Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/wRiB1bqp97qpuZHsVkDKZOAgYoI.roa
File:                     wRiB1bqp97qpuZHsVkDKZOAgYoI.roa (raw, json)
Hash identifier:          YB0dS9hUG6NEUEWIIyjlOgtQ00ER+yuCq7Y02PXxfxw=
Subject key identifier:   C1:18:81:D5:BA:A9:F7:BA:A9:B9:91:EC:56:40:CA:64:E0:20:62:82
Certificate issuer:       /CN=279159ef22f82b936731664ee67c3b6ea96ef443
Certificate serial:       018D68C8041F32E1930EE2E48EF790413266
Authority key identifier: 27:91:59:EF:22:F8:2B:93:67:31:66:4E:E6:7C:3B:6E:A9:6E:F4:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/wRiB1bqp97qpuZHsVkDKZOAgYoI.roa
Signing time:             Fri 02 Feb 2024 07:45:55 +0000
ROA not before:           Fri 02 Feb 2024 07:45:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43754
IP address blocks:        5.22.192.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:68:c8:04:1f:32:e1:93:0e:e2:e4:8e:f7:90:41:32:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279159ef22f82b936731664ee67c3b6ea96ef443
        Validity
            Not Before: Feb  2 07:45:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c11881d5baa9f7baa9b991ec5640ca64e0206282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8c:dc:bb:1e:13:3e:0c:a4:7e:c0:68:32:ff:
                    60:57:0e:9e:a4:77:bc:81:e2:18:0d:88:d9:3f:89:
                    92:fa:b4:c7:1b:a9:4d:df:b0:c3:ff:ed:37:12:a1:
                    4d:6a:ca:49:7d:1b:e6:bf:e4:a3:c1:e8:46:1e:6d:
                    6f:d6:6c:7f:8d:8c:6d:3b:db:1b:1e:78:cf:4a:9b:
                    e8:9a:f2:2e:00:89:dd:e4:cb:55:c0:8c:92:f9:da:
                    33:b9:02:b0:ff:50:2d:a7:7c:1f:c0:30:c2:74:3a:
                    b1:a6:af:9d:a0:d7:2c:80:c7:46:04:ab:e3:b5:bf:
                    16:49:9c:ec:cf:c1:30:fe:f8:08:75:61:ec:cf:2d:
                    47:00:f8:a6:db:ff:70:1d:80:97:97:e2:6f:d7:5b:
                    be:dd:0e:27:ec:e2:de:c3:1d:6b:cc:ee:5d:7f:eb:
                    16:c1:56:95:4d:ad:9b:07:f1:90:5d:30:80:0c:cb:
                    e8:6b:45:80:7c:73:97:21:f0:05:50:35:0a:da:94:
                    c5:d8:ca:20:bc:51:3d:29:c3:19:ea:46:ed:03:25:
                    cc:3e:9a:26:26:ca:17:b7:cf:fd:87:9d:f4:a5:90:
                    0a:53:32:3d:bc:d4:35:ee:a0:d2:a9:2b:41:76:89:
                    a0:3e:c1:38:6e:3b:31:2c:1c:72:3f:04:74:2a:3d:
                    3b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:18:81:D5:BA:A9:F7:BA:A9:B9:91:EC:56:40:CA:64:E0:20:62:82
            X509v3 Authority Key Identifier:
                keyid:27:91:59:EF:22:F8:2B:93:67:31:66:4E:E6:7C:3B:6E:A9:6E:F4:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/wRiB1bqp97qpuZHsVkDKZOAgYoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/5c15be-aef2-4c31-bfb4-31baf6eede8a/1/J5FZ7yL4K5NnMWZO5nw7bqlu9EM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.192.0/21

    Signature Algorithm: sha256WithRSAEncryption
         10:34:3a:06:6f:66:2c:c6:3a:a5:46:c7:1b:8c:e6:ee:f8:a2:
         8e:b8:d0:06:a7:bb:26:58:35:bb:90:19:5c:55:73:1e:ab:07:
         ee:c9:cb:38:86:02:c2:48:46:ac:30:a2:32:62:ae:12:b7:5e:
         13:08:5d:ff:ce:7a:01:bf:55:d4:24:df:2d:53:4c:fb:7d:24:
         a8:50:0f:a5:f1:8f:ab:0a:d1:78:fa:d9:13:83:1c:c0:1f:b4:
         01:cc:08:41:72:bf:ff:c5:54:e9:84:64:78:45:66:1f:d3:4e:
         e9:cf:be:20:38:b8:aa:c7:bb:9c:c3:db:79:03:8f:a0:08:fa:
         f9:04:03:6d:be:72:e1:cf:bc:94:b9:c7:0e:af:93:7d:67:21:
         30:57:bb:88:18:a8:36:f9:7a:e2:1d:34:01:ac:6d:d2:b1:36:
         1e:09:f5:d7:8b:e7:f7:24:db:4e:68:49:ae:a3:83:45:74:8c:
         a5:ee:5c:2f:80:42:ca:09:31:c5:2f:9c:eb:2e:61:c4:73:2c:
         c4:e2:a3:fd:ea:d4:fa:d7:7e:29:de:53:a3:23:34:da:f4:b2:
         f1:6a:d6:29:94:05:b9:47:72:a3:d7:4a:53:9c:94:55:5c:72:
         a3:af:e1:83:de:be:78:2b:a9:b8:cf:83:2f:30:fb:f9:2b:cc:
         aa:25:6e:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1oyAQfMuGTDuLkjveQQTJmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTE1OWVmMjJmODJiOTM2NzMxNjY0ZWU2N2MzYjZlYTk2
ZWY0NDMwHhcNMjQwMjAyMDc0NTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTE4ODFkNWJhYTlmN2JhYTliOTkxZWM1NjQwY2E2NGUwMjA2MjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIzcux4TPgykfsBoMv9gVw6epHe8
geIYDYjZP4mS+rTHG6lN37DD/+03EqFNaspJfRvmv+SjwehGHm1v1mx/jYxtO9sb
HnjPSpvomvIuAInd5MtVwIyS+dozuQKw/1Atp3wfwDDCdDqxpq+doNcsgMdGBKvj
tb8WSZzsz8Ew/vgIdWHszy1HAPim2/9wHYCXl+Jv11u+3Q4n7OLewx1rzO5df+sW
wVaVTa2bB/GQXTCADMvoa0WAfHOXIfAFUDUK2pTF2MogvFE9KcMZ6kbtAyXMPpom
JsoXt8/9h530pZAKUzI9vNQ17qDSqStBdomgPsE4bjsxLBxyPwR0Kj07lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMEYgdW6qfe6qbmR7FZAymTgIGKCMB8GA1UdIwQY
MBaAFCeRWe8i+CuTZzFmTuZ8O26pbvRDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVGWjd5TDRLNU5uTVdaTzVudzdicWx1OUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS81YzE1YmUtYWVmMi00YzMxLWJmYjQt
MzFiYWY2ZWVkZThhLzEvd1JpQjFicXA5N3FwdVpIc1ZrREtaT0FnWW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS81YzE1YmUtYWVmMi00YzMxLWJmYjQtMzFiYWY2ZWVkZThh
LzEvSjVGWjd5TDRLNU5uTVdaTzVudzdicWx1OUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBRbAMA0G
CSqGSIb3DQEBCwUAA4IBAQAQNDoGb2YsxjqlRscbjObu+KKOuNAGp7smWDW7kBlc
VXMeqwfuycs4hgLCSEasMKIyYq4St14TCF3/znoBv1XUJN8tU0z7fSSoUA+l8Y+r
CtF4+tkTgxzAH7QBzAhBcr//xVTphGR4RWYf007pz74gOLiqx7ucw9t5A4+gCPr5
BANtvnLhz7yUuccOr5N9ZyEwV7uIGKg2+XriHTQBrG3SsTYeCfXXi+f3JNtOaEmu
o4NFdIyl7lwvgELKCTHFL5zrLmHEcyzE4qP96tT6134p3lOjIzTa9LLxatYplAW5
R3Kj10pTnJRVXHKjr+GD3r54K6m4z4MvMPv5K8yqJW6O
-----END CERTIFICATE-----