Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/250423-fa91-4a22-b83a-83e47580b3ec/1/5CGWFMBlhZRBzQHACrNxiP4lWqI.roa
File:                     5CGWFMBlhZRBzQHACrNxiP4lWqI.roa (raw, json)
Hash identifier:          q0YI4PWxmeqNdHLx2ra+TW1yU4yL91j1kDbBTyLmp10=
Subject key identifier:   E4:21:96:14:C0:65:85:94:41:CD:01:C0:0A:B3:71:88:FE:25:5A:A2
Certificate issuer:       /CN=838c4f810d7a20a783a4fab1c034467b825051b9
Certificate serial:       01934CAA9E5F5866947D54B6B5467F843BC5
Authority key identifier: 83:8C:4F:81:0D:7A:20:A7:83:A4:FA:B1:C0:34:46:7B:82:50:51:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g4xPgQ16IKeDpPqxwDRGe4JQUbk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/250423-fa91-4a22-b83a-83e47580b3ec/1/5CGWFMBlhZRBzQHACrNxiP4lWqI.roa
Signing time:             Thu 21 Nov 2024 03:01:10 +0000
ROA not before:           Thu 21 Nov 2024 03:01:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4913
IP address blocks:        185.7.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/250423-fa91-4a22-b83a-83e47580b3ec/1/g4xPgQ16IKeDpPqxwDRGe4JQUbk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/250423-fa91-4a22-b83a-83e47580b3ec/1/g4xPgQ16IKeDpPqxwDRGe4JQUbk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g4xPgQ16IKeDpPqxwDRGe4JQUbk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4c:aa:9e:5f:58:66:94:7d:54:b6:b5:46:7f:84:3b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=838c4f810d7a20a783a4fab1c034467b825051b9
        Validity
            Not Before: Nov 21 03:01:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4219614c065859441cd01c00ab37188fe255aa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:0a:6a:7f:96:82:c1:82:4d:96:66:bc:fa:8b:
                    ab:38:fb:4b:41:e2:e4:7e:ad:cf:11:63:50:6e:6b:
                    8a:7e:e0:f3:c9:a8:43:13:db:fe:be:97:4e:8e:72:
                    c4:89:11:a3:0d:77:34:2c:db:1b:60:31:db:d2:3c:
                    b7:ab:65:d7:db:d1:6d:56:83:b0:0e:d8:61:74:b5:
                    05:05:17:23:79:3e:cf:a1:52:e1:d5:b0:40:f3:85:
                    a2:f3:27:9f:d0:df:c0:9b:f2:0a:60:f4:46:83:1b:
                    2f:fc:42:ee:5d:ed:05:83:9c:6a:a8:f5:b9:2f:45:
                    3e:4b:2f:03:3d:fb:7a:4f:16:7f:05:1c:0d:59:9e:
                    49:d2:45:08:fe:39:96:9a:f9:37:f4:e4:65:cd:75:
                    64:4b:ca:b0:4f:2e:e9:3b:c7:7c:a1:85:7f:7d:a7:
                    bb:78:cb:67:06:25:4d:b2:21:d9:3c:84:ec:33:4c:
                    1e:81:6a:05:5d:76:15:f2:62:00:76:95:5d:d3:29:
                    ae:9f:0a:01:2b:ff:87:a2:7f:82:5e:e3:d6:f7:fa:
                    fb:e7:17:68:3b:b9:86:4f:6b:d0:dd:9d:02:49:20:
                    9b:aa:98:39:6a:eb:5c:d2:66:41:25:eb:d5:bc:fa:
                    96:b1:cf:2d:01:f2:82:fa:48:dc:ee:4e:38:f7:87:
                    c4:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:21:96:14:C0:65:85:94:41:CD:01:C0:0A:B3:71:88:FE:25:5A:A2
            X509v3 Authority Key Identifier:
                keyid:83:8C:4F:81:0D:7A:20:A7:83:A4:FA:B1:C0:34:46:7B:82:50:51:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g4xPgQ16IKeDpPqxwDRGe4JQUbk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/250423-fa91-4a22-b83a-83e47580b3ec/1/5CGWFMBlhZRBzQHACrNxiP4lWqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/250423-fa91-4a22-b83a-83e47580b3ec/1/g4xPgQ16IKeDpPqxwDRGe4JQUbk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:a3:8c:0f:81:00:a8:c7:a0:20:0e:79:3f:21:08:83:35:bd:
         bf:82:44:10:b0:66:68:fc:4a:9f:f6:55:22:95:e6:b5:22:5b:
         72:e2:e9:09:9f:09:a3:ac:10:29:db:40:d2:85:b3:29:90:c6:
         4f:36:1e:74:b7:43:b8:9a:2c:2a:86:58:1e:21:81:61:cc:97:
         7e:d5:82:9c:f4:26:7e:c9:7a:cc:b6:fe:7c:93:7e:9a:e1:5e:
         60:be:7e:0e:f4:c6:57:40:8a:03:ac:91:d8:b8:e9:45:d8:bb:
         5c:4b:e6:bf:81:6c:bb:bc:be:bf:8e:71:90:28:a6:3a:69:ee:
         35:26:b0:2d:fb:ca:b0:95:bc:a0:68:78:7b:7a:62:d1:3c:1b:
         75:bd:ca:76:01:2b:02:48:87:3c:3e:64:e7:a7:1a:0a:65:06:
         5d:1c:25:90:de:e1:b3:3b:16:13:bd:7b:55:23:b2:97:6d:7a:
         a9:71:49:86:c4:42:96:34:e5:9c:45:96:04:ae:ea:ec:bc:8d:
         88:db:a3:08:75:72:ef:40:53:0d:2d:f4:ea:5a:92:25:a7:05:
         33:21:18:b9:fe:1d:41:04:b7:28:0d:b3:6f:c2:51:5a:b3:54:
         b0:71:76:03:82:28:0f:26:58:1c:d6:07:31:8d:72:72:33:88:
         54:9e:99:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNMqp5fWGaUfVS2tUZ/hDvFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzOGM0ZjgxMGQ3YTIwYTc4M2E0ZmFiMWMwMzQ0NjdiODI1
MDUxYjkwHhcNMjQxMTIxMDMwMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDIxOTYxNGMwNjU4NTk0NDFjZDAxYzAwYWIzNzE4OGZlMjU1YWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwpqf5aCwYJNlma8+ourOPtLQeLk
fq3PEWNQbmuKfuDzyahDE9v+vpdOjnLEiRGjDXc0LNsbYDHb0jy3q2XX29FtVoOw
DthhdLUFBRcjeT7PoVLh1bBA84Wi8yef0N/Am/IKYPRGgxsv/ELuXe0Fg5xqqPW5
L0U+Sy8DPft6TxZ/BRwNWZ5J0kUI/jmWmvk39ORlzXVkS8qwTy7pO8d8oYV/fae7
eMtnBiVNsiHZPITsM0wegWoFXXYV8mIAdpVd0ymunwoBK/+Hon+CXuPW9/r75xdo
O7mGT2vQ3Z0CSSCbqpg5autc0mZBJevVvPqWsc8tAfKC+kjc7k4494fE/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQhlhTAZYWUQc0BwAqzcYj+JVqiMB8GA1UdIwQY
MBaAFIOMT4ENeiCng6T6scA0RnuCUFG5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzR4UGdRMTZJS2VEcFBxeHdEUkdlNEpRVWJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy8yNTA0MjMtZmE5MS00YTIyLWI4M2Et
ODNlNDc1ODBiM2VjLzEvNUNHV0ZNQmxoWlJCelFIQUNyTnhpUDRsV3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy8yNTA0MjMtZmE5MS00YTIyLWI4M2EtODNlNDc1ODBiM2Vj
LzEvZzR4UGdRMTZJS2VEcFBxeHdEUkdlNEpRVWJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQcPMA0G
CSqGSIb3DQEBCwUAA4IBAQAdo4wPgQCox6AgDnk/IQiDNb2/gkQQsGZo/Eqf9lUi
lea1Ilty4ukJnwmjrBAp20DShbMpkMZPNh50t0O4miwqhlgeIYFhzJd+1YKc9CZ+
yXrMtv58k36a4V5gvn4O9MZXQIoDrJHYuOlF2LtcS+a/gWy7vL6/jnGQKKY6ae41
JrAt+8qwlbygaHh7emLRPBt1vcp2ASsCSIc8PmTnpxoKZQZdHCWQ3uGzOxYTvXtV
I7KXbXqpcUmGxEKWNOWcRZYErursvI2I26MIdXLvQFMNLfTqWpIlpwUzIRi5/h1B
BLcoDbNvwlFas1SwcXYDgigPJlgc1gcxjXJyM4hUnplg
-----END CERTIFICATE-----