Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/55b9d7-f703-45fe-8b63-10534c67bbb8/1/_OyXJGjuQJf6-Q0YrvkSq9Jj0nM.roa
File:                     _OyXJGjuQJf6-Q0YrvkSq9Jj0nM.roa (raw, json)
Hash identifier:          NKdd60B7vBB1dsVHbvUnSjJQSS2Bwo9l1M97qGai/AY=
Subject key identifier:   FC:EC:97:24:68:EE:40:97:FA:F9:0D:18:AE:F9:12:AB:D2:63:D2:73
Certificate issuer:       /CN=e5de0de73e73874bbc66738805d373cab833b7a5
Certificate serial:       018CC793D828A8BD52BEC4079D7F6AB22213
Authority key identifier: E5:DE:0D:E7:3E:73:87:4B:BC:66:73:88:05:D3:73:CA:B8:33:B7:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5d4N5z5zh0u8ZnOIBdNzyrgzt6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/55b9d7-f703-45fe-8b63-10534c67bbb8/1/_OyXJGjuQJf6-Q0YrvkSq9Jj0nM.roa
Signing time:             Tue 02 Jan 2024 00:30:04 +0000
ROA not before:           Tue 02 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.137.156.0/24 maxlen: 24
                          2a10:a100::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/55b9d7-f703-45fe-8b63-10534c67bbb8/1/5d4N5z5zh0u8ZnOIBdNzyrgzt6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/55b9d7-f703-45fe-8b63-10534c67bbb8/1/5d4N5z5zh0u8ZnOIBdNzyrgzt6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5d4N5z5zh0u8ZnOIBdNzyrgzt6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:d8:28:a8:bd:52:be:c4:07:9d:7f:6a:b2:22:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5de0de73e73874bbc66738805d373cab833b7a5
        Validity
            Not Before: Jan  2 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcec972468ee4097faf90d18aef912abd263d273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:e4:79:d9:96:a3:4e:9f:29:21:47:52:fa:83:
                    e9:65:2c:92:3b:f4:86:b4:81:3e:8d:7a:4f:1f:df:
                    ef:83:14:58:26:42:16:72:ab:3f:b7:9c:eb:28:29:
                    65:16:51:66:25:c2:d1:7b:da:4d:21:8e:92:98:10:
                    d2:8b:47:cc:59:26:63:be:bd:3c:ad:29:0d:ba:ff:
                    bb:48:e1:72:70:f7:2c:f1:3c:97:d5:3a:0d:b9:99:
                    4c:4f:e6:d1:55:80:b8:40:46:77:96:56:64:d4:29:
                    41:01:9c:84:f4:ce:6f:cb:e9:4b:ef:74:19:6c:0c:
                    8b:69:8e:e9:82:3d:a4:04:6a:c7:71:c7:cc:62:a4:
                    ad:9c:9e:34:68:3b:cb:7a:7b:f5:c5:73:9d:bb:77:
                    5b:87:c6:61:e6:64:14:db:da:8f:59:45:e8:17:b9:
                    95:44:5b:a1:69:aa:57:a2:a1:18:6d:bd:79:63:62:
                    55:72:34:68:1f:94:47:53:bf:4a:ef:5c:d5:ba:88:
                    9f:85:89:b1:82:0c:90:96:9d:b6:53:ab:82:78:31:
                    46:d0:ec:eb:68:72:3a:f6:75:ba:8f:9d:88:93:5d:
                    7d:0d:ca:17:ac:9d:c8:18:08:d2:11:fa:2f:9c:94:
                    4a:96:11:7a:73:48:1c:04:87:0a:24:ce:c3:f9:ac:
                    f2:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:EC:97:24:68:EE:40:97:FA:F9:0D:18:AE:F9:12:AB:D2:63:D2:73
            X509v3 Authority Key Identifier:
                keyid:E5:DE:0D:E7:3E:73:87:4B:BC:66:73:88:05:D3:73:CA:B8:33:B7:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d4N5z5zh0u8ZnOIBdNzyrgzt6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/55b9d7-f703-45fe-8b63-10534c67bbb8/1/_OyXJGjuQJf6-Q0YrvkSq9Jj0nM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/55b9d7-f703-45fe-8b63-10534c67bbb8/1/5d4N5z5zh0u8ZnOIBdNzyrgzt6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.156.0/24
                IPv6:
                  2a10:a100::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:01:ec:36:a3:db:48:75:b7:7d:45:3b:3a:6d:bd:fa:c0:ed:
         3a:95:c8:27:0d:89:f1:b7:b3:04:ff:ef:75:c3:f5:50:bc:f4:
         ab:a1:5a:20:13:6a:8b:56:be:1a:7d:02:7d:6c:9c:32:75:dc:
         e1:38:2d:b1:3c:d3:a5:d0:7a:d6:b5:74:b4:b3:2e:3d:3b:1e:
         ca:b6:fe:4c:af:ff:e5:97:2f:11:e4:6f:00:3f:1a:48:d2:61:
         76:a7:70:a3:dc:f0:04:ba:64:b5:b1:5b:f7:e0:c4:39:7e:09:
         94:fc:80:d3:47:d3:b3:95:39:56:a7:23:9e:17:fb:e4:df:de:
         5b:9b:19:fd:87:f7:4c:d9:e8:32:4a:fd:ec:af:11:77:be:ba:
         10:d4:b7:f4:6e:b7:63:46:34:b3:26:38:1c:06:35:21:21:8b:
         04:ec:1c:4f:3b:3f:68:63:d7:a7:c6:f2:d9:fc:7a:ad:19:16:
         19:02:ce:bb:ee:6a:c6:ac:a6:d8:f1:28:5e:41:89:64:96:ce:
         05:84:cf:5b:bc:79:c5:6c:fa:4c:f4:2a:00:ab:24:28:a9:5e:
         2f:d7:8a:9d:1e:7d:d9:1e:97:a6:a2:19:dc:85:2e:73:5b:8e:
         ce:c7:55:70:71:a2:e8:bf:57:79:fe:c4:16:3c:fd:52:06:b9:
         ad:03:61:9a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHk9goqL1SvsQHnX9qsiITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZGUwZGU3M2U3Mzg3NGJiYzY2NzM4ODA1ZDM3M2NhYjgz
M2I3YTUwHhcNMjQwMTAyMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2VjOTcyNDY4ZWU0MDk3ZmFmOTBkMThhZWY5MTJhYmQyNjNkMjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4+R52ZajTp8pIUdS+oPpZSySO/SG
tIE+jXpPH9/vgxRYJkIWcqs/t5zrKCllFlFmJcLRe9pNIY6SmBDSi0fMWSZjvr08
rSkNuv+7SOFycPcs8TyX1ToNuZlMT+bRVYC4QEZ3llZk1ClBAZyE9M5vy+lL73QZ
bAyLaY7pgj2kBGrHccfMYqStnJ40aDvLenv1xXOdu3dbh8Zh5mQU29qPWUXoF7mV
RFuhaapXoqEYbb15Y2JVcjRoH5RHU79K71zVuoifhYmxggyQlp22U6uCeDFG0Ozr
aHI69nW6j52Ik119DcoXrJ3IGAjSEfovnJRKlhF6c0gcBIcKJM7D+azyTQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPzslyRo7kCX+vkNGK75EqvSY9JzMB8GA1UdIwQY
MBaAFOXeDec+c4dLvGZziAXTc8q4M7elMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWQ0TjV6NXpoMHU4Wm5PSUJkTnp5cmd6dDZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi81NWI5ZDctZjcwMy00NWZlLThiNjMt
MTA1MzRjNjdiYmI4LzEvX095WEpHanVRSmY2LVEwWXJ2a1NxOUpqMG5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi81NWI5ZDctZjcwMy00NWZlLThiNjMtMTA1MzRjNjdiYmI4
LzEvNWQ0TjV6NXpoMHU4Wm5PSUJkTnp5cmd6dDZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuYmcMA0E
AgACMAcDBQAqEKEAMA0GCSqGSIb3DQEBCwUAA4IBAQBKAew2o9tIdbd9RTs6bb36
wO06lcgnDYnxt7ME/+91w/VQvPSroVogE2qLVr4afQJ9bJwyddzhOC2xPNOl0HrW
tXS0sy49Ox7Ktv5Mr//lly8R5G8APxpI0mF2p3Cj3PAEumS1sVv34MQ5fgmU/IDT
R9OzlTlWpyOeF/vk395bmxn9h/dM2egySv3srxF3vroQ1Lf0brdjRjSzJjgcBjUh
IYsE7BxPOz9oY9enxvLZ/HqtGRYZAs677mrGrKbY8SheQYlkls4FhM9bvHnFbPpM
9CoAqyQoqV4v14qdHn3ZHpemohnchS5zW47Ox1VwcaLov1d5/sQWPP1SBrmtA2Ga
-----END CERTIFICATE-----