Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1-rqMAdmCw5mxyPa0f0FHGYaMumY.roa
File:                     1-rqMAdmCw5mxyPa0f0FHGYaMumY.roa (raw, json)
Hash identifier:          Revlf7YX91I9oG+3LrJaI8kuXAHFcuqNJbbrxGOzlpY=
Subject key identifier:   FA:BA:8C:01:D9:82:C3:99:B1:C8:F6:B4:7F:41:47:19:86:8C:BA:66
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0192F5973B8378770DA21196CEE98722D9F1
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1-rqMAdmCw5mxyPa0f0FHGYaMumY.roa
Signing time:             Mon 04 Nov 2024 05:13:01 +0000
ROA not before:           Mon 04 Nov 2024 05:13:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57433
IP address blocks:        5.83.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f5:97:3b:83:78:77:0d:a2:11:96:ce:e9:87:22:d9:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov  4 05:13:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faba8c01d982c399b1c8f6b47f414719868cba66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:3b:25:25:dd:64:fd:4f:5e:b6:da:66:3e:ee:
                    81:5c:9e:ae:f9:3e:26:3d:92:b9:78:a6:de:8e:9c:
                    d1:01:12:4f:1e:29:cd:d9:03:51:68:22:c8:9f:cb:
                    e4:04:00:14:a9:e2:0c:f1:ab:f3:e4:da:92:46:c4:
                    3e:07:a0:53:bc:88:ee:33:47:5b:03:78:97:42:1d:
                    e5:db:bb:d4:a1:8b:79:f9:42:d9:e0:14:72:08:82:
                    2c:07:a8:15:58:f0:52:e5:b6:21:4e:32:f6:d9:b3:
                    4f:53:1f:16:f3:dc:34:1c:ad:3d:64:66:2b:23:94:
                    3b:a0:68:5c:ef:e6:5a:d5:ec:d0:72:66:25:b9:de:
                    88:33:5c:48:35:b5:ba:bc:65:63:d6:7e:6f:33:6a:
                    6c:7f:0e:b4:f2:83:51:56:92:ee:da:08:12:f7:aa:
                    4a:3a:5a:99:8d:53:ac:3b:57:4a:8e:b9:be:4e:21:
                    d6:8f:b4:30:b0:20:45:40:8e:2c:01:6d:ea:be:50:
                    e9:26:2a:99:86:1b:86:bf:68:0a:40:70:28:e8:a8:
                    af:97:86:79:b0:6d:d3:05:fa:12:ce:41:78:f9:8f:
                    9d:35:9d:7e:3a:5d:fb:7e:b0:a0:9b:68:3e:66:12:
                    5a:f5:81:dc:e1:9e:a5:66:a9:e2:2f:78:76:88:6f:
                    36:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:BA:8C:01:D9:82:C3:99:B1:C8:F6:B4:7F:41:47:19:86:8C:BA:66
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/1-rqMAdmCw5mxyPa0f0FHGYaMumY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:09:05:66:b4:8f:40:e0:26:74:0f:80:c3:42:2d:b5:45:1a:
         1f:4f:4f:53:07:bc:80:af:b9:a9:2d:60:a5:1b:4e:da:02:cd:
         a8:70:c9:92:8b:cb:fa:5f:3e:b5:9e:3a:6b:49:ae:11:c8:96:
         08:b1:e6:f3:9f:7f:44:9b:8d:cf:94:9b:f7:ab:0e:d3:2f:42:
         a6:1b:6a:fd:28:cd:43:8a:75:57:9d:e5:d5:ed:34:b9:f9:be:
         e4:1f:bc:0b:7c:0f:cb:7b:c8:70:1f:d1:f9:cb:23:9f:85:3d:
         ab:df:08:68:a8:30:d8:f8:d5:e7:20:0e:fd:6f:c3:74:d8:ce:
         7b:9c:c1:8f:ca:33:30:42:ad:ed:52:e8:ad:23:c6:8e:bb:27:
         05:79:3a:40:5e:c1:dc:6c:a7:02:82:ab:af:51:75:1f:f3:a7:
         74:df:17:b7:64:a7:ab:93:8d:c9:34:6c:83:93:01:9a:50:cc:
         c3:bd:9d:a7:cd:e8:83:0d:e3:95:62:4f:90:ea:c9:d8:1b:c1:
         e6:72:50:71:01:4b:60:fb:ac:84:33:f5:68:97:f0:f4:f6:17:
         d4:ad:27:38:b5:61:5b:76:60:2e:24:33:6b:61:43:17:f0:40:
         a7:92:75:fe:35:29:41:4a:56:2d:18:22:3e:b5:3c:1a:28:72:
         95:a3:f0:69
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZL1lzuDeHcNohGWzumHItnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMTA0MDUxMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWJhOGMwMWQ5ODJjMzk5YjFjOGY2YjQ3ZjQxNDcxOTg2OGNiYTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6DslJd1k/U9ettpmPu6BXJ6u+T4m
PZK5eKbejpzRARJPHinN2QNRaCLIn8vkBAAUqeIM8avz5NqSRsQ+B6BTvIjuM0db
A3iXQh3l27vUoYt5+ULZ4BRyCIIsB6gVWPBS5bYhTjL22bNPUx8W89w0HK09ZGYr
I5Q7oGhc7+Za1ezQcmYlud6IM1xINbW6vGVj1n5vM2psfw608oNRVpLu2ggS96pK
OlqZjVOsO1dKjrm+TiHWj7QwsCBFQI4sAW3qvlDpJiqZhhuGv2gKQHAo6Kivl4Z5
sG3TBfoSzkF4+Y+dNZ1+Ol37frCgm2g+ZhJa9YHc4Z6lZqniL3h2iG82VQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPq6jAHZgsOZscj2tH9BRxmGjLpmMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvMS1ycU1BZG1DdzVteHlQYTBmMEZIR1lhTXVtWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTAvOTY1ODM3LTUyY2ItNDZiNC1hZWRiLWUxYmQ4OGQzZmQw
Ny8xL1BtQ1hhWWFHNFZWZlVmYklnN3hhV0ZTYkkySS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAVTnTAN
BgkqhkiG9w0BAQsFAAOCAQEAxAkFZrSPQOAmdA+Aw0IttUUaH09PUwe8gK+5qS1g
pRtO2gLNqHDJkovL+l8+tZ46a0muEciWCLHm859/RJuNz5Sb96sO0y9Cphtq/SjN
Q4p1V53l1e00ufm+5B+8C3wPy3vIcB/R+csjn4U9q98IaKgw2PjV5yAO/W/DdNjO
e5zBj8ozMEKt7VLorSPGjrsnBXk6QF7B3GynAoKrr1F1H/OndN8Xt2Snq5ONyTRs
g5MBmlDMw72dp83ogw3jlWJPkOrJ2BvB5nJQcQFLYPushDP1aJfw9PYX1K0nOLVh
W3ZgLiQza2FDF/BAp5J1/jUpQUpWLRgiPrU8GihylaPwaQ==
-----END CERTIFICATE-----