Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/851657-044d-47d3-afc9-c3a8375f90f9/1/ewHzTbJwwNxy5eDGZYShh-CrNV4.roa
File:                     ewHzTbJwwNxy5eDGZYShh-CrNV4.roa (raw, json)
Hash identifier:          Pxsym7fwuoRcUcn/UNe3ukSsg7j6fsg4kXdwuHd0518=
Subject key identifier:   7B:01:F3:4D:B2:70:C0:DC:72:E5:E0:C6:65:84:A1:87:E0:AB:35:5E
Certificate issuer:       /CN=57b0d67c49ec12f4f5417038f6dc13c2f93ea765
Certificate serial:       018D7868478474E97993A23AB1F2621B345B
Authority key identifier: 57:B0:D6:7C:49:EC:12:F4:F5:41:70:38:F6:DC:13:C2:F9:3E:A7:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V7DWfEnsEvT1QXA49twTwvk-p2U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/851657-044d-47d3-afc9-c3a8375f90f9/1/ewHzTbJwwNxy5eDGZYShh-CrNV4.roa
Signing time:             Mon 05 Feb 2024 08:35:16 +0000
ROA not before:           Mon 05 Feb 2024 08:35:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49494
IP address blocks:        193.169.76.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/851657-044d-47d3-afc9-c3a8375f90f9/1/V7DWfEnsEvT1QXA49twTwvk-p2U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/851657-044d-47d3-afc9-c3a8375f90f9/1/V7DWfEnsEvT1QXA49twTwvk-p2U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V7DWfEnsEvT1QXA49twTwvk-p2U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:68:47:84:74:e9:79:93:a2:3a:b1:f2:62:1b:34:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57b0d67c49ec12f4f5417038f6dc13c2f93ea765
        Validity
            Not Before: Feb  5 08:35:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b01f34db270c0dc72e5e0c66584a187e0ab355e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:25:81:55:0a:95:68:b8:1a:39:75:77:39:50:
                    68:f1:ca:97:dc:3b:10:68:6c:2a:b0:44:4b:98:2e:
                    45:1f:83:89:02:cf:f8:9c:a9:87:84:dc:a4:4a:1c:
                    72:ea:d5:f0:f2:80:5b:98:1a:2c:bf:2e:bb:49:01:
                    c8:ce:6a:0d:b1:67:74:41:32:c1:9a:41:70:08:6e:
                    b3:34:a7:40:d2:29:3b:45:bb:c3:32:c8:65:5d:1d:
                    97:c8:03:9e:fa:98:90:67:d5:6a:ec:ac:77:09:a5:
                    b8:02:a2:a3:3c:7b:f2:54:12:f2:4f:d0:34:29:f5:
                    ea:59:b2:29:0d:6b:5f:d2:5f:03:5b:dc:ce:15:25:
                    59:66:f0:b2:1b:76:31:f7:65:7b:f0:aa:8f:5e:f7:
                    b4:6f:46:e7:71:e8:68:a5:92:cd:48:88:39:f6:93:
                    ca:84:8a:0b:ff:71:32:d3:c7:b7:f1:a3:a2:98:c2:
                    e8:20:1f:d0:71:d5:6c:1a:d1:37:7d:0d:62:f1:9d:
                    9e:4e:71:83:12:ac:f5:2d:1d:b1:4d:46:0d:ac:89:
                    60:bb:d0:9f:58:81:8b:d9:15:cc:21:4f:0f:fe:3e:
                    dc:ab:28:11:ed:1f:52:bd:71:16:0a:e5:8c:64:64:
                    8e:8b:6f:65:9f:20:04:35:a7:4d:96:ae:16:bc:b5:
                    96:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:01:F3:4D:B2:70:C0:DC:72:E5:E0:C6:65:84:A1:87:E0:AB:35:5E
            X509v3 Authority Key Identifier:
                keyid:57:B0:D6:7C:49:EC:12:F4:F5:41:70:38:F6:DC:13:C2:F9:3E:A7:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V7DWfEnsEvT1QXA49twTwvk-p2U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/851657-044d-47d3-afc9-c3a8375f90f9/1/ewHzTbJwwNxy5eDGZYShh-CrNV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/851657-044d-47d3-afc9-c3a8375f90f9/1/V7DWfEnsEvT1QXA49twTwvk-p2U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:9e:cb:90:b9:54:b3:8f:c1:eb:2c:b4:66:95:9a:6a:62:ca:
         31:db:f2:22:3a:ae:ea:c9:3e:14:9d:6e:ce:03:4d:80:78:4a:
         05:a0:76:d4:6f:8a:bf:91:54:4d:16:96:04:b6:f3:d6:2c:6a:
         c1:4b:9b:8c:30:b9:d5:9b:f1:cb:62:f2:98:96:4e:77:c8:57:
         d3:86:95:ae:17:21:60:62:55:ab:d7:4c:5a:dd:d6:7e:cb:e2:
         5c:f8:c1:03:27:84:56:87:6b:df:21:19:b5:61:c9:0e:6a:cc:
         76:b3:83:a0:59:91:87:16:c4:fb:a2:03:44:a2:90:12:29:ef:
         62:32:44:fe:56:40:03:ba:3b:4c:31:40:7f:11:e2:13:6a:1f:
         fd:a8:6a:de:bd:3b:73:22:52:69:27:f0:79:ba:da:c5:32:bc:
         c6:74:de:98:db:c2:db:d8:37:07:7f:cf:45:f6:82:49:1c:af:
         de:bb:32:14:6e:00:fc:f8:f7:09:af:33:5d:e9:3c:a8:03:09:
         f2:71:ed:7a:31:51:de:f0:3f:cd:1b:da:6f:e7:44:a7:40:9d:
         a1:17:e4:3f:bf:50:35:5f:d0:21:fa:30:d6:07:db:1f:fa:46:
         12:8d:1c:08:20:9e:75:31:41:f0:8e:2d:87:a7:70:de:d6:c4:
         e0:c3:22:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY14aEeEdOl5k6I6sfJiGzRbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YjBkNjdjNDllYzEyZjRmNTQxNzAzOGY2ZGMxM2MyZjkz
ZWE3NjUwHhcNMjQwMjA1MDgzNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjAxZjM0ZGIyNzBjMGRjNzJlNWUwYzY2NTg0YTE4N2UwYWIzNTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCWBVQqVaLgaOXV3OVBo8cqX3DsQ
aGwqsERLmC5FH4OJAs/4nKmHhNykShxy6tXw8oBbmBosvy67SQHIzmoNsWd0QTLB
mkFwCG6zNKdA0ik7RbvDMshlXR2XyAOe+piQZ9Vq7Kx3CaW4AqKjPHvyVBLyT9A0
KfXqWbIpDWtf0l8DW9zOFSVZZvCyG3Yx92V78KqPXve0b0bncehopZLNSIg59pPK
hIoL/3Ey08e38aOimMLoIB/QcdVsGtE3fQ1i8Z2eTnGDEqz1LR2xTUYNrIlgu9Cf
WIGL2RXMIU8P/j7cqygR7R9SvXEWCuWMZGSOi29lnyAENadNlq4WvLWWCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHsB802ycMDccuXgxmWEoYfgqzVeMB8GA1UdIwQY
MBaAFFew1nxJ7BL09UFwOPbcE8L5PqdlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjdEV2ZFbnNFdlQxUVhBNDl0d1R3dmstcDJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi84NTE2NTctMDQ0ZC00N2QzLWFmYzkt
YzNhODM3NWY5MGY5LzEvZXdIelRiSnd3Tnh5NWVER1pZU2hoLUNyTlY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi84NTE2NTctMDQ0ZC00N2QzLWFmYzktYzNhODM3NWY5MGY5
LzEvVjdEV2ZFbnNFdlQxUVhBNDl0d1R3dmstcDJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwalMMA0G
CSqGSIb3DQEBCwUAA4IBAQCPnsuQuVSzj8HrLLRmlZpqYsox2/IiOq7qyT4UnW7O
A02AeEoFoHbUb4q/kVRNFpYEtvPWLGrBS5uMMLnVm/HLYvKYlk53yFfThpWuFyFg
YlWr10xa3dZ+y+Jc+MEDJ4RWh2vfIRm1YckOasx2s4OgWZGHFsT7ogNEopASKe9i
MkT+VkADujtMMUB/EeITah/9qGrevTtzIlJpJ/B5utrFMrzGdN6Y28Lb2DcHf89F
9oJJHK/euzIUbgD8+PcJrzNd6TyoAwnyce16MVHe8D/NG9pv50SnQJ2hF+Q/v1A1
X9Ah+jDWB9sf+kYSjRwIIJ51MUHwji2Hp3De1sTgwyII
-----END CERTIFICATE-----