Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b7a365-d487-4a28-9d7e-cecd8a182bdf/1/BtOSmXrd9_JJsTOnvWXsIjw-Ejs.roa
File:                     BtOSmXrd9_JJsTOnvWXsIjw-Ejs.roa (raw, json)
Hash identifier:          5ALaWiFfMc7GoXcYou59ADJ250fYZuSPeusyQbnNuMw=
Subject key identifier:   06:D3:92:99:7A:DD:F7:F2:49:B1:33:A7:BD:65:EC:22:3C:3E:12:3B
Certificate issuer:       /CN=e6e8adc72014e57a74e3044eb166e760968f2395
Certificate serial:       018CC64AD68F072C80E622FC6D2A5B4085DA
Authority key identifier: E6:E8:AD:C7:20:14:E5:7A:74:E3:04:4E:B1:66:E7:60:96:8F:23:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5uitxyAU5Xp04wROsWbnYJaPI5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b7a365-d487-4a28-9d7e-cecd8a182bdf/1/BtOSmXrd9_JJsTOnvWXsIjw-Ejs.roa
Signing time:             Mon 01 Jan 2024 18:30:42 +0000
ROA not before:           Mon 01 Jan 2024 18:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29686
IP address blocks:        194.213.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b7a365-d487-4a28-9d7e-cecd8a182bdf/1/5uitxyAU5Xp04wROsWbnYJaPI5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b7a365-d487-4a28-9d7e-cecd8a182bdf/1/5uitxyAU5Xp04wROsWbnYJaPI5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5uitxyAU5Xp04wROsWbnYJaPI5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:d6:8f:07:2c:80:e6:22:fc:6d:2a:5b:40:85:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6e8adc72014e57a74e3044eb166e760968f2395
        Validity
            Not Before: Jan  1 18:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06d392997addf7f249b133a7bd65ec223c3e123b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5f:65:96:23:27:29:87:1b:2f:26:8e:b5:49:
                    fe:25:ec:a4:e7:ff:6e:a2:93:88:f8:4a:ea:64:1e:
                    7c:06:79:81:6a:41:87:9d:59:27:c0:ec:8b:43:64:
                    12:f0:29:f6:c5:ff:b5:61:69:c6:8f:a4:b9:ba:57:
                    6e:fd:02:f3:f0:7b:8a:3f:7d:c9:43:a0:2a:35:bf:
                    23:1d:6b:a7:52:91:cd:18:9d:8a:31:c1:21:3c:4f:
                    81:9d:6b:0d:0d:79:53:8a:42:27:9d:de:73:b8:31:
                    93:e5:35:b8:51:73:36:db:24:5d:db:5b:c6:85:73:
                    83:dd:9b:08:5e:f5:39:88:c6:17:42:3d:cb:15:6f:
                    a9:34:f2:d4:0a:7a:7d:e0:67:51:95:00:65:2d:d3:
                    85:4f:11:1c:59:67:5a:22:71:03:ed:99:c4:a8:73:
                    c2:ca:d6:71:c0:78:fe:09:eb:db:3d:f2:d9:e9:a1:
                    82:b6:c3:52:86:eb:00:c5:e5:01:79:8e:e7:5c:6f:
                    1b:4c:be:99:a4:e5:fa:f8:c4:1b:17:6e:64:bc:0f:
                    90:d2:d2:da:a8:84:99:01:ed:1f:c6:6e:ac:32:a8:
                    ca:f3:c0:1b:cd:55:67:78:90:9e:6c:74:23:e3:a0:
                    4a:41:8f:91:a6:5d:ba:b3:6b:8b:a4:88:db:9d:de:
                    6d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D3:92:99:7A:DD:F7:F2:49:B1:33:A7:BD:65:EC:22:3C:3E:12:3B
            X509v3 Authority Key Identifier:
                keyid:E6:E8:AD:C7:20:14:E5:7A:74:E3:04:4E:B1:66:E7:60:96:8F:23:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5uitxyAU5Xp04wROsWbnYJaPI5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b7a365-d487-4a28-9d7e-cecd8a182bdf/1/BtOSmXrd9_JJsTOnvWXsIjw-Ejs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b7a365-d487-4a28-9d7e-cecd8a182bdf/1/5uitxyAU5Xp04wROsWbnYJaPI5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.213.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:b5:13:c7:f3:63:0a:65:d6:d5:27:a5:81:6a:8d:e7:52:3e:
         8a:25:c1:a2:61:01:13:26:20:d4:74:43:51:11:8e:f2:37:df:
         42:58:34:fe:4c:7d:2c:93:30:43:5d:15:e1:af:86:10:90:1c:
         fc:c7:d4:b1:61:d8:67:59:71:d4:46:53:43:e6:db:1b:86:a2:
         d7:fa:95:8c:cb:5e:a1:56:17:cc:fb:e1:de:18:ad:77:2b:36:
         32:a8:11:4e:34:39:5d:bd:1e:2a:5f:96:d3:1a:a2:fe:1d:04:
         7a:2d:88:65:b9:45:ab:19:03:61:21:70:62:f5:b0:1b:3e:33:
         f1:bd:d3:68:0e:74:2b:a7:3a:f1:9e:f4:f8:2d:6c:d6:67:ab:
         e7:38:f2:30:cc:b4:b7:e1:e3:2e:2e:b5:0c:3b:79:42:91:e9:
         f0:fc:9a:6f:0d:e6:bb:96:d8:e8:ae:66:cc:60:d8:08:a6:06:
         69:6d:eb:6e:a9:17:92:c5:5c:7d:24:44:a7:94:4e:cb:15:ba:
         f6:3e:20:90:c5:91:08:e7:fc:f1:3c:76:b0:51:34:fb:a9:21:
         1c:ba:b4:84:c8:2e:cc:86:89:8a:0c:d1:6a:61:7e:2b:01:a8:
         e1:cc:4e:0b:b0:80:2e:0d:ad:09:3f:14:12:cf:8c:08:d7:62:
         24:30:12:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGStaPByyA5iL8bSpbQIXaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ZThhZGM3MjAxNGU1N2E3NGUzMDQ0ZWIxNjZlNzYwOTY4
ZjIzOTUwHhcNMjQwMTAxMTgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmQzOTI5OTdhZGRmN2YyNDliMTMzYTdiZDY1ZWMyMjNjM2UxMjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmF9lliMnKYcbLyaOtUn+Jeyk5/9u
opOI+ErqZB58BnmBakGHnVknwOyLQ2QS8Cn2xf+1YWnGj6S5uldu/QLz8HuKP33J
Q6AqNb8jHWunUpHNGJ2KMcEhPE+BnWsNDXlTikInnd5zuDGT5TW4UXM22yRd21vG
hXOD3ZsIXvU5iMYXQj3LFW+pNPLUCnp94GdRlQBlLdOFTxEcWWdaInED7ZnEqHPC
ytZxwHj+CevbPfLZ6aGCtsNShusAxeUBeY7nXG8bTL6ZpOX6+MQbF25kvA+Q0tLa
qISZAe0fxm6sMqjK88AbzVVneJCebHQj46BKQY+Rpl26s2uLpIjbnd5tYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbTkpl63ffySbEzp71l7CI8PhI7MB8GA1UdIwQY
MBaAFOborccgFOV6dOMETrFm52CWjyOVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXVpdHh5QVU1WHAwNHdST3NXYm5ZSmFQSTVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iN2EzNjUtZDQ4Ny00YTI4LTlkN2Ut
Y2VjZDhhMTgyYmRmLzEvQnRPU21YcmQ5X0pKc1RPbnZXWHNJanctRWpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iN2EzNjUtZDQ4Ny00YTI4LTlkN2UtY2VjZDhhMTgyYmRm
LzEvNXVpdHh5QVU1WHAwNHdST3NXYm5ZSmFQSTVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtUFMA0G
CSqGSIb3DQEBCwUAA4IBAQAQtRPH82MKZdbVJ6WBao3nUj6KJcGiYQETJiDUdENR
EY7yN99CWDT+TH0skzBDXRXhr4YQkBz8x9SxYdhnWXHURlND5tsbhqLX+pWMy16h
VhfM++HeGK13KzYyqBFONDldvR4qX5bTGqL+HQR6LYhluUWrGQNhIXBi9bAbPjPx
vdNoDnQrpzrxnvT4LWzWZ6vnOPIwzLS34eMuLrUMO3lCkenw/JpvDea7ltjormbM
YNgIpgZpbetuqReSxVx9JESnlE7LFbr2PiCQxZEI5/zxPHawUTT7qSEcurSEyC7M
homKDNFqYX4rAajhzE4LsIAuDa0JPxQSz4wI12IkMBIT
-----END CERTIFICATE-----