Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/512cblUb18gPvDykRXCVkfrEbCo.roa
File:                     512cblUb18gPvDykRXCVkfrEbCo.roa (raw, json)
Hash identifier:          OKREPsF72jPzoCoVVeFHAK0366n5Ovi6E4YPFy7tF7c=
Subject key identifier:   E7:5D:9C:6E:55:1B:D7:C8:0F:BC:3C:A4:45:70:95:91:FA:C4:6C:2A
Certificate issuer:       /CN=5f92bff7a89a8590e6abbaec0282b0f24e0afeb2
Certificate serial:       018CCA293A955AB2407612470224058A9E7D
Authority key identifier: 5F:92:BF:F7:A8:9A:85:90:E6:AB:BA:EC:02:82:B0:F2:4E:0A:FE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X5K_96iahZDmq7rsAoKw8k4K_rI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/512cblUb18gPvDykRXCVkfrEbCo.roa
Signing time:             Tue 02 Jan 2024 12:32:28 +0000
ROA not before:           Tue 02 Jan 2024 12:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31800
IP address blocks:        91.236.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/X5K_96iahZDmq7rsAoKw8k4K_rI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/X5K_96iahZDmq7rsAoKw8k4K_rI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X5K_96iahZDmq7rsAoKw8k4K_rI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:3a:95:5a:b2:40:76:12:47:02:24:05:8a:9e:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f92bff7a89a8590e6abbaec0282b0f24e0afeb2
        Validity
            Not Before: Jan  2 12:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e75d9c6e551bd7c80fbc3ca445709591fac46c2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8b:0b:03:a7:61:98:0a:eb:e2:e7:c9:63:a4:
                    30:69:be:76:72:5a:bf:bd:9a:18:62:12:ff:64:12:
                    e2:e5:2c:91:04:ff:ad:3a:cf:20:52:5b:5b:ce:5c:
                    3f:58:f7:34:00:81:21:0e:45:5a:84:76:50:b8:77:
                    61:21:c0:b3:5d:96:a7:77:db:04:23:b1:f9:66:c4:
                    38:a3:84:3f:db:1f:fb:af:5b:cd:f8:4b:f2:da:0d:
                    14:8d:f4:0f:9f:4b:a3:7a:09:14:dd:44:74:a0:97:
                    09:55:d4:53:d8:4b:dd:29:dd:22:61:c0:16:7c:21:
                    3f:bd:4e:bd:51:b4:14:7a:cb:2c:a6:0d:45:3d:bf:
                    c9:e5:be:eb:67:b6:47:7b:d0:25:45:90:26:36:4b:
                    db:51:e5:06:7f:3b:0e:ad:d7:50:77:08:a9:af:60:
                    df:79:a4:3e:d3:ea:f5:4a:9b:0e:fd:d8:b4:f5:cc:
                    4e:b4:52:9c:6a:73:24:db:85:b5:fb:2b:08:46:1e:
                    99:07:07:40:52:18:02:f3:43:35:4d:c8:f1:fe:26:
                    b0:a1:26:0e:d9:03:b9:82:77:3d:83:a1:18:54:64:
                    d7:f1:da:6d:ac:0a:84:8b:fc:34:1f:2f:18:90:f7:
                    ba:54:19:d9:b2:41:92:e1:fd:e9:a1:b1:25:5d:3a:
                    6e:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:5D:9C:6E:55:1B:D7:C8:0F:BC:3C:A4:45:70:95:91:FA:C4:6C:2A
            X509v3 Authority Key Identifier:
                keyid:5F:92:BF:F7:A8:9A:85:90:E6:AB:BA:EC:02:82:B0:F2:4E:0A:FE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X5K_96iahZDmq7rsAoKw8k4K_rI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/512cblUb18gPvDykRXCVkfrEbCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/a78ef1-c3c9-43a0-9b1c-1d9d8d004111/1/X5K_96iahZDmq7rsAoKw8k4K_rI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:59:8e:bb:1b:04:1f:64:d6:4c:81:b3:8d:10:21:78:39:9d:
         4a:5b:8a:36:47:24:b5:f2:1a:a9:b8:80:78:68:34:26:fc:c2:
         e3:50:ea:47:22:b7:9f:10:13:60:3d:00:da:34:21:55:f4:3e:
         37:9c:b2:6c:65:e8:8a:e8:39:2c:fa:13:9e:5b:df:8a:0c:3a:
         a0:39:0f:58:ab:15:d4:df:8e:39:3c:f8:57:4b:f9:e2:3c:f6:
         55:5a:40:f3:4d:24:a0:90:4d:ae:ce:bb:b8:98:b9:8c:35:3a:
         9f:1e:60:79:0b:ac:54:f8:a5:83:67:e5:93:9f:b3:87:1d:01:
         6d:e5:7d:40:9b:b4:36:be:3c:da:02:d6:e8:4e:92:bc:26:b3:
         4e:c1:09:98:66:e2:06:73:3b:41:e9:83:fa:8d:77:cb:cb:44:
         84:15:d5:3a:73:99:f5:75:48:d0:f5:26:c4:55:60:b8:b5:63:
         4b:bc:5c:a6:0e:16:a7:3c:38:3a:92:1c:33:92:bf:bb:38:a8:
         08:5a:16:13:0b:ed:e5:2f:84:f5:ab:8a:ad:6e:f8:c5:e6:b3:
         d6:42:40:7d:a1:50:38:a9:01:1a:33:43:10:03:13:07:ac:c3:
         af:1b:07:f2:b6:2e:4d:4b:4d:77:ab:5c:5d:5f:03:73:6d:44:
         51:8c:93:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKTqVWrJAdhJHAiQFip59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmOTJiZmY3YTg5YTg1OTBlNmFiYmFlYzAyODJiMGYyNGUw
YWZlYjIwHhcNMjQwMTAyMTIzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzVkOWM2ZTU1MWJkN2M4MGZiYzNjYTQ0NTcwOTU5MWZhYzQ2YzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIsLA6dhmArr4ufJY6Qwab52clq/
vZoYYhL/ZBLi5SyRBP+tOs8gUltbzlw/WPc0AIEhDkVahHZQuHdhIcCzXZand9sE
I7H5ZsQ4o4Q/2x/7r1vN+Evy2g0UjfQPn0ujegkU3UR0oJcJVdRT2EvdKd0iYcAW
fCE/vU69UbQUessspg1FPb/J5b7rZ7ZHe9AlRZAmNkvbUeUGfzsOrddQdwipr2Df
eaQ+0+r1SpsO/di09cxOtFKcanMk24W1+ysIRh6ZBwdAUhgC80M1Tcjx/iawoSYO
2QO5gnc9g6EYVGTX8dptrAqEi/w0Hy8YkPe6VBnZskGS4f3pobElXTpugQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOddnG5VG9fID7w8pEVwlZH6xGwqMB8GA1UdIwQY
MBaAFF+Sv/eomoWQ5qu67AKCsPJOCv6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDVLXzk2aWFoWkRtcTdyc0FvS3c4azRLX3JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9hNzhlZjEtYzNjOS00M2EwLTliMWMt
MWQ5ZDhkMDA0MTExLzEvNTEyY2JsVWIxOGdQdkR5a1JYQ1ZrZnJFYkNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9hNzhlZjEtYzNjOS00M2EwLTliMWMtMWQ5ZDhkMDA0MTEx
LzEvWDVLXzk2aWFoWkRtcTdyc0FvS3c4azRLX3JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+y2MA0G
CSqGSIb3DQEBCwUAA4IBAQAOWY67GwQfZNZMgbONECF4OZ1KW4o2RyS18hqpuIB4
aDQm/MLjUOpHIrefEBNgPQDaNCFV9D43nLJsZeiK6Dks+hOeW9+KDDqgOQ9YqxXU
3445PPhXS/niPPZVWkDzTSSgkE2uzru4mLmMNTqfHmB5C6xU+KWDZ+WTn7OHHQFt
5X1Am7Q2vjzaAtboTpK8JrNOwQmYZuIGcztB6YP6jXfLy0SEFdU6c5n1dUjQ9SbE
VWC4tWNLvFymDhanPDg6khwzkr+7OKgIWhYTC+3lL4T1q4qtbvjF5rPWQkB9oVA4
qQEaM0MQAxMHrMOvGwfyti5NS013q1xdXwNzbURRjJMB
-----END CERTIFICATE-----