Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/NgN0J5BhxTcLZz6ooKiE3v_5wuQ.roa
File:                     NgN0J5BhxTcLZz6ooKiE3v_5wuQ.roa (raw, json)
Hash identifier:          5JE+JorIsdG7WlMHuaSq46uheXKDRON9DgW4CR/6Rrc=
Subject key identifier:   36:03:74:27:90:61:C5:37:0B:67:3E:A8:A0:A8:84:DE:FF:F9:C2:E4
Certificate issuer:       /CN=4705d3c6a5b0512682cdfdf363b19a9c567f1f6c
Certificate serial:       018CC348FEF26DBB62740FB2AD754761C2AA
Authority key identifier: 47:05:D3:C6:A5:B0:51:26:82:CD:FD:F3:63:B1:9A:9C:56:7F:1F:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/NgN0J5BhxTcLZz6ooKiE3v_5wuQ.roa
Signing time:             Mon 01 Jan 2024 04:29:50 +0000
ROA not before:           Mon 01 Jan 2024 04:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395886
IP address blocks:        5.183.80.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/RwXTxqWwUSaCzf3zY7GanFZ_H2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/RwXTxqWwUSaCzf3zY7GanFZ_H2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fe:f2:6d:bb:62:74:0f:b2:ad:75:47:61:c2:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4705d3c6a5b0512682cdfdf363b19a9c567f1f6c
        Validity
            Not Before: Jan  1 04:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=360374279061c5370b673ea8a0a884defff9c2e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8d:e1:04:2a:56:b1:19:57:aa:c2:2d:67:fc:
                    fa:4a:89:83:50:3a:16:98:60:90:e4:b0:1a:c6:aa:
                    99:12:7e:e2:8a:70:50:0c:89:47:87:79:34:e7:1b:
                    7e:07:1f:ae:88:ec:91:d3:db:0f:02:44:6b:3b:49:
                    7d:57:3a:8a:bb:30:3f:da:01:85:a9:db:40:6d:d6:
                    57:ff:8a:cf:15:17:f5:89:16:7d:37:0c:e0:69:cc:
                    1d:bf:62:08:ff:61:72:bf:16:ae:ca:5b:5f:e0:5e:
                    30:6c:c2:82:2b:4f:7f:37:5e:b3:68:e8:cf:14:16:
                    64:e4:e2:4a:6e:cc:93:19:97:05:25:dd:aa:91:6e:
                    89:11:35:1c:c0:12:cc:48:fa:9f:86:7a:39:83:81:
                    e8:20:ff:86:8e:5a:3d:d3:bb:48:77:ef:4b:ff:21:
                    e6:33:56:c7:7d:ec:41:98:8b:44:52:3c:e8:c9:c8:
                    16:29:ea:28:1d:75:b0:83:21:fd:2d:a2:bd:67:27:
                    57:49:da:94:13:39:24:68:b5:59:a6:6a:14:9a:7b:
                    21:91:18:78:5f:54:a7:e8:e2:11:c4:ae:d8:3e:8b:
                    20:85:d2:37:f2:c1:f9:4b:7a:f5:db:87:53:9d:18:
                    b1:0c:91:50:ea:27:84:19:9c:f3:05:7d:fd:a1:bd:
                    fa:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:03:74:27:90:61:C5:37:0B:67:3E:A8:A0:A8:84:DE:FF:F9:C2:E4
            X509v3 Authority Key Identifier:
                keyid:47:05:D3:C6:A5:B0:51:26:82:CD:FD:F3:63:B1:9A:9C:56:7F:1F:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/NgN0J5BhxTcLZz6ooKiE3v_5wuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/RwXTxqWwUSaCzf3zY7GanFZ_H2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:d0:8c:88:a6:1f:ad:6b:95:53:ae:8b:bc:1a:9f:1c:95:e9:
         d9:94:7a:c4:3c:5e:18:10:72:63:57:d3:b1:8d:9f:fa:d9:77:
         aa:94:66:6e:49:10:c9:a9:03:df:f7:72:c0:ff:5f:78:57:c6:
         91:bb:7d:6e:4b:60:99:29:c4:c4:9b:67:89:2b:6a:e2:17:60:
         c4:49:17:aa:3b:09:d5:41:7e:c0:84:b7:64:28:b6:6b:ff:59:
         50:49:51:0e:8b:8b:d3:28:99:51:9c:b4:aa:5b:b0:bf:6d:df:
         73:ed:80:60:91:d9:f0:59:68:e6:5b:1c:65:a8:9d:7a:26:cc:
         25:65:cd:15:4a:f1:fc:f5:ae:8c:dd:0b:ea:1d:8b:ce:b0:74:
         b1:4d:6b:bf:45:4c:67:e4:32:60:f0:3f:d2:46:74:e7:c3:2a:
         ef:a9:08:d5:55:27:0b:b2:db:47:d3:ab:1a:e1:97:bd:76:8b:
         f9:1a:25:80:d1:e0:71:b9:88:53:b6:3c:70:18:0b:75:12:c0:
         c7:60:59:4e:f5:0e:46:55:40:28:d0:cb:28:e7:4d:a3:2f:f5:
         16:77:b5:c6:43:8c:fb:88:32:4c:12:1c:b3:53:a3:3a:c7:fa:
         b4:24:a9:82:a5:f2:1f:6c:b7:50:ef:9e:06:c1:f7:c8:71:3c:
         27:de:51:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSP7ybbtidA+yrXVHYcKqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MDVkM2M2YTViMDUxMjY4MmNkZmRmMzYzYjE5YTljNTY3
ZjFmNmMwHhcNMjQwMTAxMDQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjAzNzQyNzkwNjFjNTM3MGI2NzNlYThhMGE4ODRkZWZmZjljMmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqo3hBCpWsRlXqsItZ/z6SomDUDoW
mGCQ5LAaxqqZEn7iinBQDIlHh3k05xt+Bx+uiOyR09sPAkRrO0l9VzqKuzA/2gGF
qdtAbdZX/4rPFRf1iRZ9Nwzgacwdv2II/2Fyvxauyltf4F4wbMKCK09/N16zaOjP
FBZk5OJKbsyTGZcFJd2qkW6JETUcwBLMSPqfhno5g4HoIP+Gjlo907tId+9L/yHm
M1bHfexBmItEUjzoycgWKeooHXWwgyH9LaK9ZydXSdqUEzkkaLVZpmoUmnshkRh4
X1Sn6OIRxK7YPosghdI38sH5S3r124dTnRixDJFQ6ieEGZzzBX39ob36AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYDdCeQYcU3C2c+qKCohN7/+cLkMB8GA1UdIwQY
MBaAFEcF08alsFEmgs3982OxmpxWfx9sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUndYVHhxV3dVU2FDemYzelk3R2FuRlpfSDJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81NmFlZTktOTk2Yy00MzhmLWJiMDAt
MGRmYTZiMjJlZmYyLzEvTmdOMEo1Qmh4VGNMWno2b29LaUUzdl81d3VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81NmFlZTktOTk2Yy00MzhmLWJiMDAtMGRmYTZiMjJlZmYy
LzEvUndYVHhxV3dVU2FDemYzelk3R2FuRlpfSDJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbdQMA0G
CSqGSIb3DQEBCwUAA4IBAQBb0IyIph+ta5VTrou8Gp8clenZlHrEPF4YEHJjV9Ox
jZ/62XeqlGZuSRDJqQPf93LA/194V8aRu31uS2CZKcTEm2eJK2riF2DESReqOwnV
QX7AhLdkKLZr/1lQSVEOi4vTKJlRnLSqW7C/bd9z7YBgkdnwWWjmWxxlqJ16Jswl
Zc0VSvH89a6M3QvqHYvOsHSxTWu/RUxn5DJg8D/SRnTnwyrvqQjVVScLsttH06sa
4Ze9dov5GiWA0eBxuYhTtjxwGAt1EsDHYFlO9Q5GVUAo0Mso502jL/UWd7XGQ4z7
iDJMEhyzU6M6x/q0JKmCpfIfbLdQ754GwffIcTwn3lE1
-----END CERTIFICATE-----