Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/766e12-9a09-4553-8f62-2294cdda6a40/1/5IXXShSjVO7kS96xQpiSIMcLu-s.roa
File:                     5IXXShSjVO7kS96xQpiSIMcLu-s.roa (raw, json)
Hash identifier:          E67HmQuHQzZNq0YpnE5MfAwnl2TJ0rHXn4iIRjzaf4g=
Subject key identifier:   E4:85:D7:4A:14:A3:54:EE:E4:4B:DE:B1:42:98:92:20:C7:0B:BB:EB
Certificate issuer:       /CN=7153b0294d3c8db15306ab109d506da74ae70979
Certificate serial:       019425FD2E9FCF0A941B24FCD1A7FDD28025
Authority key identifier: 71:53:B0:29:4D:3C:8D:B1:53:06:AB:10:9D:50:6D:A7:4A:E7:09:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cVOwKU08jbFTBqsQnVBtp0rnCXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/766e12-9a09-4553-8f62-2294cdda6a40/1/5IXXShSjVO7kS96xQpiSIMcLu-s.roa
Signing time:             Thu 02 Jan 2025 07:48:57 +0000
ROA not before:           Thu 02 Jan 2025 07:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5470
IP address blocks:        155.207.0.0/16 maxlen: 16
                          192.104.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/766e12-9a09-4553-8f62-2294cdda6a40/1/cVOwKU08jbFTBqsQnVBtp0rnCXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/766e12-9a09-4553-8f62-2294cdda6a40/1/cVOwKU08jbFTBqsQnVBtp0rnCXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cVOwKU08jbFTBqsQnVBtp0rnCXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:2e:9f:cf:0a:94:1b:24:fc:d1:a7:fd:d2:80:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7153b0294d3c8db15306ab109d506da74ae70979
        Validity
            Not Before: Jan  2 07:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e485d74a14a354eee44bdeb142989220c70bbbeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:8a:d9:c2:fa:8a:84:80:06:ac:ba:55:0d:28:
                    60:ac:8c:4b:a8:81:3f:a2:1e:63:2b:d4:2f:8b:23:
                    d2:77:24:da:f9:ad:5e:e5:38:ff:f1:16:d7:9a:77:
                    39:32:e4:a1:74:e3:8c:05:48:0f:52:99:96:89:b0:
                    86:16:44:66:28:7b:cd:56:61:03:03:b9:54:60:c9:
                    95:1d:00:ad:56:c7:ac:2b:71:ab:f5:6e:78:ed:52:
                    f5:2c:5c:60:47:ae:e9:03:95:b1:31:d9:db:f2:18:
                    e7:74:6e:4f:6b:13:fe:1a:33:7d:c4:c5:d0:b9:65:
                    74:6c:f7:04:d1:9b:10:ba:ef:47:36:76:3e:bb:bc:
                    9a:8e:c6:ae:91:a9:fd:ac:7c:0d:b8:da:64:78:77:
                    f3:79:bf:31:07:65:9d:b8:fc:ea:cb:2e:cd:49:3c:
                    f6:13:ae:91:c6:f3:1f:34:26:88:07:2e:40:40:32:
                    66:47:b2:eb:ba:49:c5:99:4c:2f:04:db:6e:cb:d7:
                    f7:cf:ad:76:fb:79:81:af:e1:e7:4b:f7:ac:d9:04:
                    85:7c:e5:5d:04:3d:13:b7:18:8b:f6:03:6c:bb:bb:
                    72:8b:2d:bc:11:d1:cc:85:c6:c1:09:e0:39:c4:3e:
                    b5:1b:ee:b8:9b:59:62:51:9f:ac:cd:8c:dc:a0:3f:
                    20:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:85:D7:4A:14:A3:54:EE:E4:4B:DE:B1:42:98:92:20:C7:0B:BB:EB
            X509v3 Authority Key Identifier:
                keyid:71:53:B0:29:4D:3C:8D:B1:53:06:AB:10:9D:50:6D:A7:4A:E7:09:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cVOwKU08jbFTBqsQnVBtp0rnCXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/766e12-9a09-4553-8f62-2294cdda6a40/1/5IXXShSjVO7kS96xQpiSIMcLu-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/766e12-9a09-4553-8f62-2294cdda6a40/1/cVOwKU08jbFTBqsQnVBtp0rnCXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.207.0.0/16
                  192.104.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:7b:35:37:ea:01:37:6d:c2:1b:8b:ec:dd:ee:e9:bd:df:9e:
         e1:a5:6a:7c:fc:73:fc:c5:c0:99:fe:7f:76:4a:d7:65:5f:9a:
         df:bc:ec:84:13:01:93:c4:99:3e:3a:a3:cf:c6:62:a6:45:18:
         50:34:d6:73:2b:d0:13:bf:52:e1:39:ca:77:c4:2a:d3:65:72:
         d4:91:52:bd:e0:e0:05:a1:db:65:ec:e0:3a:7e:cd:20:39:e2:
         3b:30:60:94:11:b9:4b:80:31:37:f6:d9:ee:a2:be:39:61:35:
         49:7a:a4:08:1f:7a:cf:fc:56:8b:48:b7:ac:9e:1f:b3:06:4c:
         5e:05:95:31:05:ed:67:70:6c:c3:48:20:a8:5d:13:1e:9f:e7:
         79:6c:3c:63:7f:13:d3:7a:c2:e2:cc:1c:88:3a:56:de:a5:8d:
         87:b9:25:9a:23:29:28:1a:1a:4d:04:9f:28:2b:fd:db:f6:2a:
         cf:15:8b:5e:d7:e0:cc:ee:c7:8f:33:08:f4:61:2a:ed:f2:d4:
         9e:c9:47:6d:be:1b:d8:34:cd:cd:40:eb:ac:d5:43:f8:c1:b9:
         5e:58:1a:13:e3:54:ad:b4:b5:04:80:38:74:4c:6c:8b:cc:e0:
         4a:76:0e:1f:fd:24:45:f8:19:8e:df:7e:18:d0:63:55:4b:86:
         8b:14:c6:21
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZQl/S6fzwqUGyT80af90oAlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxNTNiMDI5NGQzYzhkYjE1MzA2YWIxMDlkNTA2ZGE3NGFl
NzA5NzkwHhcNMjUwMTAyMDc0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDg1ZDc0YTE0YTM1NGVlZTQ0YmRlYjE0Mjk4OTIyMGM3MGJiYmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5orZwvqKhIAGrLpVDShgrIxLqIE/
oh5jK9QviyPSdyTa+a1e5Tj/8RbXmnc5MuShdOOMBUgPUpmWibCGFkRmKHvNVmED
A7lUYMmVHQCtVsesK3Gr9W547VL1LFxgR67pA5WxMdnb8hjndG5PaxP+GjN9xMXQ
uWV0bPcE0ZsQuu9HNnY+u7yajsaukan9rHwNuNpkeHfzeb8xB2WduPzqyy7NSTz2
E66RxvMfNCaIBy5AQDJmR7LruknFmUwvBNtuy9f3z612+3mBr+HnS/es2QSFfOVd
BD0TtxiL9gNsu7tyiy28EdHMhcbBCeA5xD61G+64m1liUZ+szYzcoD8gSwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFOSF10oUo1Tu5EvesUKYkiDHC7vrMB8GA1UdIwQY
MBaAFHFTsClNPI2xUwarEJ1QbadK5wl5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1ZPd0tVMDhqYkZUQnFzUW5WQnRwMHJuQ1hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi83NjZlMTItOWEwOS00NTUzLThmNjIt
MjI5NGNkZGE2YTQwLzEvNUlYWFNoU2pWTzdrUzk2eFFwaVNJTWNMdS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi83NjZlMTItOWEwOS00NTUzLThmNjItMjI5NGNkZGE2YTQw
LzEvY1ZPd0tVMDhqYkZUQnFzUW5WQnRwMHJuQ1hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAm88DBADA
aJMwDQYJKoZIhvcNAQELBQADggEBAA57NTfqATdtwhuL7N3u6b3fnuGlanz8c/zF
wJn+f3ZK12Vfmt+87IQTAZPEmT46o8/GYqZFGFA01nMr0BO/UuE5ynfEKtNlctSR
Ur3g4AWh22Xs4Dp+zSA54jswYJQRuUuAMTf22e6ivjlhNUl6pAgfes/8VotIt6ye
H7MGTF4FlTEF7WdwbMNIIKhdEx6f53lsPGN/E9N6wuLMHIg6Vt6ljYe5JZojKSga
Gk0Enygr/dv2Ks8Vi17X4Mzux48zCPRhKu3y1J7JR22+G9g0zc1A66zVQ/jBuV5Y
GhPjVK20tQSAOHRMbIvM4Ep2Dh/9JEX4GY7ffhjQY1VLhosUxiE=
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:16:02 2025 by rpki-client