Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/M5RcEuLDJKiPt87NB_-6Do1XCzo.roa
File:                     M5RcEuLDJKiPt87NB_-6Do1XCzo.roa (raw, json)
Hash identifier:          CbtEkOMZ2+X7QXsSu5vGrwQLYVy5/3WJlSGcw8pOOIs=
Subject key identifier:   33:94:5C:12:E2:C3:24:A8:8F:B7:CE:CD:07:FF:BA:0E:8D:57:0B:3A
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       01916BB533832A4A42E01EC1A8C3683341A9
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/M5RcEuLDJKiPt87NB_-6Do1XCzo.roa
Signing time:             Mon 19 Aug 2024 17:35:22 +0000
ROA not before:           Mon 19 Aug 2024 17:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207569
IP address blocks:        198.105.124.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6b:b5:33:83:2a:4a:42:e0:1e:c1:a8:c3:68:33:41:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Aug 19 17:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33945c12e2c324a88fb7cecd07ffba0e8d570b3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e2:07:f4:db:54:87:f4:da:b0:38:e6:d4:5a:
                    c8:0e:47:18:62:0e:db:43:f2:3e:c5:1a:7f:6a:34:
                    d7:64:30:1a:92:1f:c2:24:88:4f:bc:97:06:98:93:
                    4c:17:6f:dc:f3:17:23:51:92:0c:65:7a:da:f0:0a:
                    52:e6:b6:5d:1f:24:77:b6:b0:1c:b7:ba:59:82:75:
                    5f:ee:5c:87:1b:05:ee:52:89:42:78:bc:fb:6e:dd:
                    11:31:32:00:70:6c:2b:e1:00:ff:28:ad:e7:f3:41:
                    89:db:d0:b9:9f:9e:31:23:8e:c4:f2:8f:ed:a1:3d:
                    61:e8:5a:29:76:9f:21:33:e4:6c:09:c4:4d:25:8e:
                    14:ce:f8:53:cf:b6:b3:4f:70:f0:1b:e0:1b:49:31:
                    ae:78:86:32:16:eb:d5:11:c2:f2:4b:39:99:50:3a:
                    64:ef:78:0b:64:3e:4e:7d:74:e7:48:26:92:bc:6f:
                    74:23:ab:1b:64:34:91:e0:63:6b:9a:31:91:12:7d:
                    4a:dd:2d:f9:34:57:97:7e:fd:23:99:98:97:3c:88:
                    16:a8:b3:7f:14:21:1c:ce:28:b3:35:51:8e:fe:fb:
                    3e:bb:0c:4b:3a:ba:eb:14:d6:41:09:a7:8f:e0:64:
                    81:ed:76:24:ea:e6:71:10:41:0c:73:1b:1c:b2:36:
                    35:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:94:5C:12:E2:C3:24:A8:8F:B7:CE:CD:07:FF:BA:0E:8D:57:0B:3A
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/M5RcEuLDJKiPt87NB_-6Do1XCzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.105.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:01:5f:53:f7:9d:d5:cc:1a:e5:a8:2b:c0:1c:af:de:8b:83:
         e7:3d:b3:ae:30:f5:08:a7:2f:82:65:5b:dd:1d:c1:42:e7:65:
         42:e8:c6:12:37:f3:75:04:cd:88:b3:38:b0:76:c5:23:f2:4f:
         48:0c:9b:7d:a9:6e:15:43:b1:34:8a:f3:9f:b3:89:1a:f1:5e:
         f0:c3:90:57:02:64:bc:60:bd:15:d5:b8:f5:85:5e:05:b6:71:
         90:80:41:da:3d:3f:cf:76:8a:b6:10:a1:dc:e6:e6:b2:19:fa:
         ec:cc:56:20:2b:bb:1e:9e:7f:c3:29:c9:e8:80:aa:26:5c:04:
         72:a7:c8:52:f1:d0:51:ec:42:c0:6c:47:db:7d:fc:1d:a3:90:
         1b:3e:eb:25:6f:35:a6:57:b5:11:05:26:49:fb:fa:ff:ce:03:
         ac:f8:fe:7b:5b:e5:4a:a4:bc:07:bf:31:bb:62:95:b8:3f:ad:
         45:ab:43:14:6b:fd:8e:56:f1:da:65:01:ee:65:d3:05:72:e1:
         ab:76:a1:78:d6:ca:01:93:d4:ec:37:ec:70:84:a1:27:43:d6:
         ce:7e:9f:c9:77:2b:4b:7e:13:23:5f:b6:b2:90:06:ae:62:55:
         b2:01:87:a3:ae:47:4c:9a:22:ef:4d:ba:5a:54:f3:6f:40:c6:
         7e:32:05:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFrtTODKkpC4B7BqMNoM0GpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjQwODE5MTczNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzk0NWMxMmUyYzMyNGE4OGZiN2NlY2QwN2ZmYmEwZThkNTcwYjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+IH9NtUh/TasDjm1FrIDkcYYg7b
Q/I+xRp/ajTXZDAakh/CJIhPvJcGmJNMF2/c8xcjUZIMZXra8ApS5rZdHyR3trAc
t7pZgnVf7lyHGwXuUolCeLz7bt0RMTIAcGwr4QD/KK3n80GJ29C5n54xI47E8o/t
oT1h6Fopdp8hM+RsCcRNJY4UzvhTz7azT3DwG+AbSTGueIYyFuvVEcLySzmZUDpk
73gLZD5OfXTnSCaSvG90I6sbZDSR4GNrmjGREn1K3S35NFeXfv0jmZiXPIgWqLN/
FCEcziizNVGO/vs+uwxLOrrrFNZBCaeP4GSB7XYk6uZxEEEMcxscsjY1QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDOUXBLiwySoj7fOzQf/ug6NVws6MB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvTTVSY0V1TERKS2lQdDg3TkJfLTZEbzFYQ3pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBxml8MA0G
CSqGSIb3DQEBCwUAA4IBAQBnAV9T953VzBrlqCvAHK/ei4PnPbOuMPUIpy+CZVvd
HcFC52VC6MYSN/N1BM2IsziwdsUj8k9IDJt9qW4VQ7E0ivOfs4ka8V7ww5BXAmS8
YL0V1bj1hV4FtnGQgEHaPT/Pdoq2EKHc5uayGfrszFYgK7senn/DKcnogKomXARy
p8hS8dBR7ELAbEfbffwdo5AbPuslbzWmV7URBSZJ+/r/zgOs+P57W+VKpLwHvzG7
YpW4P61Fq0MUa/2OVvHaZQHuZdMFcuGrdqF41soBk9TsN+xwhKEnQ9bOfp/JdytL
fhMjX7aykAauYlWyAYejrkdMmiLvTbpaVPNvQMZ+MgXg
-----END CERTIFICATE-----