Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ZSmLLNX5-dwbYjVvGKMDLys0bz4.roa
File:                     ZSmLLNX5-dwbYjVvGKMDLys0bz4.roa (raw, json)
Hash identifier:          VCaZQoHwXgJp2SdugF32SQxO+w0NCW/f343xYj5olHw=
Subject key identifier:   65:29:8B:2C:D5:F9:F9:DC:1B:62:35:6F:18:A3:03:2F:2B:34:6F:3E
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       01909BD7438F6385C503B04598339F247BFD
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ZSmLLNX5-dwbYjVvGKMDLys0bz4.roa
Signing time:             Wed 10 Jul 2024 08:51:34 +0000
ROA not before:           Wed 10 Jul 2024 08:51:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214991
IP address blocks:        5.178.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9b:d7:43:8f:63:85:c5:03:b0:45:98:33:9f:24:7b:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jul 10 08:51:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65298b2cd5f9f9dc1b62356f18a3032f2b346f3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:08:37:3c:cf:26:65:f6:20:ff:1b:00:4d:6b:
                    eb:a8:2c:28:b2:85:04:70:e2:e3:e4:0a:57:97:3d:
                    e5:ed:4e:8b:54:ab:0a:eb:9f:ba:59:46:ee:2b:ed:
                    c2:4c:23:f1:6c:b5:cd:af:69:76:2c:11:79:83:61:
                    d0:8e:d6:30:37:6c:85:02:4b:54:6b:46:1b:55:66:
                    c4:54:57:4d:ef:74:ff:5f:32:cb:16:41:80:10:32:
                    a8:d6:63:a6:a4:9d:d8:d4:46:68:33:d5:1c:01:b0:
                    9c:a4:26:ee:7e:e4:ad:a7:e4:d9:75:47:90:45:ed:
                    3e:78:9a:5d:5a:f8:26:af:4d:78:02:22:8e:ed:2e:
                    a6:b4:cb:78:82:a3:c1:c7:e7:77:9d:ee:de:75:bd:
                    34:e4:41:5e:f4:2c:01:f7:59:33:4b:49:6d:bc:09:
                    5b:43:22:33:30:ba:5c:31:ab:02:72:3b:80:02:5d:
                    1a:d8:0f:64:84:93:85:52:b1:d2:af:8a:24:d9:6c:
                    bf:7b:d4:f9:1b:65:d5:ef:10:01:12:55:ad:2b:d6:
                    1a:45:61:a3:5b:ba:0a:ed:0b:25:45:5c:fe:d5:3b:
                    f5:0b:ff:98:9b:fc:bb:02:fe:43:f8:d9:f8:58:fc:
                    86:52:6e:dd:24:1b:fc:7f:09:ff:2d:70:83:6d:7c:
                    0d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:29:8B:2C:D5:F9:F9:DC:1B:62:35:6F:18:A3:03:2F:2B:34:6F:3E
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ZSmLLNX5-dwbYjVvGKMDLys0bz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:1c:5e:14:41:cf:29:1e:b0:c1:ea:de:21:3f:a7:a9:16:44:
         b2:f0:af:74:73:8e:29:a3:94:f9:a8:ef:5b:48:d0:2d:d6:90:
         1d:e8:f8:c2:ad:13:e0:9c:1c:0e:3d:f5:fe:1f:05:5a:57:99:
         80:3c:bb:62:55:e5:8c:66:f2:9d:94:a3:2b:4d:15:08:8a:06:
         a0:6c:e1:e3:4d:83:8e:43:78:dc:ff:e4:4d:f1:d4:c9:6d:89:
         ee:a1:42:b3:6e:65:21:b2:d1:d8:28:b3:9c:f7:24:6a:38:31:
         0a:35:0e:6f:42:96:a0:16:7d:e7:b2:dc:a6:66:8a:47:7a:8d:
         fb:c5:c3:6e:e3:99:09:83:83:4c:ae:82:35:5c:11:b4:e2:6e:
         57:24:c8:82:38:cc:30:6b:0e:80:ea:57:dc:cd:3f:cd:be:d4:
         79:bc:09:d0:9b:1d:47:de:72:5f:3f:16:21:95:ad:7a:48:a3:
         9c:14:8d:41:e9:22:fa:31:70:dc:61:0c:a9:d8:31:f9:a1:99:
         f0:27:88:24:72:58:00:52:30:56:44:89:72:20:87:c7:73:a2:
         d5:e4:af:4b:f8:86:bb:36:7b:a2:38:15:bf:5c:c1:79:f6:26:
         7c:bb:28:5c:b2:1e:4a:30:a3:26:19:09:a0:89:b4:5c:78:40:
         4b:ef:07:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCb10OPY4XFA7BFmDOfJHv9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwNzEwMDg1MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTI5OGIyY2Q1ZjlmOWRjMWI2MjM1NmYxOGEzMDMyZjJiMzQ2ZjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngg3PM8mZfYg/xsATWvrqCwosoUE
cOLj5ApXlz3l7U6LVKsK65+6WUbuK+3CTCPxbLXNr2l2LBF5g2HQjtYwN2yFAktU
a0YbVWbEVFdN73T/XzLLFkGAEDKo1mOmpJ3Y1EZoM9UcAbCcpCbufuStp+TZdUeQ
Re0+eJpdWvgmr014AiKO7S6mtMt4gqPBx+d3ne7edb005EFe9CwB91kzS0ltvAlb
QyIzMLpcMasCcjuAAl0a2A9khJOFUrHSr4ok2Wy/e9T5G2XV7xABElWtK9YaRWGj
W7oK7QslRVz+1Tv1C/+Ym/y7Av5D+Nn4WPyGUm7dJBv8fwn/LXCDbXwNwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGUpiyzV+fncG2I1bxijAy8rNG8+MB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvWlNtTExOWDUtZHdiWWpWdkdLTURMeXMwYno0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJgMA0G
CSqGSIb3DQEBCwUAA4IBAQAkHF4UQc8pHrDB6t4hP6epFkSy8K90c44po5T5qO9b
SNAt1pAd6PjCrRPgnBwOPfX+HwVaV5mAPLtiVeWMZvKdlKMrTRUIigagbOHjTYOO
Q3jc/+RN8dTJbYnuoUKzbmUhstHYKLOc9yRqODEKNQ5vQpagFn3nstymZopHeo37
xcNu45kJg4NMroI1XBG04m5XJMiCOMwwaw6A6lfczT/NvtR5vAnQmx1H3nJfPxYh
la16SKOcFI1B6SL6MXDcYQyp2DH5oZnwJ4gkclgAUjBWRIlyIIfHc6LV5K9L+Ia7
NnuiOBW/XMF59iZ8uyhcsh5KMKMmGQmgibRceEBL7wd1
-----END CERTIFICATE-----