Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/bc19cc-0f53-4d10-af93-dc01a19b2856/1/oIK-YJSLFYwKQNNe6i0Ku3anoFw.roa
File:                     oIK-YJSLFYwKQNNe6i0Ku3anoFw.roa (raw, json)
Hash identifier:          gxx0qA2WMviDrQVyiaazNA3Ns0Y5DxvZLR6U6D6BLZU=
Subject key identifier:   A0:82:BE:60:94:8B:15:8C:0A:40:D3:5E:EA:2D:0A:BB:76:A7:A0:5C
Certificate issuer:       /CN=a2d08cdc6a430ef0da8829917256b6ad8d0a36f9
Certificate serial:       018CC50006CB54DC343F17C279351A80DF71
Authority key identifier: A2:D0:8C:DC:6A:43:0E:F0:DA:88:29:91:72:56:B6:AD:8D:0A:36:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/otCM3GpDDvDaiCmRcla2rY0KNvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/bc19cc-0f53-4d10-af93-dc01a19b2856/1/oIK-YJSLFYwKQNNe6i0Ku3anoFw.roa
Signing time:             Mon 01 Jan 2024 12:29:22 +0000
ROA not before:           Mon 01 Jan 2024 12:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60652
IP address blocks:        195.137.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/bc19cc-0f53-4d10-af93-dc01a19b2856/1/otCM3GpDDvDaiCmRcla2rY0KNvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/bc19cc-0f53-4d10-af93-dc01a19b2856/1/otCM3GpDDvDaiCmRcla2rY0KNvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/otCM3GpDDvDaiCmRcla2rY0KNvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:06:cb:54:dc:34:3f:17:c2:79:35:1a:80:df:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2d08cdc6a430ef0da8829917256b6ad8d0a36f9
        Validity
            Not Before: Jan  1 12:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a082be60948b158c0a40d35eea2d0abb76a7a05c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:5e:09:cc:b3:f0:49:b7:e6:2e:58:9d:a2:c3:
                    95:89:b2:aa:fa:7b:46:83:1e:ab:0f:8e:d2:73:1e:
                    43:dc:a5:f9:18:d2:d2:7e:d3:c0:f4:de:57:0f:cd:
                    90:da:92:dd:94:9f:56:f4:f1:c3:a9:3e:b9:e7:68:
                    c0:71:8c:12:fd:1b:b9:f1:b8:bd:54:29:25:ff:d7:
                    09:b5:40:52:b5:02:68:07:d8:cb:3d:c0:4a:96:3e:
                    9f:b9:c5:d9:2c:41:5a:d6:51:df:83:0d:58:da:a3:
                    5a:1a:55:52:8d:47:40:16:6c:eb:9f:6a:cb:63:7c:
                    2b:dd:9c:63:22:b9:5b:e6:a6:ba:a8:4f:bb:bc:32:
                    d3:5f:25:e4:dc:0c:00:21:51:f0:50:75:ef:bb:81:
                    31:e6:28:57:7a:fc:33:d6:d0:91:2a:f2:d8:d2:70:
                    a6:9d:b8:c6:2c:d0:a8:30:7d:18:50:ee:72:2c:0b:
                    b6:64:f1:1a:13:51:7c:c2:e1:13:14:50:70:4f:b8:
                    b7:58:05:48:8c:9f:61:5b:05:9b:79:05:95:e1:ec:
                    8f:65:af:3f:71:1a:4f:90:33:3e:45:4e:8b:99:53:
                    30:ca:f3:95:9d:f1:d7:6e:bf:c9:59:b2:e3:74:13:
                    17:0c:19:92:c7:94:fa:62:a3:67:17:7a:ce:43:33:
                    f4:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:82:BE:60:94:8B:15:8C:0A:40:D3:5E:EA:2D:0A:BB:76:A7:A0:5C
            X509v3 Authority Key Identifier:
                keyid:A2:D0:8C:DC:6A:43:0E:F0:DA:88:29:91:72:56:B6:AD:8D:0A:36:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/otCM3GpDDvDaiCmRcla2rY0KNvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/bc19cc-0f53-4d10-af93-dc01a19b2856/1/oIK-YJSLFYwKQNNe6i0Ku3anoFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/bc19cc-0f53-4d10-af93-dc01a19b2856/1/otCM3GpDDvDaiCmRcla2rY0KNvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:3e:3b:f9:21:c5:d6:ea:79:84:66:d6:c0:db:c5:27:85:25:
         f5:b7:61:de:79:61:a8:92:a2:ea:ee:5d:e5:4b:43:77:06:94:
         67:c8:57:3c:cb:7c:da:72:8d:58:db:3d:4f:6d:ba:63:63:9b:
         64:44:bc:94:76:c7:f2:5c:0e:72:d1:66:57:6d:67:e8:83:68:
         b1:00:4a:31:1e:73:fe:5b:95:66:cb:98:df:26:2f:82:35:4a:
         06:97:59:cb:a6:d6:7b:fd:43:c2:0f:21:24:95:55:c8:24:88:
         95:55:41:d9:9e:8b:99:f8:18:54:97:a6:1c:6f:d3:1f:e5:fa:
         66:ec:82:68:a7:0c:cf:d7:3d:14:4a:db:fc:63:30:75:4a:96:
         a4:61:a4:ea:b1:d1:75:83:b3:60:9e:d1:5b:df:16:f3:e7:cb:
         47:23:32:79:e9:94:73:39:fa:9b:f3:f8:23:29:66:ac:27:4e:
         a2:75:fb:0e:45:86:60:5a:b3:47:29:85:c6:ce:1b:69:66:5f:
         86:fc:ba:6b:b4:ae:39:41:79:d6:41:9c:71:5b:ce:7d:ae:3d:
         84:a5:3c:5a:ad:7f:62:7b:af:27:19:db:dc:e7:38:8e:9d:fc:
         a4:b2:eb:22:f6:14:6d:5f:fd:03:e2:d4:cc:2b:b6:38:db:96:
         9d:fe:d6:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAAbLVNw0PxfCeTUagN9xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZDA4Y2RjNmE0MzBlZjBkYTg4Mjk5MTcyNTZiNmFkOGQw
YTM2ZjkwHhcNMjQwMTAxMTIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDgyYmU2MDk0OGIxNThjMGE0MGQzNWVlYTJkMGFiYjc2YTdhMDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3l4JzLPwSbfmLlidosOVibKq+ntG
gx6rD47Scx5D3KX5GNLSftPA9N5XD82Q2pLdlJ9W9PHDqT6552jAcYwS/Ru58bi9
VCkl/9cJtUBStQJoB9jLPcBKlj6fucXZLEFa1lHfgw1Y2qNaGlVSjUdAFmzrn2rL
Y3wr3ZxjIrlb5qa6qE+7vDLTXyXk3AwAIVHwUHXvu4Ex5ihXevwz1tCRKvLY0nCm
nbjGLNCoMH0YUO5yLAu2ZPEaE1F8wuETFFBwT7i3WAVIjJ9hWwWbeQWV4eyPZa8/
cRpPkDM+RU6LmVMwyvOVnfHXbr/JWbLjdBMXDBmSx5T6YqNnF3rOQzP0eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCCvmCUixWMCkDTXuotCrt2p6BcMB8GA1UdIwQY
MBaAFKLQjNxqQw7w2ogpkXJWtq2NCjb5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3RDTTNHcEREdkRhaUNtUmNsYTJyWTBLTnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9iYzE5Y2MtMGY1My00ZDEwLWFmOTMt
ZGMwMWExOWIyODU2LzEvb0lLLVlKU0xGWXdLUU5OZTZpMEt1M2Fub0Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9iYzE5Y2MtMGY1My00ZDEwLWFmOTMtZGMwMWExOWIyODU2
LzEvb3RDTTNHcEREdkRhaUNtUmNsYTJyWTBLTnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4nmMA0G
CSqGSIb3DQEBCwUAA4IBAQASPjv5IcXW6nmEZtbA28UnhSX1t2HeeWGokqLq7l3l
S0N3BpRnyFc8y3zaco1Y2z1PbbpjY5tkRLyUdsfyXA5y0WZXbWfog2ixAEoxHnP+
W5Vmy5jfJi+CNUoGl1nLptZ7/UPCDyEklVXIJIiVVUHZnouZ+BhUl6Ycb9Mf5fpm
7IJopwzP1z0UStv8YzB1SpakYaTqsdF1g7NgntFb3xbz58tHIzJ56ZRzOfqb8/gj
KWasJ06idfsORYZgWrNHKYXGzhtpZl+G/LprtK45QXnWQZxxW859rj2EpTxarX9i
e68nGdvc5ziOnfyksusi9hRtX/0D4tTMK7Y425ad/taP
-----END CERTIFICATE-----