Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/bc1c74-1e0a-4055-80b8-efa7f89bd0b9/1/5rq4mPYSoLMw0c9Ex0reOHs5960.roa
File:                     5rq4mPYSoLMw0c9Ex0reOHs5960.roa (raw, json)
Hash identifier:          6H/V1n0peanmBCYVAQMj7GDUr4M6jpBZAHpFu14I3G4=
Subject key identifier:   E6:BA:B8:98:F6:12:A0:B3:30:D1:CF:44:C7:4A:DE:38:7B:39:F7:AD
Certificate issuer:       /CN=a27200544f93a675fc8c7841856980e38a3529cb
Certificate serial:       018CC3B6F5A56B1D4A927F4CA8CAE60D4476
Authority key identifier: A2:72:00:54:4F:93:A6:75:FC:8C:78:41:85:69:80:E3:8A:35:29:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/onIAVE-TpnX8jHhBhWmA44o1Kcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/bc1c74-1e0a-4055-80b8-efa7f89bd0b9/1/5rq4mPYSoLMw0c9Ex0reOHs5960.roa
Signing time:             Mon 01 Jan 2024 06:29:56 +0000
ROA not before:           Mon 01 Jan 2024 06:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16243
IP address blocks:        193.176.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/bc1c74-1e0a-4055-80b8-efa7f89bd0b9/1/onIAVE-TpnX8jHhBhWmA44o1Kcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/bc1c74-1e0a-4055-80b8-efa7f89bd0b9/1/onIAVE-TpnX8jHhBhWmA44o1Kcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/onIAVE-TpnX8jHhBhWmA44o1Kcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f5:a5:6b:1d:4a:92:7f:4c:a8:ca:e6:0d:44:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a27200544f93a675fc8c7841856980e38a3529cb
        Validity
            Not Before: Jan  1 06:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6bab898f612a0b330d1cf44c74ade387b39f7ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f4:5d:d6:ef:76:20:7c:50:a9:8e:30:64:7a:
                    82:fa:3d:57:6b:08:3d:42:47:5a:b3:7c:ec:44:a2:
                    cc:b5:8c:3e:2b:7d:f9:eb:e6:ac:5a:d0:88:8c:79:
                    07:59:7d:39:65:82:14:a4:cc:14:74:f2:fe:2b:9f:
                    21:83:cd:8a:08:ca:2f:a7:97:6c:7e:05:6c:ed:8d:
                    8f:8a:24:b0:d1:7a:66:05:f7:30:3b:f1:51:7f:0f:
                    26:d9:bc:d4:f5:5a:10:da:11:66:9c:79:1e:fa:ad:
                    89:bb:80:75:2b:24:eb:76:bf:69:b2:4c:98:18:3d:
                    34:90:8a:eb:5c:4a:32:cf:80:8d:2d:99:76:87:a4:
                    86:d9:ff:24:3e:8a:63:3a:ac:e7:73:0f:3e:94:99:
                    c5:f6:a6:87:33:92:d0:6e:3c:b3:f4:bd:3f:f8:25:
                    c6:f8:6f:06:8e:f0:1d:fc:1b:de:ee:f3:aa:4b:c1:
                    71:3b:6d:9c:0f:80:72:ed:d1:06:a4:b1:02:51:82:
                    21:da:b3:d1:8e:36:db:7c:c4:4c:74:83:1d:3d:15:
                    1c:c7:3a:2d:7d:77:2e:a4:c4:c7:bc:60:ce:f0:ec:
                    26:ba:d8:91:2b:59:c7:45:5f:ae:72:e4:5c:d0:65:
                    2a:0c:81:68:46:3f:7c:35:cc:b5:9a:b6:b1:54:9d:
                    89:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:BA:B8:98:F6:12:A0:B3:30:D1:CF:44:C7:4A:DE:38:7B:39:F7:AD
            X509v3 Authority Key Identifier:
