Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/P5IKUnQGaJx03-Riv3KKtFlPzFY.roa
File:                     P5IKUnQGaJx03-Riv3KKtFlPzFY.roa (raw, json)
Hash identifier:          Oxz0pOs7x1q2wAP+ZJsYU7e8ERju9G0zGgcu5WT6l+8=
Subject key identifier:   3F:92:0A:52:74:06:68:9C:74:DF:E4:62:BF:72:8A:B4:59:4F:CC:56
Certificate issuer:       /CN=e15136feff3574ef9b2262de59b06a21908fab3e
Certificate serial:       018CC3B676C9FC8C7DFAEB2963F486016632
Authority key identifier: E1:51:36:FE:FF:35:74:EF:9B:22:62:DE:59:B0:6A:21:90:8F:AB:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/P5IKUnQGaJx03-Riv3KKtFlPzFY.roa
Signing time:             Mon 01 Jan 2024 06:29:24 +0000
ROA not before:           Mon 01 Jan 2024 06:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41227
IP address blocks:        87.247.170.0/23 maxlen: 24
                          87.247.178.0/24 maxlen: 24
                          87.247.184.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:76:c9:fc:8c:7d:fa:eb:29:63:f4:86:01:66:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15136feff3574ef9b2262de59b06a21908fab3e
        Validity
            Not Before: Jan  1 06:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f920a527406689c74dfe462bf728ab4594fcc56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:82:38:d5:d6:fc:1c:ff:d0:dd:56:cb:cb:04:
                    82:7f:9c:60:8f:d1:35:ba:ba:16:8e:04:5e:0f:9d:
                    8a:d5:7d:18:7a:ce:cd:95:57:6c:83:8c:f8:68:ba:
                    c6:11:c3:85:9b:08:3c:a2:dd:67:8a:6f:52:a7:99:
                    b7:4d:4d:89:5f:43:c6:af:6e:26:86:6b:08:c0:be:
                    67:00:c7:43:71:92:52:2d:57:54:ce:c6:f3:10:c8:
                    3b:32:a3:0e:d3:5b:54:7d:5a:62:1b:ed:8b:29:a5:
                    84:ab:39:c7:23:8c:5d:f9:81:4d:40:1b:d9:39:30:
                    59:81:e6:a3:2d:40:48:28:db:69:02:61:cb:16:21:
                    9c:ac:42:f2:54:22:d0:82:25:32:16:84:a6:de:e8:
                    f7:de:b9:7c:63:74:d0:4d:69:65:96:17:54:cd:43:
                    67:d2:d0:06:4d:76:a0:68:ac:ac:16:6e:fc:25:27:
                    d0:d0:6a:bb:cc:48:28:4a:d5:d7:c1:1e:6d:d1:db:
                    21:bf:36:03:e8:7e:36:85:cb:c9:88:f5:6c:ab:50:
                    a3:81:e2:a0:0f:91:4e:19:fb:bb:0e:96:a4:f8:99:
                    31:dd:d7:b6:ca:d6:1d:a6:b3:5c:f8:9f:e0:39:49:
                    dc:65:58:cc:3b:a6:a6:65:73:f5:44:4b:ce:61:be:
                    ae:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:92:0A:52:74:06:68:9C:74:DF:E4:62:BF:72:8A:B4:59:4F:CC:56
            X509v3 Authority Key Identifier:
                keyid:E1:51:36:FE:FF:35:74:EF:9B:22:62:DE:59:B0:6A:21:90:8F:AB:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VE2_v81dO-bImLeWbBqIZCPqz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/P5IKUnQGaJx03-Riv3KKtFlPzFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/1e09a6-695b-402e-9bfc-041312242ff3/1/4VE2_v81dO-bImLeWbBqIZCPqz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.247.170.0/23
