Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/56452b-4b93-41e5-a8a2-61b52637921b/1/2wL5dJbFPEwoQ6fOUCsJqJcerz4.roa
File:                     2wL5dJbFPEwoQ6fOUCsJqJcerz4.roa (raw, json)
Hash identifier:          G2kqyYGvfN96+ZhJ+YwZLbrsPqpcmuNa0QiKdzf5X9E=
Subject key identifier:   DB:02:F9:74:96:C5:3C:4C:28:43:A7:CE:50:2B:09:A8:97:1E:AF:3E
Certificate issuer:       /CN=053e94501f0fd2cdea3c2e7b46318e6e7f515f73
Certificate serial:       019348DAA9BCB8B1FEA2C703C435C6F81B26
Authority key identifier: 05:3E:94:50:1F:0F:D2:CD:EA:3C:2E:7B:46:31:8E:6E:7F:51:5F:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BT6UUB8P0s3qPC57RjGObn9RX3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/56452b-4b93-41e5-a8a2-61b52637921b/1/2wL5dJbFPEwoQ6fOUCsJqJcerz4.roa
Signing time:             Wed 20 Nov 2024 09:15:09 +0000
ROA not before:           Wed 20 Nov 2024 09:15:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6735
IP address blocks:        194.88.160.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/56452b-4b93-41e5-a8a2-61b52637921b/1/BT6UUB8P0s3qPC57RjGObn9RX3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/56452b-4b93-41e5-a8a2-61b52637921b/1/BT6UUB8P0s3qPC57RjGObn9RX3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BT6UUB8P0s3qPC57RjGObn9RX3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 09:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:48:da:a9:bc:b8:b1:fe:a2:c7:03:c4:35:c6:f8:1b:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=053e94501f0fd2cdea3c2e7b46318e6e7f515f73
        Validity
            Not Before: Nov 20 09:15:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db02f97496c53c4c2843a7ce502b09a8971eaf3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b5:68:86:ed:6b:39:59:75:5e:cb:e5:b1:5a:
                    21:44:28:cc:42:f1:39:cd:4f:59:e6:77:c3:24:c4:
                    ea:d9:d2:36:9e:af:25:e6:b5:94:35:ae:e4:60:97:
                    46:15:e1:77:92:a1:e2:65:41:d0:2b:25:a8:ec:84:
                    35:8b:91:b2:c1:e2:89:52:8e:1a:7d:63:1d:4a:4f:
                    bd:a5:f8:e2:48:dc:8f:ea:cc:8d:4a:7d:7a:04:f6:
                    3c:7d:e1:1c:e0:3b:88:af:f4:c0:34:ae:08:05:57:
                    fb:af:9c:be:3e:4f:20:f0:3d:ff:45:26:50:41:7c:
                    bf:64:b9:f5:c9:55:9a:c9:ce:e1:4f:d1:9e:fb:05:
                    6f:1f:98:2a:fc:e4:c7:2b:35:01:da:ac:ec:3d:9b:
                    db:47:c9:26:c0:e8:17:57:62:43:b3:47:d8:80:6a:
                    89:67:b6:5a:72:75:b4:2b:06:21:9f:95:d9:ec:7b:
                    5a:99:79:d4:8d:ca:1f:1b:35:ea:6b:ac:9b:51:cd:
                    2e:e6:a4:53:a7:69:06:4d:a8:76:f4:f3:7c:72:f3:
                    ab:20:11:bd:6b:58:ad:84:b2:84:bf:1b:f8:7d:11:
                    16:f7:53:71:54:b6:39:96:22:e9:74:eb:7d:29:96:
                    63:c2:db:42:33:ec:bf:15:2c:16:ca:17:78:aa:4f:
                    19:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:02:F9:74:96:C5:3C:4C:28:43:A7:CE:50:2B:09:A8:97:1E:AF:3E
            X509v3 Authority Key Identifier:
                keyid:05:3E:94:50:1F:0F:D2:CD:EA:3C:2E:7B:46:31:8E:6E:7F:51:5F:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BT6UUB8P0s3qPC57RjGObn9RX3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/56452b-4b93-41e5-a8a2-61b52637921b/1/2wL5dJbFPEwoQ6fOUCsJqJcerz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/56452b-4b93-41e5-a8a2-61b52637921b/1/BT6UUB8P0s3qPC57RjGObn9RX3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         76:94:49:01:1f:d8:ce:cc:69:a4:37:c4:0e:49:83:b5:4f:ec:
         38:93:d1:a7:e8:7e:85:14:55:61:6c:13:fe:5d:f9:ab:97:38:
         f2:0e:a2:03:87:04:cf:d0:17:dd:94:59:db:96:7e:ac:2b:d9:
         d4:03:96:a5:38:29:00:01:24:7e:47:77:b6:2c:6e:ab:18:05:
         cf:11:e3:e1:75:cb:49:7e:f1:ac:5a:76:da:b7:4c:a9:dc:fb:
         00:9b:d7:de:f1:17:91:2a:e2:cf:a2:de:dd:33:65:54:24:07:
         21:fb:d9:28:37:43:c2:28:d4:a3:af:80:ae:98:bb:8b:e3:26:
         ac:db:58:c0:79:5b:21:55:29:7b:40:3e:51:00:d6:14:b5:62:
         ff:98:36:cb:f7:3e:fc:3c:d9:84:d2:7d:70:c6:09:46:10:ac:
         3d:24:fb:58:20:f2:68:d6:5f:d8:59:57:9c:75:a8:be:6b:94:
         55:56:53:85:a8:57:5f:2b:60:31:db:51:d4:c8:f9:b2:e9:22:
         1c:5a:7f:2e:48:ca:54:c0:84:20:ee:08:99:fc:55:6d:e3:74:
         7f:cf:ef:a1:fe:91:37:bd:49:2f:06:02:06:3a:7b:45:ea:09:
         42:c5:ee:b7:c4:1b:61:a4:db:f2:4d:3e:28:43:21:ba:80:80:
         cc:41:3d:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNI2qm8uLH+oscDxDXG+BsmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1M2U5NDUwMWYwZmQyY2RlYTNjMmU3YjQ2MzE4ZTZlN2Y1
MTVmNzMwHhcNMjQxMTIwMDkxNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjAyZjk3NDk2YzUzYzRjMjg0M2E3Y2U1MDJiMDlhODk3MWVhZjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobVohu1rOVl1XsvlsVohRCjMQvE5
zU9Z5nfDJMTq2dI2nq8l5rWUNa7kYJdGFeF3kqHiZUHQKyWo7IQ1i5GyweKJUo4a
fWMdSk+9pfjiSNyP6syNSn16BPY8feEc4DuIr/TANK4IBVf7r5y+Pk8g8D3/RSZQ
QXy/ZLn1yVWayc7hT9Ge+wVvH5gq/OTHKzUB2qzsPZvbR8kmwOgXV2JDs0fYgGqJ
Z7ZacnW0KwYhn5XZ7HtamXnUjcofGzXqa6ybUc0u5qRTp2kGTah29PN8cvOrIBG9
a1ithLKEvxv4fREW91NxVLY5liLpdOt9KZZjwttCM+y/FSwWyhd4qk8Z4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNsC+XSWxTxMKEOnzlArCaiXHq8+MB8GA1UdIwQY
MBaAFAU+lFAfD9LN6jwue0Yxjm5/UV9zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlQ2VVVCOFAwczNxUEM1N1JqR09ibjlSWDNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi81NjQ1MmItNGI5My00MWU1LWE4YTIt
NjFiNTI2Mzc5MjFiLzEvMndMNWRKYkZQRXdvUTZmT1VDc0pxSmNlcno0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi81NjQ1MmItNGI5My00MWU1LWE4YTItNjFiNTI2Mzc5MjFi
LzEvQlQ2VVVCOFAwczNxUEM1N1JqR09ibjlSWDNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwligMA0G
CSqGSIb3DQEBCwUAA4IBAQB2lEkBH9jOzGmkN8QOSYO1T+w4k9Gn6H6FFFVhbBP+
XfmrlzjyDqIDhwTP0BfdlFnbln6sK9nUA5alOCkAASR+R3e2LG6rGAXPEePhdctJ
fvGsWnbat0yp3PsAm9fe8ReRKuLPot7dM2VUJAch+9koN0PCKNSjr4CumLuL4yas
21jAeVshVSl7QD5RANYUtWL/mDbL9z78PNmE0n1wxglGEKw9JPtYIPJo1l/YWVec
dai+a5RVVlOFqFdfK2Ax21HUyPmy6SIcWn8uSMpUwIQg7giZ/FVt43R/z++h/pE3
vUkvBgIGOntF6glCxe63xBthpNvyTT4oQyG6gIDMQT3L
-----END CERTIFICATE-----