Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/2f5931-05a8-436b-9273-cd7b6edbfcf5/1/OFbw4SrYaM6691_TpICzZ3Dumyw.roa
File:                     OFbw4SrYaM6691_TpICzZ3Dumyw.roa (raw, json)
Hash identifier:          dGHkY7xddS5edkaumz54VM1yrJOENswrz+8Ta+n5WYU=
Subject key identifier:   38:56:F0:E1:2A:D8:68:CE:BA:F7:5F:D3:A4:80:B3:67:70:EE:9B:2C
Certificate issuer:       /CN=51e2be139ae779cd3d4feebccd368281a1f5e7a0
Certificate serial:       018CC5DBF646B74EC0EB506673087012EC1F
Authority key identifier: 51:E2:BE:13:9A:E7:79:CD:3D:4F:EE:BC:CD:36:82:81:A1:F5:E7:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UeK-E5rnec09T-68zTaCgaH156A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/2f5931-05a8-436b-9273-cd7b6edbfcf5/1/OFbw4SrYaM6691_TpICzZ3Dumyw.roa
Signing time:             Mon 01 Jan 2024 16:29:36 +0000
ROA not before:           Mon 01 Jan 2024 16:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8758
IP address blocks:        185.5.186.0/23 maxlen: 23
                          2a02:7c40:8000::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/2f5931-05a8-436b-9273-cd7b6edbfcf5/1/UeK-E5rnec09T-68zTaCgaH156A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/2f5931-05a8-436b-9273-cd7b6edbfcf5/1/UeK-E5rnec09T-68zTaCgaH156A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UeK-E5rnec09T-68zTaCgaH156A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f6:46:b7:4e:c0:eb:50:66:73:08:70:12:ec:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51e2be139ae779cd3d4feebccd368281a1f5e7a0
        Validity
            Not Before: Jan  1 16:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3856f0e12ad868cebaf75fd3a480b36770ee9b2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ab:e2:42:e3:ff:f7:cb:00:be:d9:97:52:60:
                    17:fc:16:58:82:12:6a:3a:45:47:60:b5:37:42:44:
                    a3:32:f6:1e:b2:4b:bd:a5:ee:cc:32:35:d9:3d:29:
                    2e:aa:0c:56:26:5a:a2:3a:72:75:32:09:c1:a3:96:
                    3b:a3:96:b5:83:08:2e:13:4a:6e:9e:d9:2e:75:ed:
                    f3:0a:49:ac:0d:44:10:01:0f:46:ed:f6:d5:02:15:
                    58:26:4e:39:11:a5:f4:fa:09:60:9a:76:a7:6a:4c:
                    87:f8:f1:3b:ef:46:87:a0:17:0f:8d:09:30:c3:80:
                    aa:5f:4b:4e:6a:fb:8f:d5:11:1f:29:b1:5e:c5:5a:
                    2e:78:eb:e9:d9:78:43:3a:f7:92:4e:b9:65:bb:27:
                    f3:e7:98:d7:c1:41:f9:5c:d6:cb:97:ff:58:e9:16:
                    d6:8d:57:1e:25:16:0e:b9:04:5e:82:96:50:e6:fd:
                    7a:f6:25:dd:04:ab:53:1a:3c:ce:e3:f2:5c:ac:25:
                    64:17:48:63:e3:2a:1a:f0:7c:21:e6:84:fc:bc:ec:
                    87:df:a9:71:0d:ca:f1:7a:8e:47:37:24:2d:1a:a6:
                    89:b0:20:8e:1d:75:1e:30:2e:f8:54:56:e1:25:d1:
                    72:20:e9:1b:2d:69:b5:40:38:9a:9f:af:d9:ba:46:
                    31:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:56:F0:E1:2A:D8:68:CE:BA:F7:5F:D3:A4:80:B3:67:70:EE:9B:2C
            X509v3 Authority Key Identifier:
                keyid:51:E2:BE:13:9A:E7:79:CD:3D:4F:EE:BC:CD:36:82:81:A1:F5:E7:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UeK-E5rnec09T-68zTaCgaH156A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2f5931-05a8-436b-9273-cd7b6edbfcf5/1/OFbw4SrYaM6691_TpICzZ3Dumyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2f5931-05a8-436b-9273-cd7b6edbfcf5/1/UeK-E5rnec09T-68zTaCgaH156A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.186.0/23
                IPv6:
                  2a02:7c40:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         44:14:78:52:a7:a7:e9:b3:f5:0b:e2:e8:cc:98:00:49:af:fb:
         c2:ce:3f:46:a8:c9:cc:8a:cb:2b:b4:00:4d:96:4a:6c:c3:d6:
         91:d1:ed:52:7e:b4:24:0a:e2:c4:b8:f7:12:20:59:ac:90:58:
         0f:2e:c8:9d:e0:ec:19:a9:7d:06:f3:f6:a8:58:0c:37:56:03:
         05:3a:0e:15:1a:5a:09:95:ce:c5:27:1b:15:5b:0c:24:c5:37:
         1f:d7:0d:19:e3:be:fb:a2:49:32:a7:55:98:2b:fb:c8:c9:3f:
         38:ad:5a:21:8f:bb:9c:bf:b4:0f:92:3b:81:3f:9b:bf:bd:d1:
         3a:bf:64:88:3a:54:3b:3d:9d:4c:b0:7a:b3:e0:09:37:7a:fa:
         e7:f8:da:11:ea:3b:86:99:a1:5c:52:5d:73:0c:61:f4:5d:15:
         18:d7:81:20:71:d6:87:69:a8:8e:82:48:98:60:45:5b:db:4b:
         18:63:6e:3f:5b:dd:b5:ae:35:b3:80:7f:f0:2e:b0:42:38:2b:
         1a:6e:51:ff:78:37:97:17:78:b6:7f:27:05:bb:1f:82:2e:b5:
         02:3a:90:80:6a:cd:51:fb:fb:35:f3:41:2b:06:e8:1b:f1:ca:
         52:42:67:8e:7b:51:ed:2e:8d:d1:10:0c:0e:3a:7c:71:d5:59:
         dc:f4:a8:37
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzF2/ZGt07A61BmcwhwEuwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZTJiZTEzOWFlNzc5Y2QzZDRmZWViY2NkMzY4MjgxYTFm
NWU3YTAwHhcNMjQwMTAxMTYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODU2ZjBlMTJhZDg2OGNlYmFmNzVmZDNhNDgwYjM2NzcwZWU5YjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6viQuP/98sAvtmXUmAX/BZYghJq
OkVHYLU3QkSjMvYesku9pe7MMjXZPSkuqgxWJlqiOnJ1MgnBo5Y7o5a1gwguE0pu
ntkude3zCkmsDUQQAQ9G7fbVAhVYJk45EaX0+glgmnanakyH+PE770aHoBcPjQkw
w4CqX0tOavuP1REfKbFexVoueOvp2XhDOveSTrlluyfz55jXwUH5XNbLl/9Y6RbW
jVceJRYOuQRegpZQ5v169iXdBKtTGjzO4/JcrCVkF0hj4yoa8Hwh5oT8vOyH36lx
Dcrxeo5HNyQtGqaJsCCOHXUeMC74VFbhJdFyIOkbLWm1QDian6/ZukYxEwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFDhW8OEq2GjOuvdf06SAs2dw7pssMB8GA1UdIwQY
MBaAFFHivhOa53nNPU/uvM02goGh9eegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWVLLUU1cm5lYzA5VC02OHpUYUNnYUgxNTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yZjU5MzEtMDVhOC00MzZiLTkyNzMt
Y2Q3YjZlZGJmY2Y1LzEvT0ZidzRTcllhTTY2OTFfVHBJQ3paM0R1bXl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yZjU5MzEtMDVhOC00MzZiLTkyNzMtY2Q3YjZlZGJmY2Y1
LzEvVWVLLUU1cm5lYzA5VC02OHpUYUNnYUgxNTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBuQW6MA4E
AgACMAgDBgcqAnxAgDANBgkqhkiG9w0BAQsFAAOCAQEARBR4Uqen6bP1C+LozJgA
Sa/7ws4/RqjJzIrLK7QATZZKbMPWkdHtUn60JArixLj3EiBZrJBYDy7IneDsGal9
BvP2qFgMN1YDBToOFRpaCZXOxScbFVsMJMU3H9cNGeO++6JJMqdVmCv7yMk/OK1a
IY+7nL+0D5I7gT+bv73ROr9kiDpUOz2dTLB6s+AJN3r65/jaEeo7hpmhXFJdcwxh
9F0VGNeBIHHWh2mojoJImGBFW9tLGGNuP1vdta41s4B/8C6wQjgrGm5R/3g3lxd4
tn8nBbsfgi61AjqQgGrNUfv7NfNBKwboG/HKUkJnjntR7S6N0RAMDjp8cdVZ3PSo
Nw==
-----END CERTIFICATE-----