Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/5j6Dc0KhC50I6o5K1pBbqpKxaJg.roa
File:                     5j6Dc0KhC50I6o5K1pBbqpKxaJg.roa (raw, json)
Hash identifier:          AoLHnKCbFMDWCH/w/BhNeeU0yhfLrcf5lKPnm0IQ3to=
Subject key identifier:   E6:3E:83:73:42:A1:0B:9D:08:EA:8E:4A:D6:90:5B:AA:92:B1:68:98
Certificate issuer:       /CN=719e59b5017bfe634411949eff2d70ba0a07c540
Certificate serial:       018DE9C526CBB71027FED1D037826175CB30
Authority key identifier: 71:9E:59:B5:01:7B:FE:63:44:11:94:9E:FF:2D:70:BA:0A:07:C5:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/5j6Dc0KhC50I6o5K1pBbqpKxaJg.roa
Signing time:             Tue 27 Feb 2024 08:53:48 +0000
ROA not before:           Tue 27 Feb 2024 08:53:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12993
IP address blocks:        46.28.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e9:c5:26:cb:b7:10:27:fe:d1:d0:37:82:61:75:cb:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=719e59b5017bfe634411949eff2d70ba0a07c540
        Validity
            Not Before: Feb 27 08:53:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e63e837342a10b9d08ea8e4ad6905baa92b16898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:1d:e8:10:23:1d:8c:57:8f:d1:72:80:3e:e4:
                    3d:72:85:21:36:da:45:62:35:ad:b8:69:c2:c8:77:
                    d9:ad:34:49:4a:a1:80:86:66:2d:68:d9:a7:b5:6a:
                    b8:60:ba:d2:90:d6:a9:2e:ed:3e:f2:f7:da:18:5c:
                    13:c3:e1:0c:83:c6:8b:89:4e:6e:25:22:2a:24:61:
                    2e:bc:34:18:44:c7:d5:d7:3f:26:a2:f4:ec:ba:5b:
                    4b:26:04:dd:cd:e3:30:8d:fa:b6:68:13:c8:46:2e:
                    a3:29:35:ac:3c:78:71:dc:ef:15:80:66:98:4f:e9:
                    21:99:a1:5c:7e:4f:a2:35:0b:99:5d:70:f1:2c:9b:
                    9e:c2:28:dc:54:f5:9b:e0:1c:fc:83:da:41:e6:d6:
                    25:cf:ac:dd:12:5b:0f:8f:be:bb:ef:11:b9:14:3f:
                    6a:d8:fd:01:65:0c:08:f6:ad:e7:be:07:28:6d:0f:
                    d5:6f:9e:8d:c0:b0:de:2f:19:2f:ef:12:65:29:d6:
                    d3:02:19:54:60:9d:c6:f7:17:a5:9c:3c:40:4e:ec:
                    1f:95:29:e2:3a:90:02:e6:0f:cd:42:3a:b3:4b:70:
                    bd:93:50:be:dc:4a:3b:0c:da:44:5b:95:01:28:6e:
                    24:3d:b3:2b:ed:85:6f:b1:c9:5e:a3:a7:00:81:b3:
                    f5:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:3E:83:73:42:A1:0B:9D:08:EA:8E:4A:D6:90:5B:AA:92:B1:68:98
            X509v3 Authority Key Identifier:
                keyid:71:9E:59:B5:01:7B:FE:63:44:11:94:9E:FF:2D:70:BA:0A:07:C5:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/5j6Dc0KhC50I6o5K1pBbqpKxaJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:b4:79:c3:73:ca:33:3d:b9:c0:f0:b3:d3:c2:04:39:69:b2:
         9b:f6:24:1a:a1:19:9d:08:06:0b:4f:37:96:63:de:60:e6:23:
         dd:b1:63:f1:dd:5c:65:7a:8d:70:66:52:c5:e0:1e:16:52:f9:
         48:54:b0:9a:ae:da:9c:3f:a3:9f:1c:35:ec:76:d8:2d:9a:47:
         94:55:b3:f8:f4:cf:44:17:5b:ff:4c:67:62:73:7f:b4:ac:e5:
         31:c8:6b:31:89:67:b4:34:29:68:6d:a0:74:ed:cf:ae:62:0b:
         3c:20:41:cb:c3:a0:4b:c5:20:7e:db:b9:97:c4:89:e9:e0:bd:
         23:75:3e:cd:25:3a:1b:62:b2:bd:9c:68:9e:9d:f0:9a:74:da:
         bd:f4:61:bb:00:64:12:73:55:f6:36:81:59:97:9e:88:56:23:
         29:e9:66:77:17:66:e1:42:24:73:23:b3:93:91:c8:0a:f0:7e:
         e0:cb:2b:28:79:a8:a4:fc:7d:28:41:a5:56:72:e7:13:10:72:
         3a:ae:f7:44:48:87:53:56:11:ba:6a:f1:b3:37:e1:28:51:fb:
         72:32:95:53:07:1b:ed:25:63:31:71:cd:6b:0e:c9:28:0d:82:
         ca:d2:c7:c5:4a:d8:35:90:67:01:77:fe:e9:51:bd:ca:e6:f5:
         70:33:2a:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3pxSbLtxAn/tHQN4JhdcswMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxOWU1OWI1MDE3YmZlNjM0NDExOTQ5ZWZmMmQ3MGJhMGEw
N2M1NDAwHhcNMjQwMjI3MDg1MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjNlODM3MzQyYTEwYjlkMDhlYThlNGFkNjkwNWJhYTkyYjE2ODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4R3oECMdjFeP0XKAPuQ9coUhNtpF
YjWtuGnCyHfZrTRJSqGAhmYtaNmntWq4YLrSkNapLu0+8vfaGFwTw+EMg8aLiU5u
JSIqJGEuvDQYRMfV1z8movTsultLJgTdzeMwjfq2aBPIRi6jKTWsPHhx3O8VgGaY
T+khmaFcfk+iNQuZXXDxLJuewijcVPWb4Bz8g9pB5tYlz6zdElsPj7677xG5FD9q
2P0BZQwI9q3nvgcobQ/Vb56NwLDeLxkv7xJlKdbTAhlUYJ3G9xelnDxATuwflSni
OpAC5g/NQjqzS3C9k1C+3Eo7DNpEW5UBKG4kPbMr7YVvscleo6cAgbP1zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOY+g3NCoQudCOqOStaQW6qSsWiYMB8GA1UdIwQY
MBaAFHGeWbUBe/5jRBGUnv8tcLoKB8VAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1o1WnRRRjdfbU5FRVpTZV95MXd1Z29IeFVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8xZjllNmMtZTZiOC00YWQ0LTk5NDEt
ZjQ2ZjlkNjc0ZjZjLzEvNWo2RGMwS2hDNTBJNm81SzFwQmJxcEt4YUpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8xZjllNmMtZTZiOC00YWQ0LTk5NDEtZjQ2ZjlkNjc0ZjZj
LzEvY1o1WnRRRjdfbU5FRVpTZV95MXd1Z29IeFVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhw4MA0G
CSqGSIb3DQEBCwUAA4IBAQA7tHnDc8ozPbnA8LPTwgQ5abKb9iQaoRmdCAYLTzeW
Y95g5iPdsWPx3Vxleo1wZlLF4B4WUvlIVLCartqcP6OfHDXsdtgtmkeUVbP49M9E
F1v/TGdic3+0rOUxyGsxiWe0NClobaB07c+uYgs8IEHLw6BLxSB+27mXxInp4L0j
dT7NJTobYrK9nGienfCadNq99GG7AGQSc1X2NoFZl56IViMp6WZ3F2bhQiRzI7OT
kcgK8H7gyysoeaik/H0oQaVWcucTEHI6rvdESIdTVhG6avGzN+EoUftyMpVTBxvt
JWMxcc1rDskoDYLK0sfFStg1kGcBd/7pUb3K5vVwMyqe
-----END CERTIFICATE-----