Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/9eed05-1477-4f05-8ae3-618e89b12c41/1/OEcZ9mEmxhfZrA2KKd9v0JfA9Ck.roa
File:                     OEcZ9mEmxhfZrA2KKd9v0JfA9Ck.roa (raw, json)
Hash identifier:          jEuP9ls2WQ2vrKk1BUAIOpeoIjxbbbALNyKp9eKmNZg=
Subject key identifier:   38:47:19:F6:61:26:C6:17:D9:AC:0D:8A:29:DF:6F:D0:97:C0:F4:29
Certificate issuer:       /CN=5b1d228b6acbd1803cff560fa4b42f832d28324f
Certificate serial:       018CC6B7942B1D2591650BAE659822D75F90
Authority key identifier: 5B:1D:22:8B:6A:CB:D1:80:3C:FF:56:0F:A4:B4:2F:83:2D:28:32:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wx0ii2rL0YA8_1YPpLQvgy0oMk8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/9eed05-1477-4f05-8ae3-618e89b12c41/1/OEcZ9mEmxhfZrA2KKd9v0JfA9Ck.roa
Signing time:             Mon 01 Jan 2024 20:29:28 +0000
ROA not before:           Mon 01 Jan 2024 20:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2418
IP address blocks:        192.54.175.0/24 maxlen: 24
                          192.54.176.0/24 maxlen: 24
                          192.54.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/9eed05-1477-4f05-8ae3-618e89b12c41/1/Wx0ii2rL0YA8_1YPpLQvgy0oMk8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/9eed05-1477-4f05-8ae3-618e89b12c41/1/Wx0ii2rL0YA8_1YPpLQvgy0oMk8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wx0ii2rL0YA8_1YPpLQvgy0oMk8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:94:2b:1d:25:91:65:0b:ae:65:98:22:d7:5f:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b1d228b6acbd1803cff560fa4b42f832d28324f
        Validity
            Not Before: Jan  1 20:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=384719f66126c617d9ac0d8a29df6fd097c0f429
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:93:68:5a:4d:05:24:19:46:99:1f:62:7c:03:
                    d4:fe:35:a5:ef:4d:18:fd:8b:9f:7f:b4:7c:a5:65:
                    87:a3:5b:ef:18:e2:70:11:56:20:74:e0:8a:51:a1:
                    d2:6f:f4:29:9e:e2:f2:bc:69:4b:7b:ae:28:65:1b:
                    bd:eb:fa:1a:5b:73:14:b7:04:45:d0:c0:9b:8b:3f:
                    6d:b9:06:b7:b6:0e:14:96:f1:e3:59:56:88:4b:04:
                    10:d5:d4:16:f9:11:cc:30:39:85:ca:51:f3:6a:af:
                    f0:79:5a:93:18:41:f6:57:10:ed:98:7e:09:10:a9:
                    73:af:9c:b8:c6:37:c9:28:43:34:c5:15:94:76:17:
                    d3:72:e9:8d:8c:a6:04:dd:32:93:00:2a:5b:c4:89:
                    b6:a9:ce:f3:77:fe:25:50:e7:ce:61:37:f1:5b:58:
                    fd:58:da:38:4e:22:84:ba:24:87:2a:2a:e9:af:be:
                    77:e5:31:14:f2:20:d7:00:cb:5b:ab:6a:6a:44:93:
                    94:63:e4:05:3b:2f:84:c0:14:6d:4f:c5:fb:45:5c:
                    ef:c6:09:11:47:7b:34:29:9b:09:10:0c:7a:3a:ad:
                    6c:12:aa:69:3a:7d:1f:2c:0f:db:bd:ee:30:a0:95:
                    8f:1a:d9:dd:5e:2d:c9:76:d2:c3:2c:05:82:91:73:
                    8f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:47:19:F6:61:26:C6:17:D9:AC:0D:8A:29:DF:6F:D0:97:C0:F4:29
            X509v3 Authority Key Identifier:
                keyid:5B:1D:22:8B:6A:CB:D1:80:3C:FF:56:0F:A4:B4:2F:83:2D:28:32:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wx0ii2rL0YA8_1YPpLQvgy0oMk8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9eed05-1477-4f05-8ae3-618e89b12c41/1/OEcZ9mEmxhfZrA2KKd9v0JfA9Ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9eed05-1477-4f05-8ae3-618e89b12c41/1/Wx0ii2rL0YA8_1YPpLQvgy0oMk8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.54.174.0-192.54.176.255

    Signature Algorithm: sha256WithRSAEncryption
         19:88:72:44:f5:9e:ec:48:fa:31:c2:6b:6f:7d:5b:11:47:db:
         18:2d:f7:3a:47:0f:48:55:40:96:33:1b:ce:6f:1e:7b:f0:8f:
         bf:16:51:a0:ce:a0:e9:c7:a4:74:b3:c2:d3:d0:97:39:61:ae:
         c2:c0:30:cb:b7:84:18:cd:6e:83:30:35:9b:3a:39:13:9a:2f:
         bc:5c:cd:9a:4b:de:9d:dd:d5:06:73:47:cc:c8:a1:28:74:0d:
         b2:ea:c5:40:43:02:d6:d3:40:2b:30:2e:74:45:b7:d6:f6:35:
         54:c9:b9:1b:8a:36:10:a3:42:5e:e8:32:15:f3:03:37:d2:9f:
         36:44:1e:79:aa:65:1c:7c:51:02:33:fe:d7:a6:49:9a:fd:65:
         78:33:5d:60:87:58:aa:83:ca:f1:7e:01:26:67:23:3b:60:34:
         bd:bb:fd:a2:c6:85:f5:7d:3a:74:b8:8d:70:2f:0d:b8:82:7e:
         6e:e3:03:f8:db:95:5e:3e:1d:da:c0:14:83:8a:20:4f:38:8a:
         2f:12:3a:46:89:f4:7a:99:4a:83:2c:93:a9:fe:3c:8f:24:96:
         1a:c0:9a:a7:1c:24:4f:d1:d4:de:b3:b6:4b:ac:95:0c:cc:98:
         c5:8c:f2:90:a8:82:34:a9:b0:3b:fb:fa:6c:c0:97:dd:a0:d3:
         6d:ce:d3:b1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGt5QrHSWRZQuuZZgi11+QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViMWQyMjhiNmFjYmQxODAzY2ZmNTYwZmE0YjQyZjgzMmQy
ODMyNGYwHhcNMjQwMTAxMjAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODQ3MTlmNjYxMjZjNjE3ZDlhYzBkOGEyOWRmNmZkMDk3YzBmNDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJNoWk0FJBlGmR9ifAPU/jWl700Y
/Yuff7R8pWWHo1vvGOJwEVYgdOCKUaHSb/QpnuLyvGlLe64oZRu96/oaW3MUtwRF
0MCbiz9tuQa3tg4UlvHjWVaISwQQ1dQW+RHMMDmFylHzaq/weVqTGEH2VxDtmH4J
EKlzr5y4xjfJKEM0xRWUdhfTcumNjKYE3TKTACpbxIm2qc7zd/4lUOfOYTfxW1j9
WNo4TiKEuiSHKirpr7535TEU8iDXAMtbq2pqRJOUY+QFOy+EwBRtT8X7RVzvxgkR
R3s0KZsJEAx6Oq1sEqppOn0fLA/bve4woJWPGtndXi3JdtLDLAWCkXOPeQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDhHGfZhJsYX2awNiinfb9CXwPQpMB8GA1UdIwQY
MBaAFFsdIotqy9GAPP9WD6S0L4MtKDJPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3gwaWkyckwwWUE4XzFZUHBMUXZneTBvTWs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC85ZWVkMDUtMTQ3Ny00ZjA1LThhZTMt
NjE4ZTg5YjEyYzQxLzEvT0VjWjltRW14aGZackEyS0tkOXYwSmZBOUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC85ZWVkMDUtMTQ3Ny00ZjA1LThhZTMtNjE4ZTg5YjEyYzQx
LzEvV3gwaWkyckwwWUE4XzFZUHBMUXZneTBvTWs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAHANq4D
BADANrAwDQYJKoZIhvcNAQELBQADggEBABmIckT1nuxI+jHCa299WxFH2xgt9zpH
D0hVQJYzG85vHnvwj78WUaDOoOnHpHSzwtPQlzlhrsLAMMu3hBjNboMwNZs6OROa
L7xczZpL3p3d1QZzR8zIoSh0DbLqxUBDAtbTQCswLnRFt9b2NVTJuRuKNhCjQl7o
MhXzAzfSnzZEHnmqZRx8UQIz/temSZr9ZXgzXWCHWKqDyvF+ASZnIztgNL27/aLG
hfV9OnS4jXAvDbiCfm7jA/jblV4+HdrAFIOKIE84ii8SOkaJ9HqZSoMsk6n+PI8k
lhrAmqccJE/R1N6ztkuslQzMmMWM8pCogjSpsDv7+mzAl92g023O07E=
-----END CERTIFICATE-----