Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Um0vN_apGqVXsQqb6HgRJxrxtxY.roa
File:                     Um0vN_apGqVXsQqb6HgRJxrxtxY.roa (raw, json)
Hash identifier:          yv99wFuUUEd1UYls6ITI3GvYcLoLUYcmZNn7nKdozDo=
Subject key identifier:   52:6D:2F:37:F6:A9:1A:A5:57:B1:0A:9B:E8:78:11:27:1A:F1:B7:16
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC7951B83DF1D736DFB860CA6C4751CB4
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Um0vN_apGqVXsQqb6HgRJxrxtxY.roa
Signing time:             Tue 02 Jan 2024 00:31:27 +0000
ROA not before:           Tue 02 Jan 2024 00:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44687
IP address blocks:        5.133.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1b:83:df:1d:73:6d:fb:86:0c:a6:c4:75:1c:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=526d2f37f6a91aa557b10a9be87811271af1b716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:34:40:ea:f6:f4:33:4a:f9:3e:5a:a2:91:e1:
                    8c:f6:c6:38:89:e4:bd:c8:fe:9e:e1:67:7d:9e:2b:
                    3c:12:26:a2:3a:f3:1c:04:46:e5:ef:f6:5f:17:10:
                    9a:be:a5:56:58:46:1f:46:06:0b:27:21:14:4d:1d:
                    1a:71:cf:ee:ac:eb:9d:a2:9a:e5:56:79:00:3f:bd:
                    09:7d:83:ce:4d:10:9c:11:1e:a1:08:9f:06:8a:25:
                    21:59:94:8a:40:a8:11:8c:16:43:d2:92:2d:96:ba:
                    49:49:f2:37:8b:26:22:06:07:ac:b8:c8:40:3e:3c:
                    1c:3d:f1:76:47:63:d6:58:ef:ca:cf:0b:06:51:0e:
                    9d:e7:55:ab:ad:d9:ac:67:e1:a6:90:6c:25:61:2f:
                    fd:be:bb:47:9e:bb:6b:ea:0c:82:e2:9a:d9:02:47:
                    a4:c2:3c:08:12:f4:65:c1:e2:8b:dd:60:81:7c:f2:
                    be:2c:f6:de:1b:ec:15:50:21:f9:cc:95:3f:98:3f:
                    61:4f:e7:33:68:f4:d1:ae:49:9e:bd:1c:00:d2:9f:
                    30:51:a6:5e:e4:2c:96:ed:f3:d5:4b:91:e1:12:b0:
                    94:8e:40:e8:bc:cd:1c:da:8e:be:b8:dc:88:d8:05:
                    74:96:59:24:45:0f:a0:12:03:34:d4:6f:cc:fa:79:
                    3e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:6D:2F:37:F6:A9:1A:A5:57:B1:0A:9B:E8:78:11:27:1A:F1:B7:16
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Um0vN_apGqVXsQqb6HgRJxrxtxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:0a:60:19:0b:e9:a1:b7:5b:a3:40:46:5a:de:d4:ac:a3:db:
         b9:d4:4f:5c:58:01:38:3b:60:ff:de:08:e7:29:9c:48:46:f2:
         cc:b4:49:a4:0b:f0:67:b4:45:90:4d:80:5b:52:d1:98:4b:f9:
         63:11:34:86:da:50:f4:71:63:31:98:cb:19:08:be:cb:56:df:
         ae:b5:7a:33:e0:a0:2f:e1:48:2a:16:1b:4d:0d:11:32:4f:f2:
         1f:e6:0d:85:5f:92:8b:d1:73:a5:e7:e3:ed:c2:52:ae:b7:a0:
         61:ec:87:88:50:a3:6b:0f:0a:9d:65:99:8d:5b:1a:2c:a4:57:
         23:c8:ac:3d:b8:97:9c:30:e8:6f:7a:b4:f1:4a:54:ca:c4:6b:
         f0:09:63:5a:33:7a:6f:7b:01:5f:04:bc:57:7b:27:00:52:47:
         6b:75:c0:0a:bc:a2:1c:9f:c6:32:32:99:24:74:bc:a1:98:ab:
         d2:b4:d3:d0:c3:70:b5:48:ab:80:95:81:d1:64:f0:75:0b:3d:
         f8:64:f5:1e:58:fd:13:84:cb:a2:8a:f1:f1:2c:b2:ef:e4:6b:
         35:6a:dc:9a:fd:6a:9b:1c:be:18:7f:14:04:a9:63:b4:3b:cc:
         73:9f:12:3d:fa:ff:51:80:6d:b3:3e:cc:da:fd:87:92:7a:d1:
         a4:60:37:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRuD3x1zbfuGDKbEdRy0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjZkMmYzN2Y2YTkxYWE1NTdiMTBhOWJlODc4MTEyNzFhZjFiNzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTRA6vb0M0r5PlqikeGM9sY4ieS9
yP6e4Wd9nis8EiaiOvMcBEbl7/ZfFxCavqVWWEYfRgYLJyEUTR0acc/urOudoprl
VnkAP70JfYPOTRCcER6hCJ8GiiUhWZSKQKgRjBZD0pItlrpJSfI3iyYiBgesuMhA
PjwcPfF2R2PWWO/KzwsGUQ6d51WrrdmsZ+GmkGwlYS/9vrtHnrtr6gyC4prZAkek
wjwIEvRlweKL3WCBfPK+LPbeG+wVUCH5zJU/mD9hT+czaPTRrkmevRwA0p8wUaZe
5CyW7fPVS5HhErCUjkDovM0c2o6+uNyI2AV0llkkRQ+gEgM01G/M+nk+/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJtLzf2qRqlV7EKm+h4ESca8bcWMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvVW0wdk5fYXBHcVZYc1FxYjZIZ1JKeHJ4dHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYVtMA0G
CSqGSIb3DQEBCwUAA4IBAQCGCmAZC+mht1ujQEZa3tSso9u51E9cWAE4O2D/3gjn
KZxIRvLMtEmkC/BntEWQTYBbUtGYS/ljETSG2lD0cWMxmMsZCL7LVt+utXoz4KAv
4UgqFhtNDREyT/If5g2FX5KL0XOl5+PtwlKut6Bh7IeIUKNrDwqdZZmNWxospFcj
yKw9uJecMOhverTxSlTKxGvwCWNaM3pvewFfBLxXeycAUkdrdcAKvKIcn8YyMpkk
dLyhmKvStNPQw3C1SKuAlYHRZPB1Cz34ZPUeWP0ThMuiivHxLLLv5Gs1atya/Wqb
HL4YfxQEqWO0O8xznxI9+v9RgG2zPsza/YeSetGkYDdS
-----END CERTIFICATE-----