Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/5HVrap2-oG63y6Z3U4nsd_YcOvM.roa
File:                     5HVrap2-oG63y6Z3U4nsd_YcOvM.roa (raw, json)
Hash identifier:          pSQL7UabSNRw4UE4vbCF0nUIwhbvdQvvcUF7sqSwKfU=
Subject key identifier:   E4:75:6B:6A:9D:BE:A0:6E:B7:CB:A6:77:53:89:EC:77:F6:1C:3A:F3
Certificate issuer:       /CN=4d2f9fd5c8a14cdc9f31c4585cd60db57cffb4c2
Certificate serial:       018CC6499FA7D4F1FBEDE40440E8FD106251
Authority key identifier: 4D:2F:9F:D5:C8:A1:4C:DC:9F:31:C4:58:5C:D6:0D:B5:7C:FF:B4:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TS-f1cihTNyfMcRYXNYNtXz_tMI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/5HVrap2-oG63y6Z3U4nsd_YcOvM.roa
Signing time:             Mon 01 Jan 2024 18:29:22 +0000
ROA not before:           Mon 01 Jan 2024 18:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34022
IP address blocks:        193.17.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/TS-f1cihTNyfMcRYXNYNtXz_tMI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/TS-f1cihTNyfMcRYXNYNtXz_tMI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TS-f1cihTNyfMcRYXNYNtXz_tMI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:9f:a7:d4:f1:fb:ed:e4:04:40:e8:fd:10:62:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d2f9fd5c8a14cdc9f31c4585cd60db57cffb4c2
        Validity
            Not Before: Jan  1 18:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4756b6a9dbea06eb7cba6775389ec77f61c3af3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:95:45:2e:4e:63:85:4e:3a:96:33:78:43:78:
                    9e:22:04:a4:de:fe:c8:a1:3a:b2:8e:9b:95:81:d0:
                    07:9a:1b:96:91:19:b3:29:0a:f1:e7:87:cc:e5:0d:
                    8b:57:55:55:69:9b:df:e6:e7:ab:cd:cc:78:2b:e9:
                    1e:7a:a4:4d:45:8c:60:36:98:50:4c:1c:26:7f:5d:
                    52:b9:fe:a7:4b:93:19:74:1f:a4:dd:95:98:21:78:
                    73:5f:7e:56:ec:54:a8:da:c7:6e:43:c0:54:c9:8f:
                    59:83:50:bf:d7:68:64:26:64:06:0b:ac:0c:96:10:
                    d1:c5:95:73:65:3d:e7:fc:f7:1c:e7:82:b7:e8:2e:
                    35:63:69:a2:f7:7e:d8:4d:08:2e:be:d7:e2:d8:75:
                    ad:13:45:3a:af:1f:3a:49:ba:f2:82:bb:93:b4:17:
                    11:bd:9a:8e:fb:26:af:9e:68:b8:6b:a9:1c:fa:a9:
                    94:9f:79:7a:40:d0:f3:5e:96:9d:f3:58:57:28:1e:
                    d9:09:e4:78:88:84:4c:e6:2d:ba:63:1f:be:bf:82:
                    39:99:57:5a:2c:cb:c5:86:f0:2c:1f:26:b0:69:d2:
                    61:a0:c3:c6:7e:86:b4:dd:7c:10:82:af:72:14:81:
                    21:33:24:cb:ed:b2:51:99:46:e1:fe:d6:f5:0a:f1:
                    79:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:75:6B:6A:9D:BE:A0:6E:B7:CB:A6:77:53:89:EC:77:F6:1C:3A:F3
            X509v3 Authority Key Identifier:
                keyid:4D:2F:9F:D5:C8:A1:4C:DC:9F:31:C4:58:5C:D6:0D:B5:7C:FF:B4:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TS-f1cihTNyfMcRYXNYNtXz_tMI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/5HVrap2-oG63y6Z3U4nsd_YcOvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/da4e46-2a93-44a4-b8e3-c2133dd81b56/1/TS-f1cihTNyfMcRYXNYNtXz_tMI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:b7:5b:8d:77:94:59:d0:6e:d6:56:b1:e0:9c:22:09:ae:91:
         fe:8b:7f:0b:af:66:ee:7d:98:74:98:38:a4:ab:8b:c0:25:71:
         93:85:0b:b3:f3:6f:fa:3c:a5:35:60:4c:b8:00:a1:10:fa:ce:
         20:0f:e5:ab:a6:18:d4:6d:fa:31:ef:ba:c6:11:fd:ad:47:5c:
         a9:e7:14:cb:22:7c:5d:4f:ce:4c:f3:04:cd:48:ed:3a:98:52:
         84:db:87:90:15:85:f9:00:7e:00:e5:64:92:76:87:2b:ad:d5:
         25:73:e5:65:1e:b6:7b:38:fd:a2:49:bb:cd:16:c8:68:2f:68:
         bd:89:b5:a1:80:81:46:14:8e:54:a6:c8:86:31:3f:e0:20:fc:
         04:cf:53:76:d0:3d:70:7e:44:60:64:a1:27:e7:90:ca:d6:eb:
         bc:fc:ee:4d:0c:c6:6c:a8:6e:69:15:32:8f:e2:09:e7:3c:1f:
         9c:f3:29:43:dc:29:2d:f5:d6:fa:f3:b8:b9:a6:12:56:33:fc:
         30:f0:ed:7a:c1:be:7a:24:17:34:ac:9a:8e:ec:94:4a:9b:36:
         15:fd:7b:5f:60:4e:6f:1e:04:ea:29:0d:bb:fc:da:1e:81:cf:
         48:e7:53:3d:36:ee:61:8a:2a:1a:b3:ea:76:e9:cf:38:92:d2:
         3e:2f:0b:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSZ+n1PH77eQEQOj9EGJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMmY5ZmQ1YzhhMTRjZGM5ZjMxYzQ1ODVjZDYwZGI1N2Nm
ZmI0YzIwHhcNMjQwMTAxMTgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDc1NmI2YTlkYmVhMDZlYjdjYmE2Nzc1Mzg5ZWM3N2Y2MWMzYWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipVFLk5jhU46ljN4Q3ieIgSk3v7I
oTqyjpuVgdAHmhuWkRmzKQrx54fM5Q2LV1VVaZvf5uerzcx4K+keeqRNRYxgNphQ
TBwmf11Suf6nS5MZdB+k3ZWYIXhzX35W7FSo2sduQ8BUyY9Zg1C/12hkJmQGC6wM
lhDRxZVzZT3n/Pcc54K36C41Y2mi937YTQguvtfi2HWtE0U6rx86SbrygruTtBcR
vZqO+yavnmi4a6kc+qmUn3l6QNDzXpad81hXKB7ZCeR4iIRM5i26Yx++v4I5mVda
LMvFhvAsHyawadJhoMPGfoa03XwQgq9yFIEhMyTL7bJRmUbh/tb1CvF5gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOR1a2qdvqBut8umd1OJ7Hf2HDrzMB8GA1UdIwQY
MBaAFE0vn9XIoUzcnzHEWFzWDbV8/7TCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFMtZjFjaWhUTnlmTWNSWVhOWU50WHpfdE1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9kYTRlNDYtMmE5My00NGE0LWI4ZTMt
YzIxMzNkZDgxYjU2LzEvNUhWcmFwMi1vRzYzeTZaM1U0bnNkX1ljT3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9kYTRlNDYtMmE5My00NGE0LWI4ZTMtYzIxMzNkZDgxYjU2
LzEvVFMtZjFjaWhUTnlmTWNSWVhOWU50WHpfdE1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRHDMA0G
CSqGSIb3DQEBCwUAA4IBAQCUt1uNd5RZ0G7WVrHgnCIJrpH+i38Lr2bufZh0mDik
q4vAJXGThQuz82/6PKU1YEy4AKEQ+s4gD+WrphjUbfox77rGEf2tR1yp5xTLInxd
T85M8wTNSO06mFKE24eQFYX5AH4A5WSSdocrrdUlc+VlHrZ7OP2iSbvNFshoL2i9
ibWhgIFGFI5UpsiGMT/gIPwEz1N20D1wfkRgZKEn55DK1uu8/O5NDMZsqG5pFTKP
4gnnPB+c8ylD3Ckt9db687i5phJWM/ww8O16wb56JBc0rJqO7JRKmzYV/XtfYE5v
HgTqKQ27/Noegc9I51M9Nu5hiioas+p26c84ktI+Lwso
-----END CERTIFICATE-----