Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/5df231-2684-4f13-ab6f-ea302ad18ad6/1/Y8UJtzdfNmJluJ7KtN5PBJ5x2JQ.roa
File:                     Y8UJtzdfNmJluJ7KtN5PBJ5x2JQ.roa (raw, json)
Hash identifier:          4Qm13AZulQYY3mIDfBcC+diO1cYJF8GGxFnamdf7Hco=
Subject key identifier:   63:C5:09:B7:37:5F:36:62:65:B8:9E:CA:B4:DE:4F:04:9E:71:D8:94
Certificate issuer:       /CN=e84187984faaeff8fa1d0d48aed7c0cfd800de34
Certificate serial:       018CC86F0949FF2901E8F4AB4AF059C7D064
Authority key identifier: E8:41:87:98:4F:AA:EF:F8:FA:1D:0D:48:AE:D7:C0:CF:D8:00:DE:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6EGHmE-q7_j6HQ1IrtfAz9gA3jQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/5df231-2684-4f13-ab6f-ea302ad18ad6/1/Y8UJtzdfNmJluJ7KtN5PBJ5x2JQ.roa
Signing time:             Tue 02 Jan 2024 04:29:29 +0000
ROA not before:           Tue 02 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211128
IP address blocks:        5.181.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/5df231-2684-4f13-ab6f-ea302ad18ad6/1/6EGHmE-q7_j6HQ1IrtfAz9gA3jQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/5df231-2684-4f13-ab6f-ea302ad18ad6/1/6EGHmE-q7_j6HQ1IrtfAz9gA3jQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6EGHmE-q7_j6HQ1IrtfAz9gA3jQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:09:49:ff:29:01:e8:f4:ab:4a:f0:59:c7:d0:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e84187984faaeff8fa1d0d48aed7c0cfd800de34
        Validity
            Not Before: Jan  2 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63c509b7375f366265b89ecab4de4f049e71d894
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:2a:20:9f:55:54:1d:91:85:de:de:14:82:a9:
                    0b:61:91:73:98:a6:02:90:b8:8b:e2:05:c2:07:d5:
                    7f:6a:0d:f0:18:cb:5e:48:34:19:6f:da:3c:6e:99:
                    72:f5:fb:03:17:e7:af:fb:6d:96:fe:07:c9:a1:9a:
                    d9:7c:1c:5e:de:ad:9f:1c:66:d4:a5:af:fb:7e:ec:
                    5f:04:ea:fe:d7:b0:20:5a:e2:d8:d3:4d:f1:8c:ce:
                    1f:f0:e8:57:eb:67:b8:75:a5:96:9a:93:c8:51:79:
                    49:b4:eb:e1:5f:70:33:d0:8a:43:0a:02:a3:78:d6:
                    f6:ab:b6:ce:07:67:9f:47:53:f3:d7:ee:4c:50:f9:
                    b0:c4:f0:79:f4:06:53:9b:b9:bf:60:81:91:27:7b:
                    46:aa:cf:1f:9d:d8:df:80:de:f7:6e:28:a5:38:6c:
                    e4:c3:25:24:6f:f5:16:e0:d1:7b:a7:76:18:74:6e:
                    b1:e4:12:ff:2b:b4:f2:da:8d:71:c0:1d:ad:02:ac:
                    f5:dc:54:1c:13:c7:ec:9c:24:2c:72:68:3b:6c:f4:
                    1a:2d:a1:c3:34:ad:dd:11:7c:70:c4:f0:66:61:8b:
                    1d:f0:67:e2:c6:3d:72:0a:59:29:e8:4b:fa:df:96:
                    0d:c1:ca:25:70:1e:f5:21:f5:5b:78:16:ad:bc:1a:
                    57:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:C5:09:B7:37:5F:36:62:65:B8:9E:CA:B4:DE:4F:04:9E:71:D8:94
            X509v3 Authority Key Identifier:
                keyid:E8:41:87:98:4F:AA:EF:F8:FA:1D:0D:48:AE:D7:C0:CF:D8:00:DE:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EGHmE-q7_j6HQ1IrtfAz9gA3jQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/5df231-2684-4f13-ab6f-ea302ad18ad6/1/Y8UJtzdfNmJluJ7KtN5PBJ5x2JQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/5df231-2684-4f13-ab6f-ea302ad18ad6/1/6EGHmE-q7_j6HQ1IrtfAz9gA3jQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:d3:a0:af:84:3f:ad:df:06:42:e4:7e:32:b6:f7:cd:ed:1d:
         5c:f5:16:f6:c0:98:0b:2d:e9:9d:f8:55:10:dd:41:85:a2:91:
         01:0c:65:78:42:7d:c1:55:59:60:e5:78:d4:24:13:46:86:ae:
         32:f2:a2:b8:0c:83:f4:f9:c8:77:b6:a3:bb:36:d7:ce:e9:e8:
         6a:82:5c:01:96:a1:58:a4:a3:54:e3:9c:58:9b:11:d6:36:66:
         b4:e8:95:9b:e2:fa:91:d7:26:66:32:1d:0a:28:03:05:f3:2b:
         67:f8:41:94:54:bb:0f:68:62:93:1a:aa:25:3e:e0:cc:9b:79:
         e8:fb:47:25:f3:b3:7b:a2:18:a8:b1:23:26:01:b0:0d:3d:43:
         f8:8e:7c:3d:9a:d9:b6:59:26:00:a2:17:fb:8a:6c:78:6b:1c:
         e5:a2:24:1d:05:49:45:25:1a:39:3a:77:5d:b9:58:73:53:44:
         97:73:a6:7a:a0:35:84:56:d5:6b:5b:23:06:3f:53:6b:86:9a:
         00:18:d6:0c:02:0e:85:07:60:dc:fe:99:6e:de:8b:32:ed:27:
         2b:a4:7c:90:f3:be:96:2c:1a:7b:c1:13:87:d4:bd:7d:17:bd:
         2d:fb:6f:29:58:c1:b5:c1:27:6a:3c:2a:e3:ba:5a:03:ee:af:
         f5:0c:56:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwlJ/ykB6PSrSvBZx9BkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDE4Nzk4NGZhYWVmZjhmYTFkMGQ0OGFlZDdjMGNmZDgw
MGRlMzQwHhcNMjQwMTAyMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2M1MDliNzM3NWYzNjYyNjViODllY2FiNGRlNGYwNDllNzFkODk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCogn1VUHZGF3t4UgqkLYZFzmKYC
kLiL4gXCB9V/ag3wGMteSDQZb9o8bply9fsDF+ev+22W/gfJoZrZfBxe3q2fHGbU
pa/7fuxfBOr+17AgWuLY003xjM4f8OhX62e4daWWmpPIUXlJtOvhX3Az0IpDCgKj
eNb2q7bOB2efR1Pz1+5MUPmwxPB59AZTm7m/YIGRJ3tGqs8fndjfgN73biilOGzk
wyUkb/UW4NF7p3YYdG6x5BL/K7Ty2o1xwB2tAqz13FQcE8fsnCQscmg7bPQaLaHD
NK3dEXxwxPBmYYsd8Gfixj1yClkp6Ev635YNwcolcB71IfVbeBatvBpXTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPFCbc3XzZiZbieyrTeTwSecdiUMB8GA1UdIwQY
MBaAFOhBh5hPqu/4+h0NSK7XwM/YAN40MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVHSG1FLXE3X2o2SFExSXJ0ZkF6OWdBM2pRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS81ZGYyMzEtMjY4NC00ZjEzLWFiNmYt
ZWEzMDJhZDE4YWQ2LzEvWThVSnR6ZGZObUpsdUo3S3RONVBCSjV4MkpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS81ZGYyMzEtMjY4NC00ZjEzLWFiNmYtZWEzMDJhZDE4YWQ2
LzEvNkVHSG1FLXE3X2o2SFExSXJ0ZkF6OWdBM2pRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbU3MA0G
CSqGSIb3DQEBCwUAA4IBAQBG06CvhD+t3wZC5H4ytvfN7R1c9Rb2wJgLLemd+FUQ
3UGFopEBDGV4Qn3BVVlg5XjUJBNGhq4y8qK4DIP0+ch3tqO7NtfO6ehqglwBlqFY
pKNU45xYmxHWNma06JWb4vqR1yZmMh0KKAMF8ytn+EGUVLsPaGKTGqolPuDMm3no
+0cl87N7ohiosSMmAbANPUP4jnw9mtm2WSYAohf7imx4axzloiQdBUlFJRo5Ondd
uVhzU0SXc6Z6oDWEVtVrWyMGP1NrhpoAGNYMAg6FB2Dc/plu3osy7ScrpHyQ876W
LBp7wROH1L19F70t+28pWMG1wSdqPCrjuloD7q/1DFaQ
-----END CERTIFICATE-----