Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/xiqVd7pUyrP7S_DihBCo4HScehI.roa
File:                     xiqVd7pUyrP7S_DihBCo4HScehI.roa (raw, json)
Hash identifier:          dcQsdJp1swPuYm9jYIcvQdo6xkcZZiHmOjFMCn5EZtQ=
Subject key identifier:   C6:2A:95:77:BA:54:CA:B3:FB:4B:F0:E2:84:10:A8:E0:74:9C:7A:12
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       01901EB322DF507346F88137671284E51675
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/xiqVd7pUyrP7S_DihBCo4HScehI.roa
Signing time:             Sun 16 Jun 2024 01:39:34 +0000
ROA not before:           Sun 16 Jun 2024 01:39:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        5.178.98.0/24 maxlen: 24
                          5.178.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:1e:b3:22:df:50:73:46:f8:81:37:67:12:84:e5:16:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jun 16 01:39:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c62a9577ba54cab3fb4bf0e28410a8e0749c7a12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:bd:24:a3:2e:1f:4f:13:eb:60:6b:06:10:3a:
                    d0:f1:c1:06:1b:ae:6d:ec:cf:ee:fe:16:08:89:b5:
                    c7:78:7e:e6:7d:e8:1c:04:41:ba:66:fa:ad:0d:46:
                    77:a0:2b:c4:bb:b4:07:46:a8:f4:3f:66:2a:38:c6:
                    89:a6:1e:4c:17:6d:2a:b0:a5:d1:76:a3:5e:28:2f:
                    f3:0e:89:32:34:bc:d2:44:a7:1f:62:1d:f6:00:62:
                    53:b1:cc:28:fe:5d:d8:8e:24:69:f7:90:96:5a:5b:
                    a7:a0:4a:fd:57:0a:bd:b4:14:f3:de:7b:d0:a5:58:
                    9d:8f:cb:ff:27:f9:6e:69:1b:36:14:49:f5:51:ee:
                    be:76:75:b1:8d:43:03:3c:96:93:f4:d2:79:d3:5b:
                    d1:b1:20:ce:8e:51:d4:db:ea:c5:2a:74:45:b6:ca:
                    67:af:f1:85:59:8e:aa:ab:88:ec:86:65:ad:67:47:
                    94:bf:31:2e:21:59:7c:b5:ca:c1:87:ee:21:48:6d:
                    18:d4:13:ea:e1:23:93:98:46:fa:d0:6b:48:d1:43:
                    f1:3c:1e:7c:ca:4d:25:6b:58:aa:b2:78:30:12:81:
                    87:53:1a:7a:fb:e0:be:9b:7e:cd:1e:c1:1f:72:c1:
                    e5:e7:d8:94:67:b3:e4:35:7b:1f:75:bd:d2:b2:ee:
                    2e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:2A:95:77:BA:54:CA:B3:FB:4B:F0:E2:84:10:A8:E0:74:9C:7A:12
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/xiqVd7pUyrP7S_DihBCo4HScehI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.98.0/24
                  5.178.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:63:99:2b:17:72:e0:78:54:b6:5a:fa:c5:75:ad:3e:4b:4e:
         a8:be:1c:a8:ca:4e:d9:67:d9:66:3c:28:67:98:f1:8d:24:4b:
         b6:13:b2:cd:2b:c8:25:a8:dd:1d:c5:5c:c9:d5:b3:cb:22:5d:
         a3:07:18:7b:40:cd:78:a0:7b:5f:12:f0:2a:5d:a1:64:9b:7f:
         7c:d0:92:38:d5:a7:4b:4d:ec:7b:12:3d:73:ff:3f:5e:32:86:
         81:2f:ed:55:d9:32:77:bc:fd:6b:28:d6:df:ad:1a:90:f8:66:
         f0:98:d3:e4:c0:f9:f1:cb:bc:c3:1d:bb:62:99:33:c3:c5:25:
         9b:50:fa:9d:73:05:92:ec:82:7e:6e:48:22:ce:69:c0:6e:6c:
         9a:57:87:1e:96:e0:73:1e:6d:77:cb:44:e9:a6:86:f2:6a:b6:
         e0:d0:ec:d4:88:da:60:f7:8d:f0:b7:57:46:89:f3:05:d0:46:
         96:3e:a6:72:a9:21:50:8b:c4:f1:e5:e6:65:95:4b:d1:fb:02:
         fd:f2:4a:97:8b:60:c8:be:57:95:0e:45:35:c9:6c:4c:23:08:
         17:42:37:a5:a2:a7:dc:78:cf:b8:43:d0:ad:25:13:92:6e:ec:
         4f:c3:a9:f9:5a:70:32:7e:d9:b7:0b:58:f7:e1:e9:f5:10:03:
         71:07:68:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZAesyLfUHNG+IE3ZxKE5RZ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwNjE2MDEzOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjJhOTU3N2JhNTRjYWIzZmI0YmYwZTI4NDEwYThlMDc0OWM3YTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmr0koy4fTxPrYGsGEDrQ8cEGG65t
7M/u/hYIibXHeH7mfegcBEG6ZvqtDUZ3oCvEu7QHRqj0P2YqOMaJph5MF20qsKXR
dqNeKC/zDokyNLzSRKcfYh32AGJTscwo/l3YjiRp95CWWlunoEr9Vwq9tBTz3nvQ
pVidj8v/J/luaRs2FEn1Ue6+dnWxjUMDPJaT9NJ501vRsSDOjlHU2+rFKnRFtspn
r/GFWY6qq4jshmWtZ0eUvzEuIVl8tcrBh+4hSG0Y1BPq4SOTmEb60GtI0UPxPB58
yk0la1iqsngwEoGHUxp6++C+m37NHsEfcsHl59iUZ7PkNXsfdb3Ssu4u7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMYqlXe6VMqz+0vw4oQQqOB0nHoSMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEveGlxVmQ3cFV5clA3U19EaWhCQ280SFNjZWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbJiAwQA
BbJpMA0GCSqGSIb3DQEBCwUAA4IBAQBOY5krF3LgeFS2WvrFda0+S06ovhyoyk7Z
Z9lmPChnmPGNJEu2E7LNK8glqN0dxVzJ1bPLIl2jBxh7QM14oHtfEvAqXaFkm398
0JI41adLTex7Ej1z/z9eMoaBL+1V2TJ3vP1rKNbfrRqQ+GbwmNPkwPnxy7zDHbti
mTPDxSWbUPqdcwWS7IJ+bkgizmnAbmyaV4celuBzHm13y0Tppobyarbg0OzUiNpg
943wt1dGifMF0EaWPqZyqSFQi8Tx5eZllUvR+wL98kqXi2DIvleVDkU1yWxMIwgX
QjeloqfceM+4Q9CtJROSbuxPw6n5WnAyftm3C1j34en1EANxB2hI
-----END CERTIFICATE-----