Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/94c919-e6ea-4e18-af12-ed5b01d2528c/1/5jC0rsxmL7K4LOlt7nnxmFo7P4I.roa
File:                     5jC0rsxmL7K4LOlt7nnxmFo7P4I.roa (raw, json)
Hash identifier:          EjLB/hnn9oF1dNaPMnFWLZIj3vQJFL+jbgBI+F/Za/g=
Subject key identifier:   E6:30:B4:AE:CC:66:2F:B2:B8:2C:E9:6D:EE:79:F1:98:5A:3B:3F:82
Certificate issuer:       /CN=5ab1996515884434b87882b5b972a6e529ffb00b
Certificate serial:       018CC42478C5DABFE28AB4089C97B011F12C
Authority key identifier: 5A:B1:99:65:15:88:44:34:B8:78:82:B5:B9:72:A6:E5:29:FF:B0:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WrGZZRWIRDS4eIK1uXKm5Sn_sAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/94c919-e6ea-4e18-af12-ed5b01d2528c/1/5jC0rsxmL7K4LOlt7nnxmFo7P4I.roa
Signing time:             Mon 01 Jan 2024 08:29:33 +0000
ROA not before:           Mon 01 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56704
IP address blocks:        185.159.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/94c919-e6ea-4e18-af12-ed5b01d2528c/1/WrGZZRWIRDS4eIK1uXKm5Sn_sAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/94c919-e6ea-4e18-af12-ed5b01d2528c/1/WrGZZRWIRDS4eIK1uXKm5Sn_sAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WrGZZRWIRDS4eIK1uXKm5Sn_sAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:78:c5:da:bf:e2:8a:b4:08:9c:97:b0:11:f1:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ab1996515884434b87882b5b972a6e529ffb00b
        Validity
            Not Before: Jan  1 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e630b4aecc662fb2b82ce96dee79f1985a3b3f82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:13:5d:22:1d:e5:c4:f9:f9:90:b5:9d:48:a2:
                    b2:99:99:ca:4b:9d:90:c2:93:6b:34:ab:4e:03:f7:
                    5b:4e:91:c6:e6:50:a9:0c:19:ec:d9:9b:4f:2f:b0:
                    3d:77:70:49:bf:23:60:66:67:e4:d7:ad:90:dd:7f:
                    6c:7a:2a:92:5c:98:1c:88:41:74:d8:40:bd:cb:46:
                    7f:af:c0:06:11:72:7b:7d:a9:19:e6:3e:48:c7:c0:
                    9e:20:9a:87:81:b0:a0:37:40:8b:8c:43:43:c7:49:
                    8e:60:30:d6:4d:03:6e:18:50:10:8c:48:6a:b3:9e:
                    96:b1:08:9a:2e:3d:5c:bd:f3:20:13:ab:08:aa:80:
                    0a:b1:d2:64:60:2f:67:30:ab:f4:3c:3c:3c:8a:1f:
                    15:76:ba:e0:a0:7e:f7:ee:01:82:70:9a:cc:bd:99:
                    b1:79:95:bb:c2:e8:0a:43:02:83:db:05:dc:45:e0:
                    64:0f:92:12:d4:12:d5:a2:6b:ab:60:6d:4f:0d:9f:
                    47:87:3e:f7:06:a7:b2:f6:20:ac:fb:bb:38:3b:9c:
                    48:0b:0a:45:64:39:8d:1a:91:04:0d:28:24:c9:97:
                    51:1c:f9:dd:13:40:b7:9c:c9:31:14:73:4e:c8:7a:
                    86:7c:06:f3:ba:f6:14:c0:d2:ad:d0:2b:ff:1d:41:
                    ae:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:30:B4:AE:CC:66:2F:B2:B8:2C:E9:6D:EE:79:F1:98:5A:3B:3F:82
            X509v3 Authority Key Identifier:
                keyid:5A:B1:99:65:15:88:44:34:B8:78:82:B5:B9:72:A6:E5:29:FF:B0:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WrGZZRWIRDS4eIK1uXKm5Sn_sAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/94c919-e6ea-4e18-af12-ed5b01d2528c/1/5jC0rsxmL7K4LOlt7nnxmFo7P4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/94c919-e6ea-4e18-af12-ed5b01d2528c/1/WrGZZRWIRDS4eIK1uXKm5Sn_sAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:d4:75:08:b5:24:46:66:fc:a4:43:39:73:36:8c:33:a4:b9:
         14:00:1e:fb:61:ca:08:8e:9f:10:11:60:f3:a8:cc:d4:48:e7:
         45:4a:87:63:e0:01:32:3b:fd:d4:d7:19:d1:28:4b:44:b4:af:
         4c:1d:40:35:17:fc:ae:ff:54:29:d3:db:c5:4c:1a:5f:c5:13:
         d4:5a:b3:84:83:a7:cb:bb:46:e9:62:3c:c5:18:d5:fb:37:6d:
         5e:b0:35:03:16:90:c7:3d:2e:78:e4:d6:c7:f5:e6:39:60:06:
         66:96:f6:00:e3:13:97:d3:fa:67:77:ef:bc:c6:32:98:ae:0d:
         f2:58:aa:61:6d:8b:a7:39:20:47:30:af:f8:1a:24:17:c6:d9:
         1b:84:c0:1b:f6:e1:05:86:17:4d:34:09:8f:76:4a:29:5e:4d:
         97:8a:39:35:87:08:ce:85:f6:c7:02:ec:f1:17:78:31:93:96:
         48:36:ab:96:c1:6b:48:dd:5a:01:b6:96:22:38:27:86:f9:dd:
         af:6f:48:68:e1:48:40:8c:fb:86:a2:00:7d:d3:95:00:8e:13:
         c8:58:82:c5:e0:b0:da:bd:78:d4:0e:67:b4:f8:b8:78:c4:44:
         65:6c:76:f6:32:4d:fb:7d:72:fc:3b:5f:16:32:ed:04:a2:0f:
         22:f5:a8:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHjF2r/iirQInJewEfEsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYjE5OTY1MTU4ODQ0MzRiODc4ODJiNWI5NzJhNmU1Mjlm
ZmIwMGIwHhcNMjQwMTAxMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjMwYjRhZWNjNjYyZmIyYjgyY2U5NmRlZTc5ZjE5ODVhM2IzZjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRNdIh3lxPn5kLWdSKKymZnKS52Q
wpNrNKtOA/dbTpHG5lCpDBns2ZtPL7A9d3BJvyNgZmfk162Q3X9seiqSXJgciEF0
2EC9y0Z/r8AGEXJ7fakZ5j5Ix8CeIJqHgbCgN0CLjENDx0mOYDDWTQNuGFAQjEhq
s56WsQiaLj1cvfMgE6sIqoAKsdJkYC9nMKv0PDw8ih8VdrrgoH737gGCcJrMvZmx
eZW7wugKQwKD2wXcReBkD5IS1BLVomurYG1PDZ9Hhz73Bqey9iCs+7s4O5xICwpF
ZDmNGpEEDSgkyZdRHPndE0C3nMkxFHNOyHqGfAbzuvYUwNKt0Cv/HUGuIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYwtK7MZi+yuCzpbe558ZhaOz+CMB8GA1UdIwQY
MBaAFFqxmWUViEQ0uHiCtblypuUp/7ALMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3JHWlpSV0lSRFM0ZUlLMXVYS201U25fc0FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85NGM5MTktZTZlYS00ZTE4LWFmMTIt
ZWQ1YjAxZDI1MjhjLzEvNWpDMHJzeG1MN0s0TE9sdDdubnhtRm83UDRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85NGM5MTktZTZlYS00ZTE4LWFmMTItZWQ1YjAxZDI1Mjhj
LzEvV3JHWlpSV0lSRFM0ZUlLMXVYS201U25fc0FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ+eMA0G
CSqGSIb3DQEBCwUAA4IBAQCY1HUItSRGZvykQzlzNowzpLkUAB77YcoIjp8QEWDz
qMzUSOdFSodj4AEyO/3U1xnRKEtEtK9MHUA1F/yu/1Qp09vFTBpfxRPUWrOEg6fL
u0bpYjzFGNX7N21esDUDFpDHPS545NbH9eY5YAZmlvYA4xOX0/pnd++8xjKYrg3y
WKphbYunOSBHMK/4GiQXxtkbhMAb9uEFhhdNNAmPdkopXk2Xijk1hwjOhfbHAuzx
F3gxk5ZINquWwWtI3VoBtpYiOCeG+d2vb0ho4UhAjPuGogB905UAjhPIWILF4LDa
vXjUDme0+Lh4xERlbHb2Mk37fXL8O18WMu0Eog8i9agK
-----END CERTIFICATE-----