Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/uDpEH-Lz0B4pSxbuYpCmGdJb29w.roa
File:                     uDpEH-Lz0B4pSxbuYpCmGdJb29w.roa (raw, json)
Hash identifier:          +QOtAS6GhfJRYbdBo5fg0DR+QHiKRwk0FunkckIJI64=
Subject key identifier:   B8:3A:44:1F:E2:F3:D0:1E:29:4B:16:EE:62:90:A6:19:D2:5B:DB:DC
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       018CDAD20E099D0349BE0A2268E867E3BDB3
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/uDpEH-Lz0B4pSxbuYpCmGdJb29w.roa
Signing time:             Fri 05 Jan 2024 18:10:48 +0000
ROA not before:           Fri 05 Jan 2024 18:10:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59895
IP address blocks:        5.178.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:da:d2:0e:09:9d:03:49:be:0a:22:68:e8:67:e3:bd:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  5 18:10:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b83a441fe2f3d01e294b16ee6290a619d25bdbdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d6:24:72:71:6a:99:55:51:2d:d2:a0:d7:bb:
                    45:59:4a:34:90:55:3d:24:22:5b:7b:34:ef:5e:c4:
                    6f:e6:e3:10:f1:fa:3b:53:12:4f:1c:ea:d0:66:16:
                    d2:3d:40:35:60:b8:fc:40:b2:8b:24:8a:e3:07:67:
                    ef:29:54:86:b1:12:cf:1a:b4:b8:6a:61:91:10:27:
                    90:ff:5f:47:41:04:28:1a:eb:9e:91:ca:a8:6e:2b:
                    02:f4:56:a5:fe:9b:e7:44:4a:b5:c3:31:50:20:21:
                    d9:06:0c:b7:72:74:f5:60:27:33:dc:ff:f8:e0:e6:
                    0e:36:94:a1:f6:0b:3b:46:ad:d1:62:0c:7f:e3:ff:
                    e6:b2:80:b6:86:7a:62:3c:e6:50:23:f0:df:c7:e7:
                    7b:88:3d:83:97:22:6e:33:2d:c9:0d:2a:2d:de:48:
                    9f:d5:14:99:21:18:e6:5f:bf:aa:cf:8b:a1:39:55:
                    e3:3a:ec:22:0e:d2:cb:41:91:c3:f4:11:8e:38:89:
                    fa:99:3c:33:59:84:3b:e2:9e:9e:be:ba:31:87:df:
                    fa:24:3f:d4:4a:fd:17:19:04:03:dc:c3:04:37:af:
                    32:e5:ff:df:46:91:3a:ef:2c:a9:b9:39:cf:c9:2c:
                    17:e5:15:65:80:49:02:2e:f3:2c:4c:e5:aa:dd:2b:
                    e2:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:3A:44:1F:E2:F3:D0:1E:29:4B:16:EE:62:90:A6:19:D2:5B:DB:DC
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/uDpEH-Lz0B4pSxbuYpCmGdJb29w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:50:07:02:ab:db:fe:5f:c8:5a:96:a8:cd:8a:bc:87:74:05:
         8c:46:14:46:3f:fd:ae:48:b4:9a:fd:e6:0f:d7:34:8b:a4:23:
         60:93:75:fd:e1:5b:62:46:6b:06:01:f8:8e:8e:9a:35:d9:0e:
         90:bd:a4:9a:8e:4c:cc:b0:75:f9:09:a9:74:cf:8c:15:09:93:
         4b:2e:c0:48:cb:a8:00:28:a6:c8:86:99:bd:e2:1d:fd:7b:a2:
         6d:c6:12:a8:34:ef:9e:f4:e3:6d:20:d9:e3:51:fb:46:a4:07:
         15:f7:0d:75:e5:fc:86:f4:26:e7:40:0e:5a:5a:a2:43:ae:89:
         d7:cd:e6:7a:c4:4d:2c:ce:f9:58:f0:fa:c2:e3:55:4b:f6:c1:
         b2:f6:5f:ba:c9:b5:79:1c:41:9e:6e:00:94:52:b1:b4:d1:00:
         c5:92:68:1d:90:ee:03:22:b9:f4:49:fe:75:bd:68:6d:58:0a:
         d6:98:68:96:d9:92:51:14:59:fb:2d:02:a3:bc:e9:f9:2a:db:
         bf:d7:fa:cc:a0:d7:b7:91:f8:21:43:96:69:ec:7c:99:88:2e:
         a0:00:4b:53:d1:d5:8a:5c:b1:98:d7:f5:8c:31:06:fc:87:7c:
         4d:02:08:d4:4b:5c:9a:43:a9:e3:20:ab:94:8b:f6:11:1b:bb:
         c1:9c:a7:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYza0g4JnQNJvgoiaOhn472zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjQwMTA1MTgxMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODNhNDQxZmUyZjNkMDFlMjk0YjE2ZWU2MjkwYTYxOWQyNWJkYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNYkcnFqmVVRLdKg17tFWUo0kFU9
JCJbezTvXsRv5uMQ8fo7UxJPHOrQZhbSPUA1YLj8QLKLJIrjB2fvKVSGsRLPGrS4
amGRECeQ/19HQQQoGuuekcqobisC9Fal/pvnREq1wzFQICHZBgy3cnT1YCcz3P/4
4OYONpSh9gs7Rq3RYgx/4//msoC2hnpiPOZQI/Dfx+d7iD2DlyJuMy3JDSot3kif
1RSZIRjmX7+qz4uhOVXjOuwiDtLLQZHD9BGOOIn6mTwzWYQ74p6evroxh9/6JD/U
Sv0XGQQD3MMEN68y5f/fRpE67yypuTnPySwX5RVlgEkCLvMsTOWq3SvipQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLg6RB/i89AeKUsW7mKQphnSW9vcMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvdURwRUgtTHowQjRwU3hidVlwQ21HZEpiMjl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJuMA0G
CSqGSIb3DQEBCwUAA4IBAQA2UAcCq9v+X8halqjNiryHdAWMRhRGP/2uSLSa/eYP
1zSLpCNgk3X94VtiRmsGAfiOjpo12Q6QvaSajkzMsHX5Cal0z4wVCZNLLsBIy6gA
KKbIhpm94h39e6JtxhKoNO+e9ONtINnjUftGpAcV9w115fyG9CbnQA5aWqJDronX
zeZ6xE0szvlY8PrC41VL9sGy9l+6ybV5HEGebgCUUrG00QDFkmgdkO4DIrn0Sf51
vWhtWArWmGiW2ZJRFFn7LQKjvOn5Ktu/1/rMoNe3kfghQ5Zp7HyZiC6gAEtT0dWK
XLGY1/WMMQb8h3xNAgjUS1yaQ6njIKuUi/YRG7vBnKdr
-----END CERTIFICATE-----