Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/e41ef4-dc1e-4469-bd2d-440528c1e49e/1/T5LCE_5zyDpnyBzQwipIlH8qAW0.roa
File:                     T5LCE_5zyDpnyBzQwipIlH8qAW0.roa (raw, json)
Hash identifier:          Hzm3Vi1SHe9Fau/3rI/pPXtHg1H8fRet3WtSnxCN6II=
Subject key identifier:   4F:92:C2:13:FE:73:C8:3A:67:C8:1C:D0:C2:2A:48:94:7F:2A:01:6D
Certificate issuer:       /CN=d1e013ec8a5c56df241a9b2563d111f8e543bf91
Certificate serial:       018CC500C4DD210815150FB19330E8BC16FA
Authority key identifier: D1:E0:13:EC:8A:5C:56:DF:24:1A:9B:25:63:D1:11:F8:E5:43:BF:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0eAT7IpcVt8kGpslY9ER-OVDv5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/e41ef4-dc1e-4469-bd2d-440528c1e49e/1/T5LCE_5zyDpnyBzQwipIlH8qAW0.roa
Signing time:             Mon 01 Jan 2024 12:30:10 +0000
ROA not before:           Mon 01 Jan 2024 12:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51559
IP address blocks:        185.160.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/e41ef4-dc1e-4469-bd2d-440528c1e49e/1/0eAT7IpcVt8kGpslY9ER-OVDv5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/e41ef4-dc1e-4469-bd2d-440528c1e49e/1/0eAT7IpcVt8kGpslY9ER-OVDv5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0eAT7IpcVt8kGpslY9ER-OVDv5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c4:dd:21:08:15:15:0f:b1:93:30:e8:bc:16:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1e013ec8a5c56df241a9b2563d111f8e543bf91
        Validity
            Not Before: Jan  1 12:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f92c213fe73c83a67c81cd0c22a48947f2a016d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:06:42:7e:c3:19:62:84:fc:8c:db:c8:b6:54:
                    fd:26:0e:3d:95:82:88:2e:9d:28:88:f5:4f:45:04:
                    b0:91:49:c9:bf:3c:d2:6a:08:6d:bf:2c:92:7b:bc:
                    1a:e8:1d:71:40:4e:61:8f:33:c9:78:7d:8a:20:77:
                    74:fe:3c:81:a9:a9:59:8e:86:a6:da:c2:b1:05:2c:
                    98:76:e1:17:2a:9e:5c:5e:4f:8f:f7:45:d5:0d:8f:
                    64:bb:fd:96:e4:b6:0a:1b:25:10:e4:74:dc:22:05:
                    aa:9d:1c:a9:f3:19:9f:d7:2e:60:a7:1f:ba:fa:3a:
                    c4:cd:13:70:62:15:69:1c:93:6d:18:89:5a:66:ea:
                    fc:1b:c0:e9:2b:74:04:c8:8e:d2:b6:29:ec:25:ed:
                    d0:d0:7c:a8:fc:1c:e7:36:02:dc:0b:f9:d1:84:ba:
                    28:c0:4d:f9:25:d0:8a:b6:3c:8f:72:d3:7e:f3:2c:
                    ef:db:f7:6f:59:a2:a7:49:22:ef:c5:9b:f9:0c:fd:
                    27:87:06:b5:1b:34:2c:48:3d:b2:89:db:1a:60:78:
                    b8:19:ec:d4:f9:0c:1d:d2:fb:fc:dd:72:ba:e8:c4:
                    c2:fc:ad:2a:e4:3d:1b:cc:bd:fc:17:63:fd:83:be:
                    6d:6e:97:6c:07:50:3c:56:11:e8:f0:e9:84:95:c6:
                    3f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:92:C2:13:FE:73:C8:3A:67:C8:1C:D0:C2:2A:48:94:7F:2A:01:6D
            X509v3 Authority Key Identifier:
                keyid:D1:E0:13:EC:8A:5C:56:DF:24:1A:9B:25:63:D1:11:F8:E5:43:BF:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0eAT7IpcVt8kGpslY9ER-OVDv5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/e41ef4-dc1e-4469-bd2d-440528c1e49e/1/T5LCE_5zyDpnyBzQwipIlH8qAW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/e41ef4-dc1e-4469-bd2d-440528c1e49e/1/0eAT7IpcVt8kGpslY9ER-OVDv5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:c7:7a:f1:61:86:5c:91:2f:b5:6f:e4:e0:58:5b:bc:4e:bd:
         dc:0f:ad:16:7b:78:17:82:c4:b4:89:bf:d4:80:2e:d0:e7:6c:
         ba:75:b7:7f:25:62:43:26:67:56:74:a5:5e:98:fa:84:08:43:
         44:3d:b3:3d:8e:0b:65:6a:ff:b3:7e:4b:ba:7d:8a:12:85:75:
         43:8c:59:22:ff:0b:77:1d:17:fa:03:56:40:8a:89:2e:76:4f:
         85:e7:58:ec:38:4a:bd:e8:d5:d5:89:ce:d5:8a:b5:35:31:a0:
         3f:59:2b:b2:a6:36:5b:e5:19:99:65:e8:21:c4:b9:f4:a7:52:
         fc:58:42:69:ea:71:a0:71:86:c4:d9:0d:6f:c1:2a:2e:78:ca:
         f0:dd:03:db:6a:95:b8:07:0b:26:ec:70:31:15:37:1b:4c:bf:
         f5:11:89:e0:2e:56:4a:5b:6e:fa:fa:8d:b9:c2:fd:c6:0b:69:
         12:81:35:eb:71:da:7d:0f:ce:b3:0f:d6:0a:dc:44:92:5f:c1:
         db:40:d2:db:0f:01:6e:7d:16:63:72:1b:64:3b:e8:23:28:e8:
         b0:5f:59:2e:f0:70:9c:dc:de:6d:1b:71:b8:84:b5:bf:38:bb:
         58:88:ea:97:95:46:16:de:07:a8:1a:ce:2d:cf:2a:c0:8c:3e:
         c5:6a:fe:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMTdIQgVFQ+xkzDovBb6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZTAxM2VjOGE1YzU2ZGYyNDFhOWIyNTYzZDExMWY4ZTU0
M2JmOTEwHhcNMjQwMTAxMTIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjkyYzIxM2ZlNzNjODNhNjdjODFjZDBjMjJhNDg5NDdmMmEwMTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgZCfsMZYoT8jNvItlT9Jg49lYKI
Lp0oiPVPRQSwkUnJvzzSaghtvyySe7wa6B1xQE5hjzPJeH2KIHd0/jyBqalZjoam
2sKxBSyYduEXKp5cXk+P90XVDY9ku/2W5LYKGyUQ5HTcIgWqnRyp8xmf1y5gpx+6
+jrEzRNwYhVpHJNtGIlaZur8G8DpK3QEyI7StinsJe3Q0Hyo/BznNgLcC/nRhLoo
wE35JdCKtjyPctN+8yzv2/dvWaKnSSLvxZv5DP0nhwa1GzQsSD2yidsaYHi4GezU
+Qwd0vv83XK66MTC/K0q5D0bzL38F2P9g75tbpdsB1A8VhHo8OmElcY/dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+SwhP+c8g6Z8gc0MIqSJR/KgFtMB8GA1UdIwQY
MBaAFNHgE+yKXFbfJBqbJWPREfjlQ7+RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGVBVDdJcGNWdDhrR3BzbFk5RVItT1ZEdjVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9lNDFlZjQtZGMxZS00NDY5LWJkMmQt
NDQwNTI4YzFlNDllLzEvVDVMQ0VfNXp5RHBueUJ6UXdpcElsSDhxQVcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9lNDFlZjQtZGMxZS00NDY5LWJkMmQtNDQwNTI4YzFlNDll
LzEvMGVBVDdJcGNWdDhrR3BzbFk5RVItT1ZEdjVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaAcMA0G
CSqGSIb3DQEBCwUAA4IBAQB+x3rxYYZckS+1b+TgWFu8Tr3cD60We3gXgsS0ib/U
gC7Q52y6dbd/JWJDJmdWdKVemPqECENEPbM9jgtlav+zfku6fYoShXVDjFki/wt3
HRf6A1ZAiokudk+F51jsOEq96NXVic7VirU1MaA/WSuypjZb5RmZZeghxLn0p1L8
WEJp6nGgcYbE2Q1vwSoueMrw3QPbapW4Bwsm7HAxFTcbTL/1EYngLlZKW276+o25
wv3GC2kSgTXrcdp9D86zD9YK3ESSX8HbQNLbDwFufRZjchtkO+gjKOiwX1ku8HCc
3N5tG3G4hLW/OLtYiOqXlUYW3geoGs4tzyrAjD7Fav5o
-----END CERTIFICATE-----