Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/1f1d43-43db-4f4a-b494-7df9ae53d484/1/v5aYUqXEmyOMPTIq1H95TvMimCA.roa
File:                     v5aYUqXEmyOMPTIq1H95TvMimCA.roa (raw, json)
Hash identifier:          j9k5aXNcaGqDnRMjPTHMxo1Y06g5j+Rs5gVFuEU1224=
Subject key identifier:   BF:96:98:52:A5:C4:9B:23:8C:3D:32:2A:D4:7F:79:4E:F3:22:98:20
Certificate issuer:       /CN=239d0657eaaef096bec94b11f4d69d0d3ed04ce6
Certificate serial:       018CC2DAECAC0119DED290359C9D54A3F04F
Authority key identifier: 23:9D:06:57:EA:AE:F0:96:BE:C9:4B:11:F4:D6:9D:0D:3E:D0:4C:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I50GV-qu8Ja-yUsR9NadDT7QTOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/1f1d43-43db-4f4a-b494-7df9ae53d484/1/v5aYUqXEmyOMPTIq1H95TvMimCA.roa
Signing time:             Mon 01 Jan 2024 02:29:36 +0000
ROA not before:           Mon 01 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51289
IP address blocks:        193.58.251.0/24 maxlen: 24
                          2001:67c:20c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/1f1d43-43db-4f4a-b494-7df9ae53d484/1/I50GV-qu8Ja-yUsR9NadDT7QTOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/1f1d43-43db-4f4a-b494-7df9ae53d484/1/I50GV-qu8Ja-yUsR9NadDT7QTOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I50GV-qu8Ja-yUsR9NadDT7QTOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 01:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ec:ac:01:19:de:d2:90:35:9c:9d:54:a3:f0:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=239d0657eaaef096bec94b11f4d69d0d3ed04ce6
        Validity
            Not Before: Jan  1 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf969852a5c49b238c3d322ad47f794ef3229820
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:bb:f8:0c:22:88:01:26:0d:74:66:c4:ec:86:
                    f1:6e:98:7f:96:36:dc:b8:5c:58:51:10:2c:2b:5d:
                    5d:0e:18:ce:23:96:65:6c:10:6c:9c:14:fa:3b:1b:
                    03:c9:7e:54:52:6b:94:12:03:21:69:ae:d2:c5:84:
                    ca:2e:72:9e:8c:35:64:83:3a:cf:af:7a:37:5a:1c:
                    55:ac:51:f5:92:eb:5a:cd:a5:f4:b5:c8:80:93:a1:
                    a9:31:4d:e6:74:1d:58:fd:1e:a5:de:fa:0b:9f:a6:
                    e6:b3:4b:7c:36:6c:51:91:05:21:80:08:24:b4:ae:
                    d6:d1:21:cd:c8:6f:36:7b:6e:9a:61:3a:76:d5:e6:
                    70:af:60:78:e2:4a:a6:d7:15:07:27:0b:eb:49:a6:
                    f5:12:27:6b:8b:10:93:0e:dd:7d:45:58:69:66:2e:
                    a4:4c:65:6d:27:49:71:a9:6d:92:75:c8:96:10:cb:
                    76:57:0d:83:a5:67:a9:96:0d:75:2b:80:de:7e:d1:
                    fa:46:18:4c:06:29:91:e4:8c:96:a7:09:48:c9:f7:
                    48:51:74:36:6b:c8:ce:7b:af:b5:b1:7d:1f:13:88:
                    7f:0b:df:13:0a:fe:85:fb:fa:72:ca:2d:f3:ac:c2:
                    83:dc:e9:36:a4:8e:e7:0d:f4:14:c3:ac:86:9b:d0:
                    af:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:96:98:52:A5:C4:9B:23:8C:3D:32:2A:D4:7F:79:4E:F3:22:98:20
            X509v3 Authority Key Identifier:
                keyid:23:9D:06:57:EA:AE:F0:96:BE:C9:4B:11:F4:D6:9D:0D:3E:D0:4C:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I50GV-qu8Ja-yUsR9NadDT7QTOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/1f1d43-43db-4f4a-b494-7df9ae53d484/1/v5aYUqXEmyOMPTIq1H95TvMimCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/1f1d43-43db-4f4a-b494-7df9ae53d484/1/I50GV-qu8Ja-yUsR9NadDT7QTOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.251.0/24
                IPv6:
                  2001:67c:20c::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:c4:4a:a3:06:61:d6:49:12:b6:bb:9f:9d:c1:10:8a:25:0b:
         59:b0:1a:4a:52:ed:23:28:bb:e2:50:78:c6:7d:12:dd:cb:b1:
         e4:6d:35:f7:2c:be:88:b5:55:db:f3:cd:84:72:c2:17:aa:a1:
         29:dc:2f:cb:59:f2:fa:9e:c5:6d:d8:22:ed:83:c6:c3:f7:20:
         80:62:c6:33:9c:f5:ce:e4:37:28:c6:92:48:d0:6d:fe:87:37:
         c4:54:6a:1b:7e:9d:20:03:2f:f1:39:51:ee:ba:5b:cc:f9:7b:
         d9:d7:03:30:23:db:f4:fb:39:e9:de:b7:7e:b5:be:d6:05:94:
         55:a7:ea:c5:3d:56:22:43:27:c3:a9:b7:67:74:44:a6:bb:9a:
         5f:6f:2c:dc:27:0a:11:d1:bc:c4:e3:64:0c:b0:ff:35:38:fd:
         08:e9:48:12:e7:79:82:9a:53:a3:ab:38:98:21:54:33:63:1f:
         7d:17:4f:e2:84:89:a1:f1:93:37:24:a7:27:58:8f:c9:c5:04:
         e8:29:6f:18:82:92:1f:71:6a:69:31:3e:d1:91:df:10:78:38:
         58:de:3f:65:ab:60:5d:37:cf:0a:11:54:8d:6b:2c:5d:31:86:
         26:15:f0:64:b8:1a:fa:4c:da:c6:2a:21:8d:6a:65:b1:aa:b4:
         20:4a:d2:d9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC2uysARne0pA1nJ1Uo/BPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzOWQwNjU3ZWFhZWYwOTZiZWM5NGIxMWY0ZDY5ZDBkM2Vk
MDRjZTYwHhcNMjQwMTAxMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjk2OTg1MmE1YzQ5YjIzOGMzZDMyMmFkNDdmNzk0ZWYzMjI5ODIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbv4DCKIASYNdGbE7Ibxbph/ljbc
uFxYURAsK11dDhjOI5ZlbBBsnBT6OxsDyX5UUmuUEgMhaa7SxYTKLnKejDVkgzrP
r3o3WhxVrFH1kutazaX0tciAk6GpMU3mdB1Y/R6l3voLn6bms0t8NmxRkQUhgAgk
tK7W0SHNyG82e26aYTp21eZwr2B44kqm1xUHJwvrSab1EidrixCTDt19RVhpZi6k
TGVtJ0lxqW2SdciWEMt2Vw2DpWeplg11K4DeftH6RhhMBimR5IyWpwlIyfdIUXQ2
a8jOe6+1sX0fE4h/C98TCv6F+/pyyi3zrMKD3Ok2pI7nDfQUw6yGm9CvdQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL+WmFKlxJsjjD0yKtR/eU7zIpggMB8GA1UdIwQY
MBaAFCOdBlfqrvCWvslLEfTWnQ0+0EzmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTUwR1YtcXU4SmEteVVzUjlOYWREVDdRVE9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8xZjFkNDMtNDNkYi00ZjRhLWI0OTQt
N2RmOWFlNTNkNDg0LzEvdjVhWVVxWEVteU9NUFRJcTFIOTVUdk1pbUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8xZjFkNDMtNDNkYi00ZjRhLWI0OTQtN2RmOWFlNTNkNDg0
LzEvSTUwR1YtcXU4SmEteVVzUjlOYWREVDdRVE9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwTr7MA8E
AgACMAkDBwAgAQZ8AgwwDQYJKoZIhvcNAQELBQADggEBAIfESqMGYdZJEra7n53B
EIolC1mwGkpS7SMou+JQeMZ9Et3LseRtNfcsvoi1VdvzzYRywheqoSncL8tZ8vqe
xW3YIu2DxsP3IIBixjOc9c7kNyjGkkjQbf6HN8RUaht+nSADL/E5Ue66W8z5e9nX
AzAj2/T7Oenet361vtYFlFWn6sU9ViJDJ8Opt2d0RKa7ml9vLNwnChHRvMTjZAyw
/zU4/QjpSBLneYKaU6OrOJghVDNjH30XT+KEiaHxkzckpydYj8nFBOgpbxiCkh9x
amkxPtGR3xB4OFjeP2WrYF03zwoRVI1rLF0xhiYV8GS4GvpM2sYqIY1qZbGqtCBK
0tk=
-----END CERTIFICATE-----