Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/R5KOY29DdSWWGivwR8vWBooeapo.roa
File:                     R5KOY29DdSWWGivwR8vWBooeapo.roa (raw, json)
Hash identifier:          80ziZYwmzZEsEk7rOFz8nB9lUsavIEnNHpglc6Q6GFE=
Subject key identifier:   47:92:8E:63:6F:43:75:25:96:1A:2B:F0:47:CB:D6:06:8A:1E:6A:9A
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492DB7506F7053373868631F01E6F85
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/R5KOY29DdSWWGivwR8vWBooeapo.roa
Signing time:             Mon 01 Jan 2024 10:30:07 +0000
ROA not before:           Mon 01 Jan 2024 10:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51541
IP address blocks:        5.160.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:db:75:06:f7:05:33:73:86:86:31:f0:1e:6f:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47928e636f437525961a2bf047cbd6068a1e6a9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:26:cb:c5:b2:61:0e:05:eb:bd:50:07:aa:9d:
                    60:1d:f1:93:8d:0c:00:f6:e8:74:80:d0:90:e0:92:
                    1c:4c:89:32:0d:41:5d:74:08:37:f7:85:79:be:b4:
                    63:bc:9c:73:a8:bd:1f:20:3b:de:21:13:1b:73:38:
                    86:24:11:9d:48:80:dc:e2:13:80:b3:ac:81:07:d6:
                    b4:08:c2:6d:2c:28:fc:c6:4b:3f:6d:f7:23:8c:2e:
                    26:55:a4:2a:fb:25:41:05:64:e4:06:f1:74:b2:9a:
                    65:b2:32:31:8b:96:c8:c5:61:91:e5:58:0a:58:df:
                    db:2b:f9:c3:f2:d1:52:31:0e:ff:78:69:ed:5a:ef:
                    4d:78:de:e8:cf:7e:81:5d:12:04:5e:90:6e:cd:fe:
                    7e:6b:3d:33:00:92:90:6f:75:fa:ed:3a:e1:00:79:
                    f1:d8:9f:02:0a:6f:a5:ac:33:5e:a0:03:98:86:15:
                    43:2c:cd:f5:d0:8a:89:e9:6a:d1:fe:d3:6a:1b:2e:
                    cb:46:63:d0:7f:f7:1b:23:68:69:e8:16:76:bf:c3:
                    2d:97:ed:3f:fd:f7:e2:73:2d:96:77:96:60:d1:32:
                    e6:5b:b1:8e:bc:0d:b0:de:b9:0c:c2:64:3e:32:64:
                    05:b1:6b:b0:2d:72:1d:a3:ea:66:58:84:97:11:db:
                    4c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:92:8E:63:6F:43:75:25:96:1A:2B:F0:47:CB:D6:06:8A:1E:6A:9A
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/R5KOY29DdSWWGivwR8vWBooeapo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:34:0e:fa:d0:e1:17:41:3b:76:12:1c:8c:fa:5d:a4:4d:21:
         cb:f5:43:73:d6:fd:51:cd:dd:82:f5:76:c6:b5:50:ee:e7:15:
         2b:ef:0c:c1:a9:63:34:ba:1f:77:c3:c9:b6:67:ea:f3:82:31:
         3d:9c:d8:7a:8a:83:f5:02:fa:e6:e4:77:12:5a:3e:d5:9e:bd:
         09:65:a2:ca:5f:c6:cd:34:75:b3:4a:ad:66:ee:33:d3:b4:ee:
         1c:f5:29:29:20:cb:a0:53:de:9a:b9:de:3b:54:a3:25:38:f3:
         66:c5:9a:9c:35:8f:48:62:46:2d:a5:0f:3b:f8:b7:1a:8c:75:
         21:c5:b1:d9:10:82:5a:f8:a7:5e:eb:99:67:ef:23:e9:d7:d2:
         03:06:d1:36:86:90:4c:b4:16:78:93:0c:1b:0a:77:5f:53:fe:
         fa:5d:ee:b4:88:c7:3b:d9:d7:3b:50:71:b0:98:5b:c2:ac:91:
         cf:e5:3a:65:22:ab:8a:e7:7d:0f:e5:75:86:5c:d9:ba:5d:5b:
         39:df:3d:2b:90:4b:1c:dc:0c:d1:fe:77:6d:6e:f4:78:26:ef:
         27:64:21:3f:52:d6:b6:cd:29:79:a0:5e:f9:10:22:f0:34:83:
         8e:24:32:10:a8:40:05:32:b7:fe:37:ea:aa:98:a3:db:8b:8d:
         53:bc:23:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEktt1BvcFM3OGhjHwHm+FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzkyOGU2MzZmNDM3NTI1OTYxYTJiZjA0N2NiZDYwNjhhMWU2YTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3SbLxbJhDgXrvVAHqp1gHfGTjQwA
9uh0gNCQ4JIcTIkyDUFddAg394V5vrRjvJxzqL0fIDveIRMbcziGJBGdSIDc4hOA
s6yBB9a0CMJtLCj8xks/bfcjjC4mVaQq+yVBBWTkBvF0spplsjIxi5bIxWGR5VgK
WN/bK/nD8tFSMQ7/eGntWu9NeN7oz36BXRIEXpBuzf5+az0zAJKQb3X67TrhAHnx
2J8CCm+lrDNeoAOYhhVDLM310IqJ6WrR/tNqGy7LRmPQf/cbI2hp6BZ2v8Mtl+0/
/fficy2Wd5Zg0TLmW7GOvA2w3rkMwmQ+MmQFsWuwLXIdo+pmWISXEdtM8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEeSjmNvQ3Ullhor8EfL1gaKHmqaMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvUjVLT1kyOURkU1dXR2l2d1I4dldCb29lYXBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaCYMA0G
CSqGSIb3DQEBCwUAA4IBAQCcNA760OEXQTt2EhyM+l2kTSHL9UNz1v1Rzd2C9XbG
tVDu5xUr7wzBqWM0uh93w8m2Z+rzgjE9nNh6ioP1Avrm5HcSWj7Vnr0JZaLKX8bN
NHWzSq1m7jPTtO4c9SkpIMugU96aud47VKMlOPNmxZqcNY9IYkYtpQ87+LcajHUh
xbHZEIJa+Kde65ln7yPp19IDBtE2hpBMtBZ4kwwbCndfU/76Xe60iMc72dc7UHGw
mFvCrJHP5TplIquK530P5XWGXNm6XVs53z0rkEsc3AzR/ndtbvR4Ju8nZCE/Uta2
zSl5oF75ECLwNIOOJDIQqEAFMrf+N+qqmKPbi41TvCNZ
-----END CERTIFICATE-----