Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5b2wCjAKqrURtWS5-AG2tBiHPvo.roa
File:                     5b2wCjAKqrURtWS5-AG2tBiHPvo.roa (raw, json)
Hash identifier:          1kWneMkr4kSaPiBbIh0yADTg2gU8R9XU3Z0tCrbk5iw=
Subject key identifier:   E5:BD:B0:0A:30:0A:AA:B5:11:B5:64:B9:F8:01:B6:B4:18:87:3E:FA
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0191D4F26C06EC2FEB679A8814BA3B85F995
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5b2wCjAKqrURtWS5-AG2tBiHPvo.roa
Signing time:             Mon 09 Sep 2024 04:02:22 +0000
ROA not before:           Mon 09 Sep 2024 04:02:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215433
IP address blocks:        192.124.172.0/24 maxlen: 24
                          212.192.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d4:f2:6c:06:ec:2f:eb:67:9a:88:14:ba:3b:85:f9:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Sep  9 04:02:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5bdb00a300aaab511b564b9f801b6b418873efa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:71:ec:be:a3:16:8b:00:9f:ff:4c:01:e6:a7:
                    c8:d8:ad:96:9b:16:41:fc:f5:07:71:2b:9a:c3:f6:
                    73:cd:f4:e3:ab:df:fa:c5:ac:e3:4b:7d:ba:66:2d:
                    9f:95:14:c2:ce:05:47:22:4d:42:ee:ee:3b:75:6f:
                    d5:4d:21:01:0d:e3:85:0c:72:86:36:5d:4f:35:da:
                    2e:70:d9:b3:c3:e2:b5:d7:37:33:1a:43:13:63:28:
                    29:b8:06:f4:fb:27:c3:2a:60:ec:dd:4b:9b:39:c3:
                    7f:ca:8e:cd:9d:78:b3:ae:9b:85:e5:96:43:59:67:
                    f9:38:3e:8a:30:3c:e8:f6:eb:21:59:43:d2:de:b6:
                    8d:6c:e6:2e:87:a5:96:78:23:12:50:e8:2c:a6:57:
                    5d:6a:40:df:1d:ab:d5:62:35:95:30:72:ce:24:49:
                    9d:e6:54:4b:54:ef:fe:40:5f:e3:21:9e:51:2f:27:
                    ea:1d:5f:b9:66:db:3f:19:7b:0e:6e:bb:c6:cb:68:
                    58:bc:b7:9f:08:7f:89:d3:1f:e4:82:cf:f6:bd:db:
                    dd:0b:0d:e3:89:11:42:8f:0e:66:f2:74:78:c7:7b:
                    3e:32:c4:e2:db:18:cf:74:d3:11:17:d6:42:b1:5e:
                    b6:33:90:9e:16:f1:25:5a:68:d4:ea:5e:83:29:51:
                    a6:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:BD:B0:0A:30:0A:AA:B5:11:B5:64:B9:F8:01:B6:B4:18:87:3E:FA
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5b2wCjAKqrURtWS5-AG2tBiHPvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.172.0/24
                  212.192.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:a3:0a:04:91:3a:5e:90:17:36:5d:f1:f4:a9:8c:70:dd:df:
         e4:fc:fa:5c:68:35:6f:a6:7d:20:f6:13:11:43:54:a5:14:c4:
         e4:f5:a6:01:c3:33:d8:85:d3:f0:55:4e:f4:b0:4a:b7:4a:b0:
         4d:ac:f5:6e:88:7c:6c:7c:d6:e2:71:7c:ad:f8:44:c1:1b:fd:
         bf:2a:b5:06:17:ab:ea:23:63:f2:c9:3b:85:c0:35:16:d5:07:
         91:52:ba:66:61:50:4e:13:39:48:24:7f:47:0c:b8:51:fb:a5:
         6a:e1:26:c9:a8:63:6d:d7:1f:47:fc:70:6b:60:09:b2:2a:63:
         8b:7e:1b:d9:04:f1:1f:3b:6d:e1:fd:2d:43:64:84:6e:a6:49:
         44:c9:1a:75:2a:fe:0b:eb:e0:28:cc:9c:e5:01:1e:54:3b:7c:
         7d:38:20:b6:ff:7c:2b:e5:64:c3:34:e9:04:21:b8:58:46:15:
         33:ad:bf:82:9f:8f:ed:5e:ed:d5:54:e8:50:e8:69:59:c8:87:
         20:12:aa:d2:95:2a:84:db:a8:44:f8:47:c5:7a:35:2a:22:49:
         ac:4e:ea:c7:f8:43:57:42:44:68:f5:bd:67:e3:9e:3d:99:b2:
         2e:6f:ba:be:39:16:05:42:c6:78:96:1d:16:eb:e2:b1:ce:2d:
         8f:f1:53:cc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZHU8mwG7C/rZ5qIFLo7hfmVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwOTA5MDQwMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWJkYjAwYTMwMGFhYWI1MTFiNTY0YjlmODAxYjZiNDE4ODczZWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03HsvqMWiwCf/0wB5qfI2K2WmxZB
/PUHcSuaw/ZzzfTjq9/6xazjS326Zi2flRTCzgVHIk1C7u47dW/VTSEBDeOFDHKG
Nl1PNdoucNmzw+K11zczGkMTYygpuAb0+yfDKmDs3UubOcN/yo7NnXizrpuF5ZZD
WWf5OD6KMDzo9ushWUPS3raNbOYuh6WWeCMSUOgsplddakDfHavVYjWVMHLOJEmd
5lRLVO/+QF/jIZ5RLyfqHV+5Zts/GXsObrvGy2hYvLefCH+J0x/kgs/2vdvdCw3j
iRFCjw5m8nR4x3s+MsTi2xjPdNMRF9ZCsV62M5CeFvElWmjU6l6DKVGmawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOW9sAowCqq1EbVkufgBtrQYhz76MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNWIyd0NqQUtxclVSdFdTNS1BRzJ0QmlIUHZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwHysAwQA
1MDQMA0GCSqGSIb3DQEBCwUAA4IBAQBTowoEkTpekBc2XfH0qYxw3d/k/PpcaDVv
pn0g9hMRQ1SlFMTk9aYBwzPYhdPwVU70sEq3SrBNrPVuiHxsfNbicXyt+ETBG/2/
KrUGF6vqI2PyyTuFwDUW1QeRUrpmYVBOEzlIJH9HDLhR+6Vq4SbJqGNt1x9H/HBr
YAmyKmOLfhvZBPEfO23h/S1DZIRupklEyRp1Kv4L6+AozJzlAR5UO3x9OCC2/3wr
5WTDNOkEIbhYRhUzrb+Cn4/tXu3VVOhQ6GlZyIcgEqrSlSqE26hE+EfFejUqIkms
TurH+ENXQkRo9b1n4549mbIub7q+ORYFQsZ4lh0W6+Kxzi2P8VPM
-----END CERTIFICATE-----