Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/76fb22-124c-4866-8e4d-8b792a42d0ef/1/5T_rQB5T9zawC_ZR1tNkC1GMYyM.roa
File:                     5T_rQB5T9zawC_ZR1tNkC1GMYyM.roa (raw, json)
Hash identifier:          tviU+Rh/5w5l1AgbKHhK0QLyvejpJyC8KoLZ71Luw3Y=
Subject key identifier:   E5:3F:EB:40:1E:53:F7:36:B0:0B:F6:51:D6:D3:64:0B:51:8C:63:23
Certificate issuer:       /CN=1e5fe0ae25c6eae27763dcdec51a0e10ebc6c374
Certificate serial:       018CC7944CD1879531DF884990A62C05BC07
Authority key identifier: 1E:5F:E0:AE:25:C6:EA:E2:77:63:DC:DE:C5:1A:0E:10:EB:C6:C3:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hl_griXG6uJ3Y9zexRoOEOvGw3Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/76fb22-124c-4866-8e4d-8b792a42d0ef/1/5T_rQB5T9zawC_ZR1tNkC1GMYyM.roa
Signing time:             Tue 02 Jan 2024 00:30:34 +0000
ROA not before:           Tue 02 Jan 2024 00:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41072
IP address blocks:        193.104.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/76fb22-124c-4866-8e4d-8b792a42d0ef/1/Hl_griXG6uJ3Y9zexRoOEOvGw3Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/76fb22-124c-4866-8e4d-8b792a42d0ef/1/Hl_griXG6uJ3Y9zexRoOEOvGw3Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hl_griXG6uJ3Y9zexRoOEOvGw3Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:4c:d1:87:95:31:df:88:49:90:a6:2c:05:bc:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5fe0ae25c6eae27763dcdec51a0e10ebc6c374
        Validity
            Not Before: Jan  2 00:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e53feb401e53f736b00bf651d6d3640b518c6323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b6:c1:d3:1a:a0:cd:1d:55:01:27:8a:eb:31:
                    59:ac:30:a6:c0:5e:b5:24:9b:ef:f5:70:22:6b:26:
                    fd:1c:d8:8f:aa:4c:68:94:62:70:18:6b:19:10:5a:
                    47:63:d3:fd:57:f5:bc:3d:81:17:99:d2:06:04:91:
                    8f:d4:1e:28:1a:03:ac:86:a7:db:be:b9:67:51:99:
                    42:8b:db:e8:68:c4:fc:8a:0d:c9:25:72:fd:24:c1:
                    aa:6a:e7:33:c2:e8:27:7d:d1:c5:5c:cf:f5:f6:f9:
                    e0:d8:89:8d:d7:af:2e:b2:61:fc:59:d3:cf:d1:b8:
                    25:73:2b:06:8a:e3:ec:36:19:cc:e3:05:0e:40:f5:
                    9c:4b:30:48:d8:85:c4:4b:56:68:9f:88:9f:e2:fd:
                    57:08:7a:e8:fd:63:c7:ec:f2:34:8a:5b:56:ea:19:
                    e8:79:60:4d:30:26:45:c7:95:e1:6e:6d:4e:38:4a:
                    7a:8d:d7:2c:2c:f8:5f:3b:b3:c1:af:7d:d9:d9:77:
                    c8:08:80:77:cd:16:b9:58:32:85:9c:1b:c7:8b:83:
                    78:1b:7c:41:41:1b:d3:ec:b8:4f:c4:db:46:1d:e1:
                    b3:81:64:12:47:35:69:81:8c:e4:6a:99:cf:e2:b0:
                    a3:f7:1c:df:29:60:eb:8e:45:7e:e3:1e:35:b1:ba:
                    51:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:3F:EB:40:1E:53:F7:36:B0:0B:F6:51:D6:D3:64:0B:51:8C:63:23
            X509v3 Authority Key Identifier:
                keyid:1E:5F:E0:AE:25:C6:EA:E2:77:63:DC:DE:C5:1A:0E:10:EB:C6:C3:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hl_griXG6uJ3Y9zexRoOEOvGw3Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/76fb22-124c-4866-8e4d-8b792a42d0ef/1/5T_rQB5T9zawC_ZR1tNkC1GMYyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/76fb22-124c-4866-8e4d-8b792a42d0ef/1/Hl_griXG6uJ3Y9zexRoOEOvGw3Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:61:1d:ed:4f:b7:16:05:67:a8:5b:26:d4:8f:85:ae:56:dd:
         7f:79:88:22:24:cd:e0:3f:7b:37:56:bd:4e:5d:e0:23:c1:24:
         69:99:6f:4b:bf:78:85:e8:3c:c9:e9:71:f3:10:9e:0b:4c:20:
         da:17:78:79:28:ff:3f:1c:f8:8f:ab:ee:f0:99:10:45:4d:d4:
         c3:db:b3:84:eb:fe:0a:bb:e9:a2:70:c7:56:a5:c4:a4:f4:44:
         f0:00:f8:a1:02:82:4f:2c:6b:82:eb:33:86:40:29:1a:94:29:
         18:87:a4:26:a6:1a:37:08:49:05:69:f7:8b:02:be:3d:99:e9:
         e9:af:4b:2c:f6:85:e0:5c:15:13:62:43:cd:0f:f9:ec:f6:fd:
         13:8a:87:9b:60:90:7d:37:39:60:c8:d9:1b:9b:66:08:91:00:
         b9:0a:4c:5d:9d:1c:c4:aa:48:d1:74:f5:5d:b2:58:77:27:9f:
         6a:07:55:92:10:9d:5e:ee:bd:f3:f2:56:2e:55:6d:39:59:03:
         76:e2:81:c9:b4:2f:f3:ef:bb:e8:f3:53:44:a6:b4:83:ea:50:
         fd:95:69:3e:4a:3b:9b:7c:4a:2f:42:51:e2:b8:84:23:c5:eb:
         8a:ff:e9:45:0a:1c:a8:a0:5f:09:72:cd:cc:ee:95:9a:79:56:
         fe:37:b1:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEzRh5Ux34hJkKYsBbwHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWZlMGFlMjVjNmVhZTI3NzYzZGNkZWM1MWEwZTEwZWJj
NmMzNzQwHhcNMjQwMTAyMDAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTNmZWI0MDFlNTNmNzM2YjAwYmY2NTFkNmQzNjQwYjUxOGM2MzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorbB0xqgzR1VASeK6zFZrDCmwF61
JJvv9XAiayb9HNiPqkxolGJwGGsZEFpHY9P9V/W8PYEXmdIGBJGP1B4oGgOshqfb
vrlnUZlCi9voaMT8ig3JJXL9JMGqauczwugnfdHFXM/19vng2ImN168usmH8WdPP
0bglcysGiuPsNhnM4wUOQPWcSzBI2IXES1Zon4if4v1XCHro/WPH7PI0iltW6hno
eWBNMCZFx5Xhbm1OOEp6jdcsLPhfO7PBr33Z2XfICIB3zRa5WDKFnBvHi4N4G3xB
QRvT7LhPxNtGHeGzgWQSRzVpgYzkapnP4rCj9xzfKWDrjkV+4x41sbpRywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOU/60AeU/c2sAv2UdbTZAtRjGMjMB8GA1UdIwQY
MBaAFB5f4K4lxurid2Pc3sUaDhDrxsN0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxfZ3JpWEc2dUozWTl6ZXhSb09FT3ZHdzNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS83NmZiMjItMTI0Yy00ODY2LThlNGQt
OGI3OTJhNDJkMGVmLzEvNVRfclFCNVQ5emF3Q19aUjF0TmtDMUdNWXlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS83NmZiMjItMTI0Yy00ODY2LThlNGQtOGI3OTJhNDJkMGVm
LzEvSGxfZ3JpWEc2dUozWTl6ZXhSb09FT3ZHdzNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWgAMA0G
CSqGSIb3DQEBCwUAA4IBAQBkYR3tT7cWBWeoWybUj4WuVt1/eYgiJM3gP3s3Vr1O
XeAjwSRpmW9Lv3iF6DzJ6XHzEJ4LTCDaF3h5KP8/HPiPq+7wmRBFTdTD27OE6/4K
u+micMdWpcSk9ETwAPihAoJPLGuC6zOGQCkalCkYh6Qmpho3CEkFafeLAr49menp
r0ss9oXgXBUTYkPND/ns9v0TioebYJB9NzlgyNkbm2YIkQC5CkxdnRzEqkjRdPVd
slh3J59qB1WSEJ1e7r3z8lYuVW05WQN24oHJtC/z77vo81NEprSD6lD9lWk+Sjub
fEovQlHiuIQjxeuK/+lFChyooF8Jcs3M7pWaeVb+N7H8
-----END CERTIFICATE-----