Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/5GbfiJ23l1_I7cYYLZsSRImOHoc.roa
File:                     5GbfiJ23l1_I7cYYLZsSRImOHoc.roa (raw, json)
Hash identifier:          +XMOq7ju5ljYeX/Bwauc3L4kXso/KOZShJIi7Qj9auE=
Subject key identifier:   E4:66:DF:88:9D:B7:97:5F:C8:ED:C6:18:2D:9B:12:44:89:8E:1E:87
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF2626BECB2F3041540C75C33D9C4
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/5GbfiJ23l1_I7cYYLZsSRImOHoc.roa
Signing time:             Mon 01 Jan 2024 00:29:28 +0000
ROA not before:           Mon 01 Jan 2024 00:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61256
IP address blocks:        82.160.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 04:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f2:62:6b:ec:b2:f3:04:15:40:c7:5c:33:d9:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e466df889db7975fc8edc6182d9b1244898e1e87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ae:3b:7e:a4:ee:4a:20:44:d5:a7:11:bd:36:
                    01:d6:d1:e7:b7:95:54:ae:2c:da:85:13:b3:12:78:
                    82:c9:29:56:a7:26:b2:6c:d9:72:e1:17:24:c9:93:
                    ff:8c:84:e3:f7:68:d6:e7:48:4c:f7:0a:45:05:fb:
                    f9:55:b2:04:d1:e6:21:51:ac:1f:bc:f7:33:73:f6:
                    32:e8:e4:24:fa:c8:41:1b:88:60:b3:d0:d6:fd:30:
                    ca:86:b5:f4:52:54:92:a7:2e:fa:cd:d5:25:49:f5:
                    4c:6a:3b:2d:c8:0e:d6:50:04:7d:c6:07:cf:b2:84:
                    fe:51:64:1c:4f:2b:92:5c:df:f3:4c:42:12:30:46:
                    da:cb:71:c6:e1:fe:73:d8:fc:6e:23:50:ce:c7:79:
                    5e:7c:86:9f:34:c7:cc:0a:38:5c:29:71:63:e0:a3:
                    dd:1b:fd:6e:74:34:f4:06:d8:37:95:43:d0:a9:fe:
                    79:9e:fc:59:67:0e:c0:3b:c0:ac:ef:ef:bd:b5:34:
                    96:cd:ac:02:4d:53:29:bb:06:64:01:74:ed:37:1f:
                    ee:5d:39:b5:16:8a:83:9e:7a:af:0d:9f:28:3a:a0:
                    c0:52:ab:ea:21:47:2f:03:c4:99:bb:0e:ec:f9:3a:
                    d8:0e:09:aa:18:f1:1e:93:38:f5:43:74:e2:a4:23:
                    24:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:66:DF:88:9D:B7:97:5F:C8:ED:C6:18:2D:9B:12:44:89:8E:1E:87
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/5GbfiJ23l1_I7cYYLZsSRImOHoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.160.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:8d:f8:85:8c:d6:6c:52:bf:d7:10:80:b4:01:a4:7e:85:ac:
         e9:4e:46:ea:75:ea:dd:bd:be:06:6f:c8:a1:fd:c5:9f:e0:60:
         6d:e2:56:92:ad:9e:89:d6:3a:ef:0d:81:2a:aa:4a:c5:47:da:
         d5:17:55:42:86:46:31:cd:23:24:2f:2e:c9:c8:7c:94:21:bc:
         a2:c5:fc:be:f9:9a:43:06:55:c1:7e:4b:b3:5e:a5:d5:0c:0e:
         5e:5e:ed:0d:c0:4d:6b:44:a3:bb:00:98:f1:c6:06:5b:2d:79:
         87:eb:96:19:f8:1d:3c:e8:67:87:13:59:0c:76:25:c7:1f:97:
         6f:47:50:dd:cd:57:7a:a2:f3:21:25:8e:aa:d8:14:03:ec:d1:
         69:92:2e:d2:68:dc:b6:81:af:df:64:6f:52:a3:c3:13:4f:8d:
         20:ed:37:11:4f:fa:6d:40:ab:5f:df:93:8d:e3:5a:ef:b2:97:
         4c:2f:18:ec:e7:12:f0:a2:a7:79:a5:40:d9:52:27:95:28:62:
         04:65:b1:6a:5c:a3:f9:84:2a:a8:2a:15:6b:f0:0a:af:1b:2a:
         36:d6:57:ee:bf:36:ab:3a:f6:a3:e8:95:da:75:2d:a5:96:3f:
         5b:fe:0e:a3:de:ef:24:3b:62:3c:b0:ba:00:f7:6e:28:97:a4:
         9d:33:f7:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPJia+yy8wQVQMdcM9nEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDY2ZGY4ODlkYjc5NzVmYzhlZGM2MTgyZDliMTI0NDg5OGUxZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjq47fqTuSiBE1acRvTYB1tHnt5VU
rizahROzEniCySlWpyaybNly4RckyZP/jITj92jW50hM9wpFBfv5VbIE0eYhUawf
vPczc/Yy6OQk+shBG4hgs9DW/TDKhrX0UlSSpy76zdUlSfVMajstyA7WUAR9xgfP
soT+UWQcTyuSXN/zTEISMEbay3HG4f5z2PxuI1DOx3lefIafNMfMCjhcKXFj4KPd
G/1udDT0Btg3lUPQqf55nvxZZw7AO8Cs7++9tTSWzawCTVMpuwZkAXTtNx/uXTm1
FoqDnnqvDZ8oOqDAUqvqIUcvA8SZuw7s+TrYDgmqGPEekzj1Q3TipCMkgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORm34idt5dfyO3GGC2bEkSJjh6HMB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvNUdiZmlKMjNsMV9JN2NZWUxac1NSSW1PSG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUqAdMA0G
CSqGSIb3DQEBCwUAA4IBAQCNjfiFjNZsUr/XEIC0AaR+hazpTkbqderdvb4Gb8ih
/cWf4GBt4laSrZ6J1jrvDYEqqkrFR9rVF1VChkYxzSMkLy7JyHyUIbyixfy++ZpD
BlXBfkuzXqXVDA5eXu0NwE1rRKO7AJjxxgZbLXmH65YZ+B086GeHE1kMdiXHH5dv
R1DdzVd6ovMhJY6q2BQD7NFpki7SaNy2ga/fZG9So8MTT40g7TcRT/ptQKtf35ON
41rvspdMLxjs5xLwoqd5pUDZUieVKGIEZbFqXKP5hCqoKhVr8AqvGyo21lfuvzar
Ovaj6JXadS2llj9b/g6j3u8kO2I8sLoA924ol6SdM/fV
-----END CERTIFICATE-----