Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/5Lue1BBrhP-uljYRCo0sqjb0oDs.roa
File:                     5Lue1BBrhP-uljYRCo0sqjb0oDs.roa (raw, json)
Hash identifier:          MZSjcbifjet8Hnypu0zjI5hL3Rcq4h0448vdIPNV+Mo=
Subject key identifier:   E4:BB:9E:D4:10:6B:84:FF:AE:96:36:11:0A:8D:2C:AA:36:F4:A0:3B
Certificate issuer:       /CN=d5b6a5ca37ead31fd2a350b0b412d77d95320928
Certificate serial:       018EA87F978CFF768A22C8E3F417165BCB97
Authority key identifier: D5:B6:A5:CA:37:EA:D3:1F:D2:A3:50:B0:B4:12:D7:7D:95:32:09:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1balyjfq0x_So1CwtBLXfZUyCSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/5Lue1BBrhP-uljYRCo0sqjb0oDs.roa
Signing time:             Thu 04 Apr 2024 09:45:17 +0000
ROA not before:           Thu 04 Apr 2024 09:45:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5405
IP address blocks:        94.103.180.0/24 maxlen: 24
                          2a11:4140::/29 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/1balyjfq0x_So1CwtBLXfZUyCSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/1balyjfq0x_So1CwtBLXfZUyCSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1balyjfq0x_So1CwtBLXfZUyCSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a8:7f:97:8c:ff:76:8a:22:c8:e3:f4:17:16:5b:cb:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5b6a5ca37ead31fd2a350b0b412d77d95320928
        Validity
            Not Before: Apr  4 09:45:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4bb9ed4106b84ffae9636110a8d2caa36f4a03b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a4:39:73:3e:96:e2:54:e1:77:fd:19:c5:81:
                    6c:cb:3a:d8:8e:13:45:16:99:54:d2:85:64:e3:9e:
                    da:02:39:37:7e:b9:cb:e4:fc:64:ab:c1:b0:7c:fe:
                    a1:f9:a7:56:74:a6:60:14:c3:5b:6d:30:f6:38:2f:
                    ab:d1:e9:22:cd:b0:25:60:d5:a5:46:ef:2a:37:47:
                    61:48:8c:f0:7e:56:04:d4:5c:3a:c3:fa:73:85:85:
                    4d:f0:06:e6:2e:b3:38:ad:85:03:19:c7:d1:81:e4:
                    75:cb:ab:fb:cf:27:a5:78:b9:54:e1:63:0f:a6:c8:
                    98:78:7e:df:29:a4:f9:60:1c:da:bc:b5:3c:60:ea:
                    68:39:48:da:b3:1e:11:cd:cc:33:c0:e6:28:1e:6e:
                    52:ce:fb:32:2a:fc:fd:f1:f8:8d:40:b8:f8:ff:40:
                    21:8a:90:69:27:ea:2d:e7:6e:29:50:14:df:1e:6f:
                    57:e9:71:69:79:91:ff:10:6e:88:2a:3b:c1:fe:0d:
                    91:2f:9c:0c:0d:5d:49:40:92:59:ba:a1:e8:7c:4f:
                    47:d3:09:d0:d6:46:21:bf:2f:0c:8e:32:f6:2b:32:
                    f0:ba:09:d7:45:00:49:cf:5b:bc:5e:9b:6f:37:91:
                    59:14:da:8d:d1:47:f4:7b:f9:fb:c1:fb:d7:0e:8e:
                    e3:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:BB:9E:D4:10:6B:84:FF:AE:96:36:11:0A:8D:2C:AA:36:F4:A0:3B
            X509v3 Authority Key Identifier:
                keyid:D5:B6:A5:CA:37:EA:D3:1F:D2:A3:50:B0:B4:12:D7:7D:95:32:09:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1balyjfq0x_So1CwtBLXfZUyCSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/5Lue1BBrhP-uljYRCo0sqjb0oDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/3fa93f-a34f-41cf-8875-d4e882083e4f/1/1balyjfq0x_So1CwtBLXfZUyCSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.180.0/24
                IPv6:
                  2a11:4140::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:7f:56:19:fc:cb:7c:85:bc:79:c6:f3:d1:7c:f2:e9:26:32:
         ef:fa:45:b9:a2:b2:bd:6a:02:de:bd:7d:fc:4e:1a:51:82:77:
         22:3f:f3:d6:bd:33:5c:a6:5a:52:78:90:86:3e:18:23:b5:c6:
         e0:60:b8:bc:d3:83:1b:1c:da:f7:79:46:6d:ca:16:f7:65:54:
         b6:be:20:74:94:c3:49:58:3d:06:22:d3:b1:9a:02:3c:27:f2:
         ae:77:ca:1e:5c:bc:b7:03:65:b7:73:0f:73:fc:c8:e1:44:7b:
         4f:d4:6e:03:66:af:92:ea:f2:45:14:c8:db:cd:68:0d:ec:f1:
         88:1c:aa:2b:a5:64:c0:e2:b8:eb:06:a6:46:f5:9a:b7:5f:d5:
         c9:bb:4d:0d:77:c6:e7:78:5c:15:41:04:57:2e:e9:f0:4c:15:
         c4:37:68:ad:91:ed:6d:8e:29:2a:9b:9b:e4:53:54:a4:a1:da:
         9f:61:aa:6e:78:00:5d:42:5c:10:67:34:4d:a5:30:aa:33:2e:
         13:b0:96:d0:7f:8e:d9:0f:d9:55:1c:94:1d:6a:c9:b3:0a:22:
         05:c2:35:58:30:96:c2:bb:d8:cd:aa:c8:0c:2e:b0:4d:77:b3:
         05:cc:8c:01:10:df:20:07:c7:93:d2:84:13:20:94:82:83:fa:
         ae:af:83:d8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY6of5eM/3aKIsjj9BcWW8uXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YjZhNWNhMzdlYWQzMWZkMmEzNTBiMGI0MTJkNzdkOTUz
MjA5MjgwHhcNMjQwNDA0MDk0NTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGJiOWVkNDEwNmI4NGZmYWU5NjM2MTEwYThkMmNhYTM2ZjRhMDNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoaQ5cz6W4lThd/0ZxYFsyzrYjhNF
FplU0oVk457aAjk3frnL5Pxkq8GwfP6h+adWdKZgFMNbbTD2OC+r0ekizbAlYNWl
Ru8qN0dhSIzwflYE1Fw6w/pzhYVN8AbmLrM4rYUDGcfRgeR1y6v7zyeleLlU4WMP
psiYeH7fKaT5YBzavLU8YOpoOUjasx4RzcwzwOYoHm5SzvsyKvz98fiNQLj4/0Ah
ipBpJ+ot524pUBTfHm9X6XFpeZH/EG6IKjvB/g2RL5wMDV1JQJJZuqHofE9H0wnQ
1kYhvy8MjjL2KzLwugnXRQBJz1u8XptvN5FZFNqN0Uf0e/n7wfvXDo7jbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOS7ntQQa4T/rpY2EQqNLKo29KA7MB8GA1UdIwQY
MBaAFNW2pco36tMf0qNQsLQS132VMgkoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWJhbHlqZnEweF9TbzFDd3RCTFhmWlV5Q1NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8zZmE5M2YtYTM0Zi00MWNmLTg4NzUt
ZDRlODgyMDgzZTRmLzEvNUx1ZTFCQnJoUC11bGpZUkNvMHNxamIwb0RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8zZmE5M2YtYTM0Zi00MWNmLTg4NzUtZDRlODgyMDgzZTRm
LzEvMWJhbHlqZnEweF9TbzFDd3RCTFhmWlV5Q1NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXme0MA0E
AgACMAcDBQMqEUFAMA0GCSqGSIb3DQEBCwUAA4IBAQCGf1YZ/Mt8hbx5xvPRfPLp
JjLv+kW5orK9agLevX38ThpRgnciP/PWvTNcplpSeJCGPhgjtcbgYLi804MbHNr3
eUZtyhb3ZVS2viB0lMNJWD0GItOxmgI8J/Kud8oeXLy3A2W3cw9z/MjhRHtP1G4D
Zq+S6vJFFMjbzWgN7PGIHKorpWTA4rjrBqZG9Zq3X9XJu00Nd8bneFwVQQRXLunw
TBXEN2itke1tjikqm5vkU1SkodqfYapueABdQlwQZzRNpTCqMy4TsJbQf47ZD9lV
HJQdasmzCiIFwjVYMJbCu9jNqsgMLrBNd7MFzIwBEN8gB8eT0oQTIJSCg/qur4PY
-----END CERTIFICATE-----