Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/Tn5cmUWI13OKHZoviEO4n-wocrY.roa
File:                     Tn5cmUWI13OKHZoviEO4n-wocrY.roa (raw, json)
Hash identifier:          ROYVSMFLCWm82HPTmw5S4kU+oEKLbyI0l2fhS1gcupA=
Subject key identifier:   4E:7E:5C:99:45:88:D7:73:8A:1D:9A:2F:88:43:B8:9F:EC:28:72:B6
Certificate issuer:       /CN=d82cb43ca3c0c57816cee360478d0cf882207fd2
Certificate serial:       018F4C5AE69441511688E59B9D089ED5BA5B
Authority key identifier: D8:2C:B4:3C:A3:C0:C5:78:16:CE:E3:60:47:8D:0C:F8:82:20:7F:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/Tn5cmUWI13OKHZoviEO4n-wocrY.roa
Signing time:             Mon 06 May 2024 05:22:56 +0000
ROA not before:           Mon 06 May 2024 05:22:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8289
IP address blocks:        5.157.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 22:03:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4c:5a:e6:94:41:51:16:88:e5:9b:9d:08:9e:d5:ba:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d82cb43ca3c0c57816cee360478d0cf882207fd2
        Validity
            Not Before: May  6 05:22:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e7e5c994588d7738a1d9a2f8843b89fec2872b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:aa:86:98:68:68:b0:0f:e7:e0:4f:de:d1:db:
                    42:97:29:f6:59:c8:70:fa:aa:71:e4:6b:bb:54:86:
                    70:74:11:ef:d7:f9:2a:74:09:9c:73:f4:37:cd:36:
                    c9:a2:86:76:9a:15:a2:76:1f:50:80:79:d7:79:73:
                    26:f1:4b:40:ad:7a:81:9e:37:3f:59:f0:4b:d1:9e:
                    8f:2f:e9:50:6c:2d:5a:23:ae:0b:85:d7:ec:0d:28:
                    9e:45:83:4e:5a:9a:72:2d:64:59:b3:5f:d7:da:0c:
                    3c:d1:5f:e2:10:8d:63:fd:e1:f1:c2:7b:a1:cc:63:
                    d9:7e:8a:9e:18:99:08:68:6b:d9:6e:2f:e4:89:32:
                    5c:6e:0c:36:8f:79:fa:38:68:56:59:c7:11:93:d2:
                    1d:ba:89:0a:52:16:43:00:f9:fe:7d:7f:61:46:86:
                    03:c6:55:2e:f7:6b:5d:95:1f:24:90:14:76:c0:f0:
                    b4:31:7c:22:bf:42:07:9f:60:66:49:03:26:91:df:
                    5c:28:33:0f:f8:6b:ac:b0:b7:95:28:a9:44:05:2e:
                    26:a7:aa:9b:f9:58:7e:77:62:0b:64:c0:8e:de:39:
                    2d:28:ed:f8:c8:0c:58:62:ae:54:32:c8:3f:09:41:
                    fd:90:4a:d1:d3:a5:de:67:c5:f3:14:b9:83:b0:49:
                    d3:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:7E:5C:99:45:88:D7:73:8A:1D:9A:2F:88:43:B8:9F:EC:28:72:B6
            X509v3 Authority Key Identifier:
                keyid:D8:2C:B4:3C:A3:C0:C5:78:16:CE:E3:60:47:8D:0C:F8:82:20:7F:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/Tn5cmUWI13OKHZoviEO4n-wocrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.157.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:5f:79:43:20:a3:fb:6f:2b:5c:0f:96:21:09:80:92:84:a1:
         0f:0e:ac:19:fd:72:d9:0e:0d:9b:6d:73:70:28:6f:8e:ff:7c:
         74:98:5a:4a:5f:d3:c9:67:40:82:6c:7e:aa:79:02:28:31:17:
         38:5d:f1:89:c1:80:05:49:86:5e:e7:56:85:42:38:56:08:e4:
         53:0c:bb:91:58:4c:d7:a3:7d:11:8f:39:e9:56:14:e6:65:0d:
         43:fc:43:20:e5:33:5c:c9:45:3f:ff:ff:3e:0b:ea:b1:c6:b5:
         c0:f7:d9:36:78:59:5c:0b:34:64:80:53:9f:9c:62:4a:1e:05:
         f5:68:79:cc:99:57:a8:67:7c:fb:c6:55:95:15:d2:7d:5e:c7:
         18:af:59:62:53:f7:7e:11:88:01:a3:66:c6:f1:33:3b:fa:ff:
         34:2b:7a:72:20:dc:c0:f0:e9:be:e2:bf:ee:02:cd:72:8f:0a:
         e0:63:b9:5d:bf:ad:1a:e5:64:05:01:6b:d6:9f:6f:0c:f5:73:
         4c:f3:e2:c2:87:ed:7a:a6:a4:7c:d5:0b:08:ef:45:9e:19:80:
         b3:fb:c4:00:1e:88:17:08:4d:c7:9e:3e:4c:18:c0:9d:19:1d:
         c1:49:ba:c9:da:f3:77:48:7c:99:4d:81:f7:88:e0:54:ca:88:
         2e:87:5b:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9MWuaUQVEWiOWbnQie1bpbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MmNiNDNjYTNjMGM1NzgxNmNlZTM2MDQ3OGQwY2Y4ODIy
MDdmZDIwHhcNMjQwNTA2MDUyMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTdlNWM5OTQ1ODhkNzczOGExZDlhMmY4ODQzYjg5ZmVjMjg3MmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqqGmGhosA/n4E/e0dtClyn2Wchw
+qpx5Gu7VIZwdBHv1/kqdAmcc/Q3zTbJooZ2mhWidh9QgHnXeXMm8UtArXqBnjc/
WfBL0Z6PL+lQbC1aI64LhdfsDSieRYNOWppyLWRZs1/X2gw80V/iEI1j/eHxwnuh
zGPZfoqeGJkIaGvZbi/kiTJcbgw2j3n6OGhWWccRk9IduokKUhZDAPn+fX9hRoYD
xlUu92tdlR8kkBR2wPC0MXwiv0IHn2BmSQMmkd9cKDMP+GussLeVKKlEBS4mp6qb
+Vh+d2ILZMCO3jktKO34yAxYYq5UMsg/CUH9kErR06XeZ8XzFLmDsEnT5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5+XJlFiNdzih2aL4hDuJ/sKHK2MB8GA1UdIwQY
MBaAFNgstDyjwMV4Fs7jYEeNDPiCIH/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkN5MFBLUEF4WGdXenVOZ1I0ME0tSUlnZjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zYjUxYjgtMTBjNi00MzhiLWExMjAt
MTVmMTNlM2Y3ZDg1LzEvVG41Y21VV0kxM09LSFpvdmlFTzRuLXdvY3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zYjUxYjgtMTBjNi00MzhiLWExMjAtMTVmMTNlM2Y3ZDg1
LzEvMkN5MFBLUEF4WGdXenVOZ1I0ME0tSUlnZjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZ0EMA0G
CSqGSIb3DQEBCwUAA4IBAQA+X3lDIKP7bytcD5YhCYCShKEPDqwZ/XLZDg2bbXNw
KG+O/3x0mFpKX9PJZ0CCbH6qeQIoMRc4XfGJwYAFSYZe51aFQjhWCORTDLuRWEzX
o30RjznpVhTmZQ1D/EMg5TNcyUU///8+C+qxxrXA99k2eFlcCzRkgFOfnGJKHgX1
aHnMmVeoZ3z7xlWVFdJ9XscYr1liU/d+EYgBo2bG8TM7+v80K3pyINzA8Om+4r/u
As1yjwrgY7ldv60a5WQFAWvWn28M9XNM8+LCh+16pqR81QsI70WeGYCz+8QAHogX
CE3Hnj5MGMCdGR3BSbrJ2vN3SHyZTYH3iOBUyoguh1v2
-----END CERTIFICATE-----