Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/5lwKN8bWv7RETFO4R2KnB6nMZdI.roa
File:                     5lwKN8bWv7RETFO4R2KnB6nMZdI.roa (raw, json)
Hash identifier:          IgJTLjIZI4K1bMNiUeD2nIz0kjhMcPsWAdZMQ8Gddio=
Subject key identifier:   E6:5C:0A:37:C6:D6:BF:B4:44:4C:53:B8:47:62:A7:07:A9:CC:65:D2
Certificate issuer:       /CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Certificate serial:       018EECDCEF506753B2D1BB6E29ADEF26A466
Authority key identifier: 4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/5lwKN8bWv7RETFO4R2KnB6nMZdI.roa
Signing time:             Wed 17 Apr 2024 16:21:25 +0000
ROA not before:           Wed 17 Apr 2024 16:21:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44620
IP address blocks:        93.180.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ec:dc:ef:50:67:53:b2:d1:bb:6e:29:ad:ef:26:a4:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
        Validity
            Not Before: Apr 17 16:21:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e65c0a37c6d6bfb4444c53b84762a707a9cc65d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:9d:ca:1f:85:5d:4b:36:7f:97:67:ee:2a:39:
                    5f:49:be:90:10:f7:66:ce:d8:c0:50:85:67:4c:bf:
                    bd:96:29:33:6c:fa:32:aa:ab:68:64:e4:43:f8:46:
                    b3:cc:d2:ea:29:33:19:dc:7a:34:a3:6a:ff:ae:a5:
                    e4:a9:e3:a6:d5:09:15:1c:4e:63:e4:79:83:af:63:
                    5f:f2:21:92:ea:73:33:b4:5d:03:ca:74:ba:06:49:
                    48:5c:bb:40:58:11:b4:71:22:f3:f8:3a:d3:25:e5:
                    ee:07:a6:6f:26:ba:0d:c4:9f:35:50:5b:f0:ce:fc:
                    d8:21:7d:7b:dd:fc:e6:86:8b:22:2f:fc:03:c7:be:
                    57:c0:f8:03:6b:78:4b:32:db:ec:d7:1c:06:c7:41:
                    11:44:d3:92:6a:4f:d1:bc:0a:e2:3c:80:5a:45:ac:
                    e0:1c:ff:a7:c8:98:ff:69:e2:41:14:7f:5f:f4:20:
                    18:c2:94:7a:09:55:14:ed:57:3b:07:3b:4e:91:b6:
                    e4:4e:65:d8:46:b6:f5:a9:1f:ad:68:be:aa:cd:7a:
                    24:ac:60:87:85:15:b2:57:d8:ae:f2:02:27:14:2e:
                    ed:2d:bf:6e:cd:ce:a8:46:d7:13:13:fc:cf:27:e7:
                    f1:e7:88:c1:45:51:d0:bc:8f:48:07:f9:4e:b4:81:
                    34:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:5C:0A:37:C6:D6:BF:B4:44:4C:53:B8:47:62:A7:07:A9:CC:65:D2
            X509v3 Authority Key Identifier:
                keyid:4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/5lwKN8bWv7RETFO4R2KnB6nMZdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.180.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:ce:b3:da:02:07:da:be:dc:4c:98:a9:14:96:8b:e0:78:ad:
         46:a7:b6:4e:3e:84:38:a8:c8:a5:24:9f:b2:3b:6e:67:d1:48:
         61:65:fe:c2:5f:e0:5e:64:4d:b1:e9:00:ee:66:8d:a7:13:d3:
         da:93:c1:52:9f:13:6c:ce:99:a4:b2:dd:7f:ed:b5:32:b2:ad:
         ef:3c:5c:ad:c0:72:56:24:ec:e0:08:1b:98:7c:b9:c2:2f:c5:
         a2:54:33:7e:7a:0f:76:1e:1c:80:61:87:a5:ca:c8:a4:80:6f:
         f9:2b:94:26:dd:b9:76:8d:b6:dd:83:66:7f:2b:22:8e:5f:96:
         8a:99:80:0a:e5:9b:29:84:a8:7e:c5:5e:f1:18:3b:c7:11:0d:
         d9:e3:7b:72:d5:fa:d2:f3:df:b8:fd:80:c0:ca:17:37:37:65:
         2b:d8:15:68:35:d4:25:4f:e9:b9:6d:dd:54:b8:f5:82:cb:00:
         3a:cf:24:8b:8e:c8:05:47:b3:43:e5:0f:9a:3e:46:92:5a:d4:
         94:bf:96:ba:2f:e9:48:bc:38:0e:37:ad:ff:90:fc:f6:37:07:
         d7:08:14:5a:9b:11:56:ff:3b:fa:be:9f:90:0b:f6:7e:1b:20:
         be:98:be:94:82:10:0f:29:97:0e:61:80:4f:e8:4f:3c:6f:a2:
         d2:e4:7b:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7s3O9QZ1Oy0btuKa3vJqRmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTg0ZDI0N2NlMzdjZGNjZjA2ZTE1NzFkMjI2YTJiODU2
NzdiY2QwHhcNMjQwNDE3MTYyMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjVjMGEzN2M2ZDZiZmI0NDQ0YzUzYjg0NzYyYTcwN2E5Y2M2NWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhp3KH4VdSzZ/l2fuKjlfSb6QEPdm
ztjAUIVnTL+9likzbPoyqqtoZORD+EazzNLqKTMZ3Ho0o2r/rqXkqeOm1QkVHE5j
5HmDr2Nf8iGS6nMztF0DynS6BklIXLtAWBG0cSLz+DrTJeXuB6ZvJroNxJ81UFvw
zvzYIX173fzmhosiL/wDx75XwPgDa3hLMtvs1xwGx0ERRNOSak/RvAriPIBaRazg
HP+nyJj/aeJBFH9f9CAYwpR6CVUU7Vc7BztOkbbkTmXYRrb1qR+taL6qzXokrGCH
hRWyV9iu8gInFC7tLb9uzc6oRtcTE/zPJ+fx54jBRVHQvI9IB/lOtIE0UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOZcCjfG1r+0RExTuEdipwepzGXSMB8GA1UdIwQY
MBaAFE2oTSR843zczwbhVx0iaiuFZ3vNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGIt
NTU1OGE4YjUzZTNkLzEvNWx3S044Yld2N1JFVEZPNFIyS25CNm5NWmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGItNTU1OGE4YjUzZTNk
LzEvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbSGMA0G
CSqGSIb3DQEBCwUAA4IBAQBIzrPaAgfavtxMmKkUlovgeK1Gp7ZOPoQ4qMilJJ+y
O25n0UhhZf7CX+BeZE2x6QDuZo2nE9Pak8FSnxNszpmkst1/7bUysq3vPFytwHJW
JOzgCBuYfLnCL8WiVDN+eg92HhyAYYelysikgG/5K5Qm3bl2jbbdg2Z/KyKOX5aK
mYAK5ZsphKh+xV7xGDvHEQ3Z43ty1frS89+4/YDAyhc3N2Ur2BVoNdQlT+m5bd1U
uPWCywA6zySLjsgFR7ND5Q+aPkaSWtSUv5a6L+lIvDgON63/kPz2NwfXCBRamxFW
/zv6vp+QC/Z+GyC+mL6UghAPKZcOYYBP6E88b6LS5Hsa
-----END CERTIFICATE-----