Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/0wQrRYRoyL0D3QcQBy6uFqRShXU.roa
File:                     0wQrRYRoyL0D3QcQBy6uFqRShXU.roa (raw, json)
Hash identifier:          eWPTJBlaYmrj7puevLLC3iJ3HpHy91dtJDW+FNBXvsE=
Subject key identifier:   D3:04:2B:45:84:68:C8:BD:03:DD:07:10:07:2E:AE:16:A4:52:85:75
Certificate issuer:       /CN=e7f881401abacc88c941fdf740f1ab1536f05dba
Certificate serial:       018CCA2BB73C485589C92FAC03E56A8527FA
Authority key identifier: E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/0wQrRYRoyL0D3QcQBy6uFqRShXU.roa
Signing time:             Tue 02 Jan 2024 12:35:11 +0000
ROA not before:           Tue 02 Jan 2024 12:35:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50242
IP address blocks:        85.248.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b7:3c:48:55:89:c9:2f:ac:03:e5:6a:85:27:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f881401abacc88c941fdf740f1ab1536f05dba
        Validity
            Not Before: Jan  2 12:35:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3042b458468c8bd03dd0710072eae16a4528575
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:16:57:13:a5:10:31:9a:1f:fe:74:f6:e1:fa:
                    8a:ae:8e:b2:79:2a:49:ec:c1:18:bf:da:c4:8a:8d:
                    e9:b8:a6:19:bb:cc:8b:c4:dc:04:85:c2:1c:0a:35:
                    35:f4:e3:67:0a:56:f6:0a:b3:95:2c:8e:2e:92:a1:
                    4e:1d:c2:91:06:ce:57:bf:36:67:21:bb:93:df:7d:
                    60:18:84:7e:a9:37:09:60:a5:ff:04:82:e1:ca:0c:
                    7f:d1:3c:0b:eb:3b:e3:dd:5e:67:32:32:6e:e1:b0:
                    25:b9:52:77:91:b0:aa:45:e4:61:ab:24:d0:7d:77:
                    76:03:1e:01:1f:2b:1b:e0:d2:2d:78:17:33:7a:02:
                    3f:87:9c:e6:d7:0c:15:51:20:43:2f:a0:6a:a7:83:
                    79:c4:76:3d:6e:ea:9b:da:83:11:ee:85:75:5d:88:
                    f0:5d:2a:73:39:d3:6b:43:43:3b:dd:1b:7d:ba:b8:
                    ca:22:d2:7f:62:c4:57:b2:11:1a:1e:8a:24:fb:a3:
                    d3:ed:a6:60:6f:55:de:2e:0c:c6:c8:c8:df:a3:b6:
                    b7:9e:13:91:ee:8d:c7:29:fb:bf:40:43:e7:32:14:
                    08:81:9e:72:87:20:b8:e5:9a:10:bd:ec:ed:12:cb:
                    99:07:8a:23:cd:58:b6:72:0a:d0:ab:43:18:43:f8:
                    86:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:04:2B:45:84:68:C8:BD:03:DD:07:10:07:2E:AE:16:A4:52:85:75
            X509v3 Authority Key Identifier:
                keyid:E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/0wQrRYRoyL0D3QcQBy6uFqRShXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.248.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:e6:c9:2d:61:8d:da:57:7f:b0:4d:bd:0d:f9:91:61:ac:63:
         70:1b:98:24:1a:b7:c0:1b:33:49:0f:40:95:46:2e:11:d8:6d:
         1d:fa:db:e8:a6:e0:b5:c3:70:a1:1a:8a:42:15:99:1b:47:da:
         3b:83:5f:5d:ca:9d:fe:3a:b9:14:76:0b:1c:2a:d5:03:82:f0:
         fd:9e:ff:5c:a7:2e:16:aa:bb:bf:8a:11:6a:fa:3b:20:d7:90:
         10:b7:6b:0f:1f:56:18:11:c6:ca:3c:43:9d:85:a3:0c:d8:1a:
         97:13:77:13:e9:8d:3d:e3:0b:be:06:91:60:fb:da:46:4c:04:
         95:b7:c6:40:ed:0c:d7:6e:19:3d:59:5d:4c:ec:17:64:4c:19:
         67:24:11:ac:65:92:7e:63:c5:a5:e5:1a:12:d4:e8:be:9d:99:
         f7:2e:21:55:60:be:b1:f8:fe:47:d5:1c:cd:93:0d:32:5d:38:
         b0:d3:f3:a3:38:b0:a7:77:e1:5f:0c:82:ed:6f:5a:87:e9:b3:
         c8:55:38:8d:b3:5f:92:f4:26:fd:13:1d:ed:d3:d2:72:0a:1b:
         13:a9:f8:eb:d9:52:4c:e9:c1:7b:ef:61:99:f1:99:a9:7c:58:
         df:17:32:00:cf:3a:9b:78:be:ab:09:e8:d2:a4:33:da:6c:c3:
         14:bf:8e:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK7c8SFWJyS+sA+VqhSf6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Zjg4MTQwMWFiYWNjODhjOTQxZmRmNzQwZjFhYjE1MzZm
MDVkYmEwHhcNMjQwMTAyMTIzNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzA0MmI0NTg0NjhjOGJkMDNkZDA3MTAwNzJlYWUxNmE0NTI4NTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhZXE6UQMZof/nT24fqKro6yeSpJ
7MEYv9rEio3puKYZu8yLxNwEhcIcCjU19ONnClb2CrOVLI4ukqFOHcKRBs5XvzZn
IbuT331gGIR+qTcJYKX/BILhygx/0TwL6zvj3V5nMjJu4bAluVJ3kbCqReRhqyTQ
fXd2Ax4BHysb4NIteBczegI/h5zm1wwVUSBDL6Bqp4N5xHY9buqb2oMR7oV1XYjw
XSpzOdNrQ0M73Rt9urjKItJ/YsRXshEaHook+6PT7aZgb1XeLgzGyMjfo7a3nhOR
7o3HKfu/QEPnMhQIgZ5yhyC45ZoQveztEsuZB4ojzVi2cgrQq0MYQ/iGIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMEK0WEaMi9A90HEAcurhakUoV1MB8GA1UdIwQY
MBaAFOf4gUAausyIyUH990DxqxU28F26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmIt
ZTJmYmMzYTY4ODAwLzEvMHdRclJZUm95TDBEM1FjUUJ5NnVGcVJTaFhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmItZTJmYmMzYTY4ODAw
LzEvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVfh8MA0G
CSqGSIb3DQEBCwUAA4IBAQAJ5sktYY3aV3+wTb0N+ZFhrGNwG5gkGrfAGzNJD0CV
Ri4R2G0d+tvopuC1w3ChGopCFZkbR9o7g19dyp3+OrkUdgscKtUDgvD9nv9cpy4W
qru/ihFq+jsg15AQt2sPH1YYEcbKPEOdhaMM2BqXE3cT6Y094wu+BpFg+9pGTASV
t8ZA7QzXbhk9WV1M7BdkTBlnJBGsZZJ+Y8Wl5RoS1Oi+nZn3LiFVYL6x+P5H1RzN
kw0yXTiw0/OjOLCnd+FfDILtb1qH6bPIVTiNs1+S9Cb9Ex3t09JyChsTqfjr2VJM
6cF772GZ8ZmpfFjfFzIAzzqbeL6rCejSpDPabMMUv44g
-----END CERTIFICATE-----