Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/798fc5-b54c-41c1-8afe-f09e46c69bf8/1/5BCqGihcYav6owe_uTJyxXL4UXQ.roa
File:                     5BCqGihcYav6owe_uTJyxXL4UXQ.roa (raw, json)
Hash identifier:          8BUPypEDVex7HePz4UM70w0XUU7zeFNVYqgjx6LtV1w=
Subject key identifier:   E4:10:AA:1A:28:5C:61:AB:FA:A3:07:BF:B9:32:72:C5:72:F8:51:74
Certificate issuer:       /CN=d40620ea5daf8a54aaea17f2cb9ecdf35d785306
Certificate serial:       018CC4245D1D1A5ED2C05F86F93F5D2FEC58
Authority key identifier: D4:06:20:EA:5D:AF:8A:54:AA:EA:17:F2:CB:9E:CD:F3:5D:78:53:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1AYg6l2vilSq6hfyy57N8114UwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/798fc5-b54c-41c1-8afe-f09e46c69bf8/1/5BCqGihcYav6owe_uTJyxXL4UXQ.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211289
IP address blocks:        5.181.52.0/24 maxlen: 24
                          2a05:3440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/798fc5-b54c-41c1-8afe-f09e46c69bf8/1/1AYg6l2vilSq6hfyy57N8114UwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/798fc5-b54c-41c1-8afe-f09e46c69bf8/1/1AYg6l2vilSq6hfyy57N8114UwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1AYg6l2vilSq6hfyy57N8114UwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:03:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5d:1d:1a:5e:d2:c0:5f:86:f9:3f:5d:2f:ec:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d40620ea5daf8a54aaea17f2cb9ecdf35d785306
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e410aa1a285c61abfaa307bfb93272c572f85174
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:50:59:98:3a:a5:48:24:9e:c4:6e:f0:52:81:
                    cc:d1:78:24:5e:b4:3f:e2:86:f3:ef:3b:9d:21:90:
                    96:38:ae:b1:89:23:de:1e:e5:cf:5f:16:f3:45:24:
                    dd:b8:f6:aa:f0:e0:ef:8d:a6:ba:bd:3f:52:a1:55:
                    67:c5:d3:17:ed:7f:a1:c8:85:7f:18:81:a0:74:de:
                    cb:42:78:3f:46:13:d9:9e:bb:34:2e:40:f2:0c:33:
                    94:04:2b:4a:2d:40:94:33:6f:e6:ae:4e:67:b6:01:
                    ef:60:60:5f:01:4b:f4:37:e1:8d:ee:01:ee:39:85:
                    e9:49:f3:21:cf:cf:b4:7d:f3:c4:2e:2b:21:cd:4e:
                    1c:3b:2a:79:b3:56:85:16:e2:32:2f:df:36:75:46:
                    fa:2b:51:5e:b4:b1:07:fd:d3:04:f6:26:d1:28:b3:
                    96:68:7b:fc:f8:9e:75:e5:19:3f:0c:0a:11:30:69:
                    bc:7d:79:a2:50:2c:4e:d6:fc:56:cd:6c:ab:66:ff:
                    51:67:42:37:ac:b9:3f:ae:78:96:81:44:fe:b3:50:
                    fe:1e:4f:aa:25:e1:39:6c:42:da:b3:85:d2:4f:a4:
                    17:2b:21:55:a6:3c:9c:98:ec:b4:b3:70:65:f5:a9:
                    d4:46:7d:05:b1:0a:8a:dc:51:63:4a:54:96:09:77:
                    5d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:10:AA:1A:28:5C:61:AB:FA:A3:07:BF:B9:32:72:C5:72:F8:51:74
            X509v3 Authority Key Identifier:
                keyid:D4:06:20:EA:5D:AF:8A:54:AA:EA:17:F2:CB:9E:CD:F3:5D:78:53:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1AYg6l2vilSq6hfyy57N8114UwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/798fc5-b54c-41c1-8afe-f09e46c69bf8/1/5BCqGihcYav6owe_uTJyxXL4UXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/798fc5-b54c-41c1-8afe-f09e46c69bf8/1/1AYg6l2vilSq6hfyy57N8114UwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.52.0/24
                IPv6:
                  2a05:3440::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:67:bb:11:d2:84:44:85:5c:aa:5e:fc:31:79:3f:c7:37:c9:
         c5:1d:ba:59:a1:14:35:e7:a2:56:dd:4b:93:a3:fd:2d:46:91:
         6c:24:68:e9:fb:d0:1d:24:b0:9a:d6:01:93:34:f1:62:1f:00:
         9a:e3:e3:57:ab:c5:3d:8d:61:e9:f5:2d:b8:a1:2b:30:d3:1e:
         9a:be:74:26:00:f9:ee:3c:01:2d:a5:0e:6b:de:fd:15:b7:2f:
         a5:00:4a:3c:72:21:22:c6:7c:56:b7:5f:45:ae:2f:ad:f7:9c:
         8c:25:1d:ce:28:7e:cd:2b:9e:08:c6:ae:ef:cd:1a:fa:68:ce:
         3e:d3:60:68:6a:bd:c4:33:ff:4a:6d:c6:bd:73:f2:d4:2a:b4:
         1f:94:71:f7:d4:d5:a0:58:9b:48:13:9f:e9:4e:42:79:18:b2:
         7e:6a:57:ea:f7:e2:21:6f:0f:09:ee:33:dd:cf:6e:48:e4:29:
         b2:2e:71:8c:5d:ef:67:3d:37:03:59:8a:0d:f6:0d:e1:b7:c6:
         42:8d:4b:21:34:1a:f8:fc:4a:02:74:59:2f:20:c3:d3:27:ed:
         dc:b8:0e:64:9d:05:3e:aa:4f:fb:ab:c9:ef:3a:ae:bf:9f:55:
         e5:a2:40:fd:63:be:43:b9:48:c4:d0:6c:c8:5f:7d:66:ba:78:
         40:1f:d9:9e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJF0dGl7SwF+G+T9dL+xYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MDYyMGVhNWRhZjhhNTRhYWVhMTdmMmNiOWVjZGYzNWQ3
ODUzMDYwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDEwYWExYTI4NWM2MWFiZmFhMzA3YmZiOTMyNzJjNTcyZjg1MTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlBZmDqlSCSexG7wUoHM0XgkXrQ/
4obz7zudIZCWOK6xiSPeHuXPXxbzRSTduPaq8ODvjaa6vT9SoVVnxdMX7X+hyIV/
GIGgdN7LQng/RhPZnrs0LkDyDDOUBCtKLUCUM2/mrk5ntgHvYGBfAUv0N+GN7gHu
OYXpSfMhz8+0ffPELishzU4cOyp5s1aFFuIyL982dUb6K1FetLEH/dME9ibRKLOW
aHv8+J515Rk/DAoRMGm8fXmiUCxO1vxWzWyrZv9RZ0I3rLk/rniWgUT+s1D+Hk+q
JeE5bELas4XST6QXKyFVpjycmOy0s3Bl9anURn0FsQqK3FFjSlSWCXddjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOQQqhooXGGr+qMHv7kycsVy+FF0MB8GA1UdIwQY
MBaAFNQGIOpdr4pUquoX8suezfNdeFMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUFZZzZsMnZpbFNxNmhmeXk1N044MTE0VXdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi83OThmYzUtYjU0Yy00MWMxLThhZmUt
ZjA5ZTQ2YzY5YmY4LzEvNUJDcUdpaGNZYXY2b3dlX3VUSnl4WEw0VVhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi83OThmYzUtYjU0Yy00MWMxLThhZmUtZjA5ZTQ2YzY5YmY4
LzEvMUFZZzZsMnZpbFNxNmhmeXk1N044MTE0VXdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABbU0MA0E
AgACMAcDBQMqBTRAMA0GCSqGSIb3DQEBCwUAA4IBAQBLZ7sR0oREhVyqXvwxeT/H
N8nFHbpZoRQ156JW3UuTo/0tRpFsJGjp+9AdJLCa1gGTNPFiHwCa4+NXq8U9jWHp
9S24oSsw0x6avnQmAPnuPAEtpQ5r3v0Vty+lAEo8ciEixnxWt19Fri+t95yMJR3O
KH7NK54Ixq7vzRr6aM4+02Boar3EM/9Kbca9c/LUKrQflHH31NWgWJtIE5/pTkJ5
GLJ+alfq9+Ihbw8J7jPdz25I5CmyLnGMXe9nPTcDWYoN9g3ht8ZCjUshNBr4/EoC
dFkvIMPTJ+3cuA5knQU+qk/7q8nvOq6/n1XlokD9Y75DuUjE0GzIX31munhAH9me
-----END CERTIFICATE-----