Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/pqEYEw2ePkXLkvGDjL-6lDzl-K0.roa
File:                     pqEYEw2ePkXLkvGDjL-6lDzl-K0.roa (raw, json)
Hash identifier:          WNGVeENbECGq9jdKNsaUrL2RGWTuDnyFwSOnADv5h3s=
Subject key identifier:   A6:A1:18:13:0D:9E:3E:45:CB:92:F1:83:8C:BF:BA:94:3C:E5:F8:AD
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018CC64B28784C0B42C0C621017E6DA33489
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/pqEYEw2ePkXLkvGDjL-6lDzl-K0.roa
Signing time:             Mon 01 Jan 2024 18:31:03 +0000
ROA not before:           Mon 01 Jan 2024 18:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44547
IP address blocks:        5.178.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:28:78:4c:0b:42:c0:c6:21:01:7e:6d:a3:34:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  1 18:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6a118130d9e3e45cb92f1838cbfba943ce5f8ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:1d:25:9c:59:18:d9:22:2d:ac:7d:2a:45:b2:
                    9d:cf:09:4d:67:fc:94:2d:d8:74:d5:ee:a5:92:26:
                    60:18:a1:1b:9e:4a:dc:e4:5b:7a:13:a1:5a:6b:af:
                    4f:23:36:9d:64:24:68:e6:0d:07:d0:eb:e5:13:1f:
                    74:f7:36:7d:a6:34:59:b6:21:ad:d9:04:a1:7d:b2:
                    59:4a:01:6c:4c:d8:fa:6f:76:08:26:16:1d:e5:26:
                    e5:c5:d1:1f:9e:ca:c6:ae:c6:51:d1:9c:76:11:b4:
                    3b:c2:4b:d0:1e:ba:73:75:5f:9c:d3:02:70:bd:10:
                    11:5d:d1:5c:52:6a:5e:3a:cd:cb:74:17:bf:00:7c:
                    3a:58:94:1a:00:37:5e:33:37:ec:ad:8f:f6:c3:68:
                    ca:bd:85:23:09:57:2c:51:f3:fc:c6:81:b0:e0:3f:
                    8a:08:04:9f:79:a3:c4:84:43:d6:fb:10:24:c3:b0:
                    ee:9e:93:47:88:e2:71:6a:5d:d2:38:0c:1e:95:43:
                    cc:0e:6a:05:82:73:a7:fb:ef:ca:dc:14:65:fe:9a:
                    0f:15:55:99:d4:07:1d:99:20:66:65:c9:1d:65:7c:
                    86:31:95:d7:30:3a:3d:37:c6:cf:6d:d3:15:24:ec:
                    72:96:69:b4:b0:f2:9a:9b:0c:f9:cc:8a:08:60:c0:
                    dc:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:A1:18:13:0D:9E:3E:45:CB:92:F1:83:8C:BF:BA:94:3C:E5:F8:AD
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/pqEYEw2ePkXLkvGDjL-6lDzl-K0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:53:5c:30:ee:ff:f9:f5:a6:61:76:37:4f:e7:a2:2e:3e:2a:
         d2:4e:8f:5a:d8:bf:55:2d:9b:86:e5:11:b6:16:4a:5a:66:e5:
         ce:28:d5:83:ac:41:91:29:4d:3f:b0:ba:46:b7:e5:4a:9a:c6:
         83:38:78:62:77:5b:ee:e0:76:28:3c:9c:90:10:da:bc:16:a6:
         26:04:07:9b:cb:78:e3:c3:d5:ad:22:38:9e:dd:20:4f:63:0e:
         ea:41:2b:8f:6a:f1:dd:68:67:a7:08:52:de:0d:98:31:b6:7e:
         bf:19:4c:a8:30:e0:6c:ad:24:6a:77:b1:44:cf:97:74:2f:6c:
         9f:93:d2:06:19:b0:54:34:72:17:c5:00:e7:62:a3:9c:58:96:
         f4:9f:f5:bf:5f:f2:aa:99:2e:f3:e4:72:20:24:96:0b:79:6c:
         2b:c6:36:32:f5:7c:2f:08:92:0e:ba:fe:69:8e:31:a5:5d:31:
         d4:ef:b6:8c:2e:a5:07:42:81:8b:1f:f8:4f:c8:30:84:3a:f8:
         d7:fd:52:8c:56:5f:c1:f2:c9:9f:78:8e:9e:7f:96:5b:3b:e3:
         11:36:fc:a5:33:91:0e:ca:0a:38:12:3d:78:ed:f5:7b:16:1d:
         87:7b:5a:52:79:cc:ed:59:82:e9:91:61:4c:41:b9:6b:a9:f5:
         fd:2d:7d:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSyh4TAtCwMYhAX5tozSJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwMTAxMTgzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmExMTgxMzBkOWUzZTQ1Y2I5MmYxODM4Y2JmYmE5NDNjZTVmOGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkx0lnFkY2SItrH0qRbKdzwlNZ/yU
Ldh01e6lkiZgGKEbnkrc5Ft6E6Faa69PIzadZCRo5g0H0OvlEx909zZ9pjRZtiGt
2QShfbJZSgFsTNj6b3YIJhYd5SblxdEfnsrGrsZR0Zx2EbQ7wkvQHrpzdV+c0wJw
vRARXdFcUmpeOs3LdBe/AHw6WJQaADdeMzfsrY/2w2jKvYUjCVcsUfP8xoGw4D+K
CASfeaPEhEPW+xAkw7DunpNHiOJxal3SOAwelUPMDmoFgnOn++/K3BRl/poPFVWZ
1AcdmSBmZckdZXyGMZXXMDo9N8bPbdMVJOxylmm0sPKamwz5zIoIYMDcawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKahGBMNnj5Fy5Lxg4y/upQ85fitMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvcHFFWUV3MmVQa1hMa3ZHRGpMLTZsRHpsLUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJvMA0G
CSqGSIb3DQEBCwUAA4IBAQCmU1ww7v/59aZhdjdP56IuPirSTo9a2L9VLZuG5RG2
FkpaZuXOKNWDrEGRKU0/sLpGt+VKmsaDOHhid1vu4HYoPJyQENq8FqYmBAeby3jj
w9WtIjie3SBPYw7qQSuPavHdaGenCFLeDZgxtn6/GUyoMOBsrSRqd7FEz5d0L2yf
k9IGGbBUNHIXxQDnYqOcWJb0n/W/X/KqmS7z5HIgJJYLeWwrxjYy9XwvCJIOuv5p
jjGlXTHU77aMLqUHQoGLH/hPyDCEOvjX/VKMVl/B8smfeI6ef5ZbO+MRNvylM5EO
ygo4Ej147fV7Fh2He1pSecztWYLpkWFMQblrqfX9LX27
-----END CERTIFICATE-----