Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/NPCaftaIrCkyME2X3fts7WK8VxI.roa
File:                     NPCaftaIrCkyME2X3fts7WK8VxI.roa (raw, json)
Hash identifier:          H2rdrKskrWNcsryBLF4OZcA25k5K2DzuaBQHkzCfPmk=
Subject key identifier:   34:F0:9A:7E:D6:88:AC:29:32:30:4D:97:DD:FB:6C:ED:62:BC:57:12
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018CCBD27C263C816747296FD3552A4B794A
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/NPCaftaIrCkyME2X3fts7WK8VxI.roa
Signing time:             Tue 02 Jan 2024 20:16:58 +0000
ROA not before:           Tue 02 Jan 2024 20:16:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201364
IP address blocks:        5.144.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cb:d2:7c:26:3c:81:67:47:29:6f:d3:55:2a:4b:79:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  2 20:16:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34f09a7ed688ac2932304d97ddfb6ced62bc5712
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0a:52:7d:54:3f:2a:35:fd:c8:a3:a6:64:90:
                    9d:4f:b8:e6:60:83:df:d0:27:c7:ce:f5:01:8f:6d:
                    d3:f3:9b:58:2c:7e:13:4e:23:c2:af:1a:67:e3:ca:
                    1b:92:97:57:04:2b:d9:e1:76:1e:55:ea:c7:8a:db:
                    56:f9:59:b5:aa:99:9a:e0:64:26:44:90:f2:b7:47:
                    27:db:ba:88:89:8f:da:ca:d7:df:51:b8:fe:d8:20:
                    ea:ed:03:ce:ba:ba:f7:b7:df:41:a1:f7:10:43:87:
                    2d:c3:25:5f:dc:c1:8b:63:ad:d1:9f:c9:ac:9f:c6:
                    33:4e:78:df:50:81:e3:1f:bd:d7:b9:17:5a:6d:3f:
                    d3:70:d0:7c:10:33:3d:42:ab:4c:08:de:e2:4b:32:
                    2b:89:e5:34:40:77:c7:fb:64:3b:95:88:97:fd:0e:
                    f7:26:de:e4:15:62:65:af:c1:a9:70:89:6a:99:fd:
                    eb:6c:23:3c:29:4c:55:34:1f:be:e5:23:f4:ef:e1:
                    6b:46:07:60:99:61:a5:4b:90:b8:0f:33:bc:e0:f4:
                    c8:c8:11:f2:ae:4d:03:3d:af:2f:8a:41:93:eb:5f:
                    6b:52:57:5a:1b:6f:6e:1f:25:45:11:23:9e:fd:9f:
                    4d:86:69:d9:b4:e7:a4:bd:6f:35:9e:05:e4:ec:8d:
                    76:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:F0:9A:7E:D6:88:AC:29:32:30:4D:97:DD:FB:6C:ED:62:BC:57:12
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/NPCaftaIrCkyME2X3fts7WK8VxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:9b:c7:4b:ce:e3:b8:49:f2:71:46:0b:b9:fa:00:52:1e:bb:
         ec:50:6e:e6:a2:ff:57:33:7b:57:80:2a:e9:16:e2:c1:8c:3e:
         fb:95:38:33:f4:a1:6d:76:bf:25:36:4b:b7:5f:61:8f:53:b8:
         c3:26:a4:bf:88:9b:91:46:94:68:00:51:52:65:81:5a:a7:38:
         9e:ef:22:80:2b:4f:35:63:63:1c:9c:dc:3f:60:7f:52:d5:19:
         e3:f6:e8:b6:43:48:d4:df:39:d7:4a:40:91:fa:19:b8:3c:e1:
         af:3e:00:1b:b8:6b:e6:a8:f9:ea:fd:35:25:c8:00:53:68:92:
         85:22:48:23:91:42:a8:04:eb:f2:65:58:1e:d8:62:6c:2d:fb:
         f8:d6:1e:58:24:db:c5:c6:47:3f:5d:db:7b:59:25:d8:8d:1e:
         5f:25:be:7f:b4:b1:6b:af:0e:06:ec:8a:5f:07:91:f8:92:d6:
         49:6f:90:70:2d:cd:55:3b:be:5f:35:5c:fd:0e:61:5c:fa:ff:
         ba:64:92:ba:c9:d1:48:40:5c:a1:42:2c:7d:79:12:55:2d:1d:
         e2:43:d6:df:8c:a9:d0:15:1c:02:1c:20:27:d7:09:2c:a7:51:
         64:76:bf:a3:d5:b4:d2:65:ac:ae:f9:c8:fe:90:a4:a0:ac:80:
         85:0f:e0:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzL0nwmPIFnRylv01UqS3lKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwMTAyMjAxNjU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGYwOWE3ZWQ2ODhhYzI5MzIzMDRkOTdkZGZiNmNlZDYyYmM1NzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQpSfVQ/KjX9yKOmZJCdT7jmYIPf
0CfHzvUBj23T85tYLH4TTiPCrxpn48obkpdXBCvZ4XYeVerHittW+Vm1qpma4GQm
RJDyt0cn27qIiY/aytffUbj+2CDq7QPOurr3t99BofcQQ4ctwyVf3MGLY63Rn8ms
n8YzTnjfUIHjH73XuRdabT/TcNB8EDM9QqtMCN7iSzIrieU0QHfH+2Q7lYiX/Q73
Jt7kFWJlr8GpcIlqmf3rbCM8KUxVNB++5SP07+FrRgdgmWGlS5C4DzO84PTIyBHy
rk0DPa8vikGT619rUldaG29uHyVFESOe/Z9NhmnZtOekvW81ngXk7I12jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTwmn7WiKwpMjBNl937bO1ivFcSMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvTlBDYWZ0YUlyQ2t5TUUyWDNmdHM3V0s4VnhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZC2MA0G
CSqGSIb3DQEBCwUAA4IBAQApm8dLzuO4SfJxRgu5+gBSHrvsUG7mov9XM3tXgCrp
FuLBjD77lTgz9KFtdr8lNku3X2GPU7jDJqS/iJuRRpRoAFFSZYFapzie7yKAK081
Y2McnNw/YH9S1Rnj9ui2Q0jU3znXSkCR+hm4POGvPgAbuGvmqPnq/TUlyABTaJKF
IkgjkUKoBOvyZVge2GJsLfv41h5YJNvFxkc/Xdt7WSXYjR5fJb5/tLFrrw4G7Ipf
B5H4ktZJb5BwLc1VO75fNVz9DmFc+v+6ZJK6ydFIQFyhQix9eRJVLR3iQ9bfjKnQ
FRwCHCAn1wksp1Fkdr+j1bTSZayu+cj+kKSgrICFD+AO
-----END CERTIFICATE-----