Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/e5VBaHGejhW_AoIxdCF_fCtTPeI.roa
File:                     e5VBaHGejhW_AoIxdCF_fCtTPeI.roa (raw, json)
Hash identifier:          Q+4CuJhRkhI5Z8UgQ9incdTimoJz6UReG7KbnSO22u4=
Subject key identifier:   7B:95:41:68:71:9E:8E:15:BF:02:82:31:74:21:7F:7C:2B:53:3D:E2
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       01921FA31A1EA2C6208150AD6FE98AA9D485
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/e5VBaHGejhW_AoIxdCF_fCtTPeI.roa
Signing time:             Mon 23 Sep 2024 16:07:15 +0000
ROA not before:           Mon 23 Sep 2024 16:07:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214184
IP address blocks:        5.160.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1f:a3:1a:1e:a2:c6:20:81:50:ad:6f:e9:8a:a9:d4:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Sep 23 16:07:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b954168719e8e15bf02823174217f7c2b533de2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:00:7d:bc:87:80:53:1e:87:94:96:db:f1:b1:
                    d3:d1:43:59:8f:cc:07:ac:db:b0:64:f0:94:a8:de:
                    10:94:2f:74:e5:3b:4d:82:4f:cf:00:33:17:ef:c2:
                    14:80:5b:89:b6:89:20:07:54:02:d9:e9:f9:e9:a3:
                    ee:41:c1:11:73:32:56:c1:b7:41:32:72:4a:0a:d5:
                    53:2f:f3:d9:41:d5:76:26:0e:cf:7b:4c:c8:c8:bc:
                    67:6a:c5:86:6a:40:ca:de:31:e5:19:a9:6b:a3:9f:
                    01:a5:34:38:0a:79:7e:f2:f3:b5:d3:02:d9:69:43:
                    01:fc:d0:5c:63:8b:2c:e1:55:20:da:85:bd:6a:a3:
                    bf:ac:88:18:9d:8c:01:40:61:22:e7:3a:05:6a:6b:
                    90:3c:2a:b9:00:64:45:34:f8:b9:f3:11:e9:8b:e5:
                    e3:f7:76:3d:57:f0:2c:14:1f:d5:57:98:2b:64:fe:
                    b5:40:2a:a2:67:10:60:fe:57:39:3e:6c:df:cb:db:
                    39:c6:50:ea:e1:6e:31:c2:ef:7b:ab:2b:8e:3d:85:
                    b7:13:8b:d6:85:eb:2c:ba:7a:5b:26:42:b1:4e:dd:
                    8d:d5:17:5f:5a:0a:39:77:7c:17:a7:9f:24:56:74:
                    ea:4e:c8:0c:c2:b0:97:45:e7:56:31:f6:47:74:06:
                    2e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:95:41:68:71:9E:8E:15:BF:02:82:31:74:21:7F:7C:2B:53:3D:E2
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/e5VBaHGejhW_AoIxdCF_fCtTPeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:b6:21:4a:14:4f:1c:3e:54:3f:36:50:e9:f3:23:58:73:c9:
         e7:09:c2:7c:1d:ca:3b:15:cd:b3:d3:af:42:8b:26:80:c5:ac:
         a4:8e:0e:a0:9b:2d:f1:64:85:b9:cd:86:46:ff:81:e7:72:b3:
         c8:49:80:51:23:58:34:db:b8:0e:eb:6e:7c:32:fa:a3:de:2c:
         36:37:e1:0f:f4:3a:35:cd:88:d3:d1:3f:85:8e:f4:c0:0d:15:
         1e:99:16:62:43:b6:f9:e9:93:86:98:18:42:ec:94:eb:5c:83:
         9e:fd:82:32:dd:f6:5f:bd:cb:1a:4b:ed:ab:0c:4d:3c:9b:6c:
         03:e1:c7:46:62:0f:72:64:6b:bf:46:e1:02:0c:4f:2f:8a:e3:
         e2:e6:4a:85:be:e3:bf:15:5b:f1:2f:89:3c:10:c7:91:15:0d:
         7e:36:ad:b9:83:da:21:bd:a2:12:c2:c2:78:69:99:6e:e9:0a:
         9d:8f:32:22:eb:d4:c2:41:69:92:0b:63:8b:a3:7e:72:41:5e:
         d7:3a:80:83:b8:17:19:81:81:4e:3b:59:97:62:d5:d3:89:cd:
         e4:12:b0:2d:90:b0:68:eb:de:9f:c2:be:39:35:f0:6b:15:6b:
         7e:4a:5c:b1:9c:fa:10:6c:ec:52:f8:f0:de:40:01:87:53:f8:
         11:3e:e1:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIfoxoeosYggVCtb+mKqdSFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwOTIzMTYwNzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjk1NDE2ODcxOWU4ZTE1YmYwMjgyMzE3NDIxN2Y3YzJiNTMzZGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAB9vIeAUx6HlJbb8bHT0UNZj8wH
rNuwZPCUqN4QlC905TtNgk/PADMX78IUgFuJtokgB1QC2en56aPuQcERczJWwbdB
MnJKCtVTL/PZQdV2Jg7Pe0zIyLxnasWGakDK3jHlGalro58BpTQ4Cnl+8vO10wLZ
aUMB/NBcY4ss4VUg2oW9aqO/rIgYnYwBQGEi5zoFamuQPCq5AGRFNPi58xHpi+Xj
93Y9V/AsFB/VV5grZP61QCqiZxBg/lc5Pmzfy9s5xlDq4W4xwu97qyuOPYW3E4vW
hessunpbJkKxTt2N1RdfWgo5d3wXp58kVnTqTsgMwrCXRedWMfZHdAYufwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHuVQWhxno4VvwKCMXQhf3wrUz3iMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvZTVWQmFIR2VqaFdfQW9JeGRDRl9mQ3RUUGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaCRMA0G
CSqGSIb3DQEBCwUAA4IBAQCgtiFKFE8cPlQ/NlDp8yNYc8nnCcJ8Hco7Fc2z069C
iyaAxaykjg6gmy3xZIW5zYZG/4HncrPISYBRI1g027gO6258Mvqj3iw2N+EP9Do1
zYjT0T+FjvTADRUemRZiQ7b56ZOGmBhC7JTrXIOe/YIy3fZfvcsaS+2rDE08m2wD
4cdGYg9yZGu/RuECDE8viuPi5kqFvuO/FVvxL4k8EMeRFQ1+Nq25g9ohvaISwsJ4
aZlu6QqdjzIi69TCQWmSC2OLo35yQV7XOoCDuBcZgYFOO1mXYtXTic3kErAtkLBo
696fwr45NfBrFWt+SlyxnPoQbOxS+PDeQAGHU/gRPuEF
-----END CERTIFICATE-----