPPpFR0udiu4h
IvmKaTGI1l4UReYoYIKQw6RBmWxXp9DzqYs7/w0V2PHV6BrKDRDt81UZuVjeDfQf
k/RWqKbuR70ZFXRLHd225yeSp4Ch41wepWz4BFKzhkS/3gTcARn9e7iZCA08eD59
j+8TzJVkrXBlSesE5MzqHW1q0lSRS1kM99STpfXS28PHCL0pfuTr1uOYXmpS2OMX
JwbXIp/uwaaAAVaKqmD+kCopyJBNoBYDdUnSMcdsCzB2KjVNn13rKC45qERcQXM7
pw7Kr8vFEXR4DS45a2FY32bOZA5TFfx3ypzm5u9nTtvSaABYAOhVHZPpcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhOSQSSeu3jk8Q4+VUNVcXNzuYZMB8GA1UdIwQY
MBaAFFtpjEthKv7iy7HN1Qnk8CRvu4DhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMt
Y2MyZmFmZTNhOGI0LzEvT0U1SkJKSjY3ZU9UeERqNVZRMVZ4YzNPNWhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMtY2MyZmFmZTNhOGI0
LzEvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvEtsMA0G
CSqGSIb3DQEBCwUAA4IBAQB9k1hCG8LrUCsupZs5CZ2u1NWGK6h/gNXuJ1RiE+89
ASk6aPg3oDeMGBadLRKvWfawoLxAmr+pDW1qnx+QiaLz79m5vwD4VstHhD7RB455
UE3qot2ny2+YJG2btv8eVLNDDOeNFh24SHgYj1pHbKBZsFK657mUtwvqLa/4XMwY
L93QaCqG+ZLDpsrPuVhSbYCy0fX8Va0KNlxjbnpbuvgGJreQYzYRCguDExC1FkY3
5AeB0VDY2qWonv1whgzDWYz+uoZjZJCNX1Md9AWhuEfxD8YksgtJZYdqfc8au7oM
t4k5dh6sq5f+sTR3hdeRBsJlHce8G4OEetTcBlYKSU4m
-----END CERTIFICATE-----