Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-fimh_4n35kqIG4L73X1JxIq7PI.roa
File:                     1-fimh_4n35kqIG4L73X1JxIq7PI.roa (raw, json)
Hash identifier:          upXWQwb2P0/zdlW41hcljbp4n5bGLzPZCTlg86sMkS0=
Subject key identifier:   F9:F8:A6:87:FE:27:DF:99:2A:20:6E:0B:EF:75:F5:27:12:2A:EC:F2
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018F61F76E90AA2808B397B2F73EC72557E2
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-fimh_4n35kqIG4L73X1JxIq7PI.roa
Signing time:             Fri 10 May 2024 10:05:56 +0000
ROA not before:           Fri 10 May 2024 10:05:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30823
IP address blocks:        5.144.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:61:f7:6e:90:aa:28:08:b3:97:b2:f7:3e:c7:25:57:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: May 10 10:05:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9f8a687fe27df992a206e0bef75f527122aecf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:76:02:12:95:a9:e9:9f:ad:85:92:8d:13:5a:
                    62:9a:74:32:55:3e:41:05:7b:f2:46:46:d2:07:ac:
                    fd:1c:5f:d3:f6:38:ff:66:5d:c9:a3:3e:e0:73:a7:
                    ba:14:fc:05:83:50:a1:a6:04:28:23:3b:f7:0c:1b:
                    87:50:a1:92:fc:fe:24:e7:ee:44:f0:c8:47:44:04:
                    a8:dc:90:45:2f:55:08:71:f3:14:52:d2:c9:7b:56:
                    7f:c6:69:df:70:76:ed:38:66:37:94:ed:37:f8:2f:
                    2e:e8:ac:cb:d2:ed:74:e4:fd:d0:61:ef:db:d3:63:
                    85:ba:02:64:52:75:88:25:88:f3:ab:9f:82:f0:c8:
                    a5:05:bf:77:f9:f4:c1:00:cb:1e:25:f6:e2:ba:27:
                    1a:1a:fb:e7:84:af:0e:66:be:ba:f6:6d:66:f7:08:
                    bb:da:83:73:52:2f:ff:43:30:f6:c5:b1:d9:04:a9:
                    0e:77:2a:de:8b:99:f5:90:28:85:7d:a4:ae:32:ef:
                    18:3c:a2:64:d8:e2:29:aa:e6:3c:00:ca:67:ae:fe:
                    d7:16:4c:6e:60:c4:49:1a:02:df:9c:00:ad:e1:90:
                    3c:44:5c:68:06:e4:29:75:1e:be:c3:1d:55:44:92:
                    3b:a7:ed:8b:de:e7:2a:52:4a:f5:96:f7:43:e0:13:
                    c6:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F8:A6:87:FE:27:DF:99:2A:20:6E:0B:EF:75:F5:27:12:2A:EC:F2
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-fimh_4n35kqIG4L73X1JxIq7PI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:66:f0:60:cc:29:75:4e:02:26:bf:2c:d0:82:bc:d6:d8:59:
         72:09:5e:2e:0d:48:f9:fe:ec:df:cb:f7:d1:50:ad:2d:d4:30:
         30:7f:ef:ff:2f:29:27:73:77:09:0f:52:30:2f:e7:40:e2:f6:
         7d:51:72:1d:3a:86:81:8d:5a:e9:c9:d7:16:a9:a5:aa:ea:31:
         00:51:37:97:5b:e3:6d:fb:68:32:2d:36:20:dd:5a:1c:e8:31:
         a8:40:16:ab:43:35:a9:59:66:82:e8:3d:03:64:04:fb:f8:ce:
         41:4e:5c:1c:27:ec:92:1b:7d:5d:3c:ca:93:ef:80:ab:93:1d:
         00:db:2c:a3:de:06:1a:69:95:16:a3:a8:e2:be:e5:46:f9:7a:
         2a:87:6e:a0:83:c3:eb:25:25:fa:f8:a0:d5:30:99:5d:6a:c3:
         91:6e:37:1d:38:43:c1:9f:9a:e9:30:f3:ff:b2:8e:97:41:a8:
         d4:c6:76:07:e4:49:94:99:3c:06:15:a6:52:bc:45:00:3e:33:
         81:a7:7c:be:cc:3a:80:19:d9:34:7a:a1:1f:88:0a:d8:2f:d2:
         97:dd:ea:c1:4c:92:11:a5:7c:1f:11:b8:f3:c9:49:8b:89:4f:
         05:d9:33:eb:f7:9b:b7:b0:6f:08:f7:a2:09:d2:27:d2:f3:d2:
         6b:c7:5d:6f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY9h926QqigIs5ey9z7HJVfiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwNTEwMTAwNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWY4YTY4N2ZlMjdkZjk5MmEyMDZlMGJlZjc1ZjUyNzEyMmFlY2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3YCEpWp6Z+thZKNE1pimnQyVT5B
BXvyRkbSB6z9HF/T9jj/Zl3Joz7gc6e6FPwFg1ChpgQoIzv3DBuHUKGS/P4k5+5E
8MhHRASo3JBFL1UIcfMUUtLJe1Z/xmnfcHbtOGY3lO03+C8u6KzL0u105P3QYe/b
02OFugJkUnWIJYjzq5+C8MilBb93+fTBAMseJfbiuicaGvvnhK8OZr669m1m9wi7
2oNzUi//QzD2xbHZBKkOdyrei5n1kCiFfaSuMu8YPKJk2OIpquY8AMpnrv7XFkxu
YMRJGgLfnACt4ZA8RFxoBuQpdR6+wx1VRJI7p+2L3ucqUkr1lvdD4BPGFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPn4pof+J9+ZKiBuC+919ScSKuzyMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvMS1maW1oXzRuMzVrcUlHNEw3M1gxSnhJcTdQSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmEvODlmMDcxLTU2MzEtNDVkYi1hN2U1LWNkNjE1MjI2MWM2
Zi8xL0V4aUJjeW8tSkZxVm04WjU0RVdNT2ZpVDVHcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAWQsDAN
BgkqhkiG9w0BAQsFAAOCAQEAyWbwYMwpdU4CJr8s0IK81thZcgleLg1I+f7s38v3
0VCtLdQwMH/v/y8pJ3N3CQ9SMC/nQOL2fVFyHTqGgY1a6cnXFqmlquoxAFE3l1vj
bftoMi02IN1aHOgxqEAWq0M1qVlmgug9A2QE+/jOQU5cHCfskht9XTzKk++Aq5Md
ANsso94GGmmVFqOo4r7lRvl6KoduoIPD6yUl+vig1TCZXWrDkW43HThDwZ+a6TDz
/7KOl0Go1MZ2B+RJlJk8BhWmUrxFAD4zgad8vsw6gBnZNHqhH4gK2C/Sl93qwUyS
EaV8HxG488lJi4lPBdkz6/ebt7BvCPeiCdIn0vPSa8ddbw==
-----END CERTIFICATE-----