Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/pOOgKH0s5nHBGRtP863-lJUTjrw.roa
File:                     pOOgKH0s5nHBGRtP863-lJUTjrw.roa (raw, json)
Hash identifier:          bHocGWF0lCjYT9e//9y5VkD9vWnHDevfwIfvJLrLv7U=
Subject key identifier:   A4:E3:A0:28:7D:2C:E6:71:C1:19:1B:4F:F3:AD:FE:94:95:13:8E:BC
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       0192AEDC2906596523E96DD54EA98D20DE67
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/pOOgKH0s5nHBGRtP863-lJUTjrw.roa
Signing time:             Mon 21 Oct 2024 11:35:16 +0000
ROA not before:           Mon 21 Oct 2024 11:35:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        5.178.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ae:dc:29:06:59:65:23:e9:6d:d5:4e:a9:8d:20:de:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Oct 21 11:35:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4e3a0287d2ce671c1191b4ff3adfe9495138ebc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:87:93:78:9a:37:a8:57:21:43:5f:b8:f0:43:
                    ca:0e:55:87:40:ef:bc:7e:00:70:15:6d:fc:8e:1f:
                    0c:2c:02:78:b8:53:eb:ac:78:95:bb:0c:c7:a0:47:
                    1c:ea:63:5c:10:e6:a2:54:f7:ca:2f:d5:30:7a:5b:
                    72:0a:c6:0f:4d:4e:24:6a:66:45:c4:ce:53:7f:66:
                    3e:5a:3a:1e:20:b9:3c:59:ad:5c:09:6f:6d:b3:43:
                    c8:db:3a:9a:a6:17:75:0d:cf:5d:51:27:d2:8b:f9:
                    3b:9e:14:24:f6:a8:73:43:f7:1c:b9:b7:80:c1:3a:
                    f8:14:35:58:fd:08:2d:f7:cb:f2:7f:39:cf:d2:8a:
                    1c:3a:d4:57:2c:2a:08:80:0d:43:44:78:78:75:10:
                    a6:8d:a7:d4:75:24:0e:1b:d8:6a:e4:f3:e5:b5:bb:
                    33:46:fb:3b:7c:ce:19:8a:f8:aa:0a:76:d2:1b:94:
                    95:d0:4c:45:8a:bf:27:eb:0a:2a:a0:9d:54:7d:50:
                    db:48:5c:a4:fa:60:5e:2b:4d:fa:76:65:1c:3d:2d:
                    e3:92:d1:7b:0d:dd:e6:b9:02:19:7a:3c:af:bc:6d:
                    da:f2:58:84:be:38:d5:25:20:1c:bd:c7:16:c4:8a:
                    13:0a:38:31:77:b9:98:e5:4c:03:2c:cc:cf:55:8e:
                    72:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:E3:A0:28:7D:2C:E6:71:C1:19:1B:4F:F3:AD:FE:94:95:13:8E:BC
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/pOOgKH0s5nHBGRtP863-lJUTjrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:86:58:48:f5:b3:dd:7d:76:47:7e:51:8a:30:fe:84:8f:6d:
         20:fa:51:d3:9a:47:42:5d:83:e4:e7:e3:19:45:b2:9e:b7:0a:
         12:8e:1b:1b:16:da:ae:b1:60:0f:21:73:02:1a:9f:4e:e7:49:
         e9:69:10:52:90:a6:f8:bd:d8:c9:91:5a:91:99:31:ec:da:c8:
         fe:a6:c5:55:09:0a:66:34:e3:a6:61:ba:bc:43:e3:bd:4b:80:
         6e:0c:30:fe:74:66:02:df:7c:94:4f:53:d0:2f:7d:67:b2:5c:
         6f:31:99:06:40:9b:2c:01:ef:fa:50:f6:d1:39:42:fd:b0:ed:
         74:f4:40:39:24:2b:5a:6b:12:a8:22:2b:88:6c:e0:ae:56:2d:
         23:0e:23:8f:57:a7:21:11:ea:61:fa:16:9e:7c:c3:93:fb:3e:
         2b:9f:d8:36:4b:fc:b1:a4:4b:8b:3f:6b:69:21:9a:ba:61:aa:
         1a:a8:98:83:44:4a:84:60:68:82:75:45:56:af:0e:e3:92:4d:
         64:5d:ef:cf:5d:76:75:04:3f:d5:32:62:79:9e:91:13:f0:96:
         97:1e:3f:d6:ff:67:77:28:86:46:23:f4:ea:32:13:63:b4:e4:
         85:af:5d:c0:4f:e2:38:0b:01:44:6d:13:82:ba:60:00:a8:4f:
         93:2a:2e:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKu3CkGWWUj6W3VTqmNIN5nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQxMDIxMTEzNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGUzYTAyODdkMmNlNjcxYzExOTFiNGZmM2FkZmU5NDk1MTM4ZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIeTeJo3qFchQ1+48EPKDlWHQO+8
fgBwFW38jh8MLAJ4uFPrrHiVuwzHoEcc6mNcEOaiVPfKL9UweltyCsYPTU4kamZF
xM5Tf2Y+WjoeILk8Wa1cCW9ts0PI2zqaphd1Dc9dUSfSi/k7nhQk9qhzQ/ccubeA
wTr4FDVY/Qgt98vyfznP0oocOtRXLCoIgA1DRHh4dRCmjafUdSQOG9hq5PPltbsz
Rvs7fM4ZiviqCnbSG5SV0ExFir8n6woqoJ1UfVDbSFyk+mBeK036dmUcPS3jktF7
Dd3muQIZejyvvG3a8liEvjjVJSAcvccWxIoTCjgxd7mY5UwDLMzPVY5ytwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTjoCh9LOZxwRkbT/Ot/pSVE468MB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvcE9PZ0tIMHM1bkhCR1J0UDg2My1sSlVUanJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJuMA0G
CSqGSIb3DQEBCwUAA4IBAQBXhlhI9bPdfXZHflGKMP6Ej20g+lHTmkdCXYPk5+MZ
RbKetwoSjhsbFtqusWAPIXMCGp9O50npaRBSkKb4vdjJkVqRmTHs2sj+psVVCQpm
NOOmYbq8Q+O9S4BuDDD+dGYC33yUT1PQL31nslxvMZkGQJssAe/6UPbROUL9sO10
9EA5JCtaaxKoIiuIbOCuVi0jDiOPV6chEeph+haefMOT+z4rn9g2S/yxpEuLP2tp
IZq6YaoaqJiDREqEYGiCdUVWrw7jkk1kXe/PXXZ1BD/VMmJ5npET8JaXHj/W/2d3
KIZGI/TqMhNjtOSFr13AT+I4CwFEbROCumAAqE+TKi7m
-----END CERTIFICATE-----