Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/5b3s4uMoX-RJY6zYeJbW4AZqud8.roa
File:                     5b3s4uMoX-RJY6zYeJbW4AZqud8.roa (raw, json)
Hash identifier:          R+1VdQ+4H28yuJTD7cjJ/kpp/N/Mzt8yjt7buAdxFPI=
Subject key identifier:   E5:BD:EC:E2:E3:28:5F:E4:49:63:AC:D8:78:96:D6:E0:06:6A:B9:DF
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018F5335F82B7B498EF9785076E441D6A71A
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/5b3s4uMoX-RJY6zYeJbW4AZqud8.roa
Signing time:             Tue 07 May 2024 13:19:56 +0000
ROA not before:           Tue 07 May 2024 13:19:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215391
IP address blocks:        45.43.143.0/24 maxlen: 24
                          104.238.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:35:f8:2b:7b:49:8e:f9:78:50:76:e4:41:d6:a7:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: May  7 13:19:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5bdece2e3285fe44963acd87896d6e0066ab9df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:57:0a:9d:9d:b0:0c:99:a9:03:bb:3b:bc:85:
                    20:7e:25:8e:35:a6:89:6b:e9:73:c3:f6:f2:4f:79:
                    be:3b:f2:40:f5:bf:40:9a:89:a9:28:67:b2:37:e1:
                    76:b6:9c:3e:dd:6a:6d:fb:25:a5:19:16:13:5c:13:
                    f2:90:b0:98:25:0b:5c:bd:45:cb:c8:69:a3:ea:93:
                    47:b0:55:6a:c9:b8:36:53:51:e7:a4:10:b5:f3:79:
                    a8:76:02:a1:4c:00:46:2a:f4:9d:0b:d9:88:d1:a4:
                    0a:93:db:42:9b:d7:ad:6a:84:81:c3:aa:62:5c:ea:
                    57:bb:25:9a:2b:4f:d6:d8:b0:cb:53:7d:79:fa:31:
                    8e:e4:51:77:fd:7e:9d:77:36:ce:27:d3:b2:41:b5:
                    e7:d5:d2:af:18:9c:4d:ed:44:37:2a:cc:f8:a2:e8:
                    4d:b3:7a:4e:bb:f1:d3:23:7f:c4:c9:74:17:ea:d8:
                    5e:f8:27:bc:f8:9b:04:33:4d:27:35:83:63:56:07:
                    e9:a7:af:eb:09:06:73:a1:18:f1:b4:df:ec:9a:f2:
                    dc:13:66:bd:75:e3:66:ff:59:aa:6d:0f:e0:39:de:
                    55:08:ed:60:9f:9d:7e:03:bb:1b:5a:ce:eb:e9:3c:
                    69:b3:0e:63:c4:cc:2f:a3:e9:bf:66:29:77:69:d6:
                    78:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:BD:EC:E2:E3:28:5F:E4:49:63:AC:D8:78:96:D6:E0:06:6A:B9:DF
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/5b3s4uMoX-RJY6zYeJbW4AZqud8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.143.0/24
                  104.238.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:82:d5:68:0a:bd:11:e9:93:80:3d:9a:6b:11:82:95:07:2f:
         0e:8e:98:a5:3c:33:83:bc:ad:25:16:25:e0:04:3e:3a:0b:1d:
         0e:2a:79:37:3e:d2:95:fc:a6:4e:ca:6e:37:73:6c:92:57:13:
         b0:c3:47:44:aa:83:b0:9e:c3:43:ca:75:0e:a1:b9:a7:fb:ae:
         f7:d4:20:82:56:f6:6c:5b:6d:b8:58:7f:8e:a1:22:34:ab:d0:
         21:5a:4e:a0:8d:0c:b6:c1:aa:b3:e6:e7:ca:7a:a1:26:65:e9:
         60:07:0f:f3:e6:b0:09:ec:ea:34:0a:ae:18:5e:0b:e7:d1:9d:
         0b:9a:fe:4f:8c:b6:d8:f3:d3:8c:08:26:96:6a:22:2c:cc:15:
         b6:a1:64:01:96:40:68:98:ef:c0:8e:62:93:15:12:09:85:bd:
         a1:64:e1:d3:34:b2:32:f9:6e:97:bc:1b:46:f2:ab:98:53:1d:
         20:c1:42:73:2c:bb:49:77:28:ac:04:26:8f:8b:f3:cf:78:16:
         9b:74:20:0f:78:3c:80:c3:5c:50:1b:fc:24:25:29:44:89:f9:
         72:f8:8a:e7:58:b5:b3:ad:1d:59:b6:57:65:54:e0:9e:45:6a:
         93:0c:b9:7f:cc:75:af:3a:3b:2b:a9:eb:67:9e:96:05:f2:96:
         f5:34:44:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9TNfgre0mO+XhQduRB1qcaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNTA3MTMxOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWJkZWNlMmUzMjg1ZmU0NDk2M2FjZDg3ODk2ZDZlMDA2NmFiOWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1cKnZ2wDJmpA7s7vIUgfiWONaaJ
a+lzw/byT3m+O/JA9b9AmompKGeyN+F2tpw+3Wpt+yWlGRYTXBPykLCYJQtcvUXL
yGmj6pNHsFVqybg2U1HnpBC183modgKhTABGKvSdC9mI0aQKk9tCm9etaoSBw6pi
XOpXuyWaK0/W2LDLU315+jGO5FF3/X6ddzbOJ9OyQbXn1dKvGJxN7UQ3Ksz4ouhN
s3pOu/HTI3/EyXQX6the+Ce8+JsEM00nNYNjVgfpp6/rCQZzoRjxtN/smvLcE2a9
deNm/1mqbQ/gOd5VCO1gn51+A7sbWs7r6Txpsw5jxMwvo+m/Zil3adZ4gQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOW97OLjKF/kSWOs2HiW1uAGarnfMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvNWIzczR1TW9YLVJKWTZ6WWVKYlc0QVpxdWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALSuPAwQA
aO4XMA0GCSqGSIb3DQEBCwUAA4IBAQAmgtVoCr0R6ZOAPZprEYKVBy8OjpilPDOD
vK0lFiXgBD46Cx0OKnk3PtKV/KZOym43c2ySVxOww0dEqoOwnsNDynUOobmn+673
1CCCVvZsW224WH+OoSI0q9AhWk6gjQy2waqz5ufKeqEmZelgBw/z5rAJ7Oo0Cq4Y
Xgvn0Z0Lmv5PjLbY89OMCCaWaiIszBW2oWQBlkBomO/AjmKTFRIJhb2hZOHTNLIy
+W6XvBtG8quYUx0gwUJzLLtJdyisBCaPi/PPeBabdCAPeDyAw1xQG/wkJSlEifly
+IrnWLWzrR1ZtldlVOCeRWqTDLl/zHWvOjsrqetnnpYF8pb1NEQM
-----END CERTIFICATE-----