Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/hwc5_io1uq5IlpH_09APZR3g1Vw.roa
File:                     hwc5_io1uq5IlpH_09APZR3g1Vw.roa (raw, json)
Hash identifier:          1CCIps5NLloizV22d9qbNz7cyyfmfPoqs8W0LJuRLGA=
Subject key identifier:   87:07:39:FE:2A:35:BA:AE:48:96:91:FF:D3:D0:0F:65:1D:E0:D5:5C
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018EAF863DC21CB058F4F4BBCD7E70B87B98
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/hwc5_io1uq5IlpH_09APZR3g1Vw.roa
Signing time:             Fri 05 Apr 2024 18:29:54 +0000
ROA not before:           Fri 05 Apr 2024 18:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49587
IP address blocks:        5.180.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:af:86:3d:c2:1c:b0:58:f4:f4:bb:cd:7e:70:b8:7b:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Apr  5 18:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=870739fe2a35baae489691ffd3d00f651de0d55c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:03:ab:42:c0:b9:45:3f:b2:34:71:d8:1a:3d:
                    98:e3:e0:2f:00:9c:ca:a8:95:e0:4e:4c:fb:00:3f:
                    25:f8:21:16:b3:7d:8a:ef:cb:42:2e:da:0f:10:5d:
                    2c:1e:5c:e7:41:c2:8e:24:a9:c6:9d:55:08:df:44:
                    41:28:be:3b:75:72:cd:28:76:d8:d6:a9:8c:21:48:
                    ae:90:ba:7b:5e:8f:b8:75:05:72:24:65:71:6e:6e:
                    aa:7d:74:fd:f4:1b:1b:2f:c9:a2:e3:09:92:f1:5b:
                    fc:ad:3e:ad:bc:ed:d2:d5:d1:e5:4f:65:4a:1e:4d:
                    58:78:61:af:fc:32:e3:89:28:f2:e4:6b:11:ba:30:
                    df:84:2b:a9:7d:17:bd:46:bd:ee:93:46:0d:d1:45:
                    bc:16:93:bf:e6:d5:d3:65:97:26:b8:28:15:bd:b7:
                    60:e1:e9:da:a6:b8:ec:20:2a:b1:13:2f:9e:ab:e4:
                    c7:f7:75:2b:70:e7:f9:b6:cb:29:63:e7:12:b8:cf:
                    a5:46:d5:c8:d8:64:f0:05:bc:92:a4:8d:58:38:bd:
                    81:8e:3f:86:b2:cc:f4:f0:1a:03:d3:c9:ba:ed:a6:
                    35:23:b8:0c:ca:68:de:c8:30:7e:39:64:fa:a2:25:
                    82:b7:a0:42:01:81:7a:b7:68:95:b4:d1:e7:44:bc:
                    dd:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:07:39:FE:2A:35:BA:AE:48:96:91:FF:D3:D0:0F:65:1D:E0:D5:5C
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/hwc5_io1uq5IlpH_09APZR3g1Vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:54:60:61:0b:2c:03:cb:1c:66:a0:33:93:53:a0:59:26:cf:
         75:78:c7:12:4f:ff:89:47:2d:77:a2:31:08:39:2c:5d:9d:8b:
         5f:a5:f6:f7:cf:6a:d1:13:ed:3b:2c:ee:c8:96:9b:4e:68:ee:
         4c:f2:01:ed:08:e5:d0:1a:e2:6b:48:b2:86:d1:73:9c:23:e0:
         92:69:d8:82:15:ae:97:1a:73:56:e7:be:71:da:b5:de:c9:86:
         8c:65:38:41:37:a9:86:39:3b:fa:cf:19:b1:9f:f5:25:4b:2b:
         b8:52:38:f8:31:00:7e:ab:58:37:e8:19:6a:20:32:8b:49:f8:
         58:a5:13:ec:84:69:ee:28:ab:17:e6:ce:2e:ce:04:57:29:ce:
         7e:62:a6:41:b2:75:ef:c7:ca:0c:da:e4:8b:f2:3e:39:4e:1c:
         dc:58:e2:32:6d:68:6f:0c:19:ad:c5:a0:b6:21:65:13:50:2d:
         da:94:3f:4c:f5:69:2d:74:8d:42:61:ce:ab:43:56:8c:a0:34:
         20:51:d9:51:d1:d3:33:15:33:de:7e:e1:7f:5f:95:c5:cb:73:
         04:b0:dd:37:47:ba:8c:3d:99:e4:28:d5:ce:e1:9f:14:0b:7a:
         2a:1b:a5:fb:49:36:ac:cf:9f:34:ce:33:f1:47:ff:f4:9f:00:
         d2:05:e2:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6vhj3CHLBY9PS7zX5wuHuYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwNDA1MTgyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzA3MzlmZTJhMzViYWFlNDg5NjkxZmZkM2QwMGY2NTFkZTBkNTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAOrQsC5RT+yNHHYGj2Y4+AvAJzK
qJXgTkz7AD8l+CEWs32K78tCLtoPEF0sHlznQcKOJKnGnVUI30RBKL47dXLNKHbY
1qmMIUiukLp7Xo+4dQVyJGVxbm6qfXT99BsbL8mi4wmS8Vv8rT6tvO3S1dHlT2VK
Hk1YeGGv/DLjiSjy5GsRujDfhCupfRe9Rr3uk0YN0UW8FpO/5tXTZZcmuCgVvbdg
4enaprjsICqxEy+eq+TH93UrcOf5tsspY+cSuM+lRtXI2GTwBbySpI1YOL2Bjj+G
ssz08BoD08m67aY1I7gMymjeyDB+OWT6oiWCt6BCAYF6t2iVtNHnRLzdBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcHOf4qNbquSJaR/9PQD2Ud4NVcMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvaHdjNV9pbzF1cTVJbHBIXzA5QVBaUjNnMVZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbQSMA0G
CSqGSIb3DQEBCwUAA4IBAQBtVGBhCywDyxxmoDOTU6BZJs91eMcST/+JRy13ojEI
OSxdnYtfpfb3z2rRE+07LO7IlptOaO5M8gHtCOXQGuJrSLKG0XOcI+CSadiCFa6X
GnNW575x2rXeyYaMZThBN6mGOTv6zxmxn/UlSyu4Ujj4MQB+q1g36BlqIDKLSfhY
pRPshGnuKKsX5s4uzgRXKc5+YqZBsnXvx8oM2uSL8j45ThzcWOIybWhvDBmtxaC2
IWUTUC3alD9M9WktdI1CYc6rQ1aMoDQgUdlR0dMzFTPefuF/X5XFy3MEsN03R7qM
PZnkKNXO4Z8UC3oqG6X7STasz580zjPxR//0nwDSBeLV
-----END CERTIFICATE-----