Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/MwpbrNmCZxcahtFD5VxtsOO3z2Y.roa
File:                     MwpbrNmCZxcahtFD5VxtsOO3z2Y.roa (raw, json)
Hash identifier:          pY0FQ8TsCqcSB4j2AlDyQIr5sMyGXy4iLa7MfNwOebE=
Subject key identifier:   33:0A:5B:AC:D9:82:67:17:1A:86:D1:43:E5:5C:6D:B0:E3:B7:CF:66
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019383FFA771A1FCF53B75128EFFE9F8543A
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/MwpbrNmCZxcahtFD5VxtsOO3z2Y.roa
Signing time:             Sun 01 Dec 2024 20:53:09 +0000
ROA not before:           Sun 01 Dec 2024 20:53:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        5.83.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Dec 2024 00:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:83:ff:a7:71:a1:fc:f5:3b:75:12:8e:ff:e9:f8:54:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Dec  1 20:53:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=330a5bacd98267171a86d143e55c6db0e3b7cf66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:3f:fc:59:a6:b0:01:d6:d6:a2:f4:82:19:17:
                    0e:79:5c:83:55:d5:d1:b9:e0:f3:88:eb:5f:74:73:
                    54:96:9c:fe:08:e8:de:0e:66:42:8a:c1:36:e9:d7:
                    8e:42:15:a5:a9:1b:fa:2c:78:51:32:d5:19:9d:51:
                    55:0c:b9:33:f4:70:cd:cf:2b:9a:cb:52:e2:e1:14:
                    88:17:de:c1:45:de:f7:4e:7c:49:85:73:e5:87:8e:
                    ba:41:8b:16:c0:d2:3e:ce:52:23:03:50:21:66:2a:
                    31:3a:18:ab:fa:a6:64:a6:62:cd:0f:17:cf:48:69:
                    1f:5d:ca:8c:e2:f4:aa:5e:bf:3c:5f:6b:85:38:e3:
                    ea:fa:9f:55:f0:3f:16:71:7c:d8:b0:12:c0:2f:13:
                    c6:5d:c2:0f:f2:cc:7e:1a:45:40:5f:8f:f0:c3:e0:
                    f8:f5:49:22:f2:4d:65:b4:74:e1:96:31:c9:68:ad:
                    16:a4:91:52:a9:c8:b8:c5:43:3d:58:96:dd:b3:c3:
                    e4:fc:f0:1c:33:e2:5d:30:62:34:e2:5e:be:93:84:
                    8b:a2:81:c5:f5:e2:c3:bc:45:d4:dd:6a:21:e6:66:
                    eb:c1:eb:0a:6c:10:91:a5:d3:68:53:a2:3a:83:c3:
                    1c:dd:ee:83:be:03:c4:93:fc:fa:a5:af:17:8f:2d:
                    a6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:0A:5B:AC:D9:82:67:17:1A:86:D1:43:E5:5C:6D:B0:E3:B7:CF:66
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/MwpbrNmCZxcahtFD5VxtsOO3z2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:c6:cd:af:38:c3:5c:2c:d3:c6:23:7f:16:8b:52:9a:89:eb:
         df:d7:2a:3c:cb:51:7c:7c:60:df:12:ac:00:e0:16:eb:ce:aa:
         e4:e1:5f:4f:46:7a:14:4e:cb:2e:4c:50:39:a0:cb:84:06:ac:
         d1:76:f0:a0:f0:d3:80:0f:18:f7:fb:9e:d5:03:69:9c:41:63:
         f8:9a:26:63:12:b6:68:a6:d1:56:4a:c1:9b:15:ff:51:60:b7:
         5f:47:33:3a:da:9c:a1:29:17:7a:5e:67:67:db:37:a1:3a:ec:
         76:bf:a8:9f:6a:90:85:ce:3a:ad:3a:8c:36:cb:4c:2e:41:51:
         b0:f0:dd:c1:2f:57:99:54:c8:d2:69:16:2a:84:23:15:f4:01:
         67:13:fa:01:7f:72:af:38:d1:93:cc:2f:f5:cc:fe:b0:5e:57:
         00:43:0c:6f:9e:4d:4e:7e:10:89:90:8b:89:14:30:48:4c:5f:
         10:ba:cb:4c:e1:81:ae:ab:cc:b1:e8:7d:0e:0c:99:75:40:5b:
         e7:94:0a:d9:ff:75:9a:81:e7:19:8b:fe:4a:da:ac:fc:6e:bb:
         09:4a:ea:27:b5:1b:09:ed:ff:52:2c:9d:de:4f:5e:db:c3:09:
         66:31:b6:e8:23:6a:27:3c:75:23:52:19:46:2c:95:58:75:dc:
         7e:c0:bb:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZOD/6dxofz1O3USjv/p+FQ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMjAxMjA1MzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzBhNWJhY2Q5ODI2NzE3MWE4NmQxNDNlNTVjNmRiMGUzYjdjZjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9D/8WaawAdbWovSCGRcOeVyDVdXR
ueDziOtfdHNUlpz+COjeDmZCisE26deOQhWlqRv6LHhRMtUZnVFVDLkz9HDNzyua
y1Li4RSIF97BRd73TnxJhXPlh466QYsWwNI+zlIjA1AhZioxOhir+qZkpmLNDxfP
SGkfXcqM4vSqXr88X2uFOOPq+p9V8D8WcXzYsBLALxPGXcIP8sx+GkVAX4/ww+D4
9Uki8k1ltHThljHJaK0WpJFSqci4xUM9WJbds8Pk/PAcM+JdMGI04l6+k4SLooHF
9eLDvEXU3Woh5mbrwesKbBCRpdNoU6I6g8Mc3e6DvgPEk/z6pa8Xjy2mkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMKW6zZgmcXGobRQ+VcbbDjt89mMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvTXdwYnJObUNaeGNhaHRGRDVWeHRzT08zejJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABVOZMA0G
CSqGSIb3DQEBCwUAA4IBAQBIxs2vOMNcLNPGI38Wi1Kaievf1yo8y1F8fGDfEqwA
4Bbrzqrk4V9PRnoUTssuTFA5oMuEBqzRdvCg8NOADxj3+57VA2mcQWP4miZjErZo
ptFWSsGbFf9RYLdfRzM62pyhKRd6Xmdn2zehOux2v6ifapCFzjqtOow2y0wuQVGw
8N3BL1eZVMjSaRYqhCMV9AFnE/oBf3KvONGTzC/1zP6wXlcAQwxvnk1OfhCJkIuJ
FDBITF8QustM4YGuq8yx6H0ODJl1QFvnlArZ/3WagecZi/5K2qz8brsJSuontRsJ
7f9SLJ3eT17bwwlmMbboI2onPHUjUhlGLJVYddx+wLvV
-----END CERTIFICATE-----