Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/17527b-ecc2-4498-9208-e22b8c0a1726/1/N5SgiPxQQEenwAqULXGn5tnSvPw.roa
File:                     N5SgiPxQQEenwAqULXGn5tnSvPw.roa (raw, json)
Hash identifier:          BP+5sN/Y1OumRNVXMrEg5uVAsQbFho8vZ3mcGtvJeYA=
Subject key identifier:   37:94:A0:88:FC:50:40:47:A7:C0:0A:94:2D:71:A7:E6:D9:D2:BC:FC
Certificate issuer:       /CN=d56c5074e66f43ce578a3d4a2e7bcc215cb5e960
Certificate serial:       018CC94D5F245E771BDB2D755C5C53054972
Authority key identifier: D5:6C:50:74:E6:6F:43:CE:57:8A:3D:4A:2E:7B:CC:21:5C:B5:E9:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WxQdOZvQ85Xij1KLnvMIVy16WA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/17527b-ecc2-4498-9208-e22b8c0a1726/1/N5SgiPxQQEenwAqULXGn5tnSvPw.roa
Signing time:             Tue 02 Jan 2024 08:32:20 +0000
ROA not before:           Tue 02 Jan 2024 08:32:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209426
IP address blocks:        5.253.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/17527b-ecc2-4498-9208-e22b8c0a1726/1/1WxQdOZvQ85Xij1KLnvMIVy16WA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/17527b-ecc2-4498-9208-e22b8c0a1726/1/1WxQdOZvQ85Xij1KLnvMIVy16WA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WxQdOZvQ85Xij1KLnvMIVy16WA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 08:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:5f:24:5e:77:1b:db:2d:75:5c:5c:53:05:49:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56c5074e66f43ce578a3d4a2e7bcc215cb5e960
        Validity
            Not Before: Jan  2 08:32:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3794a088fc504047a7c00a942d71a7e6d9d2bcfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:40:f1:c6:6d:b9:42:a3:f3:17:36:bd:68:89:
                    70:58:93:4a:88:5b:dd:d2:7e:bf:ff:cb:53:b3:08:
                    39:43:ef:81:3d:6b:df:7f:0c:a2:5e:41:39:24:60:
                    a2:3b:ed:35:43:4d:fb:38:a9:05:dd:55:9b:ba:4c:
                    dd:cb:08:96:15:80:c2:3c:1a:5e:1b:6a:f5:03:60:
                    8e:9e:65:85:75:bc:9f:28:c5:36:eb:bd:f8:b8:3f:
                    31:df:3c:7b:c7:e3:ed:f9:68:76:16:a8:38:61:a7:
                    ab:89:49:e3:98:01:3c:5d:fb:bc:f8:89:2f:03:b1:
                    a1:4a:7b:47:9b:0c:97:ac:4b:c8:d1:df:f3:27:ec:
                    96:a8:45:78:36:88:9a:72:4a:77:19:66:a5:ce:9b:
                    2b:ab:cb:87:e6:39:ee:d7:c7:a3:1f:0d:dd:f1:4c:
                    49:4c:52:38:9e:a6:40:c2:d5:a2:be:90:d5:1f:42:
                    7b:34:e8:4c:25:a0:47:f4:77:cd:0e:22:c8:0f:0f:
                    fc:db:09:53:60:9b:8a:73:69:84:f9:76:c0:cb:8d:
                    a2:79:76:0a:fc:54:8b:8d:4a:4a:d7:f0:f4:e0:62:
                    0f:a5:e4:85:09:20:40:a1:ca:d6:21:b9:06:e1:4c:
                    15:1f:1a:87:ef:10:35:4e:40:3f:70:ac:06:22:b1:
                    70:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:94:A0:88:FC:50:40:47:A7:C0:0A:94:2D:71:A7:E6:D9:D2:BC:FC
            X509v3 Authority Key Identifier:
                keyid:D5:6C:50:74:E6:6F:43:CE:57:8A:3D:4A:2E:7B:CC:21:5C:B5:E9:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WxQdOZvQ85Xij1KLnvMIVy16WA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/17527b-ecc2-4498-9208-e22b8c0a1726/1/N5SgiPxQQEenwAqULXGn5tnSvPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/17527b-ecc2-4498-9208-e22b8c0a1726/1/1WxQdOZvQ85Xij1KLnvMIVy16WA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:48:e0:d5:5a:4c:06:e7:a1:70:d4:b0:36:6e:de:7e:a6:bb:
         49:9a:4f:93:a9:1d:43:65:63:84:5f:21:d6:58:e8:1f:e3:a3:
         13:15:c1:f5:e8:14:8c:54:ca:21:ac:bf:db:1b:e2:a4:a2:8f:
         42:a2:d4:38:16:8e:c1:43:cd:fc:04:40:fd:e8:22:22:f9:e3:
         58:0a:6b:fc:9e:97:55:83:88:58:14:07:32:d1:2e:f5:83:e8:
         2a:1a:a3:76:5d:5a:d9:e1:f2:22:ca:4c:e3:ce:bc:a4:45:73:
         d0:97:e6:5f:fd:e5:d6:5d:4c:8c:1f:3a:f4:07:62:3f:e0:f2:
         12:8f:18:ff:14:fa:fc:14:fd:2c:30:a1:e8:19:3d:b5:f8:99:
         e7:14:26:48:1f:89:08:47:bd:a7:d7:e2:36:cc:bf:d0:b1:6c:
         39:aa:9e:b4:cd:f1:d2:37:48:62:e2:76:8b:d4:6e:de:51:28:
         f0:28:e6:4a:c9:e6:03:a5:3f:86:4c:9d:45:7a:b1:b9:69:81:
         04:98:df:31:03:dd:a9:a0:d1:d7:b8:de:1d:4a:36:05:4b:28:
         90:45:f7:2b:ce:c6:f4:2d:37:5f:d6:13:c2:2e:ae:d6:c1:25:
         d0:33:26:d9:5f:08:29:91:d1:82:2b:fc:f2:1e:68:e5:22:f6:
         88:f3:7d:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTV8kXncb2y11XFxTBUlyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmM1MDc0ZTY2ZjQzY2U1NzhhM2Q0YTJlN2JjYzIxNWNi
NWU5NjAwHhcNMjQwMTAyMDgzMjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzk0YTA4OGZjNTA0MDQ3YTdjMDBhOTQyZDcxYTdlNmQ5ZDJiY2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUDxxm25QqPzFza9aIlwWJNKiFvd
0n6//8tTswg5Q++BPWvffwyiXkE5JGCiO+01Q037OKkF3VWbukzdywiWFYDCPBpe
G2r1A2COnmWFdbyfKMU26734uD8x3zx7x+Pt+Wh2Fqg4YaeriUnjmAE8Xfu8+Ikv
A7GhSntHmwyXrEvI0d/zJ+yWqEV4Noiackp3GWalzpsrq8uH5jnu18ejHw3d8UxJ
TFI4nqZAwtWivpDVH0J7NOhMJaBH9HfNDiLIDw/82wlTYJuKc2mE+XbAy42ieXYK
/FSLjUpK1/D04GIPpeSFCSBAocrWIbkG4UwVHxqH7xA1TkA/cKwGIrFwiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDeUoIj8UEBHp8AKlC1xp+bZ0rz8MB8GA1UdIwQY
MBaAFNVsUHTmb0POV4o9Si57zCFctelgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVd4UWRPWnZRODVYaWoxS0xudk1JVnkxNldBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8xNzUyN2ItZWNjMi00NDk4LTkyMDgt
ZTIyYjhjMGExNzI2LzEvTjVTZ2lQeFFRRWVud0FxVUxYR241dG5TdlB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8xNzUyN2ItZWNjMi00NDk4LTkyMDgtZTIyYjhjMGExNzI2
LzEvMVd4UWRPWnZRODVYaWoxS0xudk1JVnkxNldBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf2HMA0G
CSqGSIb3DQEBCwUAA4IBAQCASODVWkwG56Fw1LA2bt5+prtJmk+TqR1DZWOEXyHW
WOgf46MTFcH16BSMVMohrL/bG+Kkoo9CotQ4Fo7BQ838BED96CIi+eNYCmv8npdV
g4hYFAcy0S71g+gqGqN2XVrZ4fIiykzjzrykRXPQl+Zf/eXWXUyMHzr0B2I/4PIS
jxj/FPr8FP0sMKHoGT21+JnnFCZIH4kIR72n1+I2zL/QsWw5qp60zfHSN0hi4naL
1G7eUSjwKOZKyeYDpT+GTJ1FerG5aYEEmN8xA92poNHXuN4dSjYFSyiQRfcrzsb0
LTdf1hPCLq7WwSXQMybZXwgpkdGCK/zyHmjlIvaI831d
-----END CERTIFICATE-----