Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/w3U4RGD-RR7pfqM-x5GLo3NEI6k.roa
File:                     w3U4RGD-RR7pfqM-x5GLo3NEI6k.roa (raw, json)
Hash identifier:          4w41hRAcla/qvSZOMsfe9VIf0Pp8cdA1Zp6+AEIFBkw=
Subject key identifier:   C3:75:38:44:60:FE:45:1E:E9:7E:A3:3E:C7:91:8B:A3:73:44:23:A9
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       018CC794EF4F37EB5EE92C7309B9FC15DE71
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/w3U4RGD-RR7pfqM-x5GLo3NEI6k.roa
Signing time:             Tue 02 Jan 2024 00:31:15 +0000
ROA not before:           Tue 02 Jan 2024 00:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201671
IP address blocks:        5.104.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:ef:4f:37:eb:5e:e9:2c:73:09:b9:fc:15:de:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 00:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c375384460fe451ee97ea33ec7918ba3734423a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:74:c9:1c:7e:47:85:23:64:46:58:f7:49:93:
                    9b:bf:63:f0:47:45:f5:77:39:e8:04:62:16:06:ea:
                    fa:20:8a:0d:3e:4d:ba:07:97:1e:01:10:78:7f:fc:
                    05:cf:cb:ab:f4:bc:fa:ef:e9:a8:c6:64:3c:0e:75:
                    ad:3e:6e:d9:02:c5:f8:84:77:0c:be:82:e2:0b:1a:
                    b8:70:87:1b:41:7e:66:41:74:eb:91:7f:a7:b6:06:
                    a4:2a:49:a8:7a:cd:88:a7:20:ea:d6:df:5f:7e:88:
                    35:08:5d:9d:56:10:35:42:8e:ec:0b:fe:c3:e5:59:
                    b4:6f:71:b5:1f:8c:a0:d7:16:61:be:53:93:6d:31:
                    e5:5d:c8:ad:7d:ef:2c:52:1a:d7:c2:29:04:5d:ff:
                    75:ee:ac:fb:6b:7f:42:50:93:23:c5:a8:6e:2b:09:
                    3d:fc:d4:71:5a:f5:4f:d7:96:13:cd:76:24:c3:c7:
                    96:16:ba:f7:20:52:c9:d4:9a:c8:60:08:bc:70:8f:
                    26:31:0b:38:62:32:14:56:10:83:ae:cb:c3:be:20:
                    0d:a5:0c:ca:d3:77:a7:98:db:ab:6f:74:a6:86:4d:
                    3a:62:af:a4:63:d0:3a:44:ef:8a:50:f9:8b:74:02:
                    7c:7e:50:44:14:9e:47:41:22:9b:0c:ed:e8:8e:5c:
                    cb:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:75:38:44:60:FE:45:1E:E9:7E:A3:3E:C7:91:8B:A3:73:44:23:A9
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/w3U4RGD-RR7pfqM-x5GLo3NEI6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:3e:b0:ce:ad:ab:51:6d:26:d5:d7:65:ee:16:bc:6b:f2:86:
         52:6c:cc:43:a2:70:47:dd:cf:bf:c2:4f:36:7b:b3:a8:ae:3f:
         25:4e:2f:08:80:b3:4d:4b:9d:48:2a:ed:75:a5:20:69:40:38:
         95:e5:5b:8a:c5:6d:06:99:3c:bb:2e:f1:7a:f0:e5:32:7c:9a:
         f1:a5:18:b1:c7:c3:29:41:90:53:de:1e:46:76:9e:38:d8:2b:
         ba:a8:06:02:7d:4b:ad:cb:bc:02:f6:bc:1b:eb:82:c7:41:c5:
         61:73:5d:b4:19:a1:0c:db:c9:e7:67:b4:a5:52:e6:6e:e5:56:
         49:b8:07:30:39:11:fe:bf:69:64:52:6a:8a:71:c9:80:05:91:
         42:55:2f:05:ce:6a:ac:f5:47:ff:fe:de:2e:0e:8b:a5:53:49:
         94:73:c7:fc:53:73:b5:6d:d9:20:62:4e:85:06:3c:e1:7e:73:
         69:77:cd:99:d0:b1:f5:a2:ca:0e:c7:b2:ea:24:83:02:85:d5:
         43:6e:86:93:27:4f:0c:b7:d6:49:fb:a2:4a:72:50:5d:80:6f:
         ba:22:d7:be:5b:41:d2:bc:fa:82:ad:1b:8f:2f:df:da:aa:80:
         36:9f:24:d4:52:3e:5c:4c:01:23:6e:1f:0b:71:00:c4:25:b5:
         1a:48:0d:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlO9PN+te6SxzCbn8Fd5xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjQwMTAyMDAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzc1Mzg0NDYwZmU0NTFlZTk3ZWEzM2VjNzkxOGJhMzczNDQyM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXTJHH5HhSNkRlj3SZObv2PwR0X1
dznoBGIWBur6IIoNPk26B5ceARB4f/wFz8ur9Lz67+moxmQ8DnWtPm7ZAsX4hHcM
voLiCxq4cIcbQX5mQXTrkX+ntgakKkmoes2IpyDq1t9ffog1CF2dVhA1Qo7sC/7D
5Vm0b3G1H4yg1xZhvlOTbTHlXcitfe8sUhrXwikEXf917qz7a39CUJMjxahuKwk9
/NRxWvVP15YTzXYkw8eWFrr3IFLJ1JrIYAi8cI8mMQs4YjIUVhCDrsvDviANpQzK
03enmNurb3Smhk06Yq+kY9A6RO+KUPmLdAJ8flBEFJ5HQSKbDO3ojlzLVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMN1OERg/kUe6X6jPseRi6NzRCOpMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvdzNVNFJHRC1SUjdwZnFNLXg1R0xvM05FSTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWhLMA0G
CSqGSIb3DQEBCwUAA4IBAQCpPrDOratRbSbV12XuFrxr8oZSbMxDonBH3c+/wk82
e7Oorj8lTi8IgLNNS51IKu11pSBpQDiV5VuKxW0GmTy7LvF68OUyfJrxpRixx8Mp
QZBT3h5Gdp442Cu6qAYCfUuty7wC9rwb64LHQcVhc120GaEM28nnZ7SlUuZu5VZJ
uAcwORH+v2lkUmqKccmABZFCVS8Fzmqs9Uf//t4uDoulU0mUc8f8U3O1bdkgYk6F
BjzhfnNpd82Z0LH1osoOx7LqJIMChdVDboaTJ08Mt9ZJ+6JKclBdgG+6Ite+W0HS
vPqCrRuPL9/aqoA2nyTUUj5cTAEjbh8LcQDEJbUaSA0u
-----END CERTIFICATE-----