Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/kXPlkgYG2-4Khx3jtvtJdFXS1Gk.roa
File:                     kXPlkgYG2-4Khx3jtvtJdFXS1Gk.roa (raw, json)
Hash identifier:          a1+/ACVsmLrVFCve9Q45sT6KJ/ZMim0Df8qBdNrzkDs=
Subject key identifier:   91:73:E5:92:06:06:DB:EE:0A:87:1D:E3:B6:FB:49:74:55:D2:D4:69
Certificate issuer:       /CN=bb0d4e85937b7a0f271054d28614f2934d4ea500
Certificate serial:       0191451932BE7625D08329C471CB02D16EC3
Authority key identifier: BB:0D:4E:85:93:7B:7A:0F:27:10:54:D2:86:14:F2:93:4D:4E:A5:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/kXPlkgYG2-4Khx3jtvtJdFXS1Gk.roa
Signing time:             Mon 12 Aug 2024 05:39:24 +0000
ROA not before:           Mon 12 Aug 2024 05:39:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197537
IP address blocks:        5.144.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:45:19:32:be:76:25:d0:83:29:c4:71:cb:02:d1:6e:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb0d4e85937b7a0f271054d28614f2934d4ea500
        Validity
            Not Before: Aug 12 05:39:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9173e5920606dbee0a871de3b6fb497455d2d469
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bd:8d:0f:5e:db:2d:4f:57:1c:84:3d:08:8d:
                    18:77:ae:ef:04:84:6f:3c:a6:f6:2f:ba:7d:5f:53:
                    7c:42:e1:de:52:6f:0f:de:fb:9b:2f:2b:95:d5:17:
                    bb:76:b0:c8:19:5e:cb:a4:7a:c1:97:1e:5e:2f:cf:
                    07:46:fd:ac:ff:40:55:b9:7c:e7:56:07:6b:ff:2d:
                    a6:d2:01:15:1e:01:de:19:34:20:e5:e9:50:21:04:
                    25:03:40:6c:6e:10:fd:d4:5a:a6:06:75:e7:9c:f3:
                    d5:fd:61:38:f2:9a:b1:52:7f:d7:42:0e:8a:fb:cd:
                    fc:54:2a:e8:95:b0:0a:74:4c:16:49:6e:c4:b2:a8:
                    59:3b:d3:ae:69:a3:eb:1d:a7:e9:4f:36:b0:5a:ab:
                    6b:0c:67:b5:9e:f0:49:5f:c7:dc:7b:11:ea:b3:c9:
                    6b:88:16:d0:8f:ef:f2:9a:9f:01:73:57:6b:78:95:
                    b2:29:ee:4e:d2:12:b7:80:b2:ab:ce:f2:2f:25:93:
                    94:32:c0:9a:a8:ab:85:5f:82:13:f4:0e:b2:c4:37:
                    a1:2c:f7:88:63:10:8e:c9:1e:44:29:e0:74:72:5d:
                    a4:15:5d:bd:4f:50:3d:c7:41:20:a9:4e:f0:59:bd:
                    dd:76:40:eb:fc:05:83:2d:2a:83:f9:97:39:51:65:
                    a5:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:73:E5:92:06:06:DB:EE:0A:87:1D:E3:B6:FB:49:74:55:D2:D4:69
            X509v3 Authority Key Identifier:
                keyid:BB:0D:4E:85:93:7B:7A:0F:27:10:54:D2:86:14:F2:93:4D:4E:A5:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uw1OhZN7eg8nEFTShhTyk01OpQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/kXPlkgYG2-4Khx3jtvtJdFXS1Gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/d17527-cf98-4d37-866f-8e9b98a99cdb/1/uw1OhZN7eg8nEFTShhTyk01OpQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:db:91:98:90:0d:33:75:2c:04:8b:f8:c1:88:dc:0b:04:4f:
         11:84:b9:47:29:3f:2b:2e:d2:9d:d6:56:95:81:e2:8d:48:a5:
         11:07:f5:7e:1a:00:0c:ea:48:e7:06:1e:c5:3c:31:5b:a3:42:
         75:24:f2:5b:b0:89:48:fb:d5:44:88:21:43:b9:0a:9d:6c:05:
         82:95:55:87:12:de:dd:48:00:73:0f:f2:88:78:2d:6e:43:4d:
         07:84:dc:14:1a:16:53:9d:11:10:66:08:f2:35:03:a4:bc:16:
         b9:a4:b2:17:02:64:a0:32:3d:0b:be:34:76:b2:ff:dc:9a:1c:
         3d:46:48:b0:db:dd:27:51:d0:9d:03:38:1d:52:af:67:53:4a:
         00:61:3d:17:3c:ce:d4:1c:52:2c:7e:d5:67:47:b3:79:4f:7f:
         19:bb:12:5a:48:4f:84:7d:be:df:17:9c:91:07:49:61:cd:ad:
         b3:0a:b4:3d:57:b2:35:53:c8:16:cd:4e:a5:60:fa:25:d4:15:
         5c:08:69:3f:2e:06:96:11:66:2c:23:1a:3f:8d:59:ea:e6:a8:
         60:52:61:14:ac:84:37:9b:ad:ce:d2:6b:23:cc:14:ee:08:92:
         8f:7b:c2:fa:eb:29:ef:31:06:75:70:9b:08:e4:b5:4f:a7:1d:
         a9:bf:46:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFFGTK+diXQgynEccsC0W7DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMGQ0ZTg1OTM3YjdhMGYyNzEwNTRkMjg2MTRmMjkzNGQ0
ZWE1MDAwHhcNMjQwODEyMDUzOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTczZTU5MjA2MDZkYmVlMGE4NzFkZTNiNmZiNDk3NDU1ZDJkNDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsb2ND17bLU9XHIQ9CI0Yd67vBIRv
PKb2L7p9X1N8QuHeUm8P3vubLyuV1Re7drDIGV7LpHrBlx5eL88HRv2s/0BVuXzn
Vgdr/y2m0gEVHgHeGTQg5elQIQQlA0BsbhD91FqmBnXnnPPV/WE48pqxUn/XQg6K
+838VCrolbAKdEwWSW7EsqhZO9OuaaPrHafpTzawWqtrDGe1nvBJX8fcexHqs8lr
iBbQj+/ymp8Bc1dreJWyKe5O0hK3gLKrzvIvJZOUMsCaqKuFX4IT9A6yxDehLPeI
YxCOyR5EKeB0cl2kFV29T1A9x0EgqU7wWb3ddkDr/AWDLSqD+Zc5UWWlqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFz5ZIGBtvuCocd47b7SXRV0tRpMB8GA1UdIwQY
MBaAFLsNToWTe3oPJxBU0oYU8pNNTqUAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXcxT2haTjdlZzhuRUZUU2hoVHlrMDFPcFFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9kMTc1MjctY2Y5OC00ZDM3LTg2NmYt
OGU5Yjk4YTk5Y2RiLzEva1hQbGtnWUcyLTRLaHgzanR2dEpkRlhTMUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9kMTc1MjctY2Y5OC00ZDM3LTg2NmYtOGU5Yjk4YTk5Y2Ri
LzEvdXcxT2haTjdlZzhuRUZUU2hoVHlrMDFPcFFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZCaMA0G
CSqGSIb3DQEBCwUAA4IBAQBO25GYkA0zdSwEi/jBiNwLBE8RhLlHKT8rLtKd1laV
geKNSKURB/V+GgAM6kjnBh7FPDFbo0J1JPJbsIlI+9VEiCFDuQqdbAWClVWHEt7d
SABzD/KIeC1uQ00HhNwUGhZTnREQZgjyNQOkvBa5pLIXAmSgMj0LvjR2sv/cmhw9
Rkiw290nUdCdAzgdUq9nU0oAYT0XPM7UHFIsftVnR7N5T38ZuxJaSE+Efb7fF5yR
B0lhza2zCrQ9V7I1U8gWzU6lYPol1BVcCGk/LgaWEWYsIxo/jVnq5qhgUmEUrIQ3
m63O0msjzBTuCJKPe8L66ynvMQZ1cJsI5LVPpx2pv0ZL
-----END CERTIFICATE-----