Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/56158f-7d45-413e-a8e6-6050368b7e03/1/C8lsCl5SDppDvJrxYIXvBm8Msrw.roa
File:                     C8lsCl5SDppDvJrxYIXvBm8Msrw.roa (raw, json)
Hash identifier:          g/EpYJY9zNukn8t8lGX8gUATAsrPI4DJnEBIGDVX0Kw=
Subject key identifier:   0B:C9:6C:0A:5E:52:0E:9A:43:BC:9A:F1:60:85:EF:06:6F:0C:B2:BC
Certificate issuer:       /CN=e5f83127d6512e13e88d4b951f1f039c6a3bac41
Certificate serial:       018CC64AFB23EDBAA0C923A92C0894A5C350
Authority key identifier: E5:F8:31:27:D6:51:2E:13:E8:8D:4B:95:1F:1F:03:9C:6A:3B:AC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5fgxJ9ZRLhPojUuVHx8DnGo7rEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/56158f-7d45-413e-a8e6-6050368b7e03/1/C8lsCl5SDppDvJrxYIXvBm8Msrw.roa
Signing time:             Mon 01 Jan 2024 18:30:51 +0000
ROA not before:           Mon 01 Jan 2024 18:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31019
IP address blocks:        5.42.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/56158f-7d45-413e-a8e6-6050368b7e03/1/5fgxJ9ZRLhPojUuVHx8DnGo7rEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/56158f-7d45-413e-a8e6-6050368b7e03/1/5fgxJ9ZRLhPojUuVHx8DnGo7rEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5fgxJ9ZRLhPojUuVHx8DnGo7rEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 04:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:fb:23:ed:ba:a0:c9:23:a9:2c:08:94:a5:c3:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5f83127d6512e13e88d4b951f1f039c6a3bac41
        Validity
            Not Before: Jan  1 18:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bc96c0a5e520e9a43bc9af16085ef066f0cb2bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9f:14:c3:4d:98:53:a9:a4:35:56:d7:6e:60:
                    bd:5d:1d:83:ed:32:64:d7:c6:af:fc:c8:06:9a:75:
                    3a:06:71:3d:1a:47:74:36:4d:ed:5f:f7:ff:c2:5f:
                    49:f6:20:60:a4:b2:3f:44:62:4b:9f:8c:bd:cb:19:
                    a0:54:78:de:57:4e:a5:ad:d0:ec:31:02:2f:d0:d0:
                    df:5d:e7:34:e5:64:7f:ab:7d:1e:ca:76:38:c1:4b:
                    a8:73:ef:80:ed:46:29:a3:05:aa:eb:a9:cb:09:46:
                    7b:d0:1a:60:e4:81:f5:4e:0a:b2:64:7b:84:a4:6a:
                    d9:cc:64:d9:3e:5a:10:4d:a2:29:70:93:1f:ef:5e:
                    f1:59:ec:d6:36:d6:e0:4d:39:04:07:dc:8a:91:db:
                    fa:1a:2f:d1:e7:39:f9:50:97:01:5b:22:a9:97:38:
                    66:a7:08:72:ed:4b:36:d9:dc:7d:63:48:c5:ac:64:
                    16:db:c1:d9:7d:d0:b2:9a:a6:18:a4:6e:b3:d8:be:
                    e9:11:70:ba:7e:de:87:e4:15:66:37:7a:e6:9e:91:
                    8e:29:c6:f5:e6:b6:ef:2b:7f:9e:7f:cb:69:1f:53:
                    ea:a9:3f:7e:57:6e:b1:30:a2:7e:6e:68:e4:18:53:
                    64:7c:28:93:46:38:bf:85:6d:fa:e1:da:02:31:83:
                    4e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:C9:6C:0A:5E:52:0E:9A:43:BC:9A:F1:60:85:EF:06:6F:0C:B2:BC
            X509v3 Authority Key Identifier:
                keyid:E5:F8:31:27:D6:51:2E:13:E8:8D:4B:95:1F:1F:03:9C:6A:3B:AC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5fgxJ9ZRLhPojUuVHx8DnGo7rEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/56158f-7d45-413e-a8e6-6050368b7e03/1/C8lsCl5SDppDvJrxYIXvBm8Msrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/56158f-7d45-413e-a8e6-6050368b7e03/1/5fgxJ9ZRLhPojUuVHx8DnGo7rEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:03:54:b1:a1:b8:71:88:77:05:42:ae:fb:67:54:15:89:9d:
         68:e1:87:5f:6a:fe:86:43:a9:60:d8:9d:9b:2a:02:7a:88:3c:
         5d:6e:7a:d1:09:c2:a8:1b:71:10:04:7c:a8:56:b7:f4:dc:40:
         a2:7b:7f:3a:53:6d:5b:46:2b:89:9f:fb:ca:bd:49:1d:c5:b8:
         54:5f:4f:97:66:da:4f:19:2a:9f:64:cf:86:d0:b4:cf:8b:6b:
         cd:c4:24:65:cf:e6:eb:e2:a8:30:dc:0f:4a:fa:17:4b:34:e8:
         80:1c:24:ff:2b:cb:c6:0b:dd:9b:ab:9d:79:d4:92:6d:29:73:
         70:40:5a:74:22:a7:1c:66:45:06:5b:71:8a:c8:da:df:b7:99:
         92:38:3d:2a:7e:61:73:9f:ff:13:81:ff:33:85:2c:90:e4:a4:
         36:bb:f9:49:02:55:0c:8c:7f:c1:b3:4d:71:f0:41:44:f7:d1:
         3e:2d:e8:cb:24:57:d7:3d:49:86:74:1c:90:11:88:20:87:f7:
         0c:06:88:91:7a:e1:d7:11:00:3a:50:51:0d:64:bd:c3:b6:e9:
         a6:89:87:13:68:d3:64:bb:d2:13:93:fe:52:ac:20:54:0b:97:
         97:e2:a1:e8:d4:23:d2:23:fe:f8:1a:8d:05:b1:07:58:7e:2e:
         b4:1c:fc:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvsj7bqgySOpLAiUpcNQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZjgzMTI3ZDY1MTJlMTNlODhkNGI5NTFmMWYwMzljNmEz
YmFjNDEwHhcNMjQwMTAxMTgzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmM5NmMwYTVlNTIwZTlhNDNiYzlhZjE2MDg1ZWYwNjZmMGNiMmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZ8Uw02YU6mkNVbXbmC9XR2D7TJk
18av/MgGmnU6BnE9Gkd0Nk3tX/f/wl9J9iBgpLI/RGJLn4y9yxmgVHjeV06lrdDs
MQIv0NDfXec05WR/q30eynY4wUuoc++A7UYpowWq66nLCUZ70Bpg5IH1TgqyZHuE
pGrZzGTZPloQTaIpcJMf717xWezWNtbgTTkEB9yKkdv6Gi/R5zn5UJcBWyKplzhm
pwhy7Us22dx9Y0jFrGQW28HZfdCymqYYpG6z2L7pEXC6ft6H5BVmN3rmnpGOKcb1
5rbvK3+ef8tpH1PqqT9+V26xMKJ+bmjkGFNkfCiTRji/hW364doCMYNOJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvJbApeUg6aQ7ya8WCF7wZvDLK8MB8GA1UdIwQY
MBaAFOX4MSfWUS4T6I1LlR8fA5xqO6xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWZneEo5WlJMaFBvalV1Vkh4OERuR283ckVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi81NjE1OGYtN2Q0NS00MTNlLWE4ZTYt
NjA1MDM2OGI3ZTAzLzEvQzhsc0NsNVNEcHBEdkpyeFlJWHZCbThNc3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi81NjE1OGYtN2Q0NS00MTNlLWE4ZTYtNjA1MDM2OGI3ZTAz
LzEvNWZneEo5WlJMaFBvalV1Vkh4OERuR283ckVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrPMA0G
CSqGSIb3DQEBCwUAA4IBAQBMA1SxobhxiHcFQq77Z1QViZ1o4Ydfav6GQ6lg2J2b
KgJ6iDxdbnrRCcKoG3EQBHyoVrf03ECie386U21bRiuJn/vKvUkdxbhUX0+XZtpP
GSqfZM+G0LTPi2vNxCRlz+br4qgw3A9K+hdLNOiAHCT/K8vGC92bq5151JJtKXNw
QFp0IqccZkUGW3GKyNrft5mSOD0qfmFzn/8Tgf8zhSyQ5KQ2u/lJAlUMjH/Bs01x
8EFE99E+LejLJFfXPUmGdByQEYggh/cMBoiReuHXEQA6UFENZL3DtummiYcTaNNk
u9ITk/5SrCBUC5eX4qHo1CPSI/74Go0FsQdYfi60HPwr
-----END CERTIFICATE-----