Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/jaS76lBXDVQOpXbk20Zr3o9KJho.roa
File:                     jaS76lBXDVQOpXbk20Zr3o9KJho.roa (raw, json)
Hash identifier:          1p8S0zkmyyInyZtUnKW1d5EJBPHsOqrEeBiNYATE6cc=
Subject key identifier:   8D:A4:BB:EA:50:57:0D:54:0E:A5:76:E4:DB:46:6B:DE:8F:4A:26:1A
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018F62C2AE864486E916BD47C87213F5DC53
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/jaS76lBXDVQOpXbk20Zr3o9KJho.roa
Signing time:             Fri 10 May 2024 13:47:56 +0000
ROA not before:           Fri 10 May 2024 13:47:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215124
IP address blocks:        5.178.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:62:c2:ae:86:44:86:e9:16:bd:47:c8:72:13:f5:dc:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: May 10 13:47:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8da4bbea50570d540ea576e4db466bde8f4a261a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:15:d7:ed:8b:e6:03:37:83:bf:a1:e1:97:66:
                    da:13:62:12:52:c9:a7:2a:89:8f:f3:9c:c6:68:0c:
                    d7:ec:9e:f1:e2:a0:e2:0b:2d:5f:c1:47:f1:d7:37:
                    74:82:47:18:bf:5e:45:c4:86:06:42:51:16:fc:09:
                    01:21:eb:2e:58:a4:63:18:68:bb:df:87:a9:7d:a5:
                    00:2f:a8:1b:a1:1b:10:8d:a7:6a:80:08:0b:0d:9a:
                    c0:91:bc:cc:37:a6:1e:5e:6a:db:d4:92:73:48:28:
                    ce:4f:ef:07:6a:c1:4f:ec:39:9b:39:56:f2:dd:56:
                    19:03:22:86:57:e9:47:dd:8e:e5:5a:43:8f:dc:3c:
                    b8:cb:69:5c:f2:6e:b8:40:c5:b7:44:78:62:31:21:
                    7a:26:1f:13:04:ba:0f:a7:4e:1b:ee:8f:a7:3a:32:
                    c9:ad:5e:5c:5f:5f:80:14:75:31:95:e2:18:ba:86:
                    36:e1:b6:4e:f9:17:97:2e:a8:c8:05:c7:12:95:e5:
                    6a:7d:12:f6:56:c4:63:9f:77:b5:5b:11:67:e4:14:
                    ad:de:b6:83:5b:b4:62:e3:d0:be:b0:c1:ab:ff:ba:
                    b7:9c:cc:31:fe:eb:83:3c:02:1b:65:2d:13:15:22:
                    3d:e7:8c:7c:cf:05:40:85:b3:16:e6:d0:71:c0:5c:
                    e9:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:A4:BB:EA:50:57:0D:54:0E:A5:76:E4:DB:46:6B:DE:8F:4A:26:1A
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/jaS76lBXDVQOpXbk20Zr3o9KJho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e6:2e:41:0f:2a:08:24:0d:64:52:09:ab:6c:28:88:67:ee:05:
         da:cb:3c:e1:39:c5:ac:4d:8a:cf:e9:95:56:0f:6e:df:79:04:
         b2:4b:09:71:dd:d4:d4:ad:d1:bb:a7:dc:9b:b7:f0:94:bb:8c:
         97:4c:e6:13:a4:4f:7e:a3:47:f8:3b:34:11:37:49:a5:8d:12:
         57:61:53:61:af:87:75:85:62:3d:9a:c2:4e:2f:d2:ff:ac:8d:
         54:72:77:ae:e8:9f:01:17:48:36:ab:4a:87:63:46:d1:91:28:
         35:b8:fc:67:1e:92:ac:75:1f:ca:df:1f:74:0d:60:e0:26:8d:
         29:15:f4:8e:be:10:33:ea:6f:6a:c4:e8:58:c9:33:0a:0a:6e:
         c0:e3:4b:43:2f:a1:f7:81:9d:60:0a:d2:56:c8:da:21:35:aa:
         59:ff:c4:c5:38:ab:03:47:16:7b:8f:9a:ef:b0:50:af:9d:97:
         9a:f3:cf:cb:3f:8c:e7:ac:88:ea:aa:5f:20:cd:dc:8a:0a:82:
         0c:ac:04:a5:2a:12:9d:03:49:8e:a2:bc:4d:13:4f:12:19:a8:
         9a:bb:49:c7:6b:d7:24:93:55:a6:f5:16:ac:a1:f5:bd:fd:9a:
         b1:07:5e:c8:22:b8:e7:40:0b:ad:4d:f8:62:41:0e:5b:e0:a1:
         51:8e:85:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9iwq6GRIbpFr1HyHIT9dxTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwNTEwMTM0NzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGE0YmJlYTUwNTcwZDU0MGVhNTc2ZTRkYjQ2NmJkZThmNGEyNjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshXX7YvmAzeDv6Hhl2baE2ISUsmn
KomP85zGaAzX7J7x4qDiCy1fwUfx1zd0gkcYv15FxIYGQlEW/AkBIesuWKRjGGi7
34epfaUAL6gboRsQjadqgAgLDZrAkbzMN6YeXmrb1JJzSCjOT+8HasFP7DmbOVby
3VYZAyKGV+lH3Y7lWkOP3Dy4y2lc8m64QMW3RHhiMSF6Jh8TBLoPp04b7o+nOjLJ
rV5cX1+AFHUxleIYuoY24bZO+ReXLqjIBccSleVqfRL2VsRjn3e1WxFn5BSt3raD
W7Ri49C+sMGr/7q3nMwx/uuDPAIbZS0TFSI954x8zwVAhbMW5tBxwFzphQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2ku+pQVw1UDqV25NtGa96PSiYaMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvamFTNzZsQlhEVlFPcFhiazIwWnIzbzlLSmhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJnMA0G
CSqGSIb3DQEBCwUAA4IBAQDmLkEPKggkDWRSCatsKIhn7gXayzzhOcWsTYrP6ZVW
D27feQSySwlx3dTUrdG7p9ybt/CUu4yXTOYTpE9+o0f4OzQRN0mljRJXYVNhr4d1
hWI9msJOL9L/rI1Ucneu6J8BF0g2q0qHY0bRkSg1uPxnHpKsdR/K3x90DWDgJo0p
FfSOvhAz6m9qxOhYyTMKCm7A40tDL6H3gZ1gCtJWyNohNapZ/8TFOKsDRxZ7j5rv
sFCvnZea88/LP4znrIjqql8gzdyKCoIMrASlKhKdA0mOorxNE08SGaiau0nHa9ck
k1Wm9RasofW9/ZqxB17IIrjnQAutTfhiQQ5b4KFRjoUv
-----END CERTIFICATE-----