Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/i4dArMAJ_la5K19zHq79wpAFFT8.roa
File:                     i4dArMAJ_la5K19zHq79wpAFFT8.roa (raw, json)
Hash identifier:          YW89ceIhq8M2ItirVkZ10xrzxfWDMUSrUa2/crj4bUg=
Subject key identifier:   8B:87:40:AC:C0:09:FE:56:B9:2B:5F:73:1E:AE:FD:C2:90:05:15:3F
Certificate issuer:       /CN=e5c78fa1993d4512fe2436b8ceda8bfc929d657d
Certificate serial:       018CC4255F2853C96D0191AFEDDE577B7B7C
Authority key identifier: E5:C7:8F:A1:99:3D:45:12:FE:24:36:B8:CE:DA:8B:FC:92:9D:65:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5cePoZk9RRL-JDa4ztqL_JKdZX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/i4dArMAJ_la5K19zHq79wpAFFT8.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        185.164.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/5cePoZk9RRL-JDa4ztqL_JKdZX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/5cePoZk9RRL-JDa4ztqL_JKdZX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5cePoZk9RRL-JDa4ztqL_JKdZX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 13:04:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5f:28:53:c9:6d:01:91:af:ed:de:57:7b:7b:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5c78fa1993d4512fe2436b8ceda8bfc929d657d
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b8740acc009fe56b92b5f731eaefdc29005153f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:9a:4f:29:e0:d7:94:4a:6a:c3:e8:87:5c:f2:
                    b3:eb:14:c3:fa:6f:f1:62:26:89:0d:78:f7:cd:f3:
                    72:ab:d1:6d:25:5c:e7:52:40:8d:fe:4d:d0:b8:78:
                    a0:6a:2e:6f:ec:1d:58:ea:f2:d2:b2:ee:8d:2e:0d:
                    d0:71:85:ce:7b:d0:2c:6e:ca:10:57:4a:c2:e1:ff:
                    66:61:55:fb:a6:0a:25:ff:63:cf:55:76:dc:70:77:
                    ee:fb:24:ee:c7:0d:75:16:cc:96:1f:09:85:ad:62:
                    06:b8:3d:ed:fa:2e:48:2f:60:33:4e:b2:19:38:8d:
                    74:59:ab:c9:05:c3:92:9e:60:b0:19:13:fe:06:8d:
                    3e:67:9b:95:62:74:a2:04:76:51:36:ad:70:cc:99:
                    b9:34:12:5a:46:f8:f1:57:46:27:06:ee:55:a0:29:
                    2b:d8:cf:f2:b9:6c:6c:bb:07:6d:1d:bd:f0:d6:3b:
                    34:5c:38:25:0c:e0:ed:42:0c:07:ce:16:f9:7d:ed:
                    2a:f4:13:f2:0d:07:85:4a:6e:3d:cb:14:94:4e:b3:
                    5d:80:c8:93:6e:ec:d0:00:3d:3b:84:e6:89:b0:86:
                    96:c5:60:b5:14:ad:39:20:3f:40:d3:4d:61:d3:0d:
                    5f:e9:33:7a:32:38:f2:72:9b:f9:07:da:44:38:af:
                    27:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:87:40:AC:C0:09:FE:56:B9:2B:5F:73:1E:AE:FD:C2:90:05:15:3F
            X509v3 Authority Key Identifier:
                keyid:E5:C7:8F:A1:99:3D:45:12:FE:24:36:B8:CE:DA:8B:FC:92:9D:65:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5cePoZk9RRL-JDa4ztqL_JKdZX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/i4dArMAJ_la5K19zHq79wpAFFT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5bb1d0-634e-46fc-a75a-0c9aa6696b49/1/5cePoZk9RRL-JDa4ztqL_JKdZX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:0d:8a:f4:6c:16:42:56:9c:f5:a8:d0:37:91:d7:f1:04:de:
         7a:9f:b2:a6:42:fe:70:98:ae:a7:d2:90:69:14:5c:df:c1:de:
         6d:72:20:99:f0:12:30:c3:0a:a9:cd:41:c6:09:97:20:f5:41:
         6b:d7:ab:18:45:ad:6a:8d:16:c4:af:ab:cb:48:6a:0c:77:a6:
         4b:19:6d:90:79:2b:a4:e6:ce:16:f8:fe:32:94:47:72:ee:74:
         6c:1a:59:52:8c:ee:c5:79:0c:41:cf:84:a3:57:3b:5a:39:7e:
         68:86:a1:7b:0c:c1:72:54:9c:0b:c3:be:a8:36:e1:c6:d3:bc:
         80:e8:7b:cf:d2:e9:93:71:dd:b8:fe:2b:2e:3f:e5:9f:f9:65:
         80:dc:bf:46:27:27:df:17:f1:fa:6e:62:70:49:8c:79:19:8a:
         51:bb:e7:76:22:05:4d:ea:fc:ae:c1:83:cb:84:77:52:e3:58:
         02:98:1b:de:77:f7:c8:d4:99:9e:59:a4:b0:32:95:08:13:fd:
         31:dd:01:3a:b6:bd:69:f2:7c:ba:bb:34:68:7a:2c:5e:95:c1:
         01:56:66:f5:14:7e:76:f1:89:3b:b2:4c:fd:24:3d:23:b2:5b:
         02:39:68:e0:b3:b3:8e:56:c6:50:b9:99:dc:d0:a4:6d:6e:16:
         2c:ab:d9:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJV8oU8ltAZGv7d5Xe3t8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1Yzc4ZmExOTkzZDQ1MTJmZTI0MzZiOGNlZGE4YmZjOTI5
ZDY1N2QwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yjg3NDBhY2MwMDlmZTU2YjkyYjVmNzMxZWFlZmRjMjkwMDUxNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJpPKeDXlEpqw+iHXPKz6xTD+m/x
YiaJDXj3zfNyq9FtJVznUkCN/k3QuHigai5v7B1Y6vLSsu6NLg3QcYXOe9AsbsoQ
V0rC4f9mYVX7pgol/2PPVXbccHfu+yTuxw11FsyWHwmFrWIGuD3t+i5IL2AzTrIZ
OI10WavJBcOSnmCwGRP+Bo0+Z5uVYnSiBHZRNq1wzJm5NBJaRvjxV0YnBu5VoCkr
2M/yuWxsuwdtHb3w1js0XDglDODtQgwHzhb5fe0q9BPyDQeFSm49yxSUTrNdgMiT
buzQAD07hOaJsIaWxWC1FK05ID9A001h0w1f6TN6Mjjycpv5B9pEOK8njQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuHQKzACf5WuStfcx6u/cKQBRU/MB8GA1UdIwQY
MBaAFOXHj6GZPUUS/iQ2uM7ai/ySnWV9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWNlUG9aazlSUkwtSkRhNHp0cUxfSktkWlgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy81YmIxZDAtNjM0ZS00NmZjLWE3NWEt
MGM5YWE2Njk2YjQ5LzEvaTRkQXJNQUpfbGE1SzE5ekhxNzl3cEFGRlQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy81YmIxZDAtNjM0ZS00NmZjLWE3NWEtMGM5YWE2Njk2YjQ5
LzEvNWNlUG9aazlSUkwtSkRhNHp0cUxfSktkWlgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaSjMA0G
CSqGSIb3DQEBCwUAA4IBAQAUDYr0bBZCVpz1qNA3kdfxBN56n7KmQv5wmK6n0pBp
FFzfwd5tciCZ8BIwwwqpzUHGCZcg9UFr16sYRa1qjRbEr6vLSGoMd6ZLGW2QeSuk
5s4W+P4ylEdy7nRsGllSjO7FeQxBz4SjVztaOX5ohqF7DMFyVJwLw76oNuHG07yA
6HvP0umTcd24/isuP+Wf+WWA3L9GJyffF/H6bmJwSYx5GYpRu+d2IgVN6vyuwYPL
hHdS41gCmBved/fI1JmeWaSwMpUIE/0x3QE6tr1p8ny6uzRoeixelcEBVmb1FH52
8Yk7skz9JD0jslsCOWjgs7OOVsZQuZnc0KRtbhYsq9lj
-----END CERTIFICATE-----