Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/wIbgYNEkVAHq74zRGlT2mIsvV-w.roa
File:                     wIbgYNEkVAHq74zRGlT2mIsvV-w.roa (raw, json)
Hash identifier:          setRAOtmggt9Fs+szJAy0V9zfmjsOksexjlpRLskMIw=
Subject key identifier:   C0:86:E0:60:D1:24:54:01:EA:EF:8C:D1:1A:54:F6:98:8B:2F:57:EC
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01916755B1EDCEC0ADF73DCF4CF61718C306
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/wIbgYNEkVAHq74zRGlT2mIsvV-w.roa
Signing time:             Sun 18 Aug 2024 21:12:34 +0000
ROA not before:           Sun 18 Aug 2024 21:12:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209193
IP address blocks:        5.175.144.0/20 maxlen: 32
                          5.175.160.0/19 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:67:55:b1:ed:ce:c0:ad:f7:3d:cf:4c:f6:17:18:c3:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Aug 18 21:12:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c086e060d1245401eaef8cd11a54f6988b2f57ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f5:70:61:f1:1b:68:76:c7:d3:34:66:eb:b3:
                    69:1a:07:32:13:16:2e:75:31:82:58:40:ea:f6:a4:
                    e4:bd:86:5b:3e:11:d3:92:b0:d1:ea:35:dd:31:3e:
                    f9:85:82:d0:b0:0f:49:91:bc:27:41:6f:5c:0b:37:
                    30:dc:1e:9a:98:03:15:c0:a3:48:f8:7a:b8:05:3e:
                    dd:29:10:01:82:f8:01:ee:8f:f0:9b:8f:90:3a:dd:
                    dc:68:4d:89:7a:09:f6:23:ad:ba:28:6c:d2:48:d1:
                    00:f3:0f:d5:eb:b8:89:ef:4f:75:0f:16:49:4f:00:
                    cd:0a:94:54:0e:ef:92:ec:06:71:7c:ef:e7:09:75:
                    00:5d:eb:2f:8c:68:0a:f4:0e:1e:22:98:1f:1e:df:
                    10:00:c6:3b:8b:a5:45:46:58:05:20:ef:60:2d:d5:
                    03:10:f0:c9:e8:20:89:54:e3:1f:13:17:96:6f:5d:
                    41:2e:92:78:8b:80:89:4a:bc:c1:29:67:18:3f:cc:
                    b9:94:d7:19:aa:66:4a:5d:e8:d8:58:cd:cb:83:5e:
                    6a:6b:87:77:cd:2d:8a:a7:f6:6a:84:f3:61:51:ce:
                    61:20:4a:6c:50:70:2d:fb:ab:51:a5:3f:11:a1:46:
                    08:99:25:0f:92:69:42:de:9d:95:07:4c:51:07:c0:
                    fa:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:86:E0:60:D1:24:54:01:EA:EF:8C:D1:1A:54:F6:98:8B:2F:57:EC
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/wIbgYNEkVAHq74zRGlT2mIsvV-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.144.0-5.175.191.255

    Signature Algorithm: sha256WithRSAEncryption
         0f:42:b3:54:61:9b:33:92:d3:e5:36:e0:a6:0a:b8:fc:a0:3f:
         9f:e3:0b:98:c1:ca:88:56:d8:f3:3b:1f:33:3a:f1:2a:b0:3f:
         bf:d1:d0:4c:6a:14:56:d2:b8:f5:dc:b9:5f:3c:86:5a:87:a8:
         fd:12:f2:1c:8d:0a:fd:73:af:0e:0c:11:20:4e:38:f8:cb:42:
         9a:0f:f4:be:1d:fb:53:a4:0f:fc:59:01:69:4d:74:36:48:1b:
         4b:98:c6:80:3f:dd:3c:78:11:45:ba:ad:cb:72:a6:84:de:4e:
         c3:32:59:67:74:af:c1:16:b1:78:5b:50:52:38:b6:c1:3b:c4:
         bd:eb:da:10:24:51:5a:aa:7a:64:8f:e2:83:e0:2e:c9:6c:9f:
         fa:6b:40:13:59:e7:9d:b5:c8:69:41:3c:c5:ed:97:7b:d5:7a:
         2a:cc:11:a1:ad:03:b9:a1:41:88:fa:41:55:f9:42:95:fb:43:
         60:6d:bd:5f:61:dc:df:97:96:42:0d:df:9f:cb:10:c9:71:ff:
         52:dd:67:b8:8a:7a:2d:87:d1:36:1e:7d:43:70:f1:3a:e6:86:
         c8:e4:c2:f7:8a:5e:b0:88:1e:17:f5:7a:61:a2:29:db:ad:1a:
         b8:25:82:37:2f:58:6b:dd:e7:a3:3c:7f:81:e2:da:92:72:f3:
         ec:2d:4e:61
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZFnVbHtzsCt9z3PTPYXGMMGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQwODE4MjExMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDg2ZTA2MGQxMjQ1NDAxZWFlZjhjZDExYTU0ZjY5ODhiMmY1N2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/VwYfEbaHbH0zRm67NpGgcyExYu
dTGCWEDq9qTkvYZbPhHTkrDR6jXdMT75hYLQsA9JkbwnQW9cCzcw3B6amAMVwKNI
+Hq4BT7dKRABgvgB7o/wm4+QOt3caE2Jegn2I626KGzSSNEA8w/V67iJ7091DxZJ
TwDNCpRUDu+S7AZxfO/nCXUAXesvjGgK9A4eIpgfHt8QAMY7i6VFRlgFIO9gLdUD
EPDJ6CCJVOMfExeWb11BLpJ4i4CJSrzBKWcYP8y5lNcZqmZKXejYWM3Lg15qa4d3
zS2Kp/ZqhPNhUc5hIEpsUHAt+6tRpT8RoUYImSUPkmlC3p2VB0xRB8D6lwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMCG4GDRJFQB6u+M0RpU9piLL1fsMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvd0liZ1lORWtWQUhxNzR6UkdsVDJtSXN2Vi13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAQFr5AD
BAYFr4AwDQYJKoZIhvcNAQELBQADggEBAA9Cs1RhmzOS0+U24KYKuPygP5/jC5jB
yohW2PM7HzM68SqwP7/R0ExqFFbSuPXcuV88hlqHqP0S8hyNCv1zrw4MESBOOPjL
QpoP9L4d+1OkD/xZAWlNdDZIG0uYxoA/3Tx4EUW6rctypoTeTsMyWWd0r8EWsXhb
UFI4tsE7xL3r2hAkUVqqemSP4oPgLslsn/prQBNZ5521yGlBPMXtl3vVeirMEaGt
A7mhQYj6QVX5QpX7Q2BtvV9h3N+XlkIN35/LEMlx/1LdZ7iKei2H0TYefUNw8Trm
hsjkwveKXrCIHhf1emGiKdutGrglgjcvWGvd56M8f4Hi2pJy8+wtTmE=
-----END CERTIFICATE-----