Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/z5CHfwZNxllCSznMRE6JinnwQrY.roa
File:                     z5CHfwZNxllCSznMRE6JinnwQrY.roa (raw, json)
Hash identifier:          LkB8hhmyelTff21tTrQJKJVtsV4pB+X/bA3Ldrwo5ew=
Subject key identifier:   CF:90:87:7F:06:4D:C6:59:42:4B:39:CC:44:4E:89:8A:79:F0:42:B6
Certificate issuer:       /CN=96e6f77cbda101987d9dfc84be90b6fba66adc9f
Certificate serial:       019048E1C6F108F70FE8FF8677CAE346BC3F
Authority key identifier: 96:E6:F7:7C:BD:A1:01:98:7D:9D:FC:84:BE:90:B6:FB:A6:6A:DC:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lub3fL2hAZh9nfyEvpC2-6Zq3J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/z5CHfwZNxllCSznMRE6JinnwQrY.roa
Signing time:             Mon 24 Jun 2024 06:14:34 +0000
ROA not before:           Mon 24 Jun 2024 06:14:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31595
IP address blocks:        83.167.160.0/19 maxlen: 20
                          83.167.160.0/20 maxlen: 20
                          2001:4be8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/lub3fL2hAZh9nfyEvpC2-6Zq3J8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/lub3fL2hAZh9nfyEvpC2-6Zq3J8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lub3fL2hAZh9nfyEvpC2-6Zq3J8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 18:45:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:48:e1:c6:f1:08:f7:0f:e8:ff:86:77:ca:e3:46:bc:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96e6f77cbda101987d9dfc84be90b6fba66adc9f
        Validity
            Not Before: Jun 24 06:14:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf90877f064dc659424b39cc444e898a79f042b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:19:c0:e6:ee:17:0b:3a:41:eb:cc:c9:1f:1a:
                    86:4c:0a:c0:e0:f9:92:bf:d1:2b:71:71:d7:05:fb:
                    64:b4:b1:9c:97:00:26:a2:22:46:5c:ff:83:49:08:
                    eb:fa:5c:d0:8f:b2:7b:66:fe:5a:cb:e4:de:02:17:
                    b7:e7:51:bb:e0:32:1c:47:f9:fe:c9:2a:39:af:a0:
                    50:e5:94:fe:72:86:6c:56:55:fc:e0:a3:7b:0d:d5:
                    9a:76:92:17:81:ad:cd:39:45:4c:95:37:4e:c4:d5:
                    90:84:dd:29:01:26:af:7f:66:8d:f6:e9:73:88:f5:
                    3f:5d:48:a7:7e:38:db:e7:5f:46:1e:b8:69:88:58:
                    69:04:c5:0f:d0:2e:d4:57:bc:05:48:b5:93:74:d3:
                    d5:3c:c0:21:6a:bf:48:02:75:a3:10:c2:05:43:91:
                    0a:01:62:ab:d3:f5:af:19:03:06:2a:ef:7f:76:b9:
                    4e:62:f2:44:68:7e:ee:de:d0:ab:61:b2:1f:ec:99:
                    4b:0c:19:1a:6b:ab:06:4e:96:db:45:70:e5:d2:ac:
                    06:b8:30:b1:1a:25:e3:37:05:6c:d0:6b:26:ec:cb:
                    a1:76:61:2f:28:0a:81:bd:c5:27:79:cc:0e:f6:44:
                    d7:50:ab:ea:f4:47:ba:08:3d:4c:05:68:ca:65:2f:
                    d0:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:90:87:7F:06:4D:C6:59:42:4B:39:CC:44:4E:89:8A:79:F0:42:B6
            X509v3 Authority Key Identifier:
                keyid:96:E6:F7:7C:BD:A1:01:98:7D:9D:FC:84:BE:90:B6:FB:A6:6A:DC:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lub3fL2hAZh9nfyEvpC2-6Zq3J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/z5CHfwZNxllCSznMRE6JinnwQrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/1cbc1e-4d46-4b5b-b249-3208de39c09d/1/lub3fL2hAZh9nfyEvpC2-6Zq3J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.167.160.0/19
                IPv6:
                  2001:4be8::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:eb:2d:7a:7c:7c:73:6e:c2:1a:99:18:07:48:c0:7c:6e:07:
         c2:5a:6f:f2:a7:68:4a:31:50:e9:4d:63:8f:0f:bb:7d:03:1f:
         8d:45:85:22:16:6f:9c:7b:b9:a5:4e:28:f4:b9:26:5b:7d:0b:
         a5:dd:76:06:fb:4f:c8:b7:c0:c5:30:62:e0:5a:15:7b:1e:d7:
         af:41:55:88:25:9d:e9:48:5b:c7:56:ce:ed:eb:24:e0:51:52:
         72:a0:36:5a:ae:76:65:ce:5b:66:f0:15:fb:f5:7c:59:2f:f6:
         63:2e:cc:e9:4e:51:a4:89:f5:4b:99:20:f1:c2:d1:eb:54:ce:
         fc:1c:14:de:e0:1c:18:13:be:88:4c:32:fb:80:85:bf:de:e0:
         47:83:ac:93:f1:54:49:06:50:2c:9a:08:10:4a:a6:19:01:22:
         2d:02:fc:e3:71:db:ef:d6:95:d2:b6:78:cb:44:84:b9:88:f8:
         6e:4e:6e:75:0d:cf:2a:14:0c:fb:ba:3c:83:b0:5b:89:b5:cf:
         cc:6f:b8:0f:fd:b6:f4:d3:49:aa:0a:35:df:a3:94:87:b7:fe:
         61:95:17:6a:75:19:ef:67:bf:71:41:bd:8d:84:c0:52:e3:15:
         90:6b:fd:b5:c3:60:f7:b9:8f:86:07:5e:c1:72:3e:d4:8f:d1:
         87:9f:fb:84
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZBI4cbxCPcP6P+Gd8rjRrw/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZTZmNzdjYmRhMTAxOTg3ZDlkZmM4NGJlOTBiNmZiYTY2
YWRjOWYwHhcNMjQwNjI0MDYxNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjkwODc3ZjA2NGRjNjU5NDI0YjM5Y2M0NDRlODk4YTc5ZjA0MmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphnA5u4XCzpB68zJHxqGTArA4PmS
v9ErcXHXBftktLGclwAmoiJGXP+DSQjr+lzQj7J7Zv5ay+TeAhe351G74DIcR/n+
ySo5r6BQ5ZT+coZsVlX84KN7DdWadpIXga3NOUVMlTdOxNWQhN0pASavf2aN9ulz
iPU/XUinfjjb519GHrhpiFhpBMUP0C7UV7wFSLWTdNPVPMAhar9IAnWjEMIFQ5EK
AWKr0/WvGQMGKu9/drlOYvJEaH7u3tCrYbIf7JlLDBkaa6sGTpbbRXDl0qwGuDCx
GiXjNwVs0Gsm7MuhdmEvKAqBvcUnecwO9kTXUKvq9Ee6CD1MBWjKZS/QKQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM+Qh38GTcZZQks5zEROiYp58EK2MB8GA1UdIwQY
MBaAFJbm93y9oQGYfZ38hL6QtvumatyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHViM2ZMMmhBWmg5bmZ5RXZwQzItNlpxM0o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8xY2JjMWUtNGQ0Ni00YjViLWIyNDkt
MzIwOGRlMzljMDlkLzEvejVDSGZ3Wk54bGxDU3puTVJFNkppbm53UXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8xY2JjMWUtNGQ0Ni00YjViLWIyNDktMzIwOGRlMzljMDlk
LzEvbHViM2ZMMmhBWmg5bmZ5RXZwQzItNlpxM0o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFU6egMA0E
AgACMAcDBQAgAUvoMA0GCSqGSIb3DQEBCwUAA4IBAQBp6y16fHxzbsIamRgHSMB8
bgfCWm/yp2hKMVDpTWOPD7t9Ax+NRYUiFm+ce7mlTij0uSZbfQul3XYG+0/It8DF
MGLgWhV7HtevQVWIJZ3pSFvHVs7t6yTgUVJyoDZarnZlzltm8BX79XxZL/ZjLszp
TlGkifVLmSDxwtHrVM78HBTe4BwYE76ITDL7gIW/3uBHg6yT8VRJBlAsmggQSqYZ
ASItAvzjcdvv1pXStnjLRIS5iPhuTm51Dc8qFAz7ujyDsFuJtc/Mb7gP/bb000mq
CjXfo5SHt/5hlRdqdRnvZ79xQb2NhMBS4xWQa/21w2D3uY+GB17Bcj7Uj9GHn/uE
-----END CERTIFICATE-----