Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/CSMcbEiyZ0pIF-UKpcjAlOR7M9A.roa
File:                     CSMcbEiyZ0pIF-UKpcjAlOR7M9A.roa (raw, json)
Hash identifier:          naeaxyqQMm8s4S410FL9vIZKi4O1ppq+8fvREiEDnBw=
Subject key identifier:   09:23:1C:6C:48:B2:67:4A:48:17:E5:0A:A5:C8:C0:94:E4:7B:33:D0
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0192C95A650C91E9220ABB5177C6E08C44DD
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/CSMcbEiyZ0pIF-UKpcjAlOR7M9A.roa
Signing time:             Sat 26 Oct 2024 15:03:17 +0000
ROA not before:           Sat 26 Oct 2024 15:03:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214438
IP address blocks:        5.178.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c9:5a:65:0c:91:e9:22:0a:bb:51:77:c6:e0:8c:44:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Oct 26 15:03:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09231c6c48b2674a4817e50aa5c8c094e47b33d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:09:42:39:42:bb:99:62:40:63:08:40:7d:fc:
                    56:74:15:a3:d7:6a:41:c3:9f:b1:53:9e:49:b0:48:
                    c2:85:22:0e:63:5b:93:1b:21:fc:e5:d5:28:d1:07:
                    00:cd:15:18:43:82:d1:ec:64:10:57:18:aa:dd:1d:
                    af:60:9d:6b:7b:1c:a5:e7:d7:4e:36:00:2b:ed:04:
                    19:a4:d3:c4:33:db:41:cf:cb:30:4b:34:57:07:4d:
                    fb:97:f1:32:46:86:ad:0c:99:73:8d:8d:3c:55:60:
                    e0:82:b5:b8:36:94:8b:fe:1e:13:17:2d:7b:53:51:
                    23:da:8c:e0:d4:a2:a8:a2:1e:d9:df:02:68:cb:c8:
                    6a:d6:6a:5a:c9:65:43:57:dd:25:93:ac:46:84:10:
                    8e:bb:61:27:43:83:ec:d7:bb:08:1b:2e:0a:74:de:
                    4d:8d:fc:d6:11:0a:77:e3:24:67:0a:94:aa:2d:c6:
                    2b:12:2b:d4:95:26:b9:9f:80:63:22:12:b3:ff:3c:
                    57:94:8d:02:3e:2d:21:73:14:a2:9e:a7:f3:aa:d7:
                    a6:d3:77:55:70:13:7a:18:23:12:6b:af:8f:de:54:
                    24:87:f2:74:88:5f:1a:a5:75:2a:7a:e1:cf:32:c4:
                    44:bf:31:52:08:80:c9:20:1e:95:82:b6:56:df:35:
                    11:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:23:1C:6C:48:B2:67:4A:48:17:E5:0A:A5:C8:C0:94:E4:7B:33:D0
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/CSMcbEiyZ0pIF-UKpcjAlOR7M9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:a6:40:76:d6:de:bc:26:50:7c:71:a9:1a:76:ed:cc:2b:ad:
         26:4b:85:0c:64:19:8a:0a:f8:b4:aa:22:1d:ce:78:d1:f2:06:
         07:fd:a9:04:ae:c3:c3:53:04:57:8a:c9:42:dc:3b:22:79:97:
         df:69:30:bd:93:6c:af:32:a7:2f:23:36:f7:8d:bc:17:6d:85:
         b8:09:d2:c3:41:05:2f:70:9f:2f:11:21:bc:ee:b5:6f:49:9e:
         1f:9c:d3:cc:ac:19:01:45:fb:48:10:72:57:b2:4a:4b:97:f6:
         f1:a1:73:e2:eb:9c:20:b5:e5:27:e1:b4:d8:36:33:68:75:8a:
         f0:e6:9e:66:80:f1:4a:58:c7:93:ec:8b:66:df:c5:3c:94:53:
         38:9d:f1:9f:13:d2:7c:a0:19:67:74:1c:5f:53:28:5c:11:62:
         36:16:92:70:dd:72:82:2c:d6:98:ae:97:1f:c9:c1:6f:d3:4b:
         97:d2:c2:f8:5a:d9:a7:77:3f:bd:c8:52:de:fb:b1:e5:76:ae:
         a4:5f:44:fc:cb:f8:d0:39:48:43:fe:3a:21:b9:bf:ef:b7:e2:
         f7:0f:ec:83:d7:e0:9e:fe:d0:69:d9:5e:e0:98:fe:19:6d:f6:
         b0:d4:48:bf:a4:f8:12:84:36:ed:93:85:b9:b5:2d:dd:02:82:
         54:80:cc:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLJWmUMkekiCrtRd8bgjETdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQxMDI2MTUwMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTIzMWM2YzQ4YjI2NzRhNDgxN2U1MGFhNWM4YzA5NGU0N2IzM2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAlCOUK7mWJAYwhAffxWdBWj12pB
w5+xU55JsEjChSIOY1uTGyH85dUo0QcAzRUYQ4LR7GQQVxiq3R2vYJ1rexyl59dO
NgAr7QQZpNPEM9tBz8swSzRXB037l/EyRoatDJlzjY08VWDggrW4NpSL/h4TFy17
U1Ej2ozg1KKooh7Z3wJoy8hq1mpayWVDV90lk6xGhBCOu2EnQ4Ps17sIGy4KdN5N
jfzWEQp34yRnCpSqLcYrEivUlSa5n4BjIhKz/zxXlI0CPi0hcxSinqfzqtem03dV
cBN6GCMSa6+P3lQkh/J0iF8apXUqeuHPMsREvzFSCIDJIB6VgrZW3zUR0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkjHGxIsmdKSBflCqXIwJTkezPQMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvQ1NNY2JFaXlaMHBJRi1VS3BjakFsT1I3TTlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJuMA0G
CSqGSIb3DQEBCwUAA4IBAQBepkB21t68JlB8cakadu3MK60mS4UMZBmKCvi0qiId
znjR8gYH/akErsPDUwRXislC3DsieZffaTC9k2yvMqcvIzb3jbwXbYW4CdLDQQUv
cJ8vESG87rVvSZ4fnNPMrBkBRftIEHJXskpLl/bxoXPi65wgteUn4bTYNjNodYrw
5p5mgPFKWMeT7Itm38U8lFM4nfGfE9J8oBlndBxfUyhcEWI2FpJw3XKCLNaYrpcf
ycFv00uX0sL4Wtmndz+9yFLe+7Hldq6kX0T8y/jQOUhD/johub/vt+L3D+yD1+Ce
/tBp2V7gmP4Zbfaw1Ei/pPgShDbtk4W5tS3dAoJUgMzS
-----END CERTIFICATE-----