Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/U15tXAz6Vs0R8tWyaMC95tjW9G4.roa
File:                     U15tXAz6Vs0R8tWyaMC95tjW9G4.roa (raw, json)
Hash identifier:          En//yBbdNN54l9TodQVCND8sN9f0K0chG+/gYYJxtfI=
Subject key identifier:   53:5E:6D:5C:0C:FA:56:CD:11:F2:D5:B2:68:C0:BD:E6:D8:D6:F4:6E
Certificate issuer:       /CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
Certificate serial:       018CC500ED8CC2A3F9D419E6AF690E0A5066
Authority key identifier: 25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/U15tXAz6Vs0R8tWyaMC95tjW9G4.roa
Signing time:             Mon 01 Jan 2024 12:30:21 +0000
ROA not before:           Mon 01 Jan 2024 12:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201121
IP address blocks:        5.158.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:ed:8c:c2:a3:f9:d4:19:e6:af:69:0e:0a:50:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25ae551af0bb5d7977ea73f6896f25f1eca28f9d
        Validity
            Not Before: Jan  1 12:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=535e6d5c0cfa56cd11f2d5b268c0bde6d8d6f46e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e7:ca:d6:bc:80:1e:f7:d9:86:4f:db:9f:0a:
                    62:d5:71:66:52:d1:03:c0:0b:74:71:d7:a0:7d:cc:
                    48:fc:84:37:d6:5d:56:b3:80:66:95:0d:90:c8:99:
                    eb:7b:dd:df:be:7c:8e:00:0b:62:fb:71:b1:ea:d0:
                    3a:ae:b1:2e:aa:a0:89:d0:95:52:c3:16:64:ad:4e:
                    52:5e:a4:24:6b:83:04:fd:24:94:91:60:2a:3e:45:
                    fd:d3:cc:09:b6:06:f0:18:14:69:12:0a:cd:e9:68:
                    49:00:94:5c:0a:6a:76:15:8e:b0:9d:4b:0b:f3:34:
                    fa:5c:4a:2b:14:47:0b:d3:ab:7e:fb:ba:12:fc:c2:
                    a9:f4:a3:d3:36:e5:38:58:50:d7:a6:f8:f4:40:55:
                    a6:ca:f3:55:09:ea:11:ed:11:1e:ac:11:79:00:33:
                    d3:91:25:e0:9c:25:de:45:be:92:5c:1f:38:bf:90:
                    1c:0b:ef:31:43:c8:a5:42:d9:ce:ec:d0:2c:9a:a6:
                    6a:a0:20:16:19:20:61:70:37:9c:89:cc:a7:1d:85:
                    dd:05:e0:82:ff:23:fb:5c:44:7c:43:6c:fd:86:66:
                    c8:69:48:2e:90:cf:58:52:76:45:36:76:37:00:58:
                    94:37:d9:96:82:ad:73:79:b6:58:83:eb:f3:07:98:
                    54:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:5E:6D:5C:0C:FA:56:CD:11:F2:D5:B2:68:C0:BD:E6:D8:D6:F4:6E
            X509v3 Authority Key Identifier:
                keyid:25:AE:55:1A:F0:BB:5D:79:77:EA:73:F6:89:6F:25:F1:EC:A2:8F:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ja5VGvC7XXl36nP2iW8l8eyij50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/U15tXAz6Vs0R8tWyaMC95tjW9G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/42f81b-c42c-4254-abb9-2142f8fb676e/1/Ja5VGvC7XXl36nP2iW8l8eyij50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:d9:10:65:8c:fb:ac:bf:9f:51:5c:65:fc:c7:30:0b:27:c3:
         c9:b0:4c:c2:64:28:1c:97:f9:70:3f:73:85:69:bb:b1:cd:c6:
         8b:6d:f3:94:76:5b:d0:db:f7:78:d0:c4:70:f1:40:ba:3b:b6:
         05:79:ef:04:2f:8c:c7:78:d8:c9:75:2d:d9:65:d8:34:2a:b9:
         32:17:4e:ad:35:dd:cd:50:46:4f:84:b7:3d:5d:3c:92:c5:bf:
         ef:d3:db:85:59:2f:cc:bf:b4:53:64:14:5e:1f:14:ef:06:41:
         9d:c8:bb:72:7b:05:52:53:7d:8a:4f:3a:43:63:f5:68:73:e9:
         2a:08:55:2e:97:f4:c8:86:2d:2e:17:ea:ca:78:de:b9:e4:79:
         b1:b6:60:fd:fb:df:37:fa:84:6e:25:15:e7:a1:79:f8:40:b3:
         81:23:e4:6f:ce:9d:81:ca:a8:af:07:7d:35:92:74:7a:40:b8:
         3c:56:9b:ae:42:79:29:c2:3f:c4:1e:4d:2d:86:98:4f:a8:23:
         52:81:d0:73:89:1e:22:2f:d2:6d:7a:67:83:07:2f:f5:ce:3d:
         c0:a2:2b:33:ee:b6:68:c0:cb:d9:57:c5:a8:43:f8:7d:b5:f9:
         58:0e:32:fb:4e:24:5c:d9:14:c6:67:2d:e1:be:29:bb:85:d0:
         47:1c:c5:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAO2MwqP51Bnmr2kOClBmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YWU1NTFhZjBiYjVkNzk3N2VhNzNmNjg5NmYyNWYxZWNh
MjhmOWQwHhcNMjQwMTAxMTIzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzVlNmQ1YzBjZmE1NmNkMTFmMmQ1YjI2OGMwYmRlNmQ4ZDZmNDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmefK1ryAHvfZhk/bnwpi1XFmUtED
wAt0cdegfcxI/IQ31