Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a38e4f-4d10-4b9f-8f2f-a9893545c3c5/1/btXVHxcl9qSujQwp5sl4_8u71EQ.roa
File:                     btXVHxcl9qSujQwp5sl4_8u71EQ.roa (raw, json)
Hash identifier:          4K6OZUPMq1ifNyT/FMHs4CovIrVSKhPBC6eF7/hb4tg=
Subject key identifier:   6E:D5:D5:1F:17:25:F6:A4:AE:8D:0C:29:E6:C9:78:FF:CB:BB:D4:44
Certificate issuer:       /CN=edfffb3c661e2f78a5785be95916044b06af51d2
Certificate serial:       018F4F3BE6D9D9E65F6C68CD002604F13E55
Authority key identifier: ED:FF:FB:3C:66:1E:2F:78:A5:78:5B:E9:59:16:04:4B:06:AF:51:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7f_7PGYeL3ileFvpWRYESwavUdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a38e4f-4d10-4b9f-8f2f-a9893545c3c5/1/btXVHxcl9qSujQwp5sl4_8u71EQ.roa
Signing time:             Mon 06 May 2024 18:47:56 +0000
ROA not before:           Mon 06 May 2024 18:47:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57087
IP address blocks:        5.182.130.0/24 maxlen: 24
                          5.182.131.0/24 maxlen: 24
                          193.163.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a38e4f-4d10-4b9f-8f2f-a9893545c3c5/1/7f_7PGYeL3ileFvpWRYESwavUdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a38e4f-4d10-4b9f-8f2f-a9893545c3c5/1/7f_7PGYeL3ileFvpWRYESwavUdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7f_7PGYeL3ileFvpWRYESwavUdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4f:3b:e6:d9:d9:e6:5f:6c:68:cd:00:26:04:f1:3e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edfffb3c661e2f78a5785be95916044b06af51d2
        Validity
            Not Before: May  6 18:47:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ed5d51f1725f6a4ae8d0c29e6c978ffcbbbd444
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:91:76:cb:ec:2e:f7:55:43:42:07:fc:0a:15:
                    40:91:db:1d:1e:08:96:17:4d:0f:32:21:80:41:4a:
                    df:f4:84:5e:30:51:04:93:99:7b:09:fe:f2:de:14:
                    77:2c:f7:75:ba:cb:04:6d:0a:5b:9e:b4:0a:9c:b8:
                    98:6e:5a:8f:31:f7:4c:bc:c8:85:bf:2d:88:19:8f:
                    dd:7a:04:c8:28:52:f8:14:84:0d:79:5c:3a:d8:78:
                    e1:d9:09:17:ca:56:57:47:eb:2b:20:62:83:25:11:
                    87:62:30:56:7a:48:96:ec:47:fb:18:b8:d9:8e:d5:
                    9d:82:f3:46:39:f0:4f:41:4d:89:ac:99:4a:e6:b8:
                    71:aa:51:04:80:5d:2b:ea:5a:fe:83:e1:93:0e:d7:
                    d2:4b:64:6d:2a:84:17:b5:d9:47:69:f7:5c:1b:ce:
                    38:69:c9:88:aa:c3:79:e9:ee:3d:cc:64:f4:de:96:
                    02:5c:b9:23:d0:89:7c:11:47:ca:34:4c:b2:03:7b:
                    3b:91:91:bb:7c:be:d4:06:7f:ad:d8:0a:98:7d:83:
                    55:87:97:cc:45:4a:af:9c:ce:bd:8b:9e:c8:15:bf:
                    a7:31:e5:c9:d1:6c:94:b0:e5:1c:05:96:2d:ed:09:
                    2a:f2:13:fa:34:97:1b:1b:fa:18:21:3b:72:12:36:
                    21:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:D5:D5:1F:17:25:F6:A4:AE:8D:0C:29:E6:C9:78:FF:CB:BB:D4:44
            X509v3 Authority Key Identifier:
                keyid:ED:FF:FB:3C:66:1E:2F:78:A5:78:5B:E9:59:16:04:4B:06:AF:51:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f_7PGYeL3ileFvpWRYESwavUdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a38e4f-4d10-4b9f-8f2f-a9893545c3c5/1/btXVHxcl9qSujQwp5sl4_8u71EQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a38e4f-4d10-4b9f-8f2f-a9893545c3c5/1/7f_7PGYeL3ileFvpWRYESwavUdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.130.0/23
                  193.163.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:bd:3f:42:e8:df:20:df:0a:c3:4d:67:e0:0a:23:f9:3b:0e:
         8e:6f:cb:48:07:25:cc:00:93:e1:77:e1:35:b9:c2:2e:ba:f1:
         a5:d2:a8:16:79:45:8b:70:ef:9b:2c:48:46:7c:05:11:b8:55:
         8b:ab:ea:1b:63:13:64:20:e4:0b:f1:24:b3:df:83:73:91:81:
         0e:02:37:76:ba:b6:b9:13:68:45:6a:dd:18:b1:4c:b9:08:67:
         f2:5b:b4:07:a8:2a:3e:1b:ab:4c:7f:3c:b2:34:ce:07:38:15:
         68:65:08:ca:41:95:65:42:bc:0f:fd:e4:aa:bc:98:63:c8:76:
         f5:52:35:06:a1:41:a6:ea:86:3d:6e:bc:8b:93:ba:de:38:01:
         96:08:64:da:90:ae:0c:21:f1:5b:e3:0e:9d:a5:4f:0b:a2:92:
         d1:85:85:7b:1f:db:fc:53:2a:93:ad:c4:0a:a4:fb:95:dc:49:
         49:a2:0b:c1:50:bf:06:9a:85:7d:f5:26:48:2e:4d:ca:41:7a:
         74:3b:db:fe:e1:bf:08:7b:64:b1:db:a5:11:fe:17:3d:d2:16:
         b1:f4:98:74:5a:e9:94:a2:92:14:f6:7e:9d:55:ca:d0:31:cb:
         c6:06:c6:a5:dc:37:e8:6f:d2:f8:de:93:14:41:79:17:a0:55:
         54:45:60:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9PO+bZ2eZfbGjNACYE8T5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkZmZmYjNjNjYxZTJmNzhhNTc4NWJlOTU5MTYwNDRiMDZh
ZjUxZDIwHhcNMjQwNTA2MTg0NzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWQ1ZDUxZjE3MjVmNmE0YWU4ZDBjMjllNmM5NzhmZmNiYmJkNDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpF2y+wu91VDQgf8ChVAkdsdHgiW
F00PMiGAQUrf9IReMFEEk5l7Cf7y3hR3LPd1ussEbQpbnrQKnLiYblqPMfdMvMiF
vy2IGY/degTIKFL4FIQNeVw62Hjh2QkXylZXR+srIGKDJRGHYjBWekiW7Ef7GLjZ
jtWdgvNGOfBPQU2JrJlK5rhxqlEEgF0r6lr+g+GTDtfSS2RtKoQXtdlHafdcG844
acmIqsN56e49zGT03pYCXLkj0Il8EUfKNEyyA3s7kZG7fL7UBn+t2AqYfYNVh5fM
RUqvnM69i57IFb+nMeXJ0WyUsOUcBZYt7Qkq8hP6NJcbG/oYITtyEjYhbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG7V1R8XJfakro0MKebJeP/Lu9REMB8GA1UdIwQY
MBaAFO3/+zxmHi94pXhb6VkWBEsGr1HSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2ZfN1BHWWVMM2lsZUZ2cFdSWUVTd2F2VWRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hMzhlNGYtNGQxMC00YjlmLThmMmYt
YTk4OTM1NDVjM2M1LzEvYnRYVkh4Y2w5cVN1alF3cDVzbDRfOHU3MUVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hMzhlNGYtNGQxMC00YjlmLThmMmYtYTk4OTM1NDVjM2M1
LzEvN2ZfN1BHWWVMM2lsZUZ2cFdSWUVTd2F2VWRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBbaCAwQA
waMsMA0GCSqGSIb3DQEBCwUAA4IBAQA1vT9C6N8g3wrDTWfgCiP5Ow6Ob8tIByXM
AJPhd+E1ucIuuvGl0qgWeUWLcO+bLEhGfAURuFWLq+obYxNkIOQL8SSz34NzkYEO
Ajd2ura5E2hFat0YsUy5CGfyW7QHqCo+G6tMfzyyNM4HOBVoZQjKQZVlQrwP/eSq
vJhjyHb1UjUGoUGm6oY9bryLk7reOAGWCGTakK4MIfFb4w6dpU8LopLRhYV7H9v8
UyqTrcQKpPuV3ElJogvBUL8GmoV99SZILk3KQXp0O9v+4b8Ie2Sx26UR/hc90hax
9Jh0WumUopIU9n6dVcrQMcvGBsal3Dfob9L43pMUQXkXoFVURWAI
-----END CERTIFICATE-----