Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/A5E5hCicto-_nWyxlrFn-NjSh3s.roa
File:                     A5E5hCicto-_nWyxlrFn-NjSh3s.roa (raw, json)
Hash identifier:          oys4/BiZ0Iy2Jmz2KXa5rBTe11vE0Jo344Ny43Rtcy4=
Subject key identifier:   03:91:39:84:28:9C:B6:8F:BF:9D:6C:B1:96:B1:67:F8:D8:D2:87:7B
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       018CC86EFB5BB2AEE63B08B70A8280A4A09A
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/A5E5hCicto-_nWyxlrFn-NjSh3s.roa
Signing time:             Tue 02 Jan 2024 04:29:25 +0000
ROA not before:           Tue 02 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142111
IP address blocks:        185.39.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fb:5b:b2:ae:e6:3b:08:b7:0a:82:80:a4:a0:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03913984289cb68fbf9d6cb196b167f8d8d2877b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f3:29:c9:ef:9d:5c:d8:bb:92:29:6b:89:c3:
                    69:d3:d0:c2:a2:37:a4:a1:db:47:b5:94:27:e5:27:
                    69:1a:ab:01:17:d2:a1:8d:82:1c:72:94:6d:95:5c:
                    51:70:28:7d:25:51:ef:a5:19:24:40:02:52:ee:d4:
                    0e:2a:b4:c0:f1:4c:d6:2c:02:4f:3b:2b:37:7f:69:
                    f6:8d:e2:96:04:42:79:10:b8:70:d6:b6:6a:58:39:
                    68:56:7c:0b:4d:d4:8a:e4:00:81:f8:8c:37:9a:99:
                    23:a6:dc:1e:a2:f5:0d:bb:14:15:45:4d:d5:c3:00:
                    2e:9b:c8:d3:8c:34:d8:dc:45:68:80:3d:5a:d0:3b:
                    dc:e3:5f:fa:07:61:5d:6b:99:fc:8a:08:c8:e0:b0:
                    15:98:b7:1c:ef:bd:64:06:c9:70:5b:b3:98:0c:be:
                    f1:e0:f4:bf:c3:30:83:b3:cc:c9:59:d8:76:24:d0:
                    f6:31:e0:50:5a:8a:8d:04:9c:b8:bd:2c:23:4b:e1:
                    59:8d:0c:fa:31:dc:3b:e9:b7:e8:36:95:e9:f2:8c:
                    1c:8a:f1:29:70:bf:53:60:ec:4d:cc:f1:02:8f:d8:
                    45:90:24:b5:07:50:6e:a2:69:91:85:6c:0f:98:87:
                    6b:44:7c:2f:3b:a2:76:9e:b1:80:9d:94:74:f3:76:
                    bb:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:91:39:84:28:9C:B6:8F:BF:9D:6C:B1:96:B1:67:F8:D8:D2:87:7B
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/A5E5hCicto-_nWyxlrFn-NjSh3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:03:14:42:a8:f0:f3:ae:e3:50:45:38:07:b1:38:67:c3:4c:
         9f:59:84:95:df:2f:87:c1:dc:f8:86:5c:08:ea:b8:04:26:20:
         38:f7:c3:7f:ea:76:5f:24:a7:7a:f5:2f:b5:5f:41:04:20:3b:
         5b:fe:2e:58:4b:2d:31:dc:8a:01:73:3b:76:20:c7:51:ef:90:
         3b:de:75:f6:db:5f:6c:e9:6f:a6:87:38:08:94:c9:2f:75:8a:
         52:ab:e6:8c:c2:d6:e1:75:10:a8:27:56:cf:d4:ff:a0:46:9c:
         08:10:95:00:6a:6d:a2:21:dd:be:f8:11:c2:88:33:ad:94:6d:
         17:25:b9:86:cf:b4:67:33:d8:ee:92:87:3b:d7:a3:c4:89:38:
         23:a4:0d:65:0b:8f:9b:7d:93:11:3e:5e:b0:d6:4c:a5:5c:46:
         d7:b7:1f:f9:12:21:e0:11:60:57:a7:3c:8b:b7:ee:9a:23:de:
         05:c0:3a:4f:a1:e7:56:45:c9:a6:5d:18:80:24:6a:92:42:1d:
         72:67:ee:2b:29:2a:9d:e2:04:b5:57:b7:31:6b:be:de:6b:6f:
         7f:62:5c:c9:06:c4:33:4a:08:20:46:5d:d6:57:28:fe:a1:a8:
         8c:28:53:53:81:2c:4a:d7:a9:1c:8e:3b:b5:66:b4:a2:7d:ab:
         9e:5e:39:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvtbsq7mOwi3CoKApKCaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzkxMzk4NDI4OWNiNjhmYmY5ZDZjYjE5NmIxNjdmOGQ4ZDI4NzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPMpye+dXNi7kilricNp09DCojek
odtHtZQn5SdpGqsBF9KhjYIccpRtlVxRcCh9JVHvpRkkQAJS7tQOKrTA8UzWLAJP
Oys3f2n2jeKWBEJ5ELhw1rZqWDloVnwLTdSK5ACB+Iw3mpkjptweovUNuxQVRU3V
wwAum8jTjDTY3EVogD1a0Dvc41/6B2Fda5n8igjI4LAVmLcc771kBslwW7OYDL7x
4PS/wzCDs8zJWdh2JND2MeBQWoqNBJy4vSwjS+FZjQz6Mdw76bfoNpXp8owcivEp
cL9TYOxNzPECj9hFkCS1B1BuommRhWwPmIdrRHwvO6J2nrGAnZR083a7zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAOROYQonLaPv51ssZaxZ/jY0od7MB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvQTVFNWhDaWN0by1fbld5eGxyRm4tTmpTaDNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSczMA0G
CSqGSIb3DQEBCwUAA4IBAQAVAxRCqPDzruNQRTgHsThnw0yfWYSV3y+Hwdz4hlwI
6rgEJiA498N/6nZfJKd69S+1X0EEIDtb/i5YSy0x3IoBczt2IMdR75A73nX2219s
6W+mhzgIlMkvdYpSq+aMwtbhdRCoJ1bP1P+gRpwIEJUAam2iId2++BHCiDOtlG0X
JbmGz7RnM9jukoc716PEiTgjpA1lC4+bfZMRPl6w1kylXEbXtx/5EiHgEWBXpzyL
t+6aI94FwDpPoedWRcmmXRiAJGqSQh1yZ+4rKSqd4gS1V7cxa77ea29/YlzJBsQz
SgggRl3WVyj+oaiMKFNTgSxK16kcjju1ZrSifaueXjls
-----END CERTIFICATE-----