Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/7cc0f6-74ef-423a-a696-4a2bf4ab199d/1/rdh7r1uWtugjLQ10q48nKjV6V0A.roa
File:                     rdh7r1uWtugjLQ10q48nKjV6V0A.roa (raw, json)
Hash identifier:          I1IovtAD8tBJEMYj2LeF4Z/VrO52CHBSz5AP+bdD0PQ=
Subject key identifier:   AD:D8:7B:AF:5B:96:B6:E8:23:2D:0D:74:AB:8F:27:2A:35:7A:57:40
Certificate issuer:       /CN=26f36b5c6ca7a1698e7421a27e3d4a6b7648148d
Certificate serial:       018CC2DAEE8A4E807086FE1499A6D68E4C71
Authority key identifier: 26:F3:6B:5C:6C:A7:A1:69:8E:74:21:A2:7E:3D:4A:6B:76:48:14:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JvNrXGynoWmOdCGifj1Ka3ZIFI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/7cc0f6-74ef-423a-a696-4a2bf4ab199d/1/rdh7r1uWtugjLQ10q48nKjV6V0A.roa
Signing time:             Mon 01 Jan 2024 02:29:36 +0000
ROA not before:           Mon 01 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215876
IP address blocks:        5.61.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/7cc0f6-74ef-423a-a696-4a2bf4ab199d/1/JvNrXGynoWmOdCGifj1Ka3ZIFI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/7cc0f6-74ef-423a-a696-4a2bf4ab199d/1/JvNrXGynoWmOdCGifj1Ka3ZIFI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JvNrXGynoWmOdCGifj1Ka3ZIFI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ee:8a:4e:80:70:86:fe:14:99:a6:d6:8e:4c:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26f36b5c6ca7a1698e7421a27e3d4a6b7648148d
        Validity
            Not Before: Jan  1 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=add87baf5b96b6e8232d0d74ab8f272a357a5740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:56:46:93:d8:7f:f0:f5:16:43:62:f2:f4:b3:
                    94:0d:63:2d:23:84:81:ac:ec:7e:98:0b:7b:ac:b0:
                    e0:74:f0:3c:cf:4d:a2:7a:47:dd:ed:d3:40:9b:1b:
                    b3:0f:92:ff:52:52:ab:3d:f0:c0:17:85:87:34:59:
                    39:b9:cf:9e:bd:75:9e:33:ce:df:53:3f:40:6f:4b:
                    2c:a2:28:f6:e4:43:1e:5f:cb:1a:8d:aa:70:21:ec:
                    4c:c4:69:da:93:c6:f0:bc:e6:72:99:df:2b:36:86:
                    96:02:d3:7a:7e:59:1e:c0:48:e1:bd:83:7a:cf:3d:
                    fe:cb:e1:c5:6c:5d:5d:0b:14:e0:6c:b7:d9:55:4c:
                    a5:ed:76:c0:91:74:e8:9d:22:61:52:d1:1d:07:68:
                    a7:e5:5f:f3:79:30:49:86:13:f1:a9:9e:2b:22:58:
                    77:5d:5d:33:0c:d6:52:27:98:53:ae:55:72:42:7d:
                    a5:62:61:17:e4:65:58:88:80:20:47:11:7c:19:fb:
                    6c:6d:5b:3c:bc:c6:5a:1f:4f:de:d4:8e:09:90:99:
                    ff:8a:1f:bc:4d:73:a8:09:96:ce:1f:9f:39:62:97:
                    41:6e:c7:7f:08:6c:4a:b1:34:cf:a1:77:f5:72:06:
                    95:10:46:82:44:ce:43:db:fc:9a:2f:3e:0d:90:28:
                    a8:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:D8:7B:AF:5B:96:B6:E8:23:2D:0D:74:AB:8F:27:2A:35:7A:57:40
            X509v3 Authority Key Identifier:
                keyid:26:F3:6B:5C:6C:A7:A1:69:8E:74:21:A2:7E:3D:4A:6B:76:48:14:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JvNrXGynoWmOdCGifj1Ka3ZIFI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/7cc0f6-74ef-423a-a696-4a2bf4ab199d/1/rdh7r1uWtugjLQ10q48nKjV6V0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/7cc0f6-74ef-423a-a696-4a2bf4ab199d/1/JvNrXGynoWmOdCGifj1Ka3ZIFI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:80:8e:65:63:8a:b9:c2:ca:2d:85:70:a5:f0:21:f3:65:65:
         e2:11:f1:4a:7e:d2:b8:40:33:1d:ce:17:2e:89:2c:d7:a8:88:
         65:c9:bb:25:3e:56:99:75:16:3a:b1:44:e0:3e:ca:c2:33:98:
         93:50:3b:5b:41:8b:93:ac:cd:08:1a:e6:55:68:e5:7d:d7:87:
         73:c7:dc:d2:81:29:f7:6b:9c:e8:da:5c:1e:16:f9:56:be:ad:
         6d:de:a8:dc:e5:52:20:01:1f:c1:82:7d:94:9c:a9:35:1a:01:
         0a:9b:3b:8b:6c:5e:22:56:db:50:2e:8f:7b:61:6f:81:27:4b:
         d7:c4:5b:a0:ec:b6:5b:67:1c:10:f8:cc:0b:c8:c7:fb:f6:e0:
         cb:0b:f5:8e:b5:1c:10:2e:f4:bf:3f:2d:f1:4a:81:1d:a6:17:
         0f:36:5e:11:89:00:b5:1d:e4:59:d9:ce:3c:27:e3:b0:11:1c:
         9b:81:3a:6b:50:35:fe:e5:a0:d5:af:b3:3b:3d:d7:e2:f4:a5:
         d1:db:1f:c5:ff:e6:d9:e9:75:ab:e8:89:14:e3:5b:77:eb:0a:
         83:27:be:a5:88:fc:7b:20:23:ec:56:07:f4:ca:8c:98:8f:f5:
         55:18:4e:49:ff:a1:3f:c9:66:88:8c:48:4d:f9:40:57:5f:26:
         c5:19:3c:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2u6KToBwhv4UmabWjkxxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ZjM2YjVjNmNhN2ExNjk4ZTc0MjFhMjdlM2Q0YTZiNzY0
ODE0OGQwHhcNMjQwMTAxMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGQ4N2JhZjViOTZiNmU4MjMyZDBkNzRhYjhmMjcyYTM1N2E1NzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVZGk9h/8PUWQ2Ly9LOUDWMtI4SB
rOx+mAt7rLDgdPA8z02iekfd7dNAmxuzD5L/UlKrPfDAF4WHNFk5uc+evXWeM87f
Uz9Ab0ssoij25EMeX8sajapwIexMxGnak8bwvOZymd8rNoaWAtN6flkewEjhvYN6
zz3+y+HFbF1dCxTgbLfZVUyl7XbAkXTonSJhUtEdB2in5V/zeTBJhhPxqZ4rIlh3
XV0zDNZSJ5hTrlVyQn2lYmEX5GVYiIAgRxF8GftsbVs8vMZaH0/e1I4JkJn/ih+8
TXOoCZbOH585YpdBbsd/CGxKsTTPoXf1cgaVEEaCRM5D2/yaLz4NkCioOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK3Ye69blrboIy0NdKuPJyo1eldAMB8GA1UdIwQY
MBaAFCbza1xsp6FpjnQhon49Smt2SBSNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnZOclhHeW5vV21PZENHaWZqMUthM1pJRkkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS83Y2MwZjYtNzRlZi00MjNhLWE2OTYt
NGEyYmY0YWIxOTlkLzEvcmRoN3IxdVd0dWdqTFExMHE0OG5LalY2VjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS83Y2MwZjYtNzRlZi00MjNhLWE2OTYtNGEyYmY0YWIxOTlk
LzEvSnZOclhHeW5vV21PZENHaWZqMUthM1pJRkkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABT2VMA0G
CSqGSIb3DQEBCwUAA4IBAQBigI5lY4q5wsothXCl8CHzZWXiEfFKftK4QDMdzhcu
iSzXqIhlybslPlaZdRY6sUTgPsrCM5iTUDtbQYuTrM0IGuZVaOV914dzx9zSgSn3
a5zo2lweFvlWvq1t3qjc5VIgAR/Bgn2UnKk1GgEKmzuLbF4iVttQLo97YW+BJ0vX
xFug7LZbZxwQ+MwLyMf79uDLC/WOtRwQLvS/Py3xSoEdphcPNl4RiQC1HeRZ2c48
J+OwERybgTprUDX+5aDVr7M7Pdfi9KXR2x/F/+bZ6XWr6IkU41t36wqDJ76liPx7
ICPsVgf0yoyYj/VVGE5J/6E/yWaIjEhN+UBXXybFGTwX
-----END CERTIFICATE-----