Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/705eab-6eac-4ff8-b6c6-70203bf356fd/1/eGKl9XQcRZgU6Zsmq9gulruGNas.roa
File:                     eGKl9XQcRZgU6Zsmq9gulruGNas.roa (raw, json)
Hash identifier:          ahkNFwKUPByD+Hv15O6XZQXHqfi6F25Qu/PPOEGGESc=
Subject key identifier:   78:62:A5:F5:74:1C:45:98:14:E9:9B:26:AB:D8:2E:96:BB:86:35:AB
Certificate issuer:       /CN=07ff0bec3c337b47ddcf366f4301503be783d798
Certificate serial:       018CC8DF66D7445C7EC343CB119E6CEAF181
Authority key identifier: 07:FF:0B:EC:3C:33:7B:47:DD:CF:36:6F:43:01:50:3B:E7:83:D7:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_8L7Dwze0fdzzZvQwFQO-eD15g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/705eab-6eac-4ff8-b6c6-70203bf356fd/1/eGKl9XQcRZgU6Zsmq9gulruGNas.roa
Signing time:             Tue 02 Jan 2024 06:32:13 +0000
ROA not before:           Tue 02 Jan 2024 06:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        5.57.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/705eab-6eac-4ff8-b6c6-70203bf356fd/1/B_8L7Dwze0fdzzZvQwFQO-eD15g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/705eab-6eac-4ff8-b6c6-70203bf356fd/1/B_8L7Dwze0fdzzZvQwFQO-eD15g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_8L7Dwze0fdzzZvQwFQO-eD15g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:66:d7:44:5c:7e:c3:43:cb:11:9e:6c:ea:f1:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07ff0bec3c337b47ddcf366f4301503be783d798
        Validity
            Not Before: Jan  2 06:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7862a5f5741c459814e99b26abd82e96bb8635ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c5:a4:ae:2e:9d:23:9f:87:22:4c:25:88:cd:
                    ad:de:ed:0d:8c:ba:17:03:d0:c8:5f:e4:5b:19:3b:
                    57:51:1e:e5:ed:b0:dd:85:c2:77:00:55:52:fb:3c:
                    af:5f:e5:f3:9c:b5:fc:02:d9:1e:e6:c3:21:62:1d:
                    8b:c8:ae:fd:a8:84:f9:e0:4b:6d:92:c5:f8:9d:53:
                    69:64:d8:bc:b1:c4:bf:0f:2e:76:bd:b7:45:7e:45:
                    21:c7:f6:95:11:5e:88:27:ac:e8:6d:e8:e2:ec:c8:
                    0e:1a:49:a5:73:ef:4b:04:f9:8f:6c:b5:9f:57:2c:
                    40:7e:78:49:15:1b:b3:4d:b9:77:a3:fb:dd:47:a5:
                    e5:e8:e1:65:8e:f9:2b:bb:f4:8b:61:f7:70:71:0c:
                    3c:5e:e6:54:6f:c6:5d:cf:eb:9e:e4:9e:33:ef:2b:
                    1b:92:9e:2f:5d:a9:86:12:52:50:01:fc:c8:87:f4:
                    77:d6:a5:fc:58:af:9a:61:b9:6b:57:42:d6:ed:e4:
                    1d:f0:1f:e5:91:36:38:31:a8:dd:9c:ec:4a:98:a4:
                    91:3f:81:de:9e:d1:61:15:27:77:f6:52:98:d6:11:
                    69:ad:ac:1f:81:51:94:b2:bf:b3:d0:61:71:c2:55:
                    7b:f8:dc:a6:f4:50:1b:f1:93:4d:c3:82:17:24:12:
                    84:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:62:A5:F5:74:1C:45:98:14:E9:9B:26:AB:D8:2E:96:BB:86:35:AB
            X509v3 Authority Key Identifier:
                keyid:07:FF:0B:EC:3C:33:7B:47:DD:CF:36:6F:43:01:50:3B:E7:83:D7:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_8L7Dwze0fdzzZvQwFQO-eD15g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/705eab-6eac-4ff8-b6c6-70203bf356fd/1/eGKl9XQcRZgU6Zsmq9gulruGNas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/705eab-6eac-4ff8-b6c6-70203bf356fd/1/B_8L7Dwze0fdzzZvQwFQO-eD15g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:c2:b5:49:b8:97:95:9d:43:9c:db:a9:90:24:be:d4:0a:53:
         bc:11:10:3c:eb:fe:2f:9f:96:2b:92:fb:b6:1b:48:45:dd:b6:
         85:c4:e9:bb:af:79:df:28:18:ef:3b:dd:2c:5f:c2:98:5f:3c:
         f0:5f:53:86:c3:82:01:15:c5:43:36:43:da:db:cc:ff:d0:8c:
         56:a6:3e:22:5e:06:de:c4:cc:c3:da:d5:6c:00:bc:d4:6d:c6:
         ab:49:9f:41:c1:73:3b:0e:f7:85:ea:91:d7:a5:b6:22:b3:e6:
         a0:0e:cf:b3:bf:35:ef:ad:be:18:c6:21:86:d4:ed:6c:15:44:
         7c:eb:35:27:77:63:ca:47:b2:26:26:fa:66:4a:c4:cf:3c:c7:
         1b:eb:ab:c0:2b:8a:5b:fe:02:73:05:38:1b:1a:26:f3:92:e1:
         46:69:46:f5:4b:06:9f:27:7f:ac:3f:4f:ce:d4:6d:f7:8a:15:
         3a:91:2e:67:57:78:2e:6f:ca:57:c2:8c:58:0b:c1:2d:d8:85:
         84:0f:9f:e3:3b:80:7d:12:6b:7f:0b:4f:58:82:3f:4b:48:d9:
         eb:f8:fe:ae:59:89:2b:bd:4d:dc:f7:79:5d:f1:27:05:40:1a:
         89:6a:f7:14:43:d2:e5:18:44:7a:fb:68:b8:b8:3d:a4:89:6f:
         f9:83:3d:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI32bXRFx+w0PLEZ5s6vGBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZmYwYmVjM2MzMzdiNDdkZGNmMzY2ZjQzMDE1MDNiZTc4
M2Q3OTgwHhcNMjQwMTAyMDYzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODYyYTVmNTc0MWM0NTk4MTRlOTliMjZhYmQ4MmU5NmJiODYzNWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsWkri6dI5+HIkwliM2t3u0NjLoX
A9DIX+RbGTtXUR7l7bDdhcJ3AFVS+zyvX+XznLX8Atke5sMhYh2LyK79qIT54Ett
ksX4nVNpZNi8scS/Dy52vbdFfkUhx/aVEV6IJ6zobeji7MgOGkmlc+9LBPmPbLWf
VyxAfnhJFRuzTbl3o/vdR6Xl6OFljvkru/SLYfdwcQw8XuZUb8Zdz+ue5J4z7ysb
kp4vXamGElJQAfzIh/R31qX8WK+aYblrV0LW7eQd8B/lkTY4MajdnOxKmKSRP4He
ntFhFSd39lKY1hFprawfgVGUsr+z0GFxwlV7+Nym9FAb8ZNNw4IXJBKEnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhipfV0HEWYFOmbJqvYLpa7hjWrMB8GA1UdIwQY
MBaAFAf/C+w8M3tH3c82b0MBUDvng9eYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl84TDdEd3plMGZkenpadlF3RlFPLWVEMTVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83MDVlYWItNmVhYy00ZmY4LWI2YzYt
NzAyMDNiZjM1NmZkLzEvZUdLbDlYUWNSWmdVNlpzbXE5Z3VscnVHTmFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83MDVlYWItNmVhYy00ZmY4LWI2YzYtNzAyMDNiZjM1NmZk
LzEvQl84TDdEd3plMGZkenpadlF3RlFPLWVEMTVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTnXMA0G
CSqGSIb3DQEBCwUAA4IBAQAUwrVJuJeVnUOc26mQJL7UClO8ERA86/4vn5Yrkvu2
G0hF3baFxOm7r3nfKBjvO90sX8KYXzzwX1OGw4IBFcVDNkPa28z/0IxWpj4iXgbe
xMzD2tVsALzUbcarSZ9BwXM7DveF6pHXpbYis+agDs+zvzXvrb4YxiGG1O1sFUR8
6zUnd2PKR7ImJvpmSsTPPMcb66vAK4pb/gJzBTgbGibzkuFGaUb1SwafJ3+sP0/O
1G33ihU6kS5nV3gub8pXwoxYC8Et2IWED5/jO4B9Emt/C09Ygj9LSNnr+P6uWYkr
vU3c93ld8ScFQBqJavcUQ9LlGER6+2i4uD2kiW/5gz33
-----END CERTIFICATE-----