Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/b4dc3c-ecab-436d-ac52-595307f47110/1/Sh6mRS7CBmE0Qav00bKqKKtLnyk.roa
File:                     Sh6mRS7CBmE0Qav00bKqKKtLnyk.roa (raw, json)
Hash identifier:          OoyCtubYp1SI0hYSduIB5nUU/Pz5/KGG+ecn2fpC/Eg=
Subject key identifier:   4A:1E:A6:45:2E:C2:06:61:34:41:AB:F4:D1:B2:AA:28:AB:4B:9F:29
Certificate issuer:       /CN=e5805c5fe3450287dcde6ade0d9c9558ba615e32
Certificate serial:       018CC2DADD1EB959D73A20BF497B42FCC5D5
Authority key identifier: E5:80:5C:5F:E3:45:02:87:DC:DE:6A:DE:0D:9C:95:58:BA:61:5E:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YBcX-NFAofc3mreDZyVWLphXjI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/b4dc3c-ecab-436d-ac52-595307f47110/1/Sh6mRS7CBmE0Qav00bKqKKtLnyk.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48817
IP address blocks:        193.22.15.0/24 maxlen: 24
                          2a10:db40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/b4dc3c-ecab-436d-ac52-595307f47110/1/5YBcX-NFAofc3mreDZyVWLphXjI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/b4dc3c-ecab-436d-ac52-595307f47110/1/5YBcX-NFAofc3mreDZyVWLphXjI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YBcX-NFAofc3mreDZyVWLphXjI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 16:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:dd:1e:b9:59:d7:3a:20:bf:49:7b:42:fc:c5:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5805c5fe3450287dcde6ade0d9c9558ba615e32
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a1ea6452ec206613441abf4d1b2aa28ab4b9f29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:46:53:00:56:b2:d6:b4:37:fc:0f:ae:c1:a7:
                    22:3f:3e:4d:42:4a:44:aa:86:ab:93:af:ab:bf:de:
                    b4:64:76:d4:a4:7c:a2:c0:ba:db:3a:c5:b8:24:81:
                    ea:2f:4c:2b:15:6b:81:5d:fd:fb:44:28:9a:a7:ef:
                    c1:c6:c5:31:66:94:ae:5f:38:65:c7:db:3c:20:65:
                    98:f8:31:f3:4c:6e:f2:b3:8d:0f:85:ad:9e:fb:0e:
                    5d:66:9c:19:fb:01:f5:5a:58:4f:40:80:1e:10:90:
                    fd:7b:7c:aa:64:74:c8:d7:98:05:c6:42:59:07:87:
                    ae:c9:42:9b:aa:92:98:ac:8d:e6:a2:23:3a:36:0a:
                    84:4b:a0:70:b7:92:61:2a:2d:56:1b:fe:24:16:60:
                    2c:02:4a:5a:eb:f9:53:a3:bc:d2:2a:de:63:2f:b5:
                    d5:04:90:36:f5:71:d9:51:b6:d7:f8:e5:6c:7c:cd:
                    cc:ac:46:f8:0c:77:3f:fc:c1:ad:59:0b:da:59:62:
                    0d:dc:b3:b3:d1:d9:0d:dd:e6:6a:88:43:31:ca:19:
                    16:f1:a4:a2:a2:40:83:61:4c:03:64:36:9b:ec:ed:
                    f3:42:3f:c3:79:cc:39:29:0f:74:ea:a9:38:68:32:
                    d9:e8:bf:55:1f:ae:48:0e:50:c8:6a:f0:3a:52:05:
                    14:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:1E:A6:45:2E:C2:06:61:34:41:AB:F4:D1:B2:AA:28:AB:4B:9F:29
            X509v3 Authority Key Identifier:
                keyid:E5:80:5C:5F:E3:45:02:87:DC:DE:6A:DE:0D:9C:95:58:BA:61:5E:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YBcX-NFAofc3mreDZyVWLphXjI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/b4dc3c-ecab-436d-ac52-595307f47110/1/Sh6mRS7CBmE0Qav00bKqKKtLnyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/b4dc3c-ecab-436d-ac52-595307f47110/1/5YBcX-NFAofc3mreDZyVWLphXjI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.15.0/24
                IPv6:
                  2a10:db40::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:58:3f:97:b4:d3:33:a9:ca:b4:c9:3d:1a:a3:c1:b2:9e:6d:
         b1:25:32:ee:4a:52:da:7a:c2:a5:5c:fb:06:4d:48:69:81:92:
         a6:1d:1a:07:ae:4d:29:de:f0:6e:54:43:99:d6:3c:1d:dc:8e:
         9f:c7:14:59:2d:d4:d2:3b:54:37:32:c9:31:0a:30:c9:c9:0d:
         3e:c0:94:0d:04:5f:3a:4f:bd:13:0d:b1:09:12:79:9a:ba:93:
         b1:cf:ad:26:83:5f:90:8c:1f:d8:d2:b5:b6:55:b9:eb:7f:83:
         0f:c8:f2:61:94:b6:a7:74:a8:75:0e:b2:53:22:20:a0:fe:41:
         46:c3:36:15:71:bd:71:30:16:8f:87:3b:6c:65:33:ef:e7:07:
         2b:cc:31:38:40:30:7a:29:f2:c2:25:ec:12:0c:1c:a6:d2:98:
         8a:d9:c4:32:4e:ef:02:6a:5e:2a:e5:ff:7e:da:9b:b5:fb:3f:
         90:1d:da:35:61:cd:bb:88:d4:6c:9f:71:be:18:bc:58:69:64:
         85:61:dc:ef:e5:95:4e:b6:a4:d5:f9:4a:03:34:06:d8:49:20:
         cd:1a:c5:d9:bf:05:79:c7:fc:d5:f7:8c:6a:79:aa:25:40:cf:
         65:08:62:04:c0:f9:7e:6e:5b:69:65:45:5a:76:37:7a:17:5c:
         40:bf:a6:30
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2t0euVnXOiC/SXtC/MXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODA1YzVmZTM0NTAyODdkY2RlNmFkZTBkOWM5NTU4YmE2
MTVlMzIwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTFlYTY0NTJlYzIwNjYxMzQ0MWFiZjRkMWIyYWEyOGFiNGI5ZjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEZTAFay1rQ3/A+uwaciPz5NQkpE
qoark6+rv960ZHbUpHyiwLrbOsW4JIHqL0wrFWuBXf37RCiap+/BxsUxZpSuXzhl
x9s8IGWY+DHzTG7ys40Pha2e+w5dZpwZ+wH1WlhPQIAeEJD9e3yqZHTI15gFxkJZ
B4euyUKbqpKYrI3moiM6NgqES6Bwt5JhKi1WG/4kFmAsAkpa6/lTo7zSKt5jL7XV
BJA29XHZUbbX+OVsfM3MrEb4DHc//MGtWQvaWWIN3LOz0dkN3eZqiEMxyhkW8aSi
okCDYUwDZDab7O3zQj/Decw5KQ906qk4aDLZ6L9VH65IDlDIavA6UgUUHQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEoepkUuwgZhNEGr9NGyqiirS58pMB8GA1UdIwQY
MBaAFOWAXF/jRQKH3N5q3g2clVi6YV4yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlCY1gtTkZBb2ZjM21yZURaeVZXTHBoWGpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9iNGRjM2MtZWNhYi00MzZkLWFjNTIt
NTk1MzA3ZjQ3MTEwLzEvU2g2bVJTN0NCbUUwUWF2MDBiS3FLS3RMbnlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9iNGRjM2MtZWNhYi00MzZkLWFjNTItNTk1MzA3ZjQ3MTEw
LzEvNVlCY1gtTkZBb2ZjM21yZURaeVZXTHBoWGpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwRYPMA0E
AgACMAcDBQMqENtAMA0GCSqGSIb3DQEBCwUAA4IBAQAgWD+XtNMzqcq0yT0ao8Gy
nm2xJTLuSlLaesKlXPsGTUhpgZKmHRoHrk0p3vBuVEOZ1jwd3I6fxxRZLdTSO1Q3
MskxCjDJyQ0+wJQNBF86T70TDbEJEnmaupOxz60mg1+QjB/Y0rW2Vbnrf4MPyPJh
lLandKh1DrJTIiCg/kFGwzYVcb1xMBaPhztsZTPv5wcrzDE4QDB6KfLCJewSDBym
0piK2cQyTu8Cal4q5f9+2pu1+z+QHdo1Yc27iNRsn3G+GLxYaWSFYdzv5ZVOtqTV
+UoDNAbYSSDNGsXZvwV5x/zV94xqeaolQM9lCGIEwPl+bltpZUVadjd6F1xAv6Yw
-----END CERTIFICATE-----