Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/sp5Z-CZ9B_FPp-PrOM334YwnsdA.roa
File:                     sp5Z-CZ9B_FPp-PrOM334YwnsdA.roa (raw, json)
Hash identifier:          ByeT5Z6alHxafuQPIsT9gKkL+BFPz7s4Nk6eSOBTkJE=
Subject key identifier:   B2:9E:59:F8:26:7D:07:F1:4F:A7:E3:EB:38:CD:F7:E1:8C:27:B1:D0
Certificate issuer:       /CN=a8010ceb20f2e076a3f000271a5c375761bec2f5
Certificate serial:       01904B41B10A436B3BD78DA596E93F932C12
Authority key identifier: A8:01:0C:EB:20:F2:E0:76:A3:F0:00:27:1A:5C:37:57:61:BE:C2:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/sp5Z-CZ9B_FPp-PrOM334YwnsdA.roa
Signing time:             Mon 24 Jun 2024 17:18:34 +0000
ROA not before:           Mon 24 Jun 2024 17:18:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39151
IP address blocks:        213.175.128.0/24 maxlen: 24
                          213.175.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4b:41:b1:0a:43:6b:3b:d7:8d:a5:96:e9:3f:93:2c:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8010ceb20f2e076a3f000271a5c375761bec2f5
        Validity
            Not Before: Jun 24 17:18:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b29e59f8267d07f14fa7e3eb38cdf7e18c27b1d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a5:01:ef:73:c8:c6:54:ff:e8:71:89:68:fb:
                    26:6c:bd:b1:2c:07:a4:a2:3f:c4:5c:37:8c:da:fa:
                    b7:19:7c:d4:f1:84:6e:19:ad:eb:95:4b:7e:9e:8c:
                    ce:8c:45:ff:9d:9a:5f:ef:c9:71:5a:0a:2c:72:d2:
                    e1:e7:aa:d6:39:f7:8f:c1:db:eb:6c:37:1c:e4:92:
                    25:77:56:f5:6f:db:69:80:09:40:14:a1:c6:68:70:
                    ce:5c:ce:e9:c6:03:bb:da:0c:5b:43:9b:7c:12:66:
                    9b:8a:b5:c3:2d:4f:39:e8:a0:40:ba:cb:d8:c9:b0:
                    0c:43:02:ef:ba:80:66:b4:4a:0d:99:42:2c:27:fc:
                    9a:4f:85:a2:b8:17:d3:e9:29:d6:6d:69:15:19:d8:
                    b2:04:7a:db:b7:17:93:e6:48:d3:59:02:fa:c7:99:
                    55:23:b4:49:37:00:53:16:53:1e:fe:69:d8:a6:22:
                    c9:e8:2c:75:99:7d:28:96:e9:2d:c2:2d:0b:56:a4:
                    01:45:9b:40:60:d6:db:0b:4c:c0:8b:3c:88:59:0c:
                    df:b9:55:57:85:d3:d6:b5:cf:5a:fd:85:b8:bf:86:
                    ca:5c:eb:81:01:39:8b:57:4d:f3:0d:be:fb:76:fd:
                    f9:03:be:f3:21:8a:7c:25:a3:7f:85:1c:ed:48:11:
                    cd:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:9E:59:F8:26:7D:07:F1:4F:A7:E3:EB:38:CD:F7:E1:8C:27:B1:D0
            X509v3 Authority Key Identifier:
                keyid:A8:01:0C:EB:20:F2:E0:76:A3:F0:00:27:1A:5C:37:57:61:BE:C2:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/sp5Z-CZ9B_FPp-PrOM334YwnsdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.175.128.0/24
                  213.175.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:c0:c9:29:42:28:e4:9f:0a:35:92:c2:03:25:db:66:dd:73:
         e6:21:eb:cf:12:b0:b2:2b:8f:85:1c:e1:08:36:64:1a:3c:b8:
         24:16:63:34:b0:62:55:17:2b:1b:57:31:60:e0:1c:1f:81:30:
         cf:75:d0:9d:71:e9:42:fe:e9:2a:1b:67:ce:dc:76:67:d2:ce:
         06:6c:13:4d:8d:66:48:08:2b:9d:b0:27:c4:a9:77:d6:fe:b2:
         f4:ad:ec:92:b2:31:47:67:3a:c4:6b:f6:49:b0:a7:af:48:96:
         84:8f:3c:70:65:3a:08:bd:5e:4e:5d:49:f4:b6:8d:22:c6:51:
         bb:ab:9c:f9:7f:d5:25:e6:c0:de:f5:10:ca:78:e0:2f:13:32:
         62:00:ee:b4:99:82:6c:a5:cc:14:99:7d:6a:7f:eb:83:59:a0:
         df:f2:5a:5b:66:16:e2:07:79:5f:3f:73:29:65:43:b9:64:a4:
         a3:cb:e4:ad:88:e3:cb:5e:6a:c0:65:a4:f8:19:3d:6f:da:69:
         a7:51:50:0b:e2:85:be:94:3d:cc:26:f1:e8:39:be:a2:bd:83:
         cf:58:62:9a:39:5b:07:50:78:7c:64:60:4a:a5:19:35:3e:de:
         a9:01:f0:14:53:d8:49:01:dc:a2:7e:37:77:36:a4:f9:aa:c0:
         ff:b2:7f:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBLQbEKQ2s7142lluk/kywSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MDEwY2ViMjBmMmUwNzZhM2YwMDAyNzFhNWMzNzU3NjFi
ZWMyZjUwHhcNMjQwNjI0MTcxODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjllNTlmODI2N2QwN2YxNGZhN2UzZWIzOGNkZjdlMThjMjdiMWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaUB73PIxlT/6HGJaPsmbL2xLAek
oj/EXDeM2vq3GXzU8YRuGa3rlUt+nozOjEX/nZpf78lxWgosctLh56rWOfePwdvr
bDcc5JIld1b1b9tpgAlAFKHGaHDOXM7pxgO72gxbQ5t8EmabirXDLU856KBAusvY
ybAMQwLvuoBmtEoNmUIsJ/yaT4WiuBfT6SnWbWkVGdiyBHrbtxeT5kjTWQL6x5lV
I7RJNwBTFlMe/mnYpiLJ6Cx1mX0oluktwi0LVqQBRZtAYNbbC0zAizyIWQzfuVVX
hdPWtc9a/YW4v4bKXOuBATmLV03zDb77dv35A77zIYp8JaN/hRztSBHNewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLKeWfgmfQfxT6fj6zjN9+GMJ7HQMB8GA1UdIwQY
MBaAFKgBDOsg8uB2o/AAJxpcN1dhvsL1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUFFTTZ5RHk0SGFqOEFBbkdsdzNWMkctd3ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mNDQ0YWEtYWU4Yy00ZDE0LWEzYTMt
NDlmNjVjNmE0OGJmLzEvc3A1Wi1DWjlCX0ZQcC1Qck9NMzM0WXduc2RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mNDQ0YWEtYWU4Yy00ZDE0LWEzYTMtNDlmNjVjNmE0OGJm
LzEvcUFFTTZ5RHk0SGFqOEFBbkdsdzNWMkctd3ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1a+AAwQA
1a+EMA0GCSqGSIb3DQEBCwUAA4IBAQCHwMkpQijknwo1ksIDJdtm3XPmIevPErCy
K4+FHOEINmQaPLgkFmM0sGJVFysbVzFg4BwfgTDPddCdcelC/ukqG2fO3HZn0s4G
bBNNjWZICCudsCfEqXfW/rL0reySsjFHZzrEa/ZJsKevSJaEjzxwZToIvV5OXUn0
to0ixlG7q5z5f9Ul5sDe9RDKeOAvEzJiAO60mYJspcwUmX1qf+uDWaDf8lpbZhbi
B3lfP3MpZUO5ZKSjy+StiOPLXmrAZaT4GT1v2mmnUVAL4oW+lD3MJvHoOb6ivYPP
WGKaOVsHUHh8ZGBKpRk1Pt6pAfAUU9hJAdyifjd3NqT5qsD/sn8U
-----END CERTIFICATE-----