Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-7PNDpTuHOWRK9swf7m2lSbG4yE.roa
File:                     1-7PNDpTuHOWRK9swf7m2lSbG4yE.roa (raw, json)
Hash identifier:          WBocLHyAg0Y8Y9hRfwTLfWenO7lJ3npo3IegU8dhEuY=
Subject key identifier:   FB:B3:CD:0E:94:EE:1C:E5:91:2B:DB:30:7F:B9:B6:95:26:C6:E3:21
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018CC64B29BD9010EDD9F0594DEF3FB9F988
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-7PNDpTuHOWRK9swf7m2lSbG4yE.roa
Signing time:             Mon 01 Jan 2024 18:31:03 +0000
ROA not before:           Mon 01 Jan 2024 18:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        5.178.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:29:bd:90:10:ed:d9:f0:59:4d:ef:3f:b9:f9:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  1 18:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbb3cd0e94ee1ce5912bdb307fb9b69526c6e321
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a4:3c:56:79:9c:d7:ed:ee:ff:43:b9:0b:16:
                    ed:16:ec:4b:f1:d3:96:b8:e9:d4:c5:ae:ef:76:23:
                    73:28:95:e8:bc:40:1b:cd:f6:1e:82:4e:14:69:86:
                    a5:74:bc:47:f8:ab:95:21:fa:a8:12:b2:f6:2c:0c:
                    46:40:91:bc:05:14:45:94:eb:62:c5:d0:56:b6:32:
                    83:6e:f9:6d:d3:4b:98:98:ec:53:aa:09:63:42:02:
                    0c:cc:1f:04:42:b5:f3:24:85:ee:d1:21:ca:35:ad:
                    2c:17:c6:25:51:35:62:27:89:8d:17:b7:a0:f4:69:
                    ac:5e:46:4e:4b:1a:ac:36:ea:d7:df:dc:ee:8b:e7:
                    e4:07:dd:cb:07:bf:50:97:4f:9b:92:94:34:d5:e5:
                    c9:34:80:cf:26:f6:e1:2d:27:5c:08:15:91:15:20:
                    b7:ae:cc:13:cd:ee:bd:d1:71:51:0e:ca:fb:ea:22:
                    f8:64:05:e7:92:2f:46:02:58:ee:b6:0d:4c:cd:60:
                    5d:bd:26:66:1c:64:e6:fe:f3:66:3e:66:27:47:c7:
                    14:ac:16:2b:30:11:bc:0b:94:45:fd:3f:df:a4:01:
                    5d:65:49:d2:9c:96:24:d6:9a:b4:b2:8c:d5:31:c5:
                    2e:64:ca:a6:86:7a:79:d3:73:d6:7e:a7:d9:c7:b3:
                    7d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:B3:CD:0E:94:EE:1C:E5:91:2B:DB:30:7F:B9:B6:95:26:C6:E3:21
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/1-7PNDpTuHOWRK9swf7m2lSbG4yE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:5b:92:3b:0a:2c:df:c8:66:62:bf:5b:82:67:13:46:a6:64:
         3c:cd:0c:18:9a:73:b8:67:46:26:e3:9d:5a:85:cf:24:b2:d1:
         b1:ce:eb:c0:34:11:5f:e6:68:e1:1b:6e:95:f6:14:72:0d:92:
         cb:3c:c4:b6:4a:dd:98:ad:e3:2f:35:d8:ab:14:97:73:9f:88:
         bd:dd:ea:52:5e:a1:16:46:af:49:e3:5e:f5:fb:ad:f7:77:af:
         ea:44:e1:d1:fe:e6:dc:33:6a:72:c9:3d:96:4c:09:fd:8a:6f:
         9f:d8:9a:60:df:99:40:39:da:43:4f:80:f3:bd:d4:3b:81:8b:
         16:87:b0:73:1b:93:2c:fd:05:12:3a:75:89:5f:96:de:44:4c:
         83:7b:3f:7e:3e:99:5a:6a:5d:65:7f:1b:38:a7:e0:7f:4c:7d:
         3c:bc:0a:66:2f:62:b6:09:83:82:eb:33:74:61:31:06:f4:8b:
         4e:9b:ab:87:98:25:38:d2:dd:99:34:51:fd:52:71:2a:ac:0a:
         9f:4a:0a:92:5f:f3:99:f7:ef:65:75:99:15:ba:8d:56:d7:eb:
         c9:25:ae:b2:7c:73:32:35:a7:63:6d:eb:33:45:e8:c8:44:40:
         41:d8:2f:36:11:3e:95:b9:87:8e:3d:c0:3e:a6:96:1d:a6:15:
         81:61:f2:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGSym9kBDt2fBZTe8/ufmIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwMTAxMTgzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmIzY2QwZTk0ZWUxY2U1OTEyYmRiMzA3ZmI5YjY5NTI2YzZlMzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqQ8Vnmc1+3u/0O5CxbtFuxL8dOW
uOnUxa7vdiNzKJXovEAbzfYegk4UaYaldLxH+KuVIfqoErL2LAxGQJG8BRRFlOti
xdBWtjKDbvlt00uYmOxTqgljQgIMzB8EQrXzJIXu0SHKNa0sF8YlUTViJ4mNF7eg
9GmsXkZOSxqsNurX39zui+fkB93LB79Ql0+bkpQ01eXJNIDPJvbhLSdcCBWRFSC3
rswTze690XFRDsr76iL4ZAXnki9GAljutg1MzWBdvSZmHGTm/vNmPmYnR8cUrBYr
MBG8C5RF/T/fpAFdZUnSnJYk1pq0sozVMcUuZMqmhnp503PWfqfZx7N9CQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPuzzQ6U7hzlkSvbMH+5tpUmxuMhMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvMS03UE5EcFR1SE9XUks5c3dmN20ybFNiRzR5RS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmEvODlmMDcxLTU2MzEtNDVkYi1hN2U1LWNkNjE1MjI2MWM2
Zi8xL0V4aUJjeW8tSkZxVm04WjU0RVdNT2ZpVDVHcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAWyZjAN
BgkqhkiG9w0BAQsFAAOCAQEAA1uSOwos38hmYr9bgmcTRqZkPM0MGJpzuGdGJuOd
WoXPJLLRsc7rwDQRX+Zo4RtulfYUcg2SyzzEtkrdmK3jLzXYqxSXc5+Ivd3qUl6h
FkavSeNe9fut93ev6kTh0f7m3DNqcsk9lkwJ/Ypvn9iaYN+ZQDnaQ0+A873UO4GL
FoewcxuTLP0FEjp1iV+W3kRMg3s/fj6ZWmpdZX8bOKfgf0x9PLwKZi9itgmDgusz
dGExBvSLTpurh5glONLdmTRR/VJxKqwKn0oKkl/zmffvZXWZFbqNVtfrySWusnxz
MjWnY23rM0XoyERAQdgvNhE+lbmHjj3APqaWHaYVgWHyEQ==
-----END CERTIFICATE-----