Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/cI7fOXU_mPq6bXH9g9syofs2REc.roa
File:                     cI7fOXU_mPq6bXH9g9syofs2REc.roa (raw, json)
Hash identifier:          gdNDlLHj6WXj4MQJRnE34WHyExBJQGWBa0RwUV5bW3I=
Subject key identifier:   70:8E:DF:39:75:3F:98:FA:BA:6D:71:FD:83:DB:32:A1:FB:36:44:47
Certificate issuer:       /CN=219885ea020e65006314ee9480def3b3efc039e3
Certificate serial:       018CC5DC3E69CBB0EBD3FAA6A1EC19342361
Authority key identifier: 21:98:85:EA:02:0E:65:00:63:14:EE:94:80:DE:F3:B3:EF:C0:39:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IZiF6gIOZQBjFO6UgN7zs-_AOeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/cI7fOXU_mPq6bXH9g9syofs2REc.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203576
IP address blocks:        5.180.184.0/24 maxlen: 32
                          5.180.186.0/24 maxlen: 32
                          5.180.185.0/24 maxlen: 32
                          5.180.187.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/IZiF6gIOZQBjFO6UgN7zs-_AOeM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/IZiF6gIOZQBjFO6UgN7zs-_AOeM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IZiF6gIOZQBjFO6UgN7zs-_AOeM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3e:69:cb:b0:eb:d3:fa:a6:a1:ec:19:34:23:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=219885ea020e65006314ee9480def3b3efc039e3
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=708edf39753f98faba6d71fd83db32a1fb364447
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:5f:9d:04:85:1c:45:2a:f7:f6:69:97:1c:97:
                    63:92:75:b1:a6:3a:47:bc:01:70:a5:25:d3:5a:13:
                    c2:e9:34:67:7e:81:8c:0f:60:cc:3a:64:de:56:db:
                    ab:16:91:65:1e:45:9c:81:8e:da:91:af:e3:89:96:
                    9c:83:de:69:89:10:a9:d7:bc:14:50:e8:55:4b:91:
                    1d:a6:87:20:07:62:6f:91:f6:51:b3:93:08:29:18:
                    7b:21:ad:b2:01:e7:e4:cc:a8:25:2c:5e:08:00:c8:
                    e4:c9:7a:02:88:c5:ab:5e:83:37:8a:53:a7:2c:15:
                    02:be:04:03:46:85:b3:56:5e:99:8f:8f:9c:3e:ef:
                    38:59:d2:84:56:46:2c:5d:16:8c:07:87:cc:ec:9c:
                    2e:5e:dc:0d:38:71:fe:b5:a2:53:a2:04:04:52:1d:
                    03:0e:e8:b0:47:d2:2e:b7:4f:30:a7:09:23:81:31:
                    37:74:02:8d:1a:2d:af:e5:1f:6e:52:0b:57:10:82:
                    f7:48:c4:c3:07:56:e6:56:ba:be:c8:3d:d9:ec:45:
                    1b:4b:22:94:9b:fe:a2:2f:ba:0b:7a:cc:48:87:0f:
                    49:64:f8:ba:80:0f:94:7f:c5:75:5f:0c:0c:80:59:
                    84:15:8d:ae:0b:5b:8a:9b:08:60:a7:8a:41:95:3b:
                    19:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:8E:DF:39:75:3F:98:FA:BA:6D:71:FD:83:DB:32:A1:FB:36:44:47
            X509v3 Authority Key Identifier:
                keyid:21:98:85:EA:02:0E:65:00:63:14:EE:94:80:DE:F3:B3:EF:C0:39:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IZiF6gIOZQBjFO6UgN7zs-_AOeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/cI7fOXU_mPq6bXH9g9syofs2REc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/fe04ac-a190-4804-913c-ffc025831f4f/1/IZiF6gIOZQBjFO6UgN7zs-_AOeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:4f:c6:20:a6:6b:ff:c0:ca:a9:bc:58:d5:2e:0c:33:4d:15:
         99:19:e3:57:bb:7c:b5:db:52:7a:48:f2:68:8b:d2:3d:8a:81:
         93:b8:67:04:86:eb:52:39:4b:af:dd:b9:49:53:89:48:d0:74:
         8c:e5:82:0c:fe:7a:38:16:44:00:15:08:c5:90:17:21:f7:dd:
         53:de:f3:82:3a:4a:9c:41:68:37:4a:71:ed:fa:34:66:71:0b:
         56:2f:5a:8c:10:a5:45:c2:3a:c1:b8:71:53:65:52:a6:55:50:
         99:19:c4:88:9b:d8:7e:6b:db:72:47:2e:54:91:f7:c5:ee:ec:
         1b:10:48:f7:e1:f0:63:1c:d1:e2:9b:a8:0b:1d:d6:0d:50:7e:
         a9:3c:37:0f:df:b1:86:70:aa:b5:5f:55:3e:b3:a2:6a:97:74:
         7e:63:5f:c3:81:14:6d:b6:5c:2d:17:94:a9:10:ba:53:36:17:
         a7:be:d7:60:21:f2:cc:db:95:69:b9:37:d9:21:f6:e1:58:47:
         78:0e:5d:64:3d:e0:8c:16:6c:fc:3a:0d:85:ea:f6:2c:a5:04:
         14:08:30:09:c0:17:99:02:ca:fc:fe:c5:43:1d:c5:f2:d6:1e:
         8c:81:8b:75:a8:e5:15:cf:14:5e:e0:1b:e9:67:4f:7e:cd:16:
         3c:4a:7f:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3D5py7Dr0/qmoewZNCNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxOTg4NWVhMDIwZTY1MDA2MzE0ZWU5NDgwZGVmM2IzZWZj
MDM5ZTMwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDhlZGYzOTc1M2Y5OGZhYmE2ZDcxZmQ4M2RiMzJhMWZiMzY0NDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzF+dBIUcRSr39mmXHJdjknWxpjpH
vAFwpSXTWhPC6TRnfoGMD2DMOmTeVturFpFlHkWcgY7aka/jiZacg95piRCp17wU
UOhVS5EdpocgB2JvkfZRs5MIKRh7Ia2yAefkzKglLF4IAMjkyXoCiMWrXoM3ilOn
LBUCvgQDRoWzVl6Zj4+cPu84WdKEVkYsXRaMB4fM7JwuXtwNOHH+taJTogQEUh0D
DuiwR9Iut08wpwkjgTE3dAKNGi2v5R9uUgtXEIL3SMTDB1bmVrq+yD3Z7EUbSyKU
m/6iL7oLesxIhw9JZPi6gA+Uf8V1XwwMgFmEFY2uC1uKmwhgp4pBlTsZiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCO3zl1P5j6um1x/YPbMqH7NkRHMB8GA1UdIwQY
MBaAFCGYheoCDmUAYxTulIDe87PvwDnjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVppRjZnSU9aUUJqRk82VWdON3pzLV9BT2VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZTA0YWMtYTE5MC00ODA0LTkxM2Mt
ZmZjMDI1ODMxZjRmLzEvY0k3Zk9YVV9tUHE2YlhIOWc5c3lvZnMyUkVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZTA0YWMtYTE5MC00ODA0LTkxM2MtZmZjMDI1ODMxZjRm
LzEvSVppRjZnSU9aUUJqRk82VWdON3pzLV9BT2VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbS4MA0G
CSqGSIb3DQEBCwUAA4IBAQBhT8Ygpmv/wMqpvFjVLgwzTRWZGeNXu3y121J6SPJo
i9I9ioGTuGcEhutSOUuv3blJU4lI0HSM5YIM/no4FkQAFQjFkBch991T3vOCOkqc
QWg3SnHt+jRmcQtWL1qMEKVFwjrBuHFTZVKmVVCZGcSIm9h+a9tyRy5UkffF7uwb
EEj34fBjHNHim6gLHdYNUH6pPDcP37GGcKq1X1U+s6Jql3R+Y1/DgRRttlwtF5Sp
ELpTNhenvtdgIfLM25VpuTfZIfbhWEd4Dl1kPeCMFmz8Og2F6vYspQQUCDAJwBeZ
Asr8/sVDHcXy1h6MgYt1qOUVzxRe4BvpZ09+zRY8Sn/2
-----END CERTIFICATE-----