Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/kd4MY3vg42UmwM8AscLhDJGCJsk.roa
File:                     kd4MY3vg42UmwM8AscLhDJGCJsk.roa (raw, json)
Hash identifier:          AmsAZ/I33yqbSxvRja50KE/4pUsDS2MBz09766OonYo=
Subject key identifier:   91:DE:0C:63:7B:E0:E3:65:26:C0:CF:00:B1:C2:E1:0C:91:82:26:C9
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018CC64B29FB2F6A639323DA2700993D1166
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/kd4MY3vg42UmwM8AscLhDJGCJsk.roa
Signing time:             Mon 01 Jan 2024 18:31:03 +0000
ROA not before:           Mon 01 Jan 2024 18:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198883
IP address blocks:        5.178.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:29:fb:2f:6a:63:93:23:da:27:00:99:3d:11:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  1 18:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91de0c637be0e36526c0cf00b1c2e10c918226c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6c:18:e0:40:67:dd:6e:9b:92:34:61:f0:b0:
                    c9:37:7a:41:3b:43:43:97:2e:e2:27:3b:40:08:23:
                    37:42:04:4d:70:e2:76:95:ed:14:fa:22:b2:03:a9:
                    a3:56:05:0c:6f:06:1c:ae:d6:35:50:23:8b:5c:bc:
                    fe:9b:d8:d1:ff:81:f9:49:e5:9b:90:9d:b8:ae:89:
                    be:11:61:f2:f4:61:1b:43:d3:34:84:4d:b0:98:03:
                    a8:82:79:db:92:34:c3:33:d7:85:02:38:80:e0:df:
                    40:96:5a:f4:6a:9e:4b:80:05:19:bf:d0:4e:27:fa:
                    19:c7:23:f2:f6:60:94:ec:9f:22:dd:3d:7d:5a:cb:
                    fc:82:0f:91:d8:b5:08:44:e4:aa:4f:49:5f:d3:6a:
                    33:bf:1b:53:2d:bc:e6:4b:a6:a0:b6:6a:0e:7d:58:
                    de:e7:5e:00:4c:32:66:65:f1:0c:06:65:ee:86:f8:
                    63:a6:1f:9e:b8:be:66:ff:df:38:6e:5a:43:7e:8f:
                    28:00:aa:15:c2:99:c9:99:a0:70:63:ac:d2:83:24:
                    89:41:2d:8d:f6:68:dc:a8:60:12:d4:45:aa:8d:db:
                    c2:e5:76:74:d6:91:03:df:c8:14:67:c6:f0:9e:a0:
                    44:44:3b:6f:41:65:7c:7b:9c:b5:c6:70:0a:c5:bf:
                    98:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:DE:0C:63:7B:E0:E3:65:26:C0:CF:00:B1:C2:E1:0C:91:82:26:C9
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/kd4MY3vg42UmwM8AscLhDJGCJsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:10:2d:8b:fa:28:2f:79:59:df:b8:cf:40:df:2c:6a:ff:e6:
         15:21:10:f1:d6:fa:14:f1:17:34:6d:3f:19:67:79:d5:e2:86:
         db:03:a2:08:b1:70:96:8b:b4:1d:96:6c:3f:8d:09:7e:1a:9a:
         7b:f1:f7:8a:59:73:9c:57:51:cf:61:4c:fc:bc:2f:d1:f0:cf:
         a9:00:4b:50:86:04:27:92:e5:b3:31:f5:18:31:31:5b:cd:16:
         e9:e7:3b:65:0d:0f:d2:65:12:50:6e:df:f8:6b:38:be:28:bd:
         6f:81:d1:fd:cb:f8:fd:be:bd:75:c3:b2:9d:7b:e1:ab:5a:68:
         d8:c6:e5:41:fd:41:fd:62:3c:7e:33:61:53:07:db:10:16:5f:
         ca:68:26:9b:61:ef:52:4a:4c:a1:8e:e3:f0:28:f6:53:b9:df:
         93:98:20:65:ab:c5:8b:d7:61:bd:83:37:ea:f9:60:ee:aa:11:
         41:6d:a1:0d:a6:ba:50:5c:63:8b:a8:8c:c7:f4:25:5c:ef:0b:
         bb:0b:86:15:68:b8:a3:8c:d6:b2:6d:55:32:9a:a9:59:a8:43:
         f4:16:3d:4d:c7:cf:44:0a:af:db:84:f3:dd:46:06:29:9c:3b:
         d9:2b:70:77:d2:83:24:98:a1:7e:61:9d:2e:04:1b:be:f9:99:
         88:dd:e1:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyn7L2pjkyPaJwCZPRFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwMTAxMTgzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWRlMGM2MzdiZTBlMzY1MjZjMGNmMDBiMWMyZTEwYzkxODIyNmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2wY4EBn3W6bkjRh8LDJN3pBO0ND
ly7iJztACCM3QgRNcOJ2le0U+iKyA6mjVgUMbwYcrtY1UCOLXLz+m9jR/4H5SeWb
kJ24rom+EWHy9GEbQ9M0hE2wmAOognnbkjTDM9eFAjiA4N9Allr0ap5LgAUZv9BO
J/oZxyPy9mCU7J8i3T19Wsv8gg+R2LUIROSqT0lf02ozvxtTLbzmS6agtmoOfVje
514ATDJmZfEMBmXuhvhjph+euL5m/984blpDfo8oAKoVwpnJmaBwY6zSgySJQS2N
9mjcqGAS1EWqjdvC5XZ01pED38gUZ8bwnqBERDtvQWV8e5y1xnAKxb+YfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHeDGN74ONlJsDPALHC4QyRgibJMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEva2Q0TVkzdmc0MlVtd004QXNjTGhESkdDSnNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJlMA0G
CSqGSIb3DQEBCwUAA4IBAQCwEC2L+igveVnfuM9A3yxq/+YVIRDx1voU8Rc0bT8Z
Z3nV4obbA6IIsXCWi7Qdlmw/jQl+Gpp78feKWXOcV1HPYUz8vC/R8M+pAEtQhgQn
kuWzMfUYMTFbzRbp5ztlDQ/SZRJQbt/4azi+KL1vgdH9y/j9vr11w7Kde+GrWmjY
xuVB/UH9Yjx+M2FTB9sQFl/KaCabYe9SSkyhjuPwKPZTud+TmCBlq8WL12G9gzfq
+WDuqhFBbaENprpQXGOLqIzH9CVc7wu7C4YVaLijjNaybVUymqlZqEP0Fj1Nx89E
Cq/bhPPdRgYpnDvZK3B30oMkmKF+YZ0uBBu++ZmI3eFj
-----END CERTIFICATE-----