Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/5xFb2G49X2eC7I-S-imknyCSalY.roa
File:                     5xFb2G49X2eC7I-S-imknyCSalY.roa (raw, json)
Hash identifier:          O58qBeoPFG71u9OBoY5VVr2nAzvgRlfj9q3f5n4XchY=
Subject key identifier:   E7:11:5B:D8:6E:3D:5F:67:82:EC:8F:92:FA:29:A4:9F:20:92:6A:56
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018DED943084FAC86B082BCF9E388E4F6D49
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/5xFb2G49X2eC7I-S-imknyCSalY.roa
Signing time:             Wed 28 Feb 2024 02:38:48 +0000
ROA not before:           Wed 28 Feb 2024 02:38:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207614
IP address blocks:        5.154.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ed:94:30:84:fa:c8:6b:08:2b:cf:9e:38:8e:4f:6d:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Feb 28 02:38:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7115bd86e3d5f6782ec8f92fa29a49f20926a56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:04:40:f0:58:a6:2c:d8:14:53:cb:1f:1a:7d:
                    de:56:bf:12:2f:17:03:43:a2:9a:f6:8e:c2:77:77:
                    01:f6:ac:65:1b:f5:db:93:a8:75:6f:f1:1e:d5:35:
                    63:c0:38:e2:71:df:cb:ad:d1:dc:3c:c8:c4:4f:12:
                    f7:78:10:3e:71:a8:2c:54:dd:ce:97:80:d8:77:2a:
                    ea:d4:d5:d6:33:74:e1:26:5f:89:55:2c:8b:0b:08:
                    8e:4a:63:8f:73:eb:e6:ec:8d:fe:c8:63:de:48:8f:
                    7b:33:23:f4:34:60:16:fd:05:3a:c8:d2:42:4d:30:
                    28:e6:71:e1:26:d4:c6:a8:07:4a:c5:e6:5e:d4:8f:
                    f1:6e:8c:5c:e7:ea:16:d6:f3:61:cb:9f:0f:11:b0:
                    d7:a9:b6:20:ca:8f:e9:a0:a8:d6:5a:ee:29:8b:4c:
                    28:59:cf:13:e0:54:fd:da:f0:f8:fe:44:a5:d3:56:
                    26:f5:5b:34:df:14:c3:37:63:fc:49:d2:99:1e:2e:
                    28:f9:87:b8:7b:ff:76:64:a7:9f:f6:86:99:a4:6f:
                    74:93:21:e4:2c:7d:f9:69:78:33:9e:58:2e:9b:e3:
                    4f:59:e7:39:63:94:8f:fb:59:9b:a1:d9:6a:cc:00:
                    43:5f:8b:07:db:d1:66:c8:0e:a6:ad:f8:82:53:78:
                    0b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:11:5B:D8:6E:3D:5F:67:82:EC:8F:92:FA:29:A4:9F:20:92:6A:56
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/5xFb2G49X2eC7I-S-imknyCSalY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:e0:a3:7d:d9:4b:5e:9e:58:a4:3b:23:59:b9:76:8d:96:cc:
         15:5f:7f:e1:d4:a1:6b:97:0c:8a:5b:b2:3b:a8:b9:cf:f8:45:
         83:ec:92:0e:7d:42:d3:3d:46:76:d8:61:31:5d:d8:fa:aa:46:
         d1:f9:bd:71:d1:c8:f9:52:72:b6:c0:d5:b1:3b:3b:3c:02:e8:
         fe:fd:0f:d3:66:ba:3e:77:a6:eb:5c:70:7f:65:04:7d:6e:34:
         4c:da:1d:9a:61:ce:50:0a:78:a8:d4:ae:f1:c5:49:f2:35:89:
         94:3b:22:f6:32:51:a7:c2:21:a6:11:8b:68:be:4b:a8:c7:21:
         8d:3e:f4:29:e4:dc:56:70:dc:67:dc:89:90:a6:3a:6e:00:ab:
         a5:d8:20:c1:60:7c:32:40:5d:ac:35:73:ec:80:9a:26:40:0b:
         eb:06:28:23:e0:b5:61:4c:30:50:03:47:08:fb:32:09:10:31:
         44:ae:f5:0b:3b:cc:5b:8d:f7:f5:d9:ea:e0:6f:96:59:92:42:
         88:87:4b:7f:3b:2d:3d:55:82:d9:39:d2:f9:30:ca:0d:ee:2e:
         da:3e:7c:76:c4:56:ca:6e:19:e0:a9:8d:65:90:c7:b8:9c:d6:
         e9:a1:a8:93:37:7c:32:76:04:dc:55:a7:e8:b2:35:ac:b8:de:
         b6:47:b2:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3tlDCE+shrCCvPnjiOT21JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMjI4MDIzODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzExNWJkODZlM2Q1ZjY3ODJlYzhmOTJmYTI5YTQ5ZjIwOTI2YTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggRA8FimLNgUU8sfGn3eVr8SLxcD
Q6Ka9o7Cd3cB9qxlG/Xbk6h1b/Ee1TVjwDjicd/LrdHcPMjETxL3eBA+cagsVN3O
l4DYdyrq1NXWM3ThJl+JVSyLCwiOSmOPc+vm7I3+yGPeSI97MyP0NGAW/QU6yNJC
TTAo5nHhJtTGqAdKxeZe1I/xboxc5+oW1vNhy58PEbDXqbYgyo/poKjWWu4pi0wo
Wc8T4FT92vD4/kSl01Ym9Vs03xTDN2P8SdKZHi4o+Ye4e/92ZKef9oaZpG90kyHk
LH35aXgznlgum+NPWec5Y5SP+1mbodlqzABDX4sH29FmyA6mrfiCU3gLUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcRW9huPV9nguyPkvoppJ8gkmpWMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvNXhGYjJHNDlYMmVDN0ktUy1pbWtueUNTYWxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZoHMA0G
CSqGSIb3DQEBCwUAA4IBAQC74KN92UtenlikOyNZuXaNlswVX3/h1KFrlwyKW7I7
qLnP+EWD7JIOfULTPUZ22GExXdj6qkbR+b1x0cj5UnK2wNWxOzs8Auj+/Q/TZro+
d6brXHB/ZQR9bjRM2h2aYc5QCnio1K7xxUnyNYmUOyL2MlGnwiGmEYtovkuoxyGN
PvQp5NxWcNxn3ImQpjpuAKul2CDBYHwyQF2sNXPsgJomQAvrBigj4LVhTDBQA0cI
+zIJEDFErvULO8xbjff12ergb5ZZkkKIh0t/Oy09VYLZOdL5MMoN7i7aPnx2xFbK
bhngqY1lkMe4nNbpoaiTN3wydgTcVafosjWsuN62R7Ie
-----END CERTIFICATE-----