Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/t-2bMAmI1E5qjavWr2xDA-5Gph8.roa
File:                     t-2bMAmI1E5qjavWr2xDA-5Gph8.roa (raw, json)
Hash identifier:          Z3d+ls00z6hTzrJWtuc1GX4EAaH8OlSWFLHfos7LfCY=
Subject key identifier:   B7:ED:9B:30:09:88:D4:4E:6A:8D:AB:D6:AF:6C:43:03:EE:46:A6:1F
Certificate issuer:       /CN=1ada225cb7f29416e7534695fbfb21762fee93c8
Certificate serial:       018CC5DC330CEF5C0127BAAB22E4AA67AA6C
Authority key identifier: 1A:DA:22:5C:B7:F2:94:16:E7:53:46:95:FB:FB:21:76:2F:EE:93:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GtoiXLfylBbnU0aV-_shdi_uk8g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/t-2bMAmI1E5qjavWr2xDA-5Gph8.roa
Signing time:             Mon 01 Jan 2024 16:29:51 +0000
ROA not before:           Mon 01 Jan 2024 16:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59816
IP address blocks:        194.70.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/GtoiXLfylBbnU0aV-_shdi_uk8g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/GtoiXLfylBbnU0aV-_shdi_uk8g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GtoiXLfylBbnU0aV-_shdi_uk8g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:33:0c:ef:5c:01:27:ba:ab:22:e4:aa:67:aa:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ada225cb7f29416e7534695fbfb21762fee93c8
        Validity
            Not Before: Jan  1 16:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7ed9b300988d44e6a8dabd6af6c4303ee46a61f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:22:13:40:20:86:59:ba:7e:24:ef:ac:0a:04:
                    a3:f3:f4:ae:df:f5:a3:15:39:08:1b:05:fa:a7:05:
                    b3:9e:4d:bf:0d:34:e2:b3:f7:4d:bc:ac:38:46:b2:
                    8a:8b:e3:cb:b2:7a:36:db:71:4d:91:01:8d:da:b0:
                    07:8c:f7:c9:56:2e:2b:20:03:b6:d7:f4:27:aa:4e:
                    b8:42:ac:95:4e:f2:bc:2a:44:aa:bd:2e:53:e5:7e:
                    da:3b:ff:14:bf:ad:99:aa:c7:02:95:32:d2:6a:91:
                    4d:80:c9:2f:cb:10:6e:9c:83:97:0f:b8:51:91:71:
                    a7:c9:b7:9b:fb:3f:64:bb:a9:1b:81:b2:3c:a4:ba:
                    d1:74:e4:43:85:d3:3b:e9:8b:df:74:99:44:74:a3:
                    30:d7:5f:cd:0f:b6:81:cb:fd:6f:79:78:15:37:95:
                    fc:23:2a:4f:f9:f0:9e:ef:b0:a4:de:79:4a:e5:f8:
                    a1:6a:ce:b6:b1:eb:84:e9:46:a6:c4:0e:07:b2:34:
                    8b:ca:c6:66:0d:8d:ef:ca:48:67:7d:eb:30:b4:4d:
                    7c:3a:d9:af:52:15:93:9a:9e:0e:83:88:f8:0d:9c:
                    da:c9:45:5c:83:32:05:f5:91:21:db:c8:a3:6a:65:
                    17:a4:6d:f7:d3:85:ea:20:d6:96:a2:72:bd:08:3f:
                    0f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:ED:9B:30:09:88:D4:4E:6A:8D:AB:D6:AF:6C:43:03:EE:46:A6:1F
            X509v3 Authority Key Identifier:
                keyid:1A:DA:22:5C:B7:F2:94:16:E7:53:46:95:FB:FB:21:76:2F:EE:93:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GtoiXLfylBbnU0aV-_shdi_uk8g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/t-2bMAmI1E5qjavWr2xDA-5Gph8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/GtoiXLfylBbnU0aV-_shdi_uk8g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.70.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:d1:dd:af:34:af:4e:da:19:92:87:77:ef:64:da:08:26:b9:
         32:52:ac:e2:98:db:89:1a:1c:8c:3a:8b:7c:88:a9:b7:94:c5:
         d1:dc:aa:96:ed:90:cb:17:06:d0:b3:cf:31:08:af:30:87:b2:
         31:80:5d:b6:7d:bb:34:0b:a3:f1:ce:8c:20:6a:97:f0:0b:d8:
         31:ef:99:e3:b2:a2:b6:f9:c8:9e:2d:fc:fe:74:95:7b:3b:6c:
         2e:9c:46:20:f6:17:93:04:00:15:e1:58:c6:1c:84:1f:f9:65:
         1d:81:6e:58:f3:92:13:cd:54:3b:6a:20:78:ca:47:3d:d8:c8:
         e7:3b:55:fc:7f:5c:1d:7f:1c:36:e0:ca:4b:c3:61:f9:bd:38:
         28:66:87:7d:fd:92:3b:ab:13:0a:02:2f:1d:63:2e:d9:68:c2:
         1e:74:12:7e:05:9d:d7:a2:2f:d1:7c:0a:24:1c:b4:60:06:ee:
         1a:37:f7:23:5c:56:0c:a0:fa:56:12:61:17:02:b4:50:4e:ad:
         a2:96:5d:0c:a6:ff:22:32:58:90:3d:26:8a:6e:bc:0c:cd:7a:
         85:86:4f:52:41:38:6b:29:8f:f2:30:63:cc:04:8a:5d:4a:d7:
         8c:4b:75:e0:14:7d:bd:c9:05:61:77:ed:da:34:e7:0e:98:9f:
         2c:d8:cd:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3DMM71wBJ7qrIuSqZ6psMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZGEyMjVjYjdmMjk0MTZlNzUzNDY5NWZiZmIyMTc2MmZl
ZTkzYzgwHhcNMjQwMTAxMTYyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2VkOWIzMDA5ODhkNDRlNmE4ZGFiZDZhZjZjNDMwM2VlNDZhNjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5SITQCCGWbp+JO+sCgSj8/Su3/Wj
FTkIGwX6pwWznk2/DTTis/dNvKw4RrKKi+PLsno223FNkQGN2rAHjPfJVi4rIAO2
1/Qnqk64QqyVTvK8KkSqvS5T5X7aO/8Uv62ZqscClTLSapFNgMkvyxBunIOXD7hR
kXGnybeb+z9ku6kbgbI8pLrRdORDhdM76YvfdJlEdKMw11/ND7aBy/1veXgVN5X8
IypP+fCe77Ck3nlK5fihas62seuE6UamxA4HsjSLysZmDY3vykhnfeswtE18Otmv
UhWTmp4Og4j4DZzayUVcgzIF9ZEh28ijamUXpG3304XqINaWonK9CD8P3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLftmzAJiNROao2r1q9sQwPuRqYfMB8GA1UdIwQY
MBaAFBraIly38pQW51NGlfv7IXYv7pPIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3RvaVhMZnlsQmJuVTBhVi1fc2hkaV91azhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9lOWQ5Y2MtMjY2OC00MmZjLTgzMTUt
NzUyNWQ0ZDQwOGI1LzEvdC0yYk1BbUkxRTVxamF2V3IyeERBLTVHcGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9lOWQ5Y2MtMjY2OC00MmZjLTgzMTUtNzUyNWQ0ZDQwOGI1
LzEvR3RvaVhMZnlsQmJuVTBhVi1fc2hkaV91azhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkaYMA0G
CSqGSIb3DQEBCwUAA4IBAQC00d2vNK9O2hmSh3fvZNoIJrkyUqzimNuJGhyMOot8
iKm3lMXR3KqW7ZDLFwbQs88xCK8wh7IxgF22fbs0C6PxzowgapfwC9gx75njsqK2
+cieLfz+dJV7O2wunEYg9heTBAAV4VjGHIQf+WUdgW5Y85ITzVQ7aiB4ykc92Mjn
O1X8f1wdfxw24MpLw2H5vTgoZod9/ZI7qxMKAi8dYy7ZaMIedBJ+BZ3Xoi/RfAok
HLRgBu4aN/cjXFYMoPpWEmEXArRQTq2ill0Mpv8iMliQPSaKbrwMzXqFhk9SQThr
KY/yMGPMBIpdSteMS3XgFH29yQVhd+3aNOcOmJ8s2M2T
-----END CERTIFICATE-----