Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/gePIK2-VbGIo26x6domZFEVnF2w.roa
File:                     gePIK2-VbGIo26x6domZFEVnF2w.roa (raw, json)
Hash identifier:          UBhLzus5EcSud+9dBZHiyhW/YXKebv6Qx4xzFh52UQY=
Subject key identifier:   81:E3:C8:2B:6F:95:6C:62:28:DB:AC:7A:76:89:99:14:45:67:17:6C
Certificate issuer:       /CN=96062f5ddb18f96d78492b3538d7745cc4714a26
Certificate serial:       018CCA29DA84FF2B33879EA30528BEFD57B3
Authority key identifier: 96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/gePIK2-VbGIo26x6domZFEVnF2w.roa
Signing time:             Tue 02 Jan 2024 12:33:09 +0000
ROA not before:           Tue 02 Jan 2024 12:33:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200195
IP address blocks:        5.42.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:da:84:ff:2b:33:87:9e:a3:05:28:be:fd:57:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96062f5ddb18f96d78492b3538d7745cc4714a26
        Validity
            Not Before: Jan  2 12:33:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81e3c82b6f956c6228dbac7a768999144567176c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f9:36:0e:f5:2b:b0:e4:69:ee:a0:3b:f8:97:
                    22:36:57:05:74:14:73:5a:d6:01:09:2b:c9:c1:cf:
                    f5:37:ef:c2:94:f6:9f:00:16:74:0b:06:2f:b5:c4:
                    d6:2a:5c:bb:b8:3d:88:35:c4:25:06:83:9a:c5:60:
                    c3:1c:9e:45:ff:0f:ec:8b:5d:86:4b:64:8c:2a:01:
                    94:3f:fe:fd:42:e0:f3:ea:96:b6:dd:20:8a:83:d5:
                    17:9e:93:3e:4d:82:28:0a:f1:d2:af:4e:36:43:32:
                    c1:42:5b:cf:38:85:da:58:95:44:0e:9a:80:1a:16:
                    06:78:00:c3:7a:1e:ea:22:a3:3e:a9:45:48:1c:b3:
                    f0:f5:91:87:3e:af:b0:41:65:18:66:d1:54:cf:22:
                    81:d5:58:75:e7:87:18:2c:df:71:e8:3b:06:5f:48:
                    d3:ed:ba:8e:d6:65:f8:86:ee:4b:d7:8a:db:d8:d0:
                    52:08:7c:7d:6f:75:4a:c7:34:6a:40:69:0e:e3:f5:
                    cf:81:9c:ad:3e:40:3b:9d:84:dc:a2:f3:00:65:05:
                    8e:f1:c4:d0:4e:5b:6b:8d:e5:e4:65:e8:cb:7d:ea:
                    3d:c9:7c:d2:d6:b9:ef:28:cd:08:9f:fa:5d:59:e4:
                    c7:c7:56:1b:51:35:c2:1b:25:4a:f3:42:3f:d9:93:
                    a5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:E3:C8:2B:6F:95:6C:62:28:DB:AC:7A:76:89:99:14:45:67:17:6C
            X509v3 Authority Key Identifier:
                keyid:96:06:2F:5D:DB:18:F9:6D:78:49:2B:35:38:D7:74:5C:C4:71:4A:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lgYvXdsY-W14SSs1ONd0XMRxSiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/gePIK2-VbGIo26x6domZFEVnF2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e05975-da8e-460b-9ebb-3fcb5f3f3c59/1/lgYvXdsY-W14SSs1ONd0XMRxSiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:0d:e6:28:95:50:c4:b1:73:6c:e7:c6:c2:55:a0:ed:25:98:
         90:cb:35:51:70:c7:89:7c:ab:cc:0d:59:78:9c:48:e5:1a:56:
         ac:74:7e:20:3a:58:dd:06:6d:c0:28:db:e7:4d:82:33:b1:4f:
         d1:ff:2a:e0:84:ed:4e:44:02:79:f6:5a:57:89:8a:f2:39:4f:
         90:36:97:5c:de:f9:28:e9:ef:69:8d:70:5b:b8:ef:6a:22:89:
         b2:d8:46:11:96:f8:b6:8c:82:5b:ed:02:d1:f5:a1:fe:18:66:
         6e:5a:ed:cf:75:8a:aa:48:f5:22:4c:56:f4:db:76:1c:40:b1:
         4b:82:b3:4b:48:a1:83:6f:ec:23:9b:98:6b:90:a4:f2:e2:44:
         a1:fa:94:61:ca:66:14:5f:ca:cf:17:78:e9:3b:33:65:1a:ed:
         29:d4:76:d3:cd:c7:e3:81:24:b1:ce:7d:75:5f:80:1a:9c:9e:
         59:39:7a:fa:d7:40:b6:9a:78:42:f2:21:ab:4f:82:6f:2e:bc:
         c8:7c:39:09:13:b7:86:44:d7:e0:1d:77:84:bd:9c:c1:c2:e9:
         f3:09:d4:48:5b:04:97:be:85:26:4f:2d:59:5a:05:ef:98:eb:
         df:75:95:80:f4:80:98:0a:04:f9:2a:0c:89:20:b3:29:70:19:
         00:62:9a:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKdqE/yszh56jBSi+/VezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MDYyZjVkZGIxOGY5NmQ3ODQ5MmIzNTM4ZDc3NDVjYzQ3
MTRhMjYwHhcNMjQwMTAyMTIzMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWUzYzgyYjZmOTU2YzYyMjhkYmFjN2E3Njg5OTkxNDQ1NjcxNzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofk2DvUrsORp7qA7+JciNlcFdBRz
WtYBCSvJwc/1N+/ClPafABZ0CwYvtcTWKly7uD2INcQlBoOaxWDDHJ5F/w/si12G
S2SMKgGUP/79QuDz6pa23SCKg9UXnpM+TYIoCvHSr042QzLBQlvPOIXaWJVEDpqA
GhYGeADDeh7qIqM+qUVIHLPw9ZGHPq+wQWUYZtFUzyKB1Vh154cYLN9x6DsGX0jT
7bqO1mX4hu5L14rb2NBSCHx9b3VKxzRqQGkO4/XPgZytPkA7nYTcovMAZQWO8cTQ
TltrjeXkZejLfeo9yXzS1rnvKM0In/pdWeTHx1YbUTXCGyVK80I/2ZOlwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHjyCtvlWxiKNusenaJmRRFZxdsMB8GA1UdIwQY
MBaAFJYGL13bGPlteEkrNTjXdFzEcUomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmIt
M2ZjYjVmM2YzYzU5LzEvZ2VQSUsyLVZiR0lvMjZ4NmRvbVpGRVZuRjJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMDU5NzUtZGE4ZS00NjBiLTllYmItM2ZjYjVmM2YzYzU5
LzEvbGdZdlhkc1ktVzE0U1NzMU9OZDBYTVJ4U2lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSpEMA0G
CSqGSIb3DQEBCwUAA4IBAQBuDeYolVDEsXNs58bCVaDtJZiQyzVRcMeJfKvMDVl4
nEjlGlasdH4gOljdBm3AKNvnTYIzsU/R/yrghO1ORAJ59lpXiYryOU+QNpdc3vko
6e9pjXBbuO9qIomy2EYRlvi2jIJb7QLR9aH+GGZuWu3PdYqqSPUiTFb023YcQLFL
grNLSKGDb+wjm5hrkKTy4kSh+pRhymYUX8rPF3jpOzNlGu0p1HbTzcfjgSSxzn11
X4AanJ5ZOXr610C2mnhC8iGrT4JvLrzIfDkJE7eGRNfgHXeEvZzBwunzCdRIWwSX
voUmTy1ZWgXvmOvfdZWA9ICYCgT5KgyJILMpcBkAYppv
-----END CERTIFICATE-----