Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/53c051-5572-4f83-a7d6-e6fe691d9489/1/LV4goZzHOLfXgTMDEeCSKijwyTA.roa
File:                     LV4goZzHOLfXgTMDEeCSKijwyTA.roa (raw, json)
Hash identifier:          tL+g9ERC4F/eC86Y5dQLhkIZLDCQ14TTdMCMD9dErSM=
Subject key identifier:   2D:5E:20:A1:9C:C7:38:B7:D7:81:33:03:11:E0:92:2A:28:F0:C9:30
Certificate issuer:       /CN=109192c073862e6220c5f9106d7c55e3fc6c5d4b
Certificate serial:       018CC424793B50DFA57FF93BCADEF7F618B9
Authority key identifier: 10:91:92:C0:73:86:2E:62:20:C5:F9:10:6D:7C:55:E3:FC:6C:5D:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EJGSwHOGLmIgxfkQbXxV4_xsXUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/53c051-5572-4f83-a7d6-e6fe691d9489/1/LV4goZzHOLfXgTMDEeCSKijwyTA.roa
Signing time:             Mon 01 Jan 2024 08:29:33 +0000
ROA not before:           Mon 01 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61425
IP address blocks:        5.198.128.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/53c051-5572-4f83-a7d6-e6fe691d9489/1/EJGSwHOGLmIgxfkQbXxV4_xsXUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/53c051-5572-4f83-a7d6-e6fe691d9489/1/EJGSwHOGLmIgxfkQbXxV4_xsXUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EJGSwHOGLmIgxfkQbXxV4_xsXUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:79:3b:50:df:a5:7f:f9:3b:ca:de:f7:f6:18:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=109192c073862e6220c5f9106d7c55e3fc6c5d4b
        Validity
            Not Before: Jan  1 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d5e20a19cc738b7d781330311e0922a28f0c930
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3b:c8:ea:05:a6:db:e6:a6:34:05:1b:fb:0c:
                    cb:98:c2:ea:f4:9a:80:d3:c9:42:ad:23:96:ce:dd:
                    4a:f8:f2:c1:5b:d8:13:16:cf:30:ec:ee:9f:f7:d8:
                    6f:23:c1:0e:d6:c5:27:a9:b7:8e:e4:54:27:c5:f0:
                    70:d1:2b:a9:30:57:70:ae:a3:ba:f3:3d:06:a2:19:
                    72:a3:ea:6d:9d:45:65:60:2d:7f:b8:d4:48:f6:f7:
                    2a:f6:36:58:5c:44:54:33:5d:55:76:41:14:2e:0d:
                    59:93:b7:37:36:f3:3c:55:75:fa:a9:7f:81:f4:27:
                    9e:a4:83:93:63:4d:ff:39:a5:e8:cb:49:cb:cc:14:
                    41:5e:51:6e:47:27:65:b6:62:47:2a:b2:10:5b:fd:
                    f2:ec:55:73:ff:de:56:23:c5:17:e8:44:7b:51:c9:
                    09:ff:6a:d9:fe:9a:3e:de:e1:8d:80:1e:6d:e1:a6:
                    82:eb:8c:d6:21:0f:91:fd:54:6c:e7:36:17:02:f1:
                    8b:fc:2d:4e:27:39:24:5a:3e:c7:6e:1b:38:1d:9a:
                    c9:1e:0d:82:91:53:dc:3e:1d:98:ba:e5:d9:84:ee:
                    e9:56:98:0f:01:d4:fc:54:6f:b4:19:c1:a3:a6:0e:
                    de:1e:83:de:4d:3b:fd:32:88:18:aa:bf:63:1c:95:
                    bf:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:5E:20:A1:9C:C7:38:B7:D7:81:33:03:11:E0:92:2A:28:F0:C9:30
            X509v3 Authority Key Identifier:
                keyid:10:91:92:C0:73:86:2E:62:20:C5:F9:10:6D:7C:55:E3:FC:6C:5D:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EJGSwHOGLmIgxfkQbXxV4_xsXUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/53c051-5572-4f83-a7d6-e6fe691d9489/1/LV4goZzHOLfXgTMDEeCSKijwyTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/53c051-5572-4f83-a7d6-e6fe691d9489/1/EJGSwHOGLmIgxfkQbXxV4_xsXUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.198.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:d3:bc:46:fe:a2:b5:b0:5a:30:87:0b:54:78:f8:52:ec:d8:
         24:ca:51:e2:0c:25:d7:fa:58:fc:9e:71:5b:90:53:a4:19:f2:
         9e:02:da:c6:77:8d:b2:33:c9:f9:bb:17:ec:ed:ea:4b:35:df:
         db:a9:22:4e:12:f0:e9:31:47:ab:a8:fa:59:5f:ef:b8:4f:f1:
         57:10:11:ad:5d:72:dc:5d:4d:92:67:24:8b:88:84:dc:b3:98:
         6d:0b:63:b7:7f:78:b8:b5:3b:d1:6c:ed:69:84:13:d2:a6:db:
         b5:1a:c6:db:84:f0:63:cf:db:18:f1:3b:fd:dc:ca:94:9e:0e:
         5b:97:05:e6:46:9e:38:99:bc:b0:58:5c:1a:b4:bf:6d:4b:5f:
         48:6a:ba:b2:97:31:14:a0:f1:aa:4f:be:0f:bd:b7:65:eb:49:
         a5:67:b6:ea:2f:8f:d8:e6:01:b4:d7:0b:c4:c6:af:b2:e2:1b:
         e5:69:ca:e1:96:9a:8a:89:17:10:3c:9e:0b:39:81:1d:31:b1:
         55:d7:b5:52:7b:ef:b8:a8:f9:5f:c2:29:6c:62:c5:ce:d4:8c:
         77:a6:d2:19:87:07:b2:8b:81:a0:c0:37:39:cd:84:bf:a5:31:
         62:85:ce:15:89:6e:d3:a3:56:8d:10:6f:fc:99:cb:96:bb:00:
         e0:e4:9f:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHk7UN+lf/k7yt739hi5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwOTE5MmMwNzM4NjJlNjIyMGM1ZjkxMDZkN2M1NWUzZmM2
YzVkNGIwHhcNMjQwMTAxMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDVlMjBhMTljYzczOGI3ZDc4MTMzMDMxMWUwOTIyYTI4ZjBjOTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDvI6gWm2+amNAUb+wzLmMLq9JqA
08lCrSOWzt1K+PLBW9gTFs8w7O6f99hvI8EO1sUnqbeO5FQnxfBw0SupMFdwrqO6
8z0Gohlyo+ptnUVlYC1/uNRI9vcq9jZYXERUM11VdkEULg1Zk7c3NvM8VXX6qX+B
9CeepIOTY03/OaXoy0nLzBRBXlFuRydltmJHKrIQW/3y7FVz/95WI8UX6ER7UckJ
/2rZ/po+3uGNgB5t4aaC64zWIQ+R/VRs5zYXAvGL/C1OJzkkWj7Hbhs4HZrJHg2C
kVPcPh2YuuXZhO7pVpgPAdT8VG+0GcGjpg7eHoPeTTv9MogYqr9jHJW/mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1eIKGcxzi314EzAxHgkioo8MkwMB8GA1UdIwQY
MBaAFBCRksBzhi5iIMX5EG18VeP8bF1LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUpHU3dIT0dMbUlneGZrUWJYeFY0X3hzWFVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi81M2MwNTEtNTU3Mi00ZjgzLWE3ZDYt
ZTZmZTY5MWQ5NDg5LzEvTFY0Z29aekhPTGZYZ1RNREVlQ1NLaWp3eVRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi81M2MwNTEtNTU3Mi00ZjgzLWE3ZDYtZTZmZTY5MWQ5NDg5
LzEvRUpHU3dIT0dMbUlneGZrUWJYeFY0X3hzWFVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBcaAMA0G
CSqGSIb3DQEBCwUAA4IBAQBX07xG/qK1sFowhwtUePhS7NgkylHiDCXX+lj8nnFb
kFOkGfKeAtrGd42yM8n5uxfs7epLNd/bqSJOEvDpMUerqPpZX++4T/FXEBGtXXLc
XU2SZySLiITcs5htC2O3f3i4tTvRbO1phBPSptu1GsbbhPBjz9sY8Tv93MqUng5b
lwXmRp44mbywWFwatL9tS19IarqylzEUoPGqT74Pvbdl60mlZ7bqL4/Y5gG01wvE
xq+y4hvlacrhlpqKiRcQPJ4LOYEdMbFV17VSe++4qPlfwilsYsXO1Ix3ptIZhwey
i4GgwDc5zYS/pTFihc4ViW7To1aNEG/8mcuWuwDg5J+H
-----END CERTIFICATE-----