Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/k5fvAehHxnQNCfnsJaKKvT-9GZs.roa
File:                     k5fvAehHxnQNCfnsJaKKvT-9GZs.roa (raw, json)
Hash identifier:          w01fkXKyMV08CBo2PRl70qccmW2SAEjJbrGa58rLDZE=
Subject key identifier:   93:97:EF:01:E8:47:C6:74:0D:09:F9:EC:25:A2:8A:BD:3F:BD:19:9B
Certificate issuer:       /CN=cd65ee23bff42ccf679d7377fe4da695d341aef0
Certificate serial:       018CCA2A83E340F39D1789F7024FABD6BAE8
Authority key identifier: CD:65:EE:23:BF:F4:2C:CF:67:9D:73:77:FE:4D:A6:95:D3:41:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/k5fvAehHxnQNCfnsJaKKvT-9GZs.roa
Signing time:             Tue 02 Jan 2024 12:33:53 +0000
ROA not before:           Tue 02 Jan 2024 12:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51013
IP address blocks:        213.188.152.0/22 maxlen: 22
                          213.188.156.0/23 maxlen: 23
                          2a02:250:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:83:e3:40:f3:9d:17:89:f7:02:4f:ab:d6:ba:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd65ee23bff42ccf679d7377fe4da695d341aef0
        Validity
            Not Before: Jan  2 12:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9397ef01e847c6740d09f9ec25a28abd3fbd199b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c0:29:40:9a:e3:32:b1:2d:62:98:39:48:7d:
                    0b:7e:d8:c7:f0:8c:34:e4:ad:42:9e:32:0b:fb:2d:
                    42:eb:5c:ff:89:28:dd:3d:a5:86:92:c7:80:c9:b0:
                    ea:c0:e2:37:e4:be:d4:14:3d:f3:bf:43:26:f1:31:
                    64:16:1a:d8:5e:3e:e3:07:35:e8:a3:98:41:db:b7:
                    0d:10:79:c8:c5:ac:c5:14:44:20:69:f9:51:dc:cc:
                    81:2d:04:50:2c:6c:31:31:8d:c7:13:8f:81:02:40:
                    3a:00:d4:38:d1:91:b2:f5:63:8e:5d:0f:4d:fd:85:
                    1b:f1:6f:3a:fa:4d:0f:30:ea:94:d2:b9:f0:54:9a:
                    01:f6:b2:68:ad:e7:4e:62:e3:4e:e7:26:16:c7:c3:
                    ff:7d:dc:90:c8:d5:ac:48:1b:a7:52:f7:fc:f2:0f:
                    f6:40:c4:9f:fd:51:9e:ab:a5:cc:8c:81:92:61:00:
                    8f:7f:a3:29:02:d5:1f:21:1e:40:d1:fe:86:da:8d:
                    b2:6d:c5:1f:66:9b:0b:fc:fb:ba:69:f6:0c:64:33:
                    18:43:df:0e:0c:61:d0:af:83:5e:ad:77:83:71:a8:
                    2f:93:e0:7d:e8:84:64:84:c1:fc:74:0a:a8:b1:dd:
                    d7:6f:22:75:be:0e:47:e8:f7:a6:45:cf:b7:ee:d8:
                    a5:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:97:EF:01:E8:47:C6:74:0D:09:F9:EC:25:A2:8A:BD:3F:BD:19:9B
            X509v3 Authority Key Identifier:
                keyid:CD:65:EE:23:BF:F4:2C:CF:67:9D:73:77:FE:4D:A6:95:D3:41:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zWXuI7_0LM9nnXN3_k2mldNBrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/k5fvAehHxnQNCfnsJaKKvT-9GZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/006d43-3dbf-4cf8-815d-5dc2fa6a3503/1/zWXuI7_0LM9nnXN3_k2mldNBrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.188.152.0-213.188.157.255
                IPv6:
                  2a02:250:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:84:22:ab:80:c0:22:b6:86:45:91:5f:6b:37:02:81:7c:02:
         95:e6:4c:47:fb:2d:df:4a:3e:01:0a:3e:01:49:7b:12:e3:b7:
         2e:52:f0:b1:1f:14:19:b5:96:46:d1:64:0b:8d:34:d6:bf:1e:
         25:8f:14:0f:59:ff:96:73:ae:89:f6:28:b1:a7:47:ac:01:05:
         b2:07:60:8d:73:c0:26:27:05:00:e1:f1:f3:5b:51:37:f8:c6:
         58:07:ae:20:f7:1a:bb:3a:27:d1:e4:28:73:53:b1:cb:64:44:
         9e:84:06:38:61:e1:34:a1:fc:3d:ca:34:7c:94:9b:69:5d:d9:
         bf:76:55:6a:5b:61:11:11:21:df:e4:1e:aa:4c:85:60:12:c5:
         ae:7c:4e:5f:34:82:83:5c:ad:9c:c4:ab:e4:10:ab:59:09:ef:
         f2:d3:1c:4c:b1:28:73:a8:08:dd:43:6f:20:48:a8:9f:15:2d:
         2a:f6:d5:eb:42:93:6f:2e:42:e5:4e:46:d0:8a:a0:44:28:26:
         63:8d:9b:89:5b:8f:05:f3:ce:91:64:76:f0:6e:cf:b0:b6:9d:
         8a:68:37:d7:5f:34:e6:cc:d3:94:a5:24:32:2c:cb:05:8b:6e:
         da:9a:81:21:e6:db:8f:53:a3:d0:7b:b2:1d:d7:63:74:6c:cb:
         3f:56:ba:1d
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzKKoPjQPOdF4n3Ak+r1rroMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNjVlZTIzYmZmNDJjY2Y2NzlkNzM3N2ZlNGRhNjk1ZDM0
MWFlZjAwHhcNMjQwMTAyMTIzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzk3ZWYwMWU4NDdjNjc0MGQwOWY5ZWMyNWEyOGFiZDNmYmQxOTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysApQJrjMrEtYpg5SH0LftjH8Iw0
5K1CnjIL+y1C61z/iSjdPaWGkseAybDqwOI35L7UFD3zv0Mm8TFkFhrYXj7jBzXo
o5hB27cNEHnIxazFFEQgaflR3MyBLQRQLGwxMY3HE4+BAkA6ANQ40ZGy9WOOXQ9N
/YUb8W86+k0PMOqU0rnwVJoB9rJoredOYuNO5yYWx8P/fdyQyNWsSBunUvf88g/2
QMSf/VGeq6XMjIGSYQCPf6MpAtUfIR5A0f6G2o2ybcUfZpsL/Pu6afYMZDMYQ98O
DGHQr4NerXeDcagvk+B96IRkhMH8dAqosd3XbyJ1vg5H6PemRc+37tilFQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJOX7wHoR8Z0DQn57CWiir0/vRmbMB8GA1UdIwQY
MBaAFM1l7iO/9CzPZ51zd/5NppXTQa7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveldYdUk3XzBMTTlublhOM19rMm1sZE5CcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMDZkNDMtM2RiZi00Y2Y4LTgxNWQt
NWRjMmZhNmEzNTAzLzEvazVmdkFlaEh4blFOQ2Zuc0phS0t2VC05R1pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMDZkNDMtM2RiZi00Y2Y4LTgxNWQtNWRjMmZhNmEzNTAz
LzEveldYdUk3XzBMTTlublhOM19rMm1sZE5CcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAPVvJgD
BAHVvJwwDwQCAAIwCQMHACoCAlAAAjANBgkqhkiG9w0BAQsFAAOCAQEAHYQiq4DA
IraGRZFfazcCgXwCleZMR/st30o+AQo+AUl7EuO3LlLwsR8UGbWWRtFkC4001r8e
JY8UD1n/lnOuifYosadHrAEFsgdgjXPAJicFAOHx81tRN/jGWAeuIPcauzon0eQo
c1Oxy2REnoQGOGHhNKH8Pco0fJSbaV3Zv3ZValthEREh3+QeqkyFYBLFrnxOXzSC
g1ytnMSr5BCrWQnv8tMcTLEoc6gI3UNvIEionxUtKvbV60KTby5C5U5G0IqgRCgm
Y42biVuPBfPOkWR28G7PsLadimg311805szTlKUkMizLBYtu2pqBIebbj1Oj0Huy
HddjdGzLP1a6HQ==
-----END CERTIFICATE-----