                keyid:A2:72:00:54:4F:93:A6:75:FC:8C:78:41:85:69:80:E3:8A:35:29:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/onIAVE-TpnX8jHhBhWmA44o1Kcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/bc1c74-1e0a-4055-80b8-efa7f89bd0b9/1/5rq4mPYSoLMw0c9Ex0reOHs5960.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/bc1c74-1e0a-4055-80b8-efa7f89bd0b9/1/onIAVE-TpnX8jHhBhWmA44o1Kcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:55:31:b5:c6:06:af:ae:9d:3f:f0:0a:26:6c:c5:75:a2:ea:
         b5:7e:f9:30:af:d7:9e:a5:72:66:2f:3f:70:5b:b5:18:f4:68:
         a8:7a:c8:cc:fd:28:01:b0:52:59:06:14:c7:8d:8e:be:1b:c8:
         9f:49:7f:e6:b7:16:44:df:6b:c8:e2:5e:30:28:21:4f:78:e1:
         dc:5a:93:e1:f3:5f:ff:06:54:86:4d:0f:12:d0:e6:3b:a3:db:
         64:0e:2a:82:41:ff:e2:b1:18:58:48:af:7b:6d:d4:a1:d6:3d:
         ae:24:52:0b:3e:db:6e:24:3f:c4:4e:7d:94:f4:eb:64:24:7e:
         d9:5a:3a:18:00:8b:2b:07:b4:c7:c0:46:84:2e:f5:8c:b1:ef:
         fe:5f:6a:8a:2b:21:b6:4d:21:cb:40:73:20:0c:b9:50:67:cf:
         6e:c4:06:d0:30:3b:58:f9:7c:6c:7d:be:a1:a0:55:3a:5f:59:
         8e:77:39:9a:12:50:b7:96:67:e0:a0:c9:12:71:8c:70:aa:e7:
         83:c6:e2:70:6c:d9:16:4e:f9:3e:89:cd:27:c9:01:5f:3c:ea:
         b0:bb:3c:72:89:6e:df:95:2c:df:4c:a3:03:38:2b:8a:e8:d7:
         8f:d5:74:e3:a0:0e:ef:d7:a9:e9:d6:28:03:13:86:92:14:fe:
         d5:cd:c2:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvWlax1Kkn9MqMrmDUR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNzIwMDU0NGY5M2E2NzVmYzhjNzg0MTg1Njk4MGUzOGEz
NTI5Y2IwHhcNMjQwMTAxMDYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmJhYjg5OGY2MTJhMGIzMzBkMWNmNDRjNzRhZGUzODdiMzlmN2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifRd1u92IHxQqY4wZHqC+j1Xawg9
Qkdas3zsRKLMtYw+K3356+asWtCIjHkHWX05ZYIUpMwUdPL+K58hg82KCMovp5ds
fgVs7Y2PiiSw0XpmBfcwO/FRfw8m2bzU9VoQ2hFmnHke+q2Ju4B1KyTrdr9pskyY
GD00kIrrXEoyz4CNLZl2h6SG2f8kPopjOqzncw8+lJnF9qaHM5LQbjyz9L0/+CXG
+G8GjvAd/Bve7vOqS8FxO22cD4By7dEGpLECUYIh2rPRjjbbfMRMdIMdPRUcxzot
fXcupMTHvGDO8OwmutiRK1nHRV+ucuRc0GUqDIFoRj98Ncy1mraxVJ2J0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOa6uJj2EqCzMNHPRMdK3jh7OfetMB8GA1UdIwQY
MBaAFKJyAFRPk6Z1/Ix4QYVpgOOKNSnLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb25JQVZFLVRwblg4akhoQmhXbUE0NG8xS2NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iYzFjNzQtMWUwYS00MDU1LTgwYjgt
ZWZhN2Y4OWJkMGI5LzEvNXJxNG1QWVNvTE13MGM5RXgwcmVPSHM1OTYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iYzFjNzQtMWUwYS00MDU1LTgwYjgtZWZhN2Y4OWJkMGI5
LzEvb25JQVZFLVRwblg4akhoQmhXbUE0NG8xS2NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbAFMA0G
CSqGSIb3DQEBCwUAA4IBAQCDVTG1xgavrp0/8AombMV1ouq1fvkwr9eepXJmLz9w
W7UY9GioesjM/SgBsFJZBhTHjY6+G8ifSX/mtxZE32vI4l4wKCFPeOHcWpPh81//
BlSGTQ8S0OY7o9tkDiqCQf/isRhYSK97bdSh1j2uJFILPttuJD/ETn2U9OtkJH7Z
WjoYAIsrB7THwEaELvWMse/+X2qKKyG2TSHLQHMgDLlQZ89uxAbQMDtY+Xxsfb6h
oFU6X1mOdzmaElC3lmfgoMkScYxwqueDxuJwbNkWTvk+ic0nyQFfPOqwuzxyiW7f
lSzfTKMDOCuK6NeP1XTjoA7v16np1igDE4aSFP7VzcLX
-----END CERTIFICATE-----