Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/46aabf-dad0-4d76-a5b5-88db0125a6b8/1/e5n2mhHIxYwXMndR8jsdnm-3GM8.roa
File:                     e5n2mhHIxYwXMndR8jsdnm-3GM8.roa (raw, json)
Hash identifier:          EGOn9zYpxpk5AfHMCLLvUwtZY6fsdWZ1xGxiNHkjqu4=
Subject key identifier:   7B:99:F6:9A:11:C8:C5:8C:17:32:77:51:F2:3B:1D:9E:6F:B7:18:CF
Certificate issuer:       /CN=e4b4c53af65f0b8396b95b4d07d4ec4e7be277e5
Certificate serial:       018CC7952EC2F6022EB58F269C429C8702AB
Authority key identifier: E4:B4:C5:3A:F6:5F:0B:83:96:B9:5B:4D:07:D4:EC:4E:7B:E2:77:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5LTFOvZfC4OWuVtNB9TsTnvid-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/46aabf-dad0-4d76-a5b5-88db0125a6b8/1/e5n2mhHIxYwXMndR8jsdnm-3GM8.roa
Signing time:             Tue 02 Jan 2024 00:31:31 +0000
ROA not before:           Tue 02 Jan 2024 00:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33823
IP address blocks:        195.12.52.0/22 maxlen: 24
                          195.28.184.0/23 maxlen: 24
                          193.25.110.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/46aabf-dad0-4d76-a5b5-88db0125a6b8/1/5LTFOvZfC4OWuVtNB9TsTnvid-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/46aabf-dad0-4d76-a5b5-88db0125a6b8/1/5LTFOvZfC4OWuVtNB9TsTnvid-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5LTFOvZfC4OWuVtNB9TsTnvid-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:2e:c2:f6:02:2e:b5:8f:26:9c:42:9c:87:02:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4b4c53af65f0b8396b95b4d07d4ec4e7be277e5
        Validity
            Not Before: Jan  2 00:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b99f69a11c8c58c17327751f23b1d9e6fb718cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f1:82:58:bc:76:8a:7d:86:2d:8a:aa:26:3a:
                    7d:4e:31:4c:be:b0:a6:19:2a:61:d4:38:fa:45:05:
                    b8:40:65:76:49:28:85:a4:1e:41:45:12:a8:3b:68:
                    47:0e:5d:52:bf:67:8e:b7:19:d6:7c:c1:63:d7:58:
                    52:91:97:09:c6:7c:f1:44:b6:03:67:9a:e6:04:e2:
                    a8:da:d3:0b:c1:ee:28:d2:16:25:d3:dd:8a:0d:c6:
                    01:7a:79:ec:b1:5d:b1:80:18:48:a0:e9:66:85:96:
                    91:ed:f3:c0:19:d9:9f:89:7e:27:59:58:c5:c9:89:
                    3a:00:2c:29:4b:4c:c6:e0:9b:6d:cb:27:da:bf:7e:
                    23:9b:c2:dd:31:bd:75:b3:4c:96:69:7c:d1:79:0b:
                    5a:8c:c1:8d:32:fb:06:f9:88:9b:c0:c8:5a:57:38:
                    28:c2:81:39:c2:6e:e5:d1:fd:69:17:35:ad:b5:1f:
                    08:b0:56:2e:ec:f5:2a:6a:80:f6:8c:67:f2:75:76:
                    5e:1e:8d:1a:8e:4d:25:e7:87:d3:22:8a:70:55:01:
                    4c:6a:f0:e4:da:04:cb:83:a7:dc:fb:af:dd:58:e2:
                    8f:45:08:75:d0:95:62:e6:e7:80:06:ad:1b:2e:ec:
                    b1:7f:8a:db:b9:bc:44:84:53:8b:7e:84:0c:f3:2e:
                    d7:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:99:F6:9A:11:C8:C5:8C:17:32:77:51:F2:3B:1D:9E:6F:B7:18:CF
            X509v3 Authority Key Identifier:
                keyid:E4:B4:C5:3A:F6:5F:0B:83:96:B9:5B:4D:07:D4:EC:4E:7B:E2:77:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5LTFOvZfC4OWuVtNB9TsTnvid-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/46aabf-dad0-4d76-a5b5-88db0125a6b8/1/e5n2mhHIxYwXMndR8jsdnm-3GM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/46aabf-dad0-4d76-a5b5-88db0125a6b8/1/5LTFOvZfC4OWuVtNB9TsTnvid-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.110.0/23
                  195.12.52.0/22
                  195.28.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:00:1d:68:c2:d0:b6:b2:e3:36:35:ea:ce:61:cd:71:91:05:
         37:8b:25:85:6a:00:dc:af:86:30:d9:43:f1:be:dc:41:b8:91:
         d0:c6:5e:e9:b7:92:ca:b1:f8:c8:cf:a4:5b:60:e0:07:bb:4d:
         74:05:05:9f:64:4f:a4:09:2a:d7:a2:4d:4d:57:7b:36:e5:82:
         63:5c:17:f6:c4:72:d8:d1:fb:56:5c:bc:ee:4d:48:52:f5:da:
         3a:cc:bc:32:30:5d:7a:4a:c6:ed:b7:06:9d:f0:f9:5c:d8:e8:
         f5:c6:6a:1a:ca:70:6d:c1:75:2e:b2:8f:90:fd:b7:ba:e3:d4:
         30:50:9b:0a:a4:67:fb:fa:48:0d:12:26:59:92:fa:60:e9:14:
         bd:c0:b3:c4:39:8c:b6:86:f8:75:48:6a:88:ee:ef:6d:12:da:
         5e:56:38:40:2d:12:6a:5e:e5:f1:44:d7:85:a1:c2:fb:c9:2b:
         e0:59:d9:a5:d6:32:fc:bd:29:7e:61:1b:28:c2:f7:06:8e:8c:
         02:05:b3:ef:25:9c:e6:9f:7d:97:d4:11:5a:61:55:fd:f5:85:
         0f:8e:a8:d2:6f:43:ce:a2:cf:42:23:5d:63:36:86:6f:71:60:
         bb:a1:49:b0:b6:e7:4d:31:0f:7c:80:a4:00:c2:ea:06:40:47:
         87:8b:60:7b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHlS7C9gIutY8mnEKchwKrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YjRjNTNhZjY1ZjBiODM5NmI5NWI0ZDA3ZDRlYzRlN2Jl
Mjc3ZTUwHhcNMjQwMTAyMDAzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjk5ZjY5YTExYzhjNThjMTczMjc3NTFmMjNiMWQ5ZTZmYjcxOGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/GCWLx2in2GLYqqJjp9TjFMvrCm
GSph1Dj6RQW4QGV2SSiFpB5BRRKoO2hHDl1Sv2eOtxnWfMFj11hSkZcJxnzxRLYD
Z5rmBOKo2tMLwe4o0hYl092KDcYBennssV2xgBhIoOlmhZaR7fPAGdmfiX4nWVjF
yYk6ACwpS0zG4Jttyyfav34jm8LdMb11s0yWaXzReQtajMGNMvsG+YibwMhaVzgo
woE5wm7l0f1pFzWttR8IsFYu7PUqaoD2jGfydXZeHo0ajk0l54fTIopwVQFMavDk
2gTLg6fc+6/dWOKPRQh10JVi5ueABq0bLuyxf4rbubxEhFOLfoQM8y7X/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHuZ9poRyMWMFzJ3UfI7HZ5vtxjPMB8GA1UdIwQY
MBaAFOS0xTr2XwuDlrlbTQfU7E574nflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUxURk92WmZDNE9XdVZ0TkI5VHNUbnZpZC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi80NmFhYmYtZGFkMC00ZDc2LWE1YjUt
ODhkYjAxMjVhNmI4LzEvZTVuMm1oSEl4WXdYTW5kUjhqc2RubS0zR004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi80NmFhYmYtZGFkMC00ZDc2LWE1YjUtODhkYjAxMjVhNmI4
LzEvNUxURk92WmZDNE9XdVZ0TkI5VHNUbnZpZC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBwRluAwQC
www0AwQBwxy4MA0GCSqGSIb3DQEBCwUAA4IBAQAxAB1owtC2suM2NerOYc1xkQU3
iyWFagDcr4Yw2UPxvtxBuJHQxl7pt5LKsfjIz6RbYOAHu010BQWfZE+kCSrXok1N
V3s25YJjXBf2xHLY0ftWXLzuTUhS9do6zLwyMF16Ssbttwad8Plc2Oj1xmoaynBt
wXUuso+Q/be649QwUJsKpGf7+kgNEiZZkvpg6RS9wLPEOYy2hvh1SGqI7u9tEtpe
VjhALRJqXuXxRNeFocL7ySvgWdml1jL8vSl+YRsowvcGjowCBbPvJZzmn32X1BFa
YVX99YUPjqjSb0POos9CI11jNoZvcWC7oUmwtudNMQ98gKQAwuoGQEeHi2B7
-----END CERTIFICATE-----