                  87.247.178.0/24
                  87.247.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         00:3e:fd:31:14:8c:f7:38:d0:ef:ed:27:e9:f3:00:a7:24:a5:
         35:be:67:19:a5:60:dc:b3:4a:73:47:d7:5b:a7:1d:28:d5:fd:
         db:bf:9d:46:18:f9:ee:af:b3:58:dd:17:0d:45:2a:a7:39:af:
         a8:67:41:4c:28:24:14:f4:0c:ff:b9:d1:8c:08:b9:93:bc:99:
         d2:9d:a8:58:2f:3e:bd:5d:ed:01:65:93:52:8b:01:1b:60:bf:
         a7:11:f7:15:8b:e6:a4:03:c7:2b:17:89:9d:45:ab:00:59:12:
         6f:91:31:80:8b:f8:7a:d7:45:65:65:05:7a:75:63:5b:a0:1f:
         d7:af:fc:d8:e6:5b:1d:2f:e1:82:bb:fa:ec:e8:29:89:f0:c6:
         fb:6f:26:aa:16:7f:04:50:e8:bc:12:51:11:1c:9d:83:db:be:
         09:fb:a6:fc:12:11:d2:50:b4:82:da:6c:ec:21:8a:1d:7d:4c:
         9c:65:fe:f5:23:ae:8e:c5:dc:f0:4a:68:4b:34:a6:1f:49:58:
         58:33:b0:f5:e2:35:c9:9c:e7:f9:8b:fd:21:e8:a7:cb:28:af:
         68:17:f9:56:df:dd:5a:3f:e3:77:e1:84:3b:d7:51:3c:bc:2e:
         84:ec:31:a1:9a:65:51:be:c5:6f:ff:62:b9:8e:85:89:84:4b:
         24:11:47:0e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtnbJ/Ix9+uspY/SGAWYyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTEzNmZlZmYzNTc0ZWY5YjIyNjJkZTU5YjA2YTIxOTA4
ZmFiM2UwHhcNMjQwMTAxMDYyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjkyMGE1Mjc0MDY2ODljNzRkZmU0NjJiZjcyOGFiNDU5NGZjYzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4I41db8HP/Q3VbLywSCf5xgj9E1
uroWjgReD52K1X0Yes7NlVdsg4z4aLrGEcOFmwg8ot1nim9Sp5m3TU2JX0PGr24m
hmsIwL5nAMdDcZJSLVdUzsbzEMg7MqMO01tUfVpiG+2LKaWEqznHI4xd+YFNQBvZ
OTBZgeajLUBIKNtpAmHLFiGcrELyVCLQgiUyFoSm3uj33rl8Y3TQTWlllhdUzUNn
0tAGTXagaKysFm78JSfQ0Gq7zEgoStXXwR5t0dshvzYD6H42hcvJiPVsq1CjgeKg
D5FOGfu7Dpak+Jkx3de2ytYdprNc+J/gOUncZVjMO6amZXP1REvOYb6uPwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD+SClJ0BmicdN/kYr9yirRZT8xWMB8GA1UdIwQY
MBaAFOFRNv7/NXTvmyJi3lmwaiGQj6s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZFMl92ODFkTy1iSW1MZVdiQnFJWkNQcXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8xZTA5YTYtNjk1Yi00MDJlLTliZmMt
MDQxMzEyMjQyZmYzLzEvUDVJS1VuUUdhSngwMy1SaXYzS0t0RmxQekZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8xZTA5YTYtNjk1Yi00MDJlLTliZmMtMDQxMzEyMjQyZmYz
LzEvNFZFMl92ODFkTy1iSW1MZVdiQnFJWkNQcXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBV/eqAwQA
V/eyAwQDV/e4MA0GCSqGSIb3DQEBCwUAA4IBAQAAPv0xFIz3ONDv7Sfp8wCnJKU1
vmcZpWDcs0pzR9dbpx0o1f3bv51GGPnur7NY3RcNRSqnOa+oZ0FMKCQU9Az/udGM
CLmTvJnSnahYLz69Xe0BZZNSiwEbYL+nEfcVi+akA8crF4mdRasAWRJvkTGAi/h6
10VlZQV6dWNboB/Xr/zY5lsdL+GCu/rs6CmJ8Mb7byaqFn8EUOi8ElERHJ2D274J
+6b8EhHSULSC2mzsIYodfUycZf71I66OxdzwSmhLNKYfSVhYM7D14jXJnOf5i/0h
6KfLKK9oF/lW391aP+N34YQ711E8vC6E7DGhmmVRvsVv/2K5joWJhEskEUcO
-----END CERTIFICATE-----