Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/5LD5K8e_2H5l4wEDoeDCYoqqD9c.roa
File:                     5LD5K8e_2H5l4wEDoeDCYoqqD9c.roa (raw, json)
Hash identifier:          nkgUt3D1tUvTMdiws5xQ/kZhLwWZcbe/RUC5U/ZVsvU=
Subject key identifier:   E4:B0:F9:2B:C7:BF:D8:7E:65:E3:01:03:A1:E0:C2:62:8A:AA:0F:D7
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       01912D980B577E65C8871AF56812195789AE
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/5LD5K8e_2H5l4wEDoeDCYoqqD9c.roa
Signing time:             Wed 07 Aug 2024 16:07:04 +0000
ROA not before:           Wed 07 Aug 2024 16:07:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     140641
IP address blocks:        5.178.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2d:98:0b:57:7e:65:c8:87:1a:f5:68:12:19:57:89:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Aug  7 16:07:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4b0f92bc7bfd87e65e30103a1e0c2628aaa0fd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d3:3d:ab:a8:29:6c:8c:dc:de:70:25:35:fa:
                    e1:02:18:37:be:81:94:08:3e:99:28:41:6f:d5:5b:
                    ad:43:95:c5:e8:52:cb:29:6a:0a:07:28:c1:fe:ef:
                    e5:7c:c2:3f:ab:d0:6f:e5:6e:4c:72:67:69:89:29:
                    3c:94:9a:8e:00:ea:47:e2:bd:0c:ac:46:5b:72:69:
                    fa:c9:5a:67:9e:92:6b:f1:5d:1e:92:16:49:1d:38:
                    aa:d3:84:17:64:40:87:de:d8:ca:f7:3b:f9:3a:d8:
                    04:73:9e:92:f6:fd:0a:13:09:2f:3a:56:b2:d2:fb:
                    db:f9:2a:78:e5:90:47:1b:19:a6:28:48:f7:95:82:
                    ef:f6:6d:8a:37:e4:b6:4e:71:af:27:5b:a2:49:53:
                    a7:56:5e:cb:d8:d9:d8:c6:c8:10:7f:04:95:4c:8e:
                    aa:df:85:92:29:85:d9:8d:84:cc:0d:6c:6e:98:6d:
                    eb:b3:49:0d:1b:9f:f2:5d:4c:62:e4:e5:41:ee:97:
                    c3:ff:c0:f9:f7:96:00:99:55:66:a8:37:c4:4f:e0:
                    fc:57:b5:2a:33:1a:3f:4c:4c:a6:9e:57:b7:31:1b:
                    72:48:7e:61:66:bb:a2:22:ab:03:af:fd:e7:22:bd:
                    55:be:e9:4f:22:54:d9:2e:87:f3:53:6a:61:15:95:
                    83:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:B0:F9:2B:C7:BF:D8:7E:65:E3:01:03:A1:E0:C2:62:8A:AA:0F:D7
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/5LD5K8e_2H5l4wEDoeDCYoqqD9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:f8:d4:2c:2d:3a:77:2e:34:6a:d0:56:f7:f7:c8:dd:d4:ae:
         cc:7d:00:46:62:ff:e1:7d:0d:70:f1:85:0d:30:2d:91:1b:d0:
         39:90:f6:d2:e9:fd:c6:7a:26:60:06:19:5b:18:8e:a0:68:05:
         9a:70:58:cd:3f:f3:af:b0:31:5a:4a:d1:ae:71:2d:a7:39:17:
         74:ae:a1:17:f0:a0:fd:28:d0:94:48:4c:9b:b0:34:b0:94:73:
         fd:2a:90:1c:7c:09:25:3e:fc:11:a2:37:11:a4:0e:32:51:3b:
         9c:b4:70:cc:7c:0a:66:a2:69:d1:a6:fe:85:6d:86:7a:4e:5a:
         ca:93:46:ab:3d:fa:9a:8b:2b:28:27:96:ab:c8:e0:77:cd:53:
         b9:47:ab:74:88:42:f8:bd:92:27:6b:e9:7a:d5:e2:7a:58:64:
         fb:65:cf:c0:5e:3e:95:5b:de:64:26:c8:c3:8f:21:fe:93:73:
         5a:ee:01:1f:f0:bd:33:96:f4:bd:ab:1c:ca:e3:f3:38:56:9f:
         46:cd:b9:56:ba:c6:72:7e:ed:8d:08:81:05:62:4b:d8:cc:57:
         7f:36:3a:d3:ec:3b:1c:8d:8d:a5:5f:cc:c7:42:8d:a8:58:23:
         ce:89:35:01:c6:61:a3:6c:52:5a:9f:b3:ef:46:94:e3:85:31:
         8e:da:dd:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEtmAtXfmXIhxr1aBIZV4muMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwODA3MTYwNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGIwZjkyYmM3YmZkODdlNjVlMzAxMDNhMWUwYzI2MjhhYWEwZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtM9q6gpbIzc3nAlNfrhAhg3voGU
CD6ZKEFv1VutQ5XF6FLLKWoKByjB/u/lfMI/q9Bv5W5McmdpiSk8lJqOAOpH4r0M
rEZbcmn6yVpnnpJr8V0ekhZJHTiq04QXZECH3tjK9zv5OtgEc56S9v0KEwkvOlay
0vvb+Sp45ZBHGxmmKEj3lYLv9m2KN+S2TnGvJ1uiSVOnVl7L2NnYxsgQfwSVTI6q
34WSKYXZjYTMDWxumG3rs0kNG5/yXUxi5OVB7pfD/8D595YAmVVmqDfET+D8V7Uq
Mxo/TEymnle3MRtySH5hZruiIqsDr/3nIr1VvulPIlTZLofzU2phFZWDzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSw+SvHv9h+ZeMBA6HgwmKKqg/XMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvNUxENUs4ZV8ySDVsNHdFRG9lRENZb3FxRDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJiMA0G
CSqGSIb3DQEBCwUAA4IBAQCS+NQsLTp3LjRq0Fb398jd1K7MfQBGYv/hfQ1w8YUN
MC2RG9A5kPbS6f3GeiZgBhlbGI6gaAWacFjNP/OvsDFaStGucS2nORd0rqEX8KD9
KNCUSEybsDSwlHP9KpAcfAklPvwRojcRpA4yUTuctHDMfApmomnRpv6FbYZ6TlrK
k0arPfqaiysoJ5aryOB3zVO5R6t0iEL4vZIna+l61eJ6WGT7Zc/AXj6VW95kJsjD
jyH+k3Na7gEf8L0zlvS9qxzK4/M4Vp9GzblWusZyfu2NCIEFYkvYzFd/NjrT7Dsc
jY2lX8zHQo2oWCPOiTUBxmGjbFJan7PvRpTjhTGO2t3S
-----END CERTIFICATE-----