Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/c5dc73-9be2-4503-8281-4b350eacc86b/1/kt2Wji-WWSJzx0ATfAmLWsX4NS8.roa
File:                     kt2Wji-WWSJzx0ATfAmLWsX4NS8.roa (raw, json)
Hash identifier:          IQD8WG5CvA/2t7eOBol1JasBCnoWOLf3psqm0eHdcxE=
Subject key identifier:   92:DD:96:8E:2F:96:59:22:73:C7:40:13:7C:09:8B:5A:C5:F8:35:2F
Certificate issuer:       /CN=2fcf619ccecf836f56a72010e82fb7dd240402f9
Certificate serial:       01901739AFE5186657D5619696EB6A5BFF52
Authority key identifier: 2F:CF:61:9C:CE:CF:83:6F:56:A7:20:10:E8:2F:B7:DD:24:04:02:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L89hnM7Pg29WpyAQ6C-33SQEAvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/c5dc73-9be2-4503-8281-4b350eacc86b/1/kt2Wji-WWSJzx0ATfAmLWsX4NS8.roa
Signing time:             Fri 14 Jun 2024 14:49:34 +0000
ROA not before:           Fri 14 Jun 2024 14:49:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61026
IP address blocks:        5.182.136.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/c5dc73-9be2-4503-8281-4b350eacc86b/1/L89hnM7Pg29WpyAQ6C-33SQEAvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/c5dc73-9be2-4503-8281-4b350eacc86b/1/L89hnM7Pg29WpyAQ6C-33SQEAvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L89hnM7Pg29WpyAQ6C-33SQEAvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:17:39:af:e5:18:66:57:d5:61:96:96:eb:6a:5b:ff:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fcf619ccecf836f56a72010e82fb7dd240402f9
        Validity
            Not Before: Jun 14 14:49:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92dd968e2f96592273c740137c098b5ac5f8352f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:b1:f3:20:02:d9:2c:c6:1a:e7:cf:ab:d8:ff:
                    48:65:b7:59:61:0a:75:0a:19:e6:8f:6b:50:c8:4b:
                    27:f4:4b:f2:cc:1b:8f:a9:2f:42:eb:88:91:78:d3:
                    88:15:b5:39:ff:3f:c2:eb:b2:ee:ff:83:48:ba:41:
                    8b:45:69:22:70:ad:75:4e:63:f8:64:ec:c4:4f:90:
                    3a:db:32:eb:6f:df:e9:37:fe:ba:32:27:ab:92:d4:
                    84:fe:16:b4:13:76:ba:8c:fa:d6:62:34:98:e1:b1:
                    8d:34:88:c5:1f:9f:8b:5a:ea:c2:76:0f:67:b2:5e:
                    f3:cc:10:a2:f4:34:77:8a:84:3f:d1:f0:4f:74:17:
                    e9:9e:c1:8c:5e:53:7f:8d:c4:9f:15:c4:ce:a4:d5:
                    ae:23:23:66:15:bf:9d:91:4a:7b:8e:93:a8:86:3a:
                    c6:ab:6b:5a:4c:77:a8:e5:d9:78:6a:53:8b:58:d7:
                    df:17:1c:0a:72:db:b8:ef:65:21:58:43:89:bf:a0:
                    20:6d:ac:33:04:8d:f9:e6:3c:21:ab:fc:f9:53:94:
                    34:43:e4:d5:fa:51:ff:7d:2e:77:1a:0d:03:3c:61:
                    3f:9d:e2:95:8d:71:5f:62:08:60:2f:fd:4e:26:a1:
                    ef:0d:12:bb:a2:49:1e:e3:68:37:1b:64:fe:27:85:
                    d5:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:DD:96:8E:2F:96:59:22:73:C7:40:13:7C:09:8B:5A:C5:F8:35:2F
            X509v3 Authority Key Identifier:
                keyid:2F:CF:61:9C:CE:CF:83:6F:56:A7:20:10:E8:2F:B7:DD:24:04:02:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L89hnM7Pg29WpyAQ6C-33SQEAvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c5dc73-9be2-4503-8281-4b350eacc86b/1/kt2Wji-WWSJzx0ATfAmLWsX4NS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/c5dc73-9be2-4503-8281-4b350eacc86b/1/L89hnM7Pg29WpyAQ6C-33SQEAvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:27:01:a2:92:10:14:61:10:b2:f3:57:18:b1:08:5f:8f:e8:
         1b:77:36:10:45:d0:a7:23:2e:7d:19:74:4e:75:f8:b4:86:b1:
         9e:f2:fa:b1:03:97:22:e7:e4:a6:c7:86:9d:5c:e7:91:6d:ca:
         f7:7f:82:67:36:91:9c:1a:c1:d8:0f:5d:ce:fa:fe:bf:c2:38:
         54:89:15:50:85:8a:89:c8:97:43:f5:bd:1d:48:83:b0:72:49:
         9c:ad:3a:26:94:39:29:d5:d1:09:34:1e:19:4b:0c:3b:4a:25:
         39:a6:5b:b4:f5:27:9e:e6:4e:f7:e1:4b:7d:89:9c:8b:40:a4:
         db:24:cf:e3:2c:46:57:96:5c:69:7c:ed:5c:e9:3c:24:fc:5b:
         2b:0e:53:1b:37:14:5a:de:be:8a:2e:11:e8:a1:83:7c:8c:ba:
         ea:5a:a9:c6:ae:3e:7a:39:ea:bf:bc:f9:a9:74:51:90:7d:57:
         63:46:f1:b1:10:2b:19:d8:b5:cc:89:2e:55:29:9b:9d:70:9f:
         50:e6:65:82:a2:8d:20:64:29:06:7b:05:bc:b2:73:98:da:f3:
         4a:55:70:6d:f1:e5:11:31:41:53:21:5f:2c:1c:a5:cc:30:06:
         06:17:bf:4d:3d:b1:0b:ba:ea:aa:0a:c3:9f:fb:f6:d1:05:f4:
         4a:b5:dd:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAXOa/lGGZX1WGWlutqW/9SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmY2Y2MTljY2VjZjgzNmY1NmE3MjAxMGU4MmZiN2RkMjQw
NDAyZjkwHhcNMjQwNjE0MTQ0OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmRkOTY4ZTJmOTY1OTIyNzNjNzQwMTM3YzA5OGI1YWM1ZjgzNTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA57HzIALZLMYa58+r2P9IZbdZYQp1
Chnmj2tQyEsn9EvyzBuPqS9C64iReNOIFbU5/z/C67Lu/4NIukGLRWkicK11TmP4
ZOzET5A62zLrb9/pN/66MierktSE/ha0E3a6jPrWYjSY4bGNNIjFH5+LWurCdg9n
sl7zzBCi9DR3ioQ/0fBPdBfpnsGMXlN/jcSfFcTOpNWuIyNmFb+dkUp7jpOohjrG
q2taTHeo5dl4alOLWNffFxwKctu472UhWEOJv6AgbawzBI355jwhq/z5U5Q0Q+TV
+lH/fS53Gg0DPGE/neKVjXFfYghgL/1OJqHvDRK7okke42g3G2T+J4XVGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJLdlo4vllkic8dAE3wJi1rF+DUvMB8GA1UdIwQY
MBaAFC/PYZzOz4NvVqcgEOgvt90kBAL5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDg5aG5NN1BnMjlXcHlBUTZDLTMzU1FFQXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9jNWRjNzMtOWJlMi00NTAzLTgyODEt
NGIzNTBlYWNjODZiLzEva3QyV2ppLVdXU0p6eDBBVGZBbUxXc1g0TlM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9jNWRjNzMtOWJlMi00NTAzLTgyODEtNGIzNTBlYWNjODZi
LzEvTDg5aG5NN1BnMjlXcHlBUTZDLTMzU1FFQXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbaIMA0G
CSqGSIb3DQEBCwUAA4IBAQBMJwGikhAUYRCy81cYsQhfj+gbdzYQRdCnIy59GXRO
dfi0hrGe8vqxA5ci5+Smx4adXOeRbcr3f4JnNpGcGsHYD13O+v6/wjhUiRVQhYqJ
yJdD9b0dSIOwckmcrTomlDkp1dEJNB4ZSww7SiU5plu09See5k734Ut9iZyLQKTb
JM/jLEZXllxpfO1c6Twk/FsrDlMbNxRa3r6KLhHooYN8jLrqWqnGrj56Oeq/vPmp
dFGQfVdjRvGxECsZ2LXMiS5VKZudcJ9Q5mWCoo0gZCkGewW8snOY2vNKVXBt8eUR
MUFTIV8sHKXMMAYGF79NPbELuuqqCsOf+/bRBfRKtd0N
-----END CERTIFICATE-----