Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/c6e00e-81cd-4c00-aff1-dc8e83e629f2/1/t5m6pTI_7W7d9a5uARQOLgDEips.roa
File:                     t5m6pTI_7W7d9a5uARQOLgDEips.roa (raw, json)
Hash identifier:          JNgBU9T0z+oNDnKpw7O6b+hRJzvaN25GQ9a+bXKjK1k=
Subject key identifier:   B7:99:BA:A5:32:3F:ED:6E:DD:F5:AE:6E:01:14:0E:2E:00:C4:8A:9B
Certificate issuer:       /CN=668da92f99b5407f28a2f36613e849447a93f6b9
Certificate serial:       018CC49239EB5DCD3135D86E77C2067BDFE1
Authority key identifier: 66:8D:A9:2F:99:B5:40:7F:28:A2:F3:66:13:E8:49:44:7A:93:F6:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zo2pL5m1QH8oovNmE-hJRHqT9rk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/c6e00e-81cd-4c00-aff1-dc8e83e629f2/1/t5m6pTI_7W7d9a5uARQOLgDEips.roa
Signing time:             Mon 01 Jan 2024 10:29:26 +0000
ROA not before:           Mon 01 Jan 2024 10:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1103
IP address blocks:        131.174.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/c6e00e-81cd-4c00-aff1-dc8e83e629f2/1/Zo2pL5m1QH8oovNmE-hJRHqT9rk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/c6e00e-81cd-4c00-aff1-dc8e83e629f2/1/Zo2pL5m1QH8oovNmE-hJRHqT9rk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zo2pL5m1QH8oovNmE-hJRHqT9rk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:39:eb:5d:cd:31:35:d8:6e:77:c2:06:7b:df:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=668da92f99b5407f28a2f36613e849447a93f6b9
        Validity
            Not Before: Jan  1 10:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b799baa5323fed6eddf5ae6e01140e2e00c48a9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d1:31:ab:5e:dc:2e:c9:9d:0d:80:71:00:fc:
                    97:56:76:f8:87:ac:87:ff:64:2b:6c:60:3d:66:c7:
                    fb:ec:0d:bc:36:94:58:38:11:85:ea:44:54:c9:0b:
                    33:04:b1:6b:5c:b9:12:31:6a:95:07:c9:2e:f3:8a:
                    b2:1f:63:12:5e:ef:cc:e6:d2:6a:bb:08:69:db:eb:
                    78:18:10:8e:e7:71:c1:74:69:ea:c9:00:14:eb:9e:
                    8b:c2:03:de:c1:38:ca:28:ab:65:dd:9a:ab:0d:85:
                    65:a3:af:a6:51:8a:54:5e:d4:94:79:fd:5a:11:a5:
                    c2:57:31:c1:14:48:e8:4f:ec:88:55:a6:61:d3:50:
                    82:27:ab:c8:1a:b7:3f:84:8a:d9:c8:0d:f6:17:ef:
                    90:16:2d:ff:f6:a5:af:bf:0a:7c:0b:dd:16:76:ef:
                    fd:44:b3:f6:8a:b6:05:88:83:84:56:90:dd:12:e8:
                    7e:af:57:4d:b0:c8:a4:e8:46:8c:dd:5b:37:8c:30:
                    e7:fb:96:3b:59:2f:0d:2a:8c:c1:03:73:eb:57:73:
                    5c:55:95:da:9f:a8:47:7d:b8:4f:1b:1c:73:52:36:
                    ac:53:09:4e:05:8e:4d:63:f5:ee:cf:7b:60:af:00:
                    f6:29:d1:10:c3:c8:f1:ee:6f:ce:e2:00:42:25:d5:
                    e7:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:99:BA:A5:32:3F:ED:6E:DD:F5:AE:6E:01:14:0E:2E:00:C4:8A:9B
            X509v3 Authority Key Identifier:
                keyid:66:8D:A9:2F:99:B5:40:7F:28:A2:F3:66:13:E8:49:44:7A:93:F6:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zo2pL5m1QH8oovNmE-hJRHqT9rk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/c6e00e-81cd-4c00-aff1-dc8e83e629f2/1/t5m6pTI_7W7d9a5uARQOLgDEips.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/c6e00e-81cd-4c00-aff1-dc8e83e629f2/1/Zo2pL5m1QH8oovNmE-hJRHqT9rk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.174.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1c:52:b1:a3:69:5f:7b:20:d0:57:ed:2c:28:33:24:ef:d9:2d:
         d3:2c:c3:ac:34:d7:94:12:d1:5f:f3:0d:be:f1:78:d5:a0:81:
         94:0d:8d:ca:24:b5:d4:8b:ef:e4:1c:ae:53:1b:d2:7d:3a:9b:
         43:a7:57:e0:a0:c0:65:4d:7d:bf:1c:84:e4:93:f3:a0:1b:2a:
         1d:1c:08:03:1e:1a:2e:2d:8f:10:b9:3e:68:55:ca:7d:bb:17:
         f3:e0:48:3d:e3:f0:5d:ba:13:1a:20:01:86:ca:6e:83:1c:d6:
         ab:94:83:69:a5:64:6c:93:3a:7c:b2:c3:a8:55:45:39:a5:e9:
         1b:d4:1c:59:7f:42:c6:8b:3c:51:af:d5:1b:be:0e:a2:cc:b5:
         d3:65:71:97:d2:ca:95:7a:03:cd:14:d4:e0:75:5e:53:01:de:
         1d:82:3b:c9:9d:6b:9d:1f:c4:97:8e:62:b1:90:aa:c0:e0:df:
         76:1a:2a:cb:00:19:dc:a7:2d:69:3f:90:0c:9f:91:7b:1d:e4:
         72:ef:86:7c:a8:ea:8e:13:b5:de:40:af:eb:68:c6:87:75:ed:
         51:1d:bb:2c:7e:6d:db:ef:b3:4e:07:7a:31:e9:f0:1a:7f:51:
         dc:a4:2c:38:7f:17:9f:d1:8b:44:6e:39:51:25:c1:1f:3a:5d:
         ed:c1:92:bb
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzEkjnrXc0xNdhud8IGe9/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OGRhOTJmOTliNTQwN2YyOGEyZjM2NjEzZTg0OTQ0N2E5
M2Y2YjkwHhcNMjQwMTAxMTAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzk5YmFhNTMyM2ZlZDZlZGRmNWFlNmUwMTE0MGUyZTAwYzQ4YTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tExq17cLsmdDYBxAPyXVnb4h6yH
/2QrbGA9Zsf77A28NpRYOBGF6kRUyQszBLFrXLkSMWqVB8ku84qyH2MSXu/M5tJq
uwhp2+t4GBCO53HBdGnqyQAU656LwgPewTjKKKtl3ZqrDYVlo6+mUYpUXtSUef1a
EaXCVzHBFEjoT+yIVaZh01CCJ6vIGrc/hIrZyA32F++QFi3/9qWvvwp8C90Wdu/9
RLP2irYFiIOEVpDdEuh+r1dNsMik6EaM3Vs3jDDn+5Y7WS8NKozBA3PrV3NcVZXa
n6hHfbhPGxxzUjasUwlOBY5NY/Xuz3tgrwD2KdEQw8jx7m/O4gBCJdXn+wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLeZuqUyP+1u3fWubgEUDi4AxIqbMB8GA1UdIwQY
MBaAFGaNqS+ZtUB/KKLzZhPoSUR6k/a5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm8ycEw1bTFRSDhvb3ZObUUtaEpSSHFUOXJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9jNmUwMGUtODFjZC00YzAwLWFmZjEt
ZGM4ZTgzZTYyOWYyLzEvdDVtNnBUSV83VzdkOWE1dUFSUU9MZ0RFaXBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9jNmUwMGUtODFjZC00YzAwLWFmZjEtZGM4ZTgzZTYyOWYy
LzEvWm8ycEw1bTFRSDhvb3ZObUUtaEpSSHFUOXJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAg64wDQYJ
KoZIhvcNAQELBQADggEBABxSsaNpX3sg0FftLCgzJO/ZLdMsw6w015QS0V/zDb7x
eNWggZQNjcoktdSL7+QcrlMb0n06m0OnV+CgwGVNfb8chOST86AbKh0cCAMeGi4t
jxC5PmhVyn27F/PgSD3j8F26ExogAYbKboMc1quUg2mlZGyTOnyyw6hVRTml6RvU
HFl/QsaLPFGv1Ru+DqLMtdNlcZfSypV6A80U1OB1XlMB3h2CO8mda50fxJeOYrGQ
qsDg33YaKssAGdynLWk/kAyfkXsd5HLvhnyo6o4Ttd5Ar+toxod17VEduyx+bdvv
s04HejHp8Bp/UdykLDh/F5/Ri0RuOVElwR86Xe3Bkrs=
-----END CERTIFICATE-----