Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/5kuLeQ4Ywxa0BJBUjbYsm0Tcm-w.roa
File:                     5kuLeQ4Ywxa0BJBUjbYsm0Tcm-w.roa (raw, json)
Hash identifier:          Q8rnCYKFUtbNeYvTmZ7VYv8s1KoxRzhfdxV9I8S/H2A=
Subject key identifier:   E6:4B:8B:79:0E:18:C3:16:B4:04:90:54:8D:B6:2C:9B:44:DC:9B:EC
Certificate issuer:       /CN=96062f5ddb18f96d78492b3538d7745cc4714a26
Certificate serial:       01916B63B7D6DF52318B851C73B2C28C39E3
Authority key identifier: 96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/5kuLeQ4Ywxa0BJBUjbYsm0Tcm-w.roa
Signing time:             Mon 19 Aug 2024 16:06:22 +0000
ROA not before:           Mon 19 Aug 2024 16:06:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        5.42.64.0/24 maxlen: 24
                          5.42.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6b:63:b7:d6:df:52:31:8b:85:1c:73:b2:c2:8c:39:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96062f5ddb18f96d78492b3538d7745cc4714a26
        Validity
            Not Before: Aug 19 16:06:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e64b8b790e18c316b40490548db62c9b44dc9bec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:eb:60:d0:83:6b:78:ab:35:2a:6a:da:85:71:
                    2e:dd:a6:a2:25:da:4a:9a:49:d3:08:22:0c:df:60:
                    c5:f5:ab:9c:2f:b8:2d:d4:be:fc:b6:e1:06:06:63:
                    be:cb:5d:c3:c4:f5:f2:ee:b9:28:37:8e:51:de:99:
                    e4:63:65:a1:9f:da:8b:29:e8:25:b0:45:e7:f2:8a:
                    c0:ed:7e:12:4b:35:5f:2d:40:e0:f4:f9:37:fb:2e:
                    0f:7d:97:0d:84:ba:e0:65:5c:b8:0d:9a:26:f9:6f:
                    cb:2c:3c:f4:4f:d3:53:0b:4e:90:b0:0e:39:d9:17:
                    64:d6:70:7e:1b:c9:70:ed:85:8d:a9:f7:d3:f3:7e:
                    5a:81:10:00:ec:7d:ab:44:5b:24:11:4d:8a:ac:66:
                    5e:ff:4a:69:ce:fc:69:63:cf:f6:9e:aa:7f:68:c2:
                    9f:3e:d5:d0:ae:86:f3:8e:0d:ed:9d:f2:48:6f:b6:
                    5c:18:e2:f4:80:e1:d8:55:a6:14:7f:5c:6d:b1:27:
                    bd:a1:ba:4e:76:8f:b7:f8:8f:52:8e:7f:30:fb:2e:
                    a8:22:2c:d3:7a:6f:29:4c:fd:ee:53:42:be:42:b9:
                    85:1b:fe:c0:54:24:16:0f:5e:f4:6e:10:8f:61:ad:
                    4b:61:6c:5d:5f:df:4f:55:56:32:ac:d9:39:7e:cd:
                    93:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:4B:8B:79:0E:18:C3:16:B4:04:90:54:8D:B6:2C:9B:44:DC:9B:EC
            X509v3 Authority Key Identifier:
                keyid:96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/5kuLeQ4Ywxa0BJBUjbYsm0Tcm-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:6c:3b:0f:5e:98:f8:9b:c0:4e:3c:43:64:36:40:9b:09:f0:
         3b:dc:16:ef:c8:12:f3:bd:f5:ea:b3:b5:da:9e:00:fc:28:a7:
         96:8a:2f:c4:f9:34:36:e3:62:36:e8:21:8c:06:97:e6:ca:66:
         69:9e:f3:a8:3b:56:22:ac:5e:69:1a:9d:0f:44:6a:8a:c0:8c:
         c6:7c:79:f9:cc:fb:2d:ea:26:99:ae:d0:5f:9d:e3:1f:d4:eb:
         b5:20:07:20:50:47:02:bd:11:2f:ea:a6:9c:54:ca:31:a1:5c:
         47:9b:a8:b2:54:01:09:f3:e1:a3:f6:06:78:31:3e:39:44:46:
         85:e7:fd:8e:7a:0d:10:af:5a:f5:12:28:b3:f3:4e:64:65:c0:
         c1:5b:dc:46:92:33:e7:04:6d:a9:b9:6e:43:a6:3a:ea:22:e1:
         a1:27:4c:09:8b:81:79:cf:3a:2f:88:2c:a0:89:42:a8:67:32:
         40:b3:e8:42:75:f2:bb:94:a1:b3:b4:50:82:44:b1:23:ec:a2:
         c0:e9:c8:68:fa:b1:4a:b5:16:0f:e6:a8:f5:39:86:2e:54:88:
         5a:ae:db:8c:42:45:a1:7e:fa:b1:a2:fb:f4:21:7b:c5:f4:ab:
         84:6b:d7:2d:02:e2:d3:7d:99:3a:5d:95:ea:0f:a3:2a:0b:6d:
         5b:81:12:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFrY7fW31Ixi4Ucc7LCjDnjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MDYyZjVkZGIxOGY5NmQ3ODQ5MmIzNTM4ZDc3NDVjYzQ3
MTRhMjYwHhcNMjQwODE5MTYwNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjRiOGI3OTBlMThjMzE2YjQwNDkwNTQ4ZGI2MmM5YjQ0ZGM5YmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOtg0INreKs1KmrahXEu3aaiJdpK
mknTCCIM32DF9aucL7gt1L78tuEGBmO+y13DxPXy7rkoN45R3pnkY2Whn9qLKegl
sEXn8orA7X4SSzVfLUDg9Pk3+y4PfZcNhLrgZVy4DZom+W/LLDz0T9NTC06QsA45
2Rdk1nB+G8lw7YWNqffT835agRAA7H2rRFskEU2KrGZe/0ppzvxpY8/2nqp/aMKf
PtXQrobzjg3tnfJIb7ZcGOL0gOHYVaYUf1xtsSe9obpOdo+3+I9Sjn8w+y6oIizT
em8pTP3uU0K+QrmFG/7AVCQWD170bhCPYa1LYWxdX99PVVYyrNk5fs2TewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOZLi3kOGMMWtASQVI22LJtE3JvsMB8GA1UdIwQY
MBaAFJYGL13bGPlteEkrNTjXdFzEcUomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmIt
M2ZjYjVmM2YzYzU5LzEvNWt1TGVRNFl3eGEwQkpCVWpiWXNtMFRjbS13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmItM2ZjYjVmM2YzYzU5
LzEvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBSpAMA0G
CSqGSIb3DQEBCwUAA4IBAQA9bDsPXpj4m8BOPENkNkCbCfA73BbvyBLzvfXqs7Xa
ngD8KKeWii/E+TQ242I26CGMBpfmymZpnvOoO1YirF5pGp0PRGqKwIzGfHn5zPst
6iaZrtBfneMf1Ou1IAcgUEcCvREv6qacVMoxoVxHm6iyVAEJ8+Gj9gZ4MT45REaF
5/2Oeg0Qr1r1Eiiz805kZcDBW9xGkjPnBG2puW5DpjrqIuGhJ0wJi4F5zzoviCyg
iUKoZzJAs+hCdfK7lKGztFCCRLEj7KLA6cho+rFKtRYP5qj1OYYuVIhartuMQkWh
fvqxovv0IXvF9KuEa9ctAuLTfZk6XZXqD6MqC21bgRKc
-----END CERTIFICATE-----