Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/pBEpG7hFqF8Ny0XGXD7QRy7f2uw.roa
File:                     pBEpG7hFqF8Ny0XGXD7QRy7f2uw.roa (raw, json)
Hash identifier:          5Hn3MyZm1YVCkoB/IxWiHaEqexsOlR8t9EsRm0AzFZE=
Subject key identifier:   A4:11:29:1B:B8:45:A8:5F:0D:CB:45:C6:5C:3E:D0:47:2E:DF:DA:EC
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF9EA8938153601CBD7ECD8B9AC901
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/pBEpG7hFqF8Ny0XGXD7QRy7f2uw.roa
Signing time:             Tue 02 Jan 2024 06:32:27 +0000
ROA not before:           Tue 02 Jan 2024 06:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57380
IP address blocks:        185.103.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9e:a8:93:81:53:60:1c:bd:7e:cd:8b:9a:c9:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a411291bb845a85f0dcb45c65c3ed0472edfdaec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ad:52:c4:54:f0:21:42:a5:7d:e0:c4:a9:42:
                    50:45:d8:99:97:de:4d:9b:3f:9c:d9:ca:23:5e:5c:
                    96:ea:38:7d:1e:91:66:4f:87:5a:3c:4c:27:a6:47:
                    50:92:5f:98:a0:66:58:3c:be:7e:55:77:51:9d:63:
                    61:0e:66:f6:a8:a0:30:63:0a:7c:6a:59:78:65:e1:
                    0b:56:d5:de:40:8a:8c:72:6f:95:cb:cc:7c:60:eb:
                    a5:20:b3:ad:5e:24:91:e5:36:ca:90:e0:d7:52:53:
                    ca:0a:c6:7a:7e:5e:21:2c:68:8d:73:5a:db:e1:bb:
                    12:df:ce:5b:dc:41:a7:3a:a9:d4:ad:bc:92:40:6e:
                    73:0d:6b:f4:c5:40:89:73:b1:ae:c7:55:27:c8:c1:
                    fd:27:bb:6e:63:ed:63:3e:a4:37:59:17:08:78:f0:
                    7c:f8:ab:d2:b3:3a:cc:49:1b:6e:1c:34:0d:01:bf:
                    44:60:9a:0a:4c:0b:9a:89:a2:31:c2:33:d7:ad:21:
                    8c:c6:8e:40:00:c9:7b:3b:b2:f1:11:d4:da:9c:f3:
                    92:66:fc:1f:24:a0:73:f1:a8:24:bc:21:36:64:2a:
                    23:d2:86:3d:ef:0c:66:ab:8a:86:72:3a:84:68:73:
                    78:c7:fc:04:62:d0:22:3c:7e:f1:80:d6:72:2d:dd:
                    9e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:11:29:1B:B8:45:A8:5F:0D:CB:45:C6:5C:3E:D0:47:2E:DF:DA:EC
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/pBEpG7hFqF8Ny0XGXD7QRy7f2uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:b0:b5:92:87:4d:01:88:3e:c0:84:3c:24:21:52:08:ad:67:
         21:15:14:3b:a8:5a:a7:b5:d0:4b:32:bf:49:21:59:3f:69:ad:
         27:1d:49:b0:2a:03:ea:7c:90:f3:c1:7f:39:24:74:f6:a5:c0:
         8b:ed:df:c4:c6:5e:5a:e5:4f:5f:bb:97:eb:64:6b:6f:f1:ec:
         9e:62:db:9e:d5:70:08:31:e0:29:3e:6a:d0:b4:dd:d6:13:fd:
         c4:e4:7c:18:c0:62:35:c5:75:db:15:c4:a9:6f:02:65:55:a6:
         05:09:f1:99:97:fe:ce:82:a4:8d:c1:af:dc:8a:05:9f:80:16:
         f9:d4:a0:89:b1:58:3d:76:ca:b5:c4:bc:8e:f4:c1:68:6a:b3:
         07:d7:f4:63:08:dd:6a:a0:03:46:b2:62:88:da:7b:8c:49:1d:
         39:c8:8f:ca:c3:88:35:51:aa:a0:e3:5b:8d:31:c9:f9:37:7d:
         22:f0:0a:57:0a:5a:c9:03:15:86:e9:70:a7:f7:f2:79:db:2b:
         85:aa:bd:35:ca:81:c0:63:85:be:d1:45:8a:d1:ac:fb:e9:07:
         0e:91:32:cb:cb:39:f3:1a:a0:f4:8f:90:62:85:a0:89:8f:f8:
         df:2a:b3:b2:bd:c2:a7:5d:7b:d9:fa:2c:89:1e:5c:00:9d:29:
         52:15:93:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI356ok4FTYBy9fs2LmskBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDExMjkxYmI4NDVhODVmMGRjYjQ1YzY1YzNlZDA0NzJlZGZkYWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlq1SxFTwIUKlfeDEqUJQRdiZl95N
mz+c2cojXlyW6jh9HpFmT4daPEwnpkdQkl+YoGZYPL5+VXdRnWNhDmb2qKAwYwp8
all4ZeELVtXeQIqMcm+Vy8x8YOulILOtXiSR5TbKkODXUlPKCsZ6fl4hLGiNc1rb
4bsS385b3EGnOqnUrbySQG5zDWv0xUCJc7Gux1UnyMH9J7tuY+1jPqQ3WRcIePB8
+KvSszrMSRtuHDQNAb9EYJoKTAuaiaIxwjPXrSGMxo5AAMl7O7LxEdTanPOSZvwf
JKBz8agkvCE2ZCoj0oY97wxmq4qGcjqEaHN4x/wEYtAiPH7xgNZyLd2etwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQRKRu4RahfDctFxlw+0Ecu39rsMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvcEJFcEc3aEZxRjhOeTBYR1hEN1FSeTdmMnV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWdsMA0G
CSqGSIb3DQEBCwUAA4IBAQCUsLWSh00BiD7AhDwkIVIIrWchFRQ7qFqntdBLMr9J
IVk/aa0nHUmwKgPqfJDzwX85JHT2pcCL7d/Exl5a5U9fu5frZGtv8eyeYtue1XAI
MeApPmrQtN3WE/3E5HwYwGI1xXXbFcSpbwJlVaYFCfGZl/7OgqSNwa/cigWfgBb5
1KCJsVg9dsq1xLyO9MFoarMH1/RjCN1qoANGsmKI2nuMSR05yI/Kw4g1Uaqg41uN
Mcn5N30i8ApXClrJAxWG6XCn9/J52yuFqr01yoHAY4W+0UWK0az76QcOkTLLyznz
GqD0j5BihaCJj/jfKrOyvcKnXXvZ+iyJHlwAnSlSFZND
-----END CERTIFICATE-----