Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/5aqU-TMryP4KwXsmqp4FjELnYzM.roa
File:                     5aqU-TMryP4KwXsmqp4FjELnYzM.roa (raw, json)
Hash identifier:          WUG9f/2C+uHXW/MC65cXKSaN7elosXXABYjB6Pi8Vjw=
Subject key identifier:   E5:AA:94:F9:33:2B:C8:FE:0A:C1:7B:26:AA:9E:05:8C:42:E7:63:33
Certificate issuer:       /CN=9e55320077696944b1613c2e8c9c606a1e06eb79
Certificate serial:       018CC7272300CAF7367694EFB06D31D4B066
Authority key identifier: 9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/5aqU-TMryP4KwXsmqp4FjELnYzM.roa
Signing time:             Mon 01 Jan 2024 22:31:19 +0000
ROA not before:           Mon 01 Jan 2024 22:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51814
IP address blocks:        185.107.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/nlUyAHdpaUSxYTwujJxgah4G63k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/nlUyAHdpaUSxYTwujJxgah4G63k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:23:00:ca:f7:36:76:94:ef:b0:6d:31:d4:b0:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e55320077696944b1613c2e8c9c606a1e06eb79
        Validity
            Not Before: Jan  1 22:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5aa94f9332bc8fe0ac17b26aa9e058c42e76333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b4:bc:af:32:26:e8:5c:43:20:26:28:1f:31:
                    75:12:4a:fe:27:e3:8c:92:19:d3:2f:00:32:e1:c5:
                    9d:4b:12:3e:b6:b1:e7:1d:c7:da:c7:b4:64:b0:7b:
                    05:84:4f:57:2a:2a:48:28:08:65:1c:d9:c0:31:80:
                    fc:7d:b9:ec:7a:ae:4f:37:fd:36:7d:b2:fe:d3:7e:
                    bd:30:ab:dd:e9:1a:bf:e6:81:f0:29:55:4e:62:2d:
                    a4:53:85:22:ff:ff:81:aa:43:ed:d2:b9:fc:17:2b:
                    69:46:db:cf:98:b7:de:06:71:7c:37:c4:da:ae:b4:
                    50:0f:d5:93:ad:2a:ec:cd:af:88:9a:26:14:30:2b:
                    bb:da:2d:6c:1b:b4:77:34:21:dd:28:d7:70:ad:0c:
                    4b:d9:90:34:8c:80:36:fd:d9:f8:f1:e5:6a:ab:15:
                    fe:cf:de:0d:1d:7e:cf:e3:ca:63:b9:d0:66:2f:47:
                    91:75:da:3f:3f:1a:46:ff:34:f4:fd:60:d3:d2:03:
                    a0:38:28:2e:b4:19:7d:17:5e:80:b7:a2:f2:fa:fe:
                    1a:8e:ed:42:ea:03:cd:b6:13:14:b2:f0:d9:c7:a8:
                    04:1d:d8:2c:cd:99:4e:82:08:17:e4:c8:88:4f:b4:
                    f3:7a:7e:01:8a:b0:d5:7b:59:a1:e6:8e:a1:48:1c:
                    e1:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:AA:94:F9:33:2B:C8:FE:0A:C1:7B:26:AA:9E:05:8C:42:E7:63:33
            X509v3 Authority Key Identifier:
                keyid:9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/5aqU-TMryP4KwXsmqp4FjELnYzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/nlUyAHdpaUSxYTwujJxgah4G63k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:c0:48:22:8f:56:bb:21:ef:e3:c8:24:da:ec:ab:97:bf:bf:
         55:78:92:a1:83:dd:cf:28:88:c1:cb:90:c8:f0:d8:fb:36:f2:
         5f:31:d0:65:3b:70:ae:7e:84:10:b3:a4:b3:27:5e:96:07:20:
         0e:03:6e:7d:0a:a7:4f:7a:12:12:66:d9:d0:cc:82:f0:6e:ec:
         63:bb:c1:f1:41:83:24:e1:32:95:ee:e4:5a:aa:d0:25:36:6a:
         38:85:eb:0d:cc:00:3c:63:ec:87:74:b1:b7:1e:29:90:be:63:
         d2:7e:57:a7:d7:84:5b:63:c8:15:05:d6:34:85:91:89:0a:e1:
         19:ee:06:1f:16:07:ab:67:e7:0a:61:c0:91:01:76:e1:8a:45:
         0d:4b:34:54:85:94:f0:c3:c8:5f:c5:8b:6b:3b:40:24:8b:2b:
         d6:c4:a2:35:1b:ef:36:c8:d1:27:9e:a4:e5:3b:a9:db:32:a6:
         b2:eb:c1:de:c4:82:28:4a:b3:b6:7b:b9:5e:68:30:f0:6a:33:
         16:b5:11:da:6e:00:7a:f3:74:39:72:a3:22:24:c9:63:10:fe:
         1d:5e:c3:5d:62:35:03:63:9c:6a:28:4d:44:7c:52:70:fe:db:
         1e:45:44:67:6f:4b:a3:fe:b6:87:4b:96:b3:ad:4a:64:d2:33:
         08:63:91:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJyMAyvc2dpTvsG0x1LBmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNTUzMjAwNzc2OTY5NDRiMTYxM2MyZThjOWM2MDZhMWUw
NmViNzkwHhcNMjQwMTAxMjIzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWFhOTRmOTMzMmJjOGZlMGFjMTdiMjZhYTllMDU4YzQyZTc2MzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLS8rzIm6FxDICYoHzF1Ekr+J+OM
khnTLwAy4cWdSxI+trHnHcfax7RksHsFhE9XKipIKAhlHNnAMYD8fbnseq5PN/02
fbL+0369MKvd6Rq/5oHwKVVOYi2kU4Ui//+BqkPt0rn8FytpRtvPmLfeBnF8N8Ta
rrRQD9WTrSrsza+ImiYUMCu72i1sG7R3NCHdKNdwrQxL2ZA0jIA2/dn48eVqqxX+
z94NHX7P48pjudBmL0eRddo/PxpG/zT0/WDT0gOgOCgutBl9F16At6Ly+v4aju1C
6gPNthMUsvDZx6gEHdgszZlOgggX5MiIT7Tzen4BirDVe1mh5o6hSBzhMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWqlPkzK8j+CsF7JqqeBYxC52MzMB8GA1UdIwQY
MBaAFJ5VMgB3aWlEsWE8LoycYGoeBut5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYt
MWUwZThiOTA5ZTM0LzEvNWFxVS1UTXJ5UDRLd1hzbXFwNEZqRUxuWXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYtMWUwZThiOTA5ZTM0
LzEvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWuFMA0G
CSqGSIb3DQEBCwUAA4IBAQA4wEgij1a7Ie/jyCTa7KuXv79VeJKhg93PKIjBy5DI
8Nj7NvJfMdBlO3CufoQQs6SzJ16WByAOA259CqdPehISZtnQzILwbuxju8HxQYMk
4TKV7uRaqtAlNmo4hesNzAA8Y+yHdLG3HimQvmPSflen14RbY8gVBdY0hZGJCuEZ
7gYfFgerZ+cKYcCRAXbhikUNSzRUhZTww8hfxYtrO0AkiyvWxKI1G+82yNEnnqTl
O6nbMqay68HexIIoSrO2e7leaDDwajMWtRHabgB683Q5cqMiJMljEP4dXsNdYjUD
Y5xqKE1EfFJw/tseRURnb0uj/raHS5azrUpk0jMIY5HG
-----END CERTIFICATE-----