Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/dcd87f-4aa7-44ff-97bf-ce32d66f30a8/1/5AH1h4NyVjQ13ETy-e_gxxUeMO0.roa
File:                     5AH1h4NyVjQ13ETy-e_gxxUeMO0.roa (raw, json)
Hash identifier:          YDzcaiAcRe3E+XVxNNIlIo8aFfopUyxWoIIuZFhkJmA=
Subject key identifier:   E4:01:F5:87:83:72:56:34:35:DC:44:F2:F9:EF:E0:C7:15:1E:30:ED
Certificate issuer:       /CN=676244de0190a6dd5a899a2b37b002b9ae632c86
Certificate serial:       018CC56EDF3D087F155192DDED6930F8F128
Authority key identifier: 67:62:44:DE:01:90:A6:DD:5A:89:9A:2B:37:B0:02:B9:AE:63:2C:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z2JE3gGQpt1aiZorN7ACua5jLIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/dcd87f-4aa7-44ff-97bf-ce32d66f30a8/1/5AH1h4NyVjQ13ETy-e_gxxUeMO0.roa
Signing time:             Mon 01 Jan 2024 14:30:26 +0000
ROA not before:           Mon 01 Jan 2024 14:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205863
IP address blocks:        185.203.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/dcd87f-4aa7-44ff-97bf-ce32d66f30a8/1/Z2JE3gGQpt1aiZorN7ACua5jLIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/dcd87f-4aa7-44ff-97bf-ce32d66f30a8/1/Z2JE3gGQpt1aiZorN7ACua5jLIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z2JE3gGQpt1aiZorN7ACua5jLIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:df:3d:08:7f:15:51:92:dd:ed:69:30:f8:f1:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=676244de0190a6dd5a899a2b37b002b9ae632c86
        Validity
            Not Before: Jan  1 14:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e401f5878372563435dc44f2f9efe0c7151e30ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ad:eb:2b:7c:cc:21:57:e7:57:47:54:1f:5e:
                    77:74:ff:39:8e:be:3a:24:d2:6d:0b:0f:a9:d5:76:
                    40:8d:b7:ee:c3:62:34:74:50:3c:01:01:4e:37:9e:
                    b3:e9:f3:a8:b7:00:79:ad:51:f0:74:8e:98:68:88:
                    5f:8f:6b:f2:9a:0f:c5:ae:3e:fb:e8:6a:1f:d7:79:
                    f3:a2:e8:aa:20:cd:a9:40:0c:5c:28:dc:66:a4:0f:
                    18:22:b5:92:39:1e:0c:f7:79:e4:26:92:d9:13:87:
                    ad:b9:64:13:84:7c:e0:29:db:ba:3c:95:0d:ad:eb:
                    c3:4c:1c:3e:c2:dd:52:74:dd:f7:3d:ba:be:e5:5f:
                    67:39:96:6b:b5:a6:a8:c1:11:2b:dc:94:65:06:c1:
                    72:0b:fd:a4:92:3e:3b:d1:ef:85:12:f4:90:89:82:
                    35:ef:25:dc:f0:90:71:46:c2:9d:29:4c:ac:26:08:
                    62:21:c2:58:f2:9c:5c:ef:6f:51:7f:a1:a2:04:e5:
                    69:88:66:d6:8c:9f:a6:06:f9:a4:d6:9d:3e:17:5c:
                    47:00:e1:aa:ab:6d:50:8a:e6:55:a1:d5:19:68:4a:
                    a2:97:73:29:b2:9d:5e:e8:d2:34:ad:a2:e3:b8:18:
                    bb:6a:32:e2:5a:38:2f:60:26:7c:bb:34:3c:ab:18:
                    7a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:01:F5:87:83:72:56:34:35:DC:44:F2:F9:EF:E0:C7:15:1E:30:ED
            X509v3 Authority Key Identifier:
                keyid:67:62:44:DE:01:90:A6:DD:5A:89:9A:2B:37:B0:02:B9:AE:63:2C:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z2JE3gGQpt1aiZorN7ACua5jLIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/dcd87f-4aa7-44ff-97bf-ce32d66f30a8/1/5AH1h4NyVjQ13ETy-e_gxxUeMO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/dcd87f-4aa7-44ff-97bf-ce32d66f30a8/1/Z2JE3gGQpt1aiZorN7ACua5jLIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:7c:a2:5a:9f:c9:f0:9e:fc:09:fd:90:35:0f:bf:d0:b9:9c:
         17:f8:e5:30:74:bd:ec:d8:41:97:70:37:49:51:04:3b:b6:77:
         1a:10:1b:22:bb:a9:61:11:42:4d:0a:2d:1c:b4:d8:d5:04:27:
         10:91:38:96:f8:cb:5e:23:59:47:6e:ec:c1:7e:06:0c:a6:19:
         c2:a7:47:e3:29:52:f5:d0:2c:6d:d9:53:d7:f0:36:07:63:22:
         b2:0e:a9:1c:b0:f1:ff:b5:a2:b0:f1:b2:24:87:c7:9b:2e:2e:
         f4:27:9c:10:71:cd:84:d2:14:b2:d2:d6:df:cb:85:ca:71:59:
         57:b1:f9:fb:90:08:a3:58:57:0b:b2:8f:2e:06:27:68:ee:c7:
         29:3b:ff:0b:63:55:f2:87:4d:62:76:30:47:94:ea:6a:ea:54:
         71:71:57:15:20:e1:02:de:00:09:63:5c:58:bb:b8:95:d4:c2:
         3f:b8:8e:87:1f:4a:f0:e1:c8:cb:7d:9d:0c:1f:a8:e6:4a:82:
         10:3c:fa:fb:6a:f7:54:7b:59:18:53:da:9f:d1:55:f3:5a:28:
         e4:22:53:67:c8:c9:ce:b2:5a:a2:8f:76:d4:2b:30:96:66:49:
         51:7e:8b:1b:f8:47:00:4e:84:d9:22:b7:19:da:ec:63:a0:2a:
         72:4c:a3:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbt89CH8VUZLd7Wkw+PEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NjI0NGRlMDE5MGE2ZGQ1YTg5OWEyYjM3YjAwMmI5YWU2
MzJjODYwHhcNMjQwMTAxMTQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDAxZjU4NzgzNzI1NjM0MzVkYzQ0ZjJmOWVmZTBjNzE1MWUzMGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAga3rK3zMIVfnV0dUH153dP85jr46
JNJtCw+p1XZAjbfuw2I0dFA8AQFON56z6fOotwB5rVHwdI6YaIhfj2vymg/Frj77
6Gof13nzouiqIM2pQAxcKNxmpA8YIrWSOR4M93nkJpLZE4etuWQThHzgKdu6PJUN
revDTBw+wt1SdN33Pbq+5V9nOZZrtaaowREr3JRlBsFyC/2kkj470e+FEvSQiYI1
7yXc8JBxRsKdKUysJghiIcJY8pxc729Rf6GiBOVpiGbWjJ+mBvmk1p0+F1xHAOGq
q21QiuZVodUZaEqil3Mpsp1e6NI0raLjuBi7ajLiWjgvYCZ8uzQ8qxh6cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQB9YeDclY0NdxE8vnv4McVHjDtMB8GA1UdIwQY
MBaAFGdiRN4BkKbdWomaKzewArmuYyyGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjJKRTNnR1FwdDFhaVpvck43QUN1YTVqTElZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9kY2Q4N2YtNGFhNy00NGZmLTk3YmYt
Y2UzMmQ2NmYzMGE4LzEvNUFIMWg0TnlWalExM0VUeS1lX2d4eFVlTU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9kY2Q4N2YtNGFhNy00NGZmLTk3YmYtY2UzMmQ2NmYzMGE4
LzEvWjJKRTNnR1FwdDFhaVpvck43QUN1YTVqTElZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucucMA0G
CSqGSIb3DQEBCwUAA4IBAQC4fKJan8nwnvwJ/ZA1D7/QuZwX+OUwdL3s2EGXcDdJ
UQQ7tncaEBsiu6lhEUJNCi0ctNjVBCcQkTiW+MteI1lHbuzBfgYMphnCp0fjKVL1
0Cxt2VPX8DYHYyKyDqkcsPH/taKw8bIkh8ebLi70J5wQcc2E0hSy0tbfy4XKcVlX
sfn7kAijWFcLso8uBido7scpO/8LY1Xyh01idjBHlOpq6lRxcVcVIOEC3gAJY1xY
u7iV1MI/uI6HH0rw4cjLfZ0MH6jmSoIQPPr7avdUe1kYU9qf0VXzWijkIlNnyMnO
slqij3bUKzCWZklRfosb+EcAToTZIrcZ2uxjoCpyTKNi
-----END CERTIFICATE-----