Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/gQPr-nZstmmQ11q9PvqkX-lDX4A.roa
File:                     gQPr-nZstmmQ11q9PvqkX-lDX4A.roa (raw, json)
Hash identifier:          D5l4tTtRitCikD3+oAeIP1WTWqS9emZoDfChPFbbOIY=
Subject key identifier:   81:03:EB:FA:76:6C:B6:69:90:D7:5A:BD:3E:FA:A4:5F:E9:43:5F:80
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018F1B9DA488AF1D5334F30313E3B150FF61
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/gQPr-nZstmmQ11q9PvqkX-lDX4A.roa
Signing time:             Fri 26 Apr 2024 18:14:27 +0000
ROA not before:           Fri 26 Apr 2024 18:14:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215780
IP address blocks:        185.5.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1b:9d:a4:88:af:1d:53:34:f3:03:13:e3:b1:50:ff:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Apr 26 18:14:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8103ebfa766cb66990d75abd3efaa45fe9435f80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:38:25:c2:0b:3c:6e:a4:f5:89:e7:57:e5:b8:
                    2a:3e:71:33:08:52:1a:68:3d:f5:b0:5a:ed:23:d8:
                    9f:c1:00:24:25:55:53:61:75:c4:73:b7:1d:26:c8:
                    f7:05:74:34:30:e1:c3:b6:53:dd:4a:52:1e:73:6e:
                    6e:3c:7e:81:84:7e:f1:49:18:6e:61:4e:03:44:8b:
                    f3:6c:50:3e:d9:a7:8b:d4:55:c3:ab:27:52:f7:c6:
                    3d:87:57:90:a1:14:02:a3:74:f1:22:4a:ae:34:89:
                    ed:83:22:f9:55:89:99:14:a0:5b:61:9a:3d:15:8e:
                    27:a0:2e:90:5c:dd:46:c1:3d:60:4c:19:45:db:0c:
                    24:cf:96:7e:0c:4f:df:10:4d:61:76:c9:c0:0c:46:
                    9c:d9:23:fc:3b:08:40:b5:ae:a0:5d:72:cf:86:b7:
                    7c:9f:d3:6f:12:29:58:31:60:5d:ab:a4:b7:7a:d5:
                    fc:61:5f:79:71:14:10:b2:26:ca:78:e1:65:29:8d:
                    8b:28:1b:a9:e1:53:4d:98:40:03:97:8a:3f:e8:f3:
                    b4:99:ce:55:80:11:47:0f:31:a1:df:13:8d:c6:b3:
                    a8:49:c6:2f:50:86:68:3d:8c:62:44:2a:6e:ed:35:
                    6a:f8:93:09:04:4f:af:cd:6d:c6:f2:34:51:4a:4b:
                    c8:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:03:EB:FA:76:6C:B6:69:90:D7:5A:BD:3E:FA:A4:5F:E9:43:5F:80
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/gQPr-nZstmmQ11q9PvqkX-lDX4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:e3:65:ee:dd:1b:8e:14:f5:e7:1b:a3:f4:30:3c:78:d4:5c:
         a6:a5:27:70:38:6c:04:ac:e0:f0:e5:ad:92:17:4a:f8:d5:4b:
         56:a5:fd:d6:bb:b2:26:c0:80:c9:02:83:69:9f:d7:07:54:bf:
         68:68:c3:bd:ba:a4:75:69:62:d6:24:d6:a4:c6:f6:63:68:c1:
         22:49:71:88:30:c7:86:78:8d:2c:c5:01:c6:53:e2:51:dd:47:
         eb:c6:0e:1e:64:5e:04:c1:ca:65:f4:63:a2:43:6f:ae:80:07:
         87:ae:6e:71:86:85:23:f1:40:7a:59:09:fa:4f:70:cf:18:c6:
         4d:a2:88:2c:d2:23:f0:ce:40:f9:08:5b:b6:61:b5:54:54:f9:
         ea:39:47:76:c3:ca:84:e2:43:f4:db:fa:be:94:cc:cb:d7:02:
         b9:22:53:1e:1f:9e:87:89:4e:8c:cf:8e:10:ae:7e:d9:bb:eb:
         ab:f9:b6:af:45:b3:e6:22:a8:9d:d7:7a:fc:bd:ad:ce:8d:eb:
         b0:22:d4:07:60:50:33:dc:53:62:4c:80:4f:eb:f8:8f:ec:27:
         fc:bb:61:ba:0e:19:b7:fc:20:5b:d6:67:df:5e:e9:a9:91:98:
         bb:0d:5d:e9:11:b2:00:f2:07:0c:e3:f1:1b:12:15:02:da:74:
         ed:d0:77:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8bnaSIrx1TNPMDE+OxUP9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwNDI2MTgxNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTAzZWJmYTc2NmNiNjY5OTBkNzVhYmQzZWZhYTQ1ZmU5NDM1ZjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDglwgs8bqT1iedX5bgqPnEzCFIa
aD31sFrtI9ifwQAkJVVTYXXEc7cdJsj3BXQ0MOHDtlPdSlIec25uPH6BhH7xSRhu
YU4DRIvzbFA+2aeL1FXDqydS98Y9h1eQoRQCo3TxIkquNIntgyL5VYmZFKBbYZo9
FY4noC6QXN1GwT1gTBlF2wwkz5Z+DE/fEE1hdsnADEac2SP8OwhAta6gXXLPhrd8
n9NvEilYMWBdq6S3etX8YV95cRQQsibKeOFlKY2LKBup4VNNmEADl4o/6PO0mc5V
gBFHDzGh3xONxrOoScYvUIZoPYxiRCpu7TVq+JMJBE+vzW3G8jRRSkvI0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIED6/p2bLZpkNdavT76pF/pQ1+AMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvZ1FQci1uWnN0bW1RMTFxOVB2cWtYLWxEWDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQUmMA0G
CSqGSIb3DQEBCwUAA4IBAQCE42Xu3RuOFPXnG6P0MDx41FympSdwOGwErODw5a2S
F0r41UtWpf3Wu7ImwIDJAoNpn9cHVL9oaMO9uqR1aWLWJNakxvZjaMEiSXGIMMeG
eI0sxQHGU+JR3Ufrxg4eZF4Ewcpl9GOiQ2+ugAeHrm5xhoUj8UB6WQn6T3DPGMZN
oogs0iPwzkD5CFu2YbVUVPnqOUd2w8qE4kP02/q+lMzL1wK5IlMeH56HiU6Mz44Q
rn7Zu+ur+bavRbPmIqid13r8va3OjeuwItQHYFAz3FNiTIBP6/iP7Cf8u2G6Dhm3
/CBb1mffXumpkZi7DV3pEbIA8gcM4/EbEhUC2nTt0Hd1
-----END CERTIFICATE-----