Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/lSJMiEw4ecFnYYMaeVjeLoc0Ht4.roa
File:                     lSJMiEw4ecFnYYMaeVjeLoc0Ht4.roa (raw, json)
Hash identifier:          pjE4+K0Z2hvPLs3oH1mYifGad7bZIUBQL5EQwkmVuaE=
Subject key identifier:   95:22:4C:88:4C:38:79:C1:67:61:83:1A:79:58:DE:2E:87:34:1E:DE
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019198DF64F6A64D69A40F5665EBA13E564A
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/lSJMiEw4ecFnYYMaeVjeLoc0Ht4.roa
Signing time:             Wed 28 Aug 2024 12:04:22 +0000
ROA not before:           Wed 28 Aug 2024 12:04:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214320
IP address blocks:        5.83.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:98:df:64:f6:a6:4d:69:a4:0f:56:65:eb:a1:3e:56:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Aug 28 12:04:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95224c884c3879c16761831a7958de2e87341ede
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9d:f2:aa:ab:e8:21:3a:28:69:2a:52:91:93:
                    50:ae:0d:53:c7:f7:7e:23:91:0d:ba:d1:f2:6f:b1:
                    e4:c8:00:a1:eb:d8:ce:78:13:da:a8:54:e4:f8:66:
                    60:bd:e7:52:d8:0d:4e:fe:00:42:8d:2f:1d:b3:5d:
                    31:25:b5:5f:7f:ac:f2:a8:37:60:d5:e9:57:be:65:
                    ba:38:91:50:cf:ab:fc:e9:e0:2f:c3:8f:4b:83:d1:
                    17:09:ae:8d:78:29:6e:50:2b:36:69:cc:eb:d4:9b:
                    c1:44:08:0c:68:b0:1d:b7:4b:c5:68:ac:0f:1e:1f:
                    d6:23:13:86:0b:b0:56:d5:16:8f:4b:f9:c9:72:06:
                    ce:62:ca:97:98:3c:9a:a9:84:83:6c:fb:ee:e9:4c:
                    4d:30:ef:0d:2a:fb:24:50:6f:3b:37:83:0e:88:84:
                    fe:0f:32:38:bb:2a:9e:7c:41:7a:bd:33:63:6b:48:
                    bd:bf:d1:12:19:13:51:c6:78:57:8b:ab:70:dd:36:
                    ec:e3:7a:5a:b0:e9:b9:30:69:9a:81:bc:3d:78:7a:
                    88:c2:74:ce:c0:8c:bb:c5:97:11:b0:6d:48:87:c7:
                    9e:e1:23:af:d0:ae:dc:03:2c:39:24:da:a6:ca:9e:
                    52:a2:f8:60:e3:ec:7c:fc:20:1a:29:ad:85:42:51:
                    1c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:22:4C:88:4C:38:79:C1:67:61:83:1A:79:58:DE:2E:87:34:1E:DE
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/lSJMiEw4ecFnYYMaeVjeLoc0Ht4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.83.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:a7:e2:01:81:73:0d:ff:59:d7:c1:4c:70:e7:9c:d5:a1:17:
         3b:80:80:d2:50:f3:62:9d:da:ba:c5:be:70:b0:fb:22:1c:6e:
         bf:50:41:83:7a:a2:89:1b:c1:12:b8:31:23:5f:cb:06:6a:fa:
         26:0e:e4:e6:f7:64:10:d8:3b:91:8a:cd:71:36:13:f1:8a:6a:
         06:f9:56:25:43:a6:23:e9:d0:9a:97:b1:ca:b4:fe:6d:6b:cf:
         ac:4b:02:d7:2e:11:b7:ad:d4:98:11:e5:d2:f7:19:b7:d5:71:
         b0:f8:b9:d3:76:06:8d:52:d0:59:e2:4d:7b:2d:4c:f7:06:33:
         4e:b0:ec:ba:05:3e:45:43:90:e1:4d:96:b8:ba:e7:10:1d:73:
         ec:13:f3:b1:f2:89:c2:95:78:90:38:1c:ea:bc:14:d5:ca:70:
         91:4c:aa:2a:c7:24:2f:e5:8d:a7:d0:5a:b4:50:97:97:b8:e2:
         cf:bd:95:b8:2d:0f:c7:d2:ff:7f:b4:0a:26:60:3b:a2:98:62:
         dd:99:3e:be:72:3d:47:05:59:41:fc:d1:d9:d8:46:d8:ed:43:
         a0:b9:0a:1c:07:f6:54:2f:8a:0b:87:71:96:83:b6:ce:a9:b4:
         de:9f:52:68:cc:8b:b7:fc:69:22:3c:ce:f8:4f:aa:fc:2a:a1:
         46:12:cd:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGY32T2pk1ppA9WZeuhPlZKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwODI4MTIwNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTIyNGM4ODRjMzg3OWMxNjc2MTgzMWE3OTU4ZGUyZTg3MzQxZWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn53yqqvoITooaSpSkZNQrg1Tx/d+
I5ENutHyb7HkyACh69jOeBPaqFTk+GZgvedS2A1O/gBCjS8ds10xJbVff6zyqDdg
1elXvmW6OJFQz6v86eAvw49Lg9EXCa6NeCluUCs2aczr1JvBRAgMaLAdt0vFaKwP
Hh/WIxOGC7BW1RaPS/nJcgbOYsqXmDyaqYSDbPvu6UxNMO8NKvskUG87N4MOiIT+
DzI4uyqefEF6vTNja0i9v9ESGRNRxnhXi6tw3Tbs43pasOm5MGmagbw9eHqIwnTO
wIy7xZcRsG1Ih8ee4SOv0K7cAyw5JNqmyp5Sovhg4+x8/CAaKa2FQlEcnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUiTIhMOHnBZ2GDGnlY3i6HNB7eMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvbFNKTWlFdzRlY0ZuWVlNYWVWamVMb2MwSHQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABVOMMA0G
CSqGSIb3DQEBCwUAA4IBAQCOp+IBgXMN/1nXwUxw55zVoRc7gIDSUPNindq6xb5w
sPsiHG6/UEGDeqKJG8ESuDEjX8sGavomDuTm92QQ2DuRis1xNhPximoG+VYlQ6Yj
6dCal7HKtP5ta8+sSwLXLhG3rdSYEeXS9xm31XGw+LnTdgaNUtBZ4k17LUz3BjNO
sOy6BT5FQ5DhTZa4uucQHXPsE/Ox8onClXiQOBzqvBTVynCRTKoqxyQv5Y2n0Fq0
UJeXuOLPvZW4LQ/H0v9/tAomYDuimGLdmT6+cj1HBVlB/NHZ2EbY7UOguQocB/ZU
L4oLh3GWg7bOqbTen1JozIu3/GkiPM74T6r8KqFGEs1w
-----END CERTIFICATE-----