Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/5CWyh9PK5o0CRshOuZZrSEZUYvo.roa
File:                     5CWyh9PK5o0CRshOuZZrSEZUYvo.roa (raw, json)
Hash identifier:          fLRtRssfXw0tGSXMJxuEbYJSjSGokpVQlmfs5gVL6NQ=
Subject key identifier:   E4:25:B2:87:D3:CA:E6:8D:02:46:C8:4E:B9:96:6B:48:46:54:62:FA
Certificate issuer:       /CN=5dd1398976b2f487725bc13d7faebed3e16d82c9
Certificate serial:       0194838BA7E863210971E88262A1F8C9D641
Authority key identifier: 5D:D1:39:89:76:B2:F4:87:72:5B:C1:3D:7F:AE:BE:D3:E1:6D:82:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XdE5iXay9IdyW8E9f66-0-Ftgsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/5CWyh9PK5o0CRshOuZZrSEZUYvo.roa
Signing time:             Mon 20 Jan 2025 11:49:15 +0000
ROA not before:           Mon 20 Jan 2025 11:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395793
IP address blocks:        45.91.198.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/XdE5iXay9IdyW8E9f66-0-Ftgsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/XdE5iXay9IdyW8E9f66-0-Ftgsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XdE5iXay9IdyW8E9f66-0-Ftgsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:83:8b:a7:e8:63:21:09:71:e8:82:62:a1:f8:c9:d6:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd1398976b2f487725bc13d7faebed3e16d82c9
        Validity
            Not Before: Jan 20 11:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e425b287d3cae68d0246c84eb9966b48465462fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:86:4b:e5:3f:c7:da:5a:b7:88:d1:6d:02:3d:
                    66:e0:16:b1:36:28:c8:d7:98:12:07:ac:0c:14:73:
                    4e:90:a6:e7:1f:fd:b9:8b:4d:c8:3a:fa:92:03:56:
                    41:30:52:73:d0:09:d8:58:33:7c:63:a0:0b:a3:29:
                    05:f2:1d:ac:4a:eb:09:f6:1a:de:06:a5:8a:10:a6:
                    39:27:0d:3b:60:b3:70:ce:21:1f:e2:9b:95:f9:bc:
                    32:7d:ee:8a:df:0f:67:6e:25:a0:e3:3e:c1:ed:7c:
                    59:9e:47:d9:27:bf:28:68:d9:49:1a:4a:a2:ce:15:
                    c7:43:2f:b9:59:81:d9:cd:32:84:41:34:b0:c5:f6:
                    d0:b2:10:a5:ff:2a:91:dd:9f:fe:6a:cd:87:86:c1:
                    c4:72:15:67:29:99:8b:51:21:8c:a7:62:04:49:a0:
                    b7:62:c6:99:ac:47:09:be:92:88:8a:bf:47:b8:77:
                    7d:fc:03:e0:ee:c3:3e:e6:a1:88:25:35:89:eb:30:
                    23:e9:d8:5c:cf:f1:fb:3f:6f:64:c5:c3:26:d2:d5:
                    91:f8:e5:cf:5a:26:53:bd:1f:2f:90:25:e6:ae:72:
                    7f:94:99:6a:7c:b4:8a:a1:6d:10:3a:4c:71:fa:4c:
                    0e:ba:1b:5a:a1:77:bb:03:34:96:12:a0:58:7c:b0:
                    26:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:25:B2:87:D3:CA:E6:8D:02:46:C8:4E:B9:96:6B:48:46:54:62:FA
            X509v3 Authority Key Identifier:
                keyid:5D:D1:39:89:76:B2:F4:87:72:5B:C1:3D:7F:AE:BE:D3:E1:6D:82:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XdE5iXay9IdyW8E9f66-0-Ftgsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/5CWyh9PK5o0CRshOuZZrSEZUYvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/XdE5iXay9IdyW8E9f66-0-Ftgsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:6e:0f:11:4e:ec:d2:f8:88:e9:67:36:32:c5:17:8b:9e:5f:
         2e:d9:d8:b3:d6:f4:4f:78:a7:ac:c7:ce:8a:6f:f7:ae:ad:9e:
         91:0d:23:a0:8d:9e:93:9b:35:a2:11:5a:e6:12:81:cd:a5:79:
         8d:26:b6:5b:aa:a4:e3:19:c7:ce:ac:0a:49:ec:d2:50:e3:60:
         21:39:bc:53:45:c7:88:3b:1b:03:85:ed:6a:b5:90:f6:9c:3f:
         c4:aa:4f:72:31:f6:3f:ea:6c:77:2e:23:f5:0c:ee:af:51:18:
         0f:44:3e:f2:5f:a0:20:54:0f:51:b4:1e:e6:2f:da:30:f8:04:
         e3:80:e9:94:d5:b5:95:bb:bd:df:40:fa:36:c8:84:b6:ab:2b:
         ff:75:79:6f:08:d6:69:87:57:c6:7f:4e:91:42:83:60:de:02:
         a8:b4:eb:5d:ef:ec:36:12:81:aa:f8:ea:7f:82:8f:dc:fe:8d:
         b6:a6:d1:78:ae:87:ec:a9:42:ce:f3:42:d8:bb:de:57:cb:9f:
         6f:43:15:8d:1b:ca:31:75:cd:ee:1c:a9:66:90:81:1f:d5:25:
         0c:70:68:64:ee:94:97:c6:d7:a2:f2:37:46:f3:b6:bc:76:c7:
         0f:4f:78:8e:e4:66:94:18:ca:1a:97:a0:47:0b:05:8f:c5:26:
         f8:25:70:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSDi6foYyEJceiCYqH4ydZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDEzOTg5NzZiMmY0ODc3MjViYzEzZDdmYWViZWQzZTE2
ZDgyYzkwHhcNMjUwMTIwMTE0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDI1YjI4N2QzY2FlNjhkMDI0NmM4NGViOTk2NmI0ODQ2NTQ2MmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoZL5T/H2lq3iNFtAj1m4BaxNijI
15gSB6wMFHNOkKbnH/25i03IOvqSA1ZBMFJz0AnYWDN8Y6ALoykF8h2sSusJ9hre
BqWKEKY5Jw07YLNwziEf4puV+bwyfe6K3w9nbiWg4z7B7XxZnkfZJ78oaNlJGkqi
zhXHQy+5WYHZzTKEQTSwxfbQshCl/yqR3Z/+as2HhsHEchVnKZmLUSGMp2IESaC3
YsaZrEcJvpKIir9HuHd9/APg7sM+5qGIJTWJ6zAj6dhcz/H7P29kxcMm0tWR+OXP
WiZTvR8vkCXmrnJ/lJlqfLSKoW0QOkxx+kwOuhtaoXe7AzSWEqBYfLAm2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQlsofTyuaNAkbITrmWa0hGVGL6MB8GA1UdIwQY
MBaAFF3ROYl2svSHclvBPX+uvtPhbYLJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRFNWlYYXk5SWR5VzhFOWY2Ni0wLUZ0Z3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8zZTgxMDAtOTg4ZC00ODNlLWJjODYt
NjAwODEwNjM0ODc4LzEvNUNXeWg5UEs1bzBDUnNoT3VaWnJTRVpVWXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8zZTgxMDAtOTg4ZC00ODNlLWJjODYtNjAwODEwNjM0ODc4
LzEvWGRFNWlYYXk5SWR5VzhFOWY2Ni0wLUZ0Z3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVvGMA0G
CSqGSIb3DQEBCwUAA4IBAQCGbg8RTuzS+IjpZzYyxReLnl8u2diz1vRPeKesx86K
b/eurZ6RDSOgjZ6TmzWiEVrmEoHNpXmNJrZbqqTjGcfOrApJ7NJQ42AhObxTRceI
OxsDhe1qtZD2nD/Eqk9yMfY/6mx3LiP1DO6vURgPRD7yX6AgVA9RtB7mL9ow+ATj
gOmU1bWVu73fQPo2yIS2qyv/dXlvCNZph1fGf06RQoNg3gKotOtd7+w2EoGq+Op/
go/c/o22ptF4rofsqULO80LYu95Xy59vQxWNG8oxdc3uHKlmkIEf1SUMcGhk7pSX
xtei8jdG87a8dscPT3iO5GaUGMoal6BHCwWPxSb4JXBf
-----END CERTIFICATE-----