Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/c66a1f-7707-4f8d-a274-4df65aba6a62/1/5eaDPx6zIyMihP5R14XtvgfM3mU.roa
File:                     5eaDPx6zIyMihP5R14XtvgfM3mU.roa (raw, json)
Hash identifier:          rM/8U/hlNl1XdaJyixb3BbY0Wg8EdMn6MltO9oJQYUU=
Subject key identifier:   E5:E6:83:3F:1E:B3:23:23:22:84:FE:51:D7:85:ED:BE:07:CC:DE:65
Certificate issuer:       /CN=e55b1a4f1942e4b1d894cbc8cf09073d02890170
Certificate serial:       018CC79427260EE9CEFC92C0348374AEAE01
Authority key identifier: E5:5B:1A:4F:19:42:E4:B1:D8:94:CB:C8:CF:09:07:3D:02:89:01:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5VsaTxlC5LHYlMvIzwkHPQKJAXA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/c66a1f-7707-4f8d-a274-4df65aba6a62/1/5eaDPx6zIyMihP5R14XtvgfM3mU.roa
Signing time:             Tue 02 Jan 2024 00:30:24 +0000
ROA not before:           Tue 02 Jan 2024 00:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211740
IP address blocks:        185.112.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/c66a1f-7707-4f8d-a274-4df65aba6a62/1/5VsaTxlC5LHYlMvIzwkHPQKJAXA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/c66a1f-7707-4f8d-a274-4df65aba6a62/1/5VsaTxlC5LHYlMvIzwkHPQKJAXA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5VsaTxlC5LHYlMvIzwkHPQKJAXA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 00:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:27:26:0e:e9:ce:fc:92:c0:34:83:74:ae:ae:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e55b1a4f1942e4b1d894cbc8cf09073d02890170
        Validity
            Not Before: Jan  2 00:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5e6833f1eb323232284fe51d785edbe07ccde65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8c:50:ce:50:3e:b9:20:11:d1:84:9a:a2:cd:
                    9c:51:75:38:ad:02:6f:31:71:63:09:a3:b1:5f:82:
                    51:1e:64:9a:ed:26:b9:c1:c3:86:16:c8:ea:82:11:
                    20:45:96:2f:42:be:b7:b8:96:5e:cb:e0:21:af:f4:
                    e7:5d:8a:96:a2:94:a6:f0:0d:85:1c:20:13:a0:7c:
                    ee:05:de:0d:b0:37:e9:01:c8:e9:6a:22:ae:e8:94:
                    21:54:6a:9c:37:09:a8:54:57:f2:98:50:8b:d5:a9:
                    ad:58:12:ed:ba:fa:77:08:c3:64:6f:e7:87:d0:98:
                    ea:58:53:c6:c8:d2:8b:6b:04:ea:59:a0:6c:5f:bc:
                    d5:09:c3:85:ca:32:00:29:ce:b1:0d:a6:3c:72:7c:
                    e2:58:c0:0a:e1:1f:7e:c6:f2:31:47:c9:fe:7c:c6:
                    b7:3a:00:ed:32:39:f1:af:a2:11:fa:d7:79:c6:9a:
                    d5:c7:3b:8b:63:c1:6f:26:1e:71:14:76:29:99:c8:
                    04:76:d9:cd:e1:c6:8a:64:d9:4b:8e:25:b8:08:b0:
                    5e:9e:5b:31:df:2a:78:ba:05:48:1b:42:72:9e:fb:
                    16:cb:41:8a:5b:bd:86:3e:19:72:82:25:ff:f4:4e:
                    54:18:bd:41:af:db:93:91:9b:17:3b:dc:5c:4f:1e:
                    74:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:E6:83:3F:1E:B3:23:23:22:84:FE:51:D7:85:ED:BE:07:CC:DE:65
            X509v3 Authority Key Identifier:
                keyid:E5:5B:1A:4F:19:42:E4:B1:D8:94:CB:C8:CF:09:07:3D:02:89:01:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5VsaTxlC5LHYlMvIzwkHPQKJAXA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/c66a1f-7707-4f8d-a274-4df65aba6a62/1/5eaDPx6zIyMihP5R14XtvgfM3mU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/c66a1f-7707-4f8d-a274-4df65aba6a62/1/5VsaTxlC5LHYlMvIzwkHPQKJAXA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:e9:0e:ad:69:ec:9e:64:6f:a3:f6:24:00:be:de:ef:e4:15:
         52:d2:54:69:8e:bd:1e:87:6d:4c:23:d3:56:e1:27:ce:c5:05:
         b7:8c:ca:ff:f8:2b:31:41:37:7b:76:5e:92:3c:1e:62:3c:f1:
         a1:b8:76:c8:65:96:db:20:54:4a:54:cf:11:d3:d5:78:38:ac:
         80:37:20:ca:c7:27:30:8c:1c:7b:3b:5e:13:ec:a3:53:45:94:
         66:55:b5:3b:30:99:4e:7f:96:d2:34:34:8d:8f:15:b3:ed:49:
         79:a0:d5:a2:b1:92:cb:3c:89:2a:84:75:18:09:64:4e:71:fc:
         85:81:8b:d3:6d:c7:27:d3:b0:1a:1a:5b:a4:1a:64:ed:05:f2:
         e6:8a:90:42:a2:76:5c:51:72:2f:d1:3c:d0:c9:4d:9d:54:fa:
         55:34:de:f7:9f:f1:9f:78:52:ed:ba:4a:c9:29:d2:87:04:95:
         cf:4b:67:3e:a4:ee:a7:05:31:cd:5f:6f:f4:cd:6e:59:04:66:
         61:81:bb:4a:8b:8a:c3:56:f3:dd:81:b3:eb:48:6f:f4:6b:97:
         af:68:d9:a6:e0:38:ff:0b:cd:d2:3d:9f:c7:2d:a0:8c:9d:ba:
         f8:c2:5a:49:9e:7b:f6:af:d7:70:9d:7e:2c:da:8a:f1:31:93:
         9c:4c:bb:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlCcmDunO/JLANIN0rq4BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NWIxYTRmMTk0MmU0YjFkODk0Y2JjOGNmMDkwNzNkMDI4
OTAxNzAwHhcNMjQwMTAyMDAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWU2ODMzZjFlYjMyMzIzMjI4NGZlNTFkNzg1ZWRiZTA3Y2NkZTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIxQzlA+uSAR0YSaos2cUXU4rQJv
MXFjCaOxX4JRHmSa7Sa5wcOGFsjqghEgRZYvQr63uJZey+Ahr/TnXYqWopSm8A2F
HCAToHzuBd4NsDfpAcjpaiKu6JQhVGqcNwmoVFfymFCL1amtWBLtuvp3CMNkb+eH
0JjqWFPGyNKLawTqWaBsX7zVCcOFyjIAKc6xDaY8cnziWMAK4R9+xvIxR8n+fMa3
OgDtMjnxr6IR+td5xprVxzuLY8FvJh5xFHYpmcgEdtnN4caKZNlLjiW4CLBenlsx
3yp4ugVIG0JynvsWy0GKW72GPhlygiX/9E5UGL1Br9uTkZsXO9xcTx50wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXmgz8esyMjIoT+UdeF7b4HzN5lMB8GA1UdIwQY
MBaAFOVbGk8ZQuSx2JTLyM8JBz0CiQFwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVZzYVR4bEM1TEhZbE12SXp3a0hQUUtKQVhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9jNjZhMWYtNzcwNy00ZjhkLWEyNzQt
NGRmNjVhYmE2YTYyLzEvNWVhRFB4NnpJeU1paFA1UjE0WHR2Z2ZNM21VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9jNjZhMWYtNzcwNy00ZjhkLWEyNzQtNGRmNjVhYmE2YTYy
LzEvNVZzYVR4bEM1TEhZbE12SXp3a0hQUUtKQVhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXBYMA0G
CSqGSIb3DQEBCwUAA4IBAQCI6Q6taeyeZG+j9iQAvt7v5BVS0lRpjr0eh21MI9NW
4SfOxQW3jMr/+CsxQTd7dl6SPB5iPPGhuHbIZZbbIFRKVM8R09V4OKyANyDKxycw
jBx7O14T7KNTRZRmVbU7MJlOf5bSNDSNjxWz7Ul5oNWisZLLPIkqhHUYCWROcfyF
gYvTbccn07AaGlukGmTtBfLmipBConZcUXIv0TzQyU2dVPpVNN73n/GfeFLtukrJ
KdKHBJXPS2c+pO6nBTHNX2/0zW5ZBGZhgbtKi4rDVvPdgbPrSG/0a5evaNmm4Dj/
C83SPZ/HLaCMnbr4wlpJnnv2r9dwnX4s2orxMZOcTLt7
-----END CERTIFICATE-----