Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/bYPhc6H100LrtmLB4gh--Cv6TrA.roa
File:                     bYPhc6H100LrtmLB4gh--Cv6TrA.roa (raw, json)
Hash identifier:          Xc+Z472nOSo3puRMOmwuSg2L1bY8EUuL3o8InsOF7zs=
Subject key identifier:   6D:83:E1:73:A1:F5:D3:42:EB:B6:62:C1:E2:08:7E:F8:2B:FA:4E:B0
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018DFB4D10A298581F08CB9B945AEEE96BD4
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/bYPhc6H100LrtmLB4gh--Cv6TrA.roa
Signing time:             Fri 01 Mar 2024 18:35:48 +0000
ROA not before:           Fri 01 Mar 2024 18:35:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215391
IP address blocks:        5.178.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fb:4d:10:a2:98:58:1f:08:cb:9b:94:5a:ee:e9:6b:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Mar  1 18:35:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d83e173a1f5d342ebb662c1e2087ef82bfa4eb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8c:19:85:70:5b:85:98:fa:02:15:50:59:96:
                    d2:22:30:a0:ba:d0:bc:1e:4f:21:bd:ce:39:ce:de:
                    70:80:d8:13:a7:fb:a8:11:3a:0a:fe:af:72:b9:d3:
                    f8:12:d8:5f:15:93:18:f8:e5:0d:dc:2f:c5:d1:ec:
                    60:86:f8:24:74:02:56:87:d0:02:c7:36:09:b6:a8:
                    6b:6c:71:da:f5:5d:ba:9c:6f:b6:88:b7:1f:7f:a8:
                    71:ef:a4:34:78:52:b5:2b:9d:86:87:37:a4:8d:47:
                    15:f0:d4:fe:02:7a:c9:64:31:f8:7b:8a:26:0d:20:
                    82:51:45:41:6f:d1:b0:f0:61:d4:70:02:db:02:28:
                    49:a2:59:2e:b4:f3:dc:c9:63:40:2b:c0:08:ec:f2:
                    6a:4e:32:14:ae:17:5a:93:c1:38:6c:bb:ad:42:5c:
                    bc:dd:58:8d:06:b8:03:fa:ae:d7:cf:d5:5c:c4:d6:
                    3a:56:8b:a5:65:31:d0:42:8a:34:2c:cd:76:31:df:
                    ea:42:aa:47:0a:00:0d:e0:f1:c7:83:a9:46:30:6d:
                    cb:41:90:d4:10:2f:38:b3:bf:dc:a1:a0:18:e7:09:
                    4d:0b:c9:f8:b2:e8:f6:67:c6:4f:c0:04:97:81:14:
                    6c:9f:01:fa:d9:bb:14:96:d0:2e:01:8e:e4:fb:ce:
                    61:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:83:E1:73:A1:F5:D3:42:EB:B6:62:C1:E2:08:7E:F8:2B:FA:4E:B0
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/bYPhc6H100LrtmLB4gh--Cv6TrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:e2:f1:16:ff:8d:2d:d9:47:0b:6d:19:d2:b8:56:77:83:84:
         98:45:aa:a5:97:5f:be:c9:a5:e0:6b:60:54:ae:70:ef:aa:72:
         9e:c7:09:6a:eb:19:47:50:df:0a:08:da:f6:5d:3b:c8:b7:9e:
         64:ca:61:1a:e6:b3:6f:6c:a9:e5:03:0f:41:03:16:31:02:5a:
         fe:74:5b:40:c5:ac:54:74:8f:24:61:fa:66:6e:e8:78:f3:5b:
         4f:37:af:00:b1:6b:20:e5:a5:57:cc:ce:c9:1b:0a:bc:4c:3a:
         fd:50:66:30:9b:91:32:c5:3e:2f:a3:19:51:d8:c2:f1:1d:df:
         9d:cd:16:a1:ca:b0:01:45:8a:46:7a:ef:d6:ba:09:a0:70:e1:
         3b:1b:91:35:80:38:54:99:31:00:23:fd:d5:14:87:49:c5:30:
         59:54:ca:59:a4:9e:6e:4d:54:1d:91:50:1c:ad:68:70:ec:78:
         9d:cb:12:17:47:2a:61:fc:a3:67:03:36:3c:6c:dc:b8:39:b9:
         62:34:fd:85:e1:9e:99:32:21:f4:05:71:ac:30:28:33:3d:8f:
         7a:68:97:6f:6c:f6:21:56:91:85:fd:ca:42:7f:e3:4f:d1:4f:
         a5:51:d8:e0:8c:ae:8c:ae:77:9d:53:b7:d5:56:73:5d:86:15:
         46:20:b9:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY37TRCimFgfCMublFru6WvUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwMzAxMTgzNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDgzZTE3M2ExZjVkMzQyZWJiNjYyYzFlMjA4N2VmODJiZmE0ZWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApowZhXBbhZj6AhVQWZbSIjCgutC8
Hk8hvc45zt5wgNgTp/uoEToK/q9yudP4EthfFZMY+OUN3C/F0exghvgkdAJWh9AC
xzYJtqhrbHHa9V26nG+2iLcff6hx76Q0eFK1K52GhzekjUcV8NT+AnrJZDH4e4om
DSCCUUVBb9Gw8GHUcALbAihJolkutPPcyWNAK8AI7PJqTjIUrhdak8E4bLutQly8
3ViNBrgD+q7Xz9VcxNY6VoulZTHQQoo0LM12Md/qQqpHCgAN4PHHg6lGMG3LQZDU
EC84s7/coaAY5wlNC8n4suj2Z8ZPwASXgRRsnwH62bsUltAuAY7k+85hBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2D4XOh9dNC67ZiweIIfvgr+k6wMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvYllQaGM2SDEwMExydG1MQjRnaC0tQ3Y2VHJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJiMA0G
CSqGSIb3DQEBCwUAA4IBAQC74vEW/40t2UcLbRnSuFZ3g4SYRaqll1++yaXga2BU
rnDvqnKexwlq6xlHUN8KCNr2XTvIt55kymEa5rNvbKnlAw9BAxYxAlr+dFtAxaxU
dI8kYfpmbuh481tPN68AsWsg5aVXzM7JGwq8TDr9UGYwm5EyxT4voxlR2MLxHd+d
zRahyrABRYpGeu/WugmgcOE7G5E1gDhUmTEAI/3VFIdJxTBZVMpZpJ5uTVQdkVAc
rWhw7HidyxIXRyph/KNnAzY8bNy4ObliNP2F4Z6ZMiH0BXGsMCgzPY96aJdvbPYh
VpGF/cpCf+NP0U+lUdjgjK6MrnedU7fVVnNdhhVGILlz
-----END CERTIFICATE-----