Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/5YZ6Nfdc6SF97S2XJgchEbmDTrc.roa
File:                     5YZ6Nfdc6SF97S2XJgchEbmDTrc.roa (raw, json)
Hash identifier:          RKTSdX6UxUEMGrNh6bAdxiz6qPYrKs1r1XJqO5Xcx38=
Subject key identifier:   E5:86:7A:35:F7:5C:E9:21:7D:ED:2D:97:26:07:21:11:B9:83:4E:B7
Certificate issuer:       /CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
Certificate serial:       0192BF77E2889E7237C2E214848B8EC5C247
Authority key identifier: 97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/5YZ6Nfdc6SF97S2XJgchEbmDTrc.roa
Signing time:             Thu 24 Oct 2024 16:59:17 +0000
ROA not before:           Thu 24 Oct 2024 16:59:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210185
IP address blocks:        194.56.80.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bf:77:e2:88:9e:72:37:c2:e2:14:84:8b:8e:c5:c2:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
        Validity
            Not Before: Oct 24 16:59:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5867a35f75ce9217ded2d9726072111b9834eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:dc:5b:05:62:dd:5b:9c:54:b4:a2:bf:f3:f0:
                    78:76:bf:30:b3:69:bc:22:33:a3:a4:e7:ea:8b:47:
                    c0:09:3c:fb:3a:af:19:eb:64:48:15:98:25:36:d9:
                    d7:de:00:dd:9a:11:b6:a6:7f:84:2e:72:f3:66:b2:
                    36:d0:1e:72:45:cf:98:62:b7:84:3e:30:6f:00:4b:
                    2e:6b:dc:2d:5a:ee:10:0a:4e:e9:43:fc:97:dd:da:
                    33:2b:06:06:0e:db:24:cc:d2:33:e1:2f:cb:df:26:
                    6a:49:7a:d2:ee:8d:16:09:4a:91:03:d7:d0:bb:18:
                    bc:aa:5e:1d:7b:d4:60:04:4d:c7:3c:c0:e9:5a:f3:
                    b4:f0:8f:bc:b9:d4:c6:a1:e3:a7:f7:c8:4f:e0:df:
                    ea:76:f7:04:d8:72:06:ca:52:81:60:a5:3f:4e:f0:
                    34:40:08:93:2b:c9:0a:44:39:dc:02:b1:e1:d1:d3:
                    fe:f6:fe:b4:23:33:ae:90:36:e2:6f:c9:ee:07:4a:
                    59:36:d5:12:fb:67:15:f2:af:70:f6:54:ad:fc:7d:
                    5b:64:89:ce:2e:ed:4c:3e:d4:05:72:0e:bf:cc:29:
                    2e:1b:d2:e6:eb:a5:60:31:23:53:22:37:1d:88:a1:
                    e3:a8:ce:66:d5:e4:b8:9c:a3:78:47:b0:98:fc:bb:
                    49:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:86:7A:35:F7:5C:E9:21:7D:ED:2D:97:26:07:21:11:B9:83:4E:B7
            X509v3 Authority Key Identifier:
                keyid:97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/5YZ6Nfdc6SF97S2XJgchEbmDTrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:51:ba:c5:47:b0:e3:68:e2:e0:56:aa:79:fa:8a:ec:7c:4c:
         3a:06:36:2f:b0:0e:cb:d1:31:9c:63:bb:8b:90:d2:06:2a:40:
         64:59:5a:33:75:9f:44:ae:b4:1c:3d:d9:fb:d8:d6:20:3a:cd:
         19:7a:43:c4:77:ca:b6:30:75:27:46:b2:4e:ab:39:66:72:c5:
         af:57:aa:0a:6d:ed:61:56:63:01:67:fd:a3:03:3d:33:5c:d6:
         71:d4:c6:77:b3:ea:92:f1:92:d9:14:6c:1a:d1:c0:9a:81:cf:
         fb:26:d9:d6:d6:c5:c7:32:47:63:69:23:6b:8b:82:06:f0:ca:
         40:71:96:fc:9c:97:e3:f7:42:a3:9c:16:f1:fc:bd:12:b6:20:
         4c:0f:6a:b8:5d:d2:b1:a8:6e:1e:b4:d1:09:a2:27:45:9c:8b:
         9d:90:75:ef:5d:d0:61:dc:ef:b1:1d:05:b4:0f:05:46:28:bb:
         e1:df:56:85:b4:79:04:f6:84:c1:af:68:01:8d:d5:e7:52:c0:
         b0:f8:70:3e:9a:25:a2:7c:58:3d:b1:67:35:ec:e9:72:f2:d0:
         b0:6d:04:84:82:71:e6:05:d1:9e:4e:9c:f2:90:51:28:0f:05:
         f8:a9:f1:84:8f:98:a0:dc:70:7e:ea:a6:c3:b0:29:a9:07:ef:
         2e:7d:68:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK/d+KInnI3wuIUhIuOxcJHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDI0ZmZjNDkyN2JmZTM1Mjg5NDM1ZDlkMDI4MDQyMGI4
ZWNkY2IwHhcNMjQxMDI0MTY1OTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTg2N2EzNWY3NWNlOTIxN2RlZDJkOTcyNjA3MjExMWI5ODM0ZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9xbBWLdW5xUtKK/8/B4dr8ws2m8
IjOjpOfqi0fACTz7Oq8Z62RIFZglNtnX3gDdmhG2pn+ELnLzZrI20B5yRc+YYreE
PjBvAEsua9wtWu4QCk7pQ/yX3dozKwYGDtskzNIz4S/L3yZqSXrS7o0WCUqRA9fQ
uxi8ql4de9RgBE3HPMDpWvO08I+8udTGoeOn98hP4N/qdvcE2HIGylKBYKU/TvA0
QAiTK8kKRDncArHh0dP+9v60IzOukDbib8nuB0pZNtUS+2cV8q9w9lSt/H1bZInO
Lu1MPtQFcg6/zCkuG9Lm66VgMSNTIjcdiKHjqM5m1eS4nKN4R7CY/LtJZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWGejX3XOkhfe0tlyYHIRG5g063MB8GA1UdIwQY
MBaAFJcCT/xJJ7/jUolDXZ0CgEILjs3LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDkt
NDAxYmRhNDQ3N2I1LzEvNVlaNk5mZGM2U0Y5N1MyWEpnY2hFYm1EVHJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDktNDAxYmRhNDQ3N2I1
LzEvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjhQMA0G
CSqGSIb3DQEBCwUAA4IBAQAAUbrFR7DjaOLgVqp5+orsfEw6BjYvsA7L0TGcY7uL
kNIGKkBkWVozdZ9ErrQcPdn72NYgOs0ZekPEd8q2MHUnRrJOqzlmcsWvV6oKbe1h
VmMBZ/2jAz0zXNZx1MZ3s+qS8ZLZFGwa0cCagc/7JtnW1sXHMkdjaSNri4IG8MpA
cZb8nJfj90KjnBbx/L0StiBMD2q4XdKxqG4etNEJoidFnIudkHXvXdBh3O+xHQW0
DwVGKLvh31aFtHkE9oTBr2gBjdXnUsCw+HA+miWifFg9sWc17Oly8tCwbQSEgnHm
BdGeTpzykFEoDwX4qfGEj5ig3HB+6qbDsCmpB+8ufWgt
-----END CERTIFICATE-----