Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/x-sdtI-1kMr0feM1naIhzRZDOFg.roa
File:                     x-sdtI-1kMr0feM1naIhzRZDOFg.roa (raw, json)
Hash identifier:          vlusISjW8zhLnYMEGa4gEyF4AZrjP3Wo+5BaRT7mwP0=
Subject key identifier:   C7:EB:1D:B4:8F:B5:90:CA:F4:7D:E3:35:9D:A2:21:CD:16:43:38:58
Certificate issuer:       /CN=e4be8efec1fb03d8af979af1cba13a0845a7b0ba
Certificate serial:       018CC79511E90F9585C8317F959314EED85B
Authority key identifier: E4:BE:8E:FE:C1:FB:03:D8:AF:97:9A:F1:CB:A1:3A:08:45:A7:B0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/x-sdtI-1kMr0feM1naIhzRZDOFg.roa
Signing time:             Tue 02 Jan 2024 00:31:24 +0000
ROA not before:           Tue 02 Jan 2024 00:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198187
IP address blocks:        5.252.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:11:e9:0f:95:85:c8:31:7f:95:93:14:ee:d8:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4be8efec1fb03d8af979af1cba13a0845a7b0ba
        Validity
            Not Before: Jan  2 00:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7eb1db48fb590caf47de3359da221cd16433858
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:2d:92:23:3d:7b:40:fb:2a:9c:c6:8b:9c:70:
                    64:db:19:11:1a:87:46:33:b3:8f:82:ed:8d:50:df:
                    ba:d6:f3:d4:a1:6e:a5:3e:ed:08:b6:02:1b:eb:63:
                    00:13:7c:36:bf:38:87:63:58:f6:b2:ec:e9:97:20:
                    e9:20:6d:4f:b7:f6:ae:79:5e:99:9a:b5:49:20:20:
                    35:48:40:ae:72:44:55:16:4f:29:0f:f4:34:95:0b:
                    e2:f9:16:4a:9f:31:dc:b0:e4:71:b6:b5:61:12:3a:
                    b5:bc:4e:5e:f5:5d:7e:f9:07:fc:b9:35:21:c9:7d:
                    32:f7:62:f1:55:3c:82:0f:65:c9:0f:e7:10:c4:e8:
                    76:25:7d:93:7c:49:a5:09:51:f5:33:9d:fc:cc:f8:
                    ae:e9:a6:da:9b:d1:69:dd:cb:05:e6:76:13:c8:a4:
                    c9:43:ea:c9:f7:aa:75:1c:d9:ff:d5:b5:5d:07:c4:
                    6d:15:d0:0b:de:aa:8b:16:67:a2:04:c0:bd:70:a8:
                    77:e2:98:0d:cc:3f:08:a8:d7:66:06:43:fb:64:40:
                    d9:48:13:23:d8:56:e4:33:f3:f4:6e:7d:23:01:c1:
                    fd:83:bc:35:da:b2:f6:48:35:65:11:db:fe:4d:f3:
                    44:9b:56:07:96:d6:21:ad:18:aa:31:6f:66:38:bd:
                    d1:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:EB:1D:B4:8F:B5:90:CA:F4:7D:E3:35:9D:A2:21:CD:16:43:38:58
            X509v3 Authority Key Identifier:
                keyid:E4:BE:8E:FE:C1:FB:03:D8:AF:97:9A:F1:CB:A1:3A:08:45:A7:B0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/x-sdtI-1kMr0feM1naIhzRZDOFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:93:01:df:aa:fa:3f:fd:51:89:bc:cd:cc:99:9a:ec:8f:e5:
         82:a7:db:13:f4:9f:89:bc:5a:34:4a:4a:b8:87:12:18:d4:2c:
         a7:2c:02:f1:0a:fc:a7:ba:33:c6:8c:f4:94:af:cd:81:78:3a:
         97:89:f5:a4:b1:eb:66:a7:c4:96:eb:42:3f:bc:b6:64:6a:8d:
         50:03:2b:86:75:e4:86:7e:53:72:b3:8d:b4:8d:4d:60:f5:05:
         bb:e6:ab:68:07:e6:91:ce:4c:bd:8d:c2:67:ef:86:15:23:79:
         7e:16:14:a6:4a:05:1e:e6:07:35:e5:f0:2f:d7:e8:7d:76:28:
         77:c5:a7:1b:38:23:f4:d8:dc:dd:c6:3d:ac:2d:05:67:2a:c5:
         88:bc:9d:f8:ad:e3:b9:29:52:9f:f3:1f:dd:ad:d8:87:b9:5d:
         e6:e0:96:36:97:f0:54:52:ff:64:ac:8d:2f:0e:6e:8b:66:32:
         d1:da:2e:79:8b:47:04:ac:3a:6c:5a:05:23:fc:05:31:0b:51:
         c8:d8:1c:3e:30:4b:16:cd:a4:9f:ce:c0:f1:60:78:be:d9:e6:
         c2:16:81:9d:d2:61:3f:fa:79:f7:93:2f:96:f7:e0:43:52:e0:
         6b:a9:ed:38:48:dd:bd:ab:01:6c:6c:65:24:37:d3:25:2f:e7:
         e6:8f:24:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRHpD5WFyDF/lZMU7thbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YmU4ZWZlYzFmYjAzZDhhZjk3OWFmMWNiYTEzYTA4NDVh
N2IwYmEwHhcNMjQwMTAyMDAzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2ViMWRiNDhmYjU5MGNhZjQ3ZGUzMzU5ZGEyMjFjZDE2NDMzODU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAni2SIz17QPsqnMaLnHBk2xkRGodG
M7OPgu2NUN+61vPUoW6lPu0ItgIb62MAE3w2vziHY1j2suzplyDpIG1Pt/aueV6Z
mrVJICA1SECuckRVFk8pD/Q0lQvi+RZKnzHcsORxtrVhEjq1vE5e9V1++Qf8uTUh
yX0y92LxVTyCD2XJD+cQxOh2JX2TfEmlCVH1M538zPiu6abam9Fp3csF5nYTyKTJ
Q+rJ96p1HNn/1bVdB8RtFdAL3qqLFmeiBMC9cKh34pgNzD8IqNdmBkP7ZEDZSBMj
2FbkM/P0bn0jAcH9g7w12rL2SDVlEdv+TfNEm1YHltYhrRiqMW9mOL3RPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfrHbSPtZDK9H3jNZ2iIc0WQzhYMB8GA1UdIwQY
MBaAFOS+jv7B+wPYr5ea8cuhOghFp7C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUw2T19zSDdBOWl2bDVyeHk2RTZDRVduc0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wZjlmMDItYzJhZC00ZWM4LWI0ZDUt
ZGZiZmEzZmNmMDIxLzEveC1zZHRJLTFrTXIwZmVNMW5hSWh6UlpET0ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wZjlmMDItYzJhZC00ZWM4LWI0ZDUtZGZiZmEzZmNmMDIx
LzEvNUw2T19zSDdBOWl2bDVyeHk2RTZDRVduc0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfzWMA0G
CSqGSIb3DQEBCwUAA4IBAQAvkwHfqvo//VGJvM3MmZrsj+WCp9sT9J+JvFo0Skq4
hxIY1CynLALxCvynujPGjPSUr82BeDqXifWksetmp8SW60I/vLZkao1QAyuGdeSG
flNys420jU1g9QW75qtoB+aRzky9jcJn74YVI3l+FhSmSgUe5gc15fAv1+h9dih3
xacbOCP02Nzdxj2sLQVnKsWIvJ34reO5KVKf8x/drdiHuV3m4JY2l/BUUv9krI0v
Dm6LZjLR2i55i0cErDpsWgUj/AUxC1HI2Bw+MEsWzaSfzsDxYHi+2ebCFoGd0mE/
+nn3ky+W9+BDUuBrqe04SN29qwFsbGUkN9MlL+fmjySz
-----END CERTIFICATE-----