Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/dnr-5bJ6_W_Bnf9MtINQePBy1OE.roa
File:                     dnr-5bJ6_W_Bnf9MtINQePBy1OE.roa (raw, json)
Hash identifier:          shT0tRDh5bEXFwN8jqv1BX51wH0dE8tKiq99JmWjzs4=
Subject key identifier:   76:7A:FE:E5:B2:7A:FD:6F:C1:9D:FF:4C:B4:83:50:78:F0:72:D4:E1
Certificate issuer:       /CN=5d86c47da6d9079347b60f04ed5c5557fe983eb8
Certificate serial:       0192AFCCF177150D9F4A397070070A2ADA97
Authority key identifier: 5D:86:C4:7D:A6:D9:07:93:47:B6:0F:04:ED:5C:55:57:FE:98:3E:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/dnr-5bJ6_W_Bnf9MtINQePBy1OE.roa
Signing time:             Mon 21 Oct 2024 15:58:16 +0000
ROA not before:           Mon 21 Oct 2024 15:58:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        5.253.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:af:cc:f1:77:15:0d:9f:4a:39:70:70:07:0a:2a:da:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d86c47da6d9079347b60f04ed5c5557fe983eb8
        Validity
            Not Before: Oct 21 15:58:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=767afee5b27afd6fc19dff4cb4835078f072d4e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b0:c7:4a:92:c4:4f:26:9b:82:8c:22:82:f0:
                    23:ca:67:5f:f6:7d:61:72:91:71:1d:cb:78:ab:15:
                    4f:7d:30:46:ae:98:d2:e6:e4:a3:d4:67:cc:4a:bf:
                    3a:a6:f3:91:35:85:5b:7f:a3:e0:c5:cd:a6:ed:c4:
                    e7:35:c1:5f:0e:dd:dc:68:dc:a5:bf:f5:43:ee:5b:
                    98:3c:f2:5d:67:27:6c:ec:0b:b7:bd:b6:44:2b:c2:
                    4e:02:07:9a:ba:9e:30:a1:dd:7b:6b:f9:64:b1:77:
                    b6:9b:8b:71:4b:d5:e7:c2:bc:64:3b:a5:e8:2f:65:
                    4d:ff:0a:27:3a:b5:99:e8:51:e5:59:53:ba:17:26:
                    d9:96:25:e1:96:1d:b3:9f:4e:57:dd:5d:9b:27:e2:
                    68:7f:96:34:a3:bd:a7:cc:f4:77:25:8b:57:03:8a:
                    b5:71:9e:3c:05:13:23:aa:bf:9b:4c:cc:6e:18:b4:
                    d5:a5:18:c0:7f:5f:59:41:81:a5:6c:3d:2c:5b:48:
                    9d:db:6e:3e:53:8c:df:14:be:a3:66:64:f0:1f:10:
                    a0:70:30:f1:3e:8c:18:21:76:d7:5d:67:f5:b8:55:
                    e9:8a:89:c0:58:c4:36:b9:a0:75:66:52:87:bc:cc:
                    7f:98:7b:63:54:e5:dc:19:62:3a:70:b1:96:f0:12:
                    25:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:7A:FE:E5:B2:7A:FD:6F:C1:9D:FF:4C:B4:83:50:78:F0:72:D4:E1
            X509v3 Authority Key Identifier:
                keyid:5D:86:C4:7D:A6:D9:07:93:47:B6:0F:04:ED:5C:55:57:FE:98:3E:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYbEfabZB5NHtg8E7VxVV_6YPrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/dnr-5bJ6_W_Bnf9MtINQePBy1OE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/df66a0-c958-4e5c-a6df-fc632841ba3e/1/XYbEfabZB5NHtg8E7VxVV_6YPrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:66:8b:75:d8:14:73:72:d8:be:60:dd:86:ca:2b:08:8a:5b:
         2b:14:67:1d:98:67:c1:05:fa:71:da:0d:82:21:81:07:3a:56:
         36:78:f7:3a:40:7b:47:21:78:f7:40:ef:ba:6d:7e:b7:31:52:
         44:11:8c:ef:f4:07:7c:d9:57:e0:19:b6:77:dd:a7:85:1f:6a:
         ec:a9:51:dd:c9:66:99:51:31:55:73:b4:7d:65:0a:b5:8a:0d:
         95:0e:f6:af:61:42:32:31:bb:8d:3b:63:5c:a5:6f:9c:19:da:
         3e:da:f7:da:10:c0:f8:f9:01:fd:88:94:99:58:58:bb:28:cd:
         7e:a6:db:e4:4e:38:d4:25:78:21:e4:69:2d:99:c5:20:d8:7a:
         5e:8b:e6:2d:11:35:32:4c:cb:6c:63:6e:c6:65:86:32:ce:1f:
         bd:f9:b3:60:21:a4:3b:81:e9:32:8d:c7:15:6c:3d:5c:b7:25:
         11:d6:b9:18:05:6a:7e:a7:8b:cb:cf:57:ed:59:8c:a6:71:c2:
         47:29:01:5b:84:f9:27:64:0a:40:10:06:d4:1f:65:06:99:65:
         aa:26:8b:6b:0b:a4:c7:ce:f3:a5:50:91:03:bf:ce:a5:c0:f7:
         b0:d5:e7:14:8e:4a:11:c6:bc:45:d8:c1:3f:04:96:b1:0a:48:
         c4:0a:bd:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKvzPF3FQ2fSjlwcAcKKtqXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODZjNDdkYTZkOTA3OTM0N2I2MGYwNGVkNWM1NTU3ZmU5
ODNlYjgwHhcNMjQxMDIxMTU1ODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjdhZmVlNWIyN2FmZDZmYzE5ZGZmNGNiNDgzNTA3OGYwNzJkNGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrDHSpLETyabgowigvAjymdf9n1h
cpFxHct4qxVPfTBGrpjS5uSj1GfMSr86pvORNYVbf6Pgxc2m7cTnNcFfDt3caNyl
v/VD7luYPPJdZyds7Au3vbZEK8JOAgeaup4wod17a/lksXe2m4txS9XnwrxkO6Xo
L2VN/wonOrWZ6FHlWVO6FybZliXhlh2zn05X3V2bJ+Jof5Y0o72nzPR3JYtXA4q1
cZ48BRMjqr+bTMxuGLTVpRjAf19ZQYGlbD0sW0id224+U4zfFL6jZmTwHxCgcDDx
PowYIXbXXWf1uFXpionAWMQ2uaB1ZlKHvMx/mHtjVOXcGWI6cLGW8BIlswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZ6/uWyev1vwZ3/TLSDUHjwctThMB8GA1UdIwQY
MBaAFF2GxH2m2QeTR7YPBO1cVVf+mD64MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFliRWZhYlpCNU5IdGc4RTdWeFZWXzZZUHJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kZjY2YTAtYzk1OC00ZTVjLWE2ZGYt
ZmM2MzI4NDFiYTNlLzEvZG5yLTViSjZfV19CbmY5TXRJTlFlUEJ5MU9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kZjY2YTAtYzk1OC00ZTVjLWE2ZGYtZmM2MzI4NDFiYTNl
LzEvWFliRWZhYlpCNU5IdGc4RTdWeFZWXzZZUHJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABf2/MA0G
CSqGSIb3DQEBCwUAA4IBAQAGZot12BRzcti+YN2GyisIilsrFGcdmGfBBfpx2g2C
IYEHOlY2ePc6QHtHIXj3QO+6bX63MVJEEYzv9Ad82VfgGbZ33aeFH2rsqVHdyWaZ
UTFVc7R9ZQq1ig2VDvavYUIyMbuNO2NcpW+cGdo+2vfaEMD4+QH9iJSZWFi7KM1+
ptvkTjjUJXgh5GktmcUg2Hpei+YtETUyTMtsY27GZYYyzh+9+bNgIaQ7gekyjccV
bD1ctyUR1rkYBWp+p4vLz1ftWYymccJHKQFbhPknZApAEAbUH2UGmWWqJotrC6TH
zvOlUJEDv86lwPew1ecUjkoRxrxF2ME/BJaxCkjECr1C
-----END CERTIFICATE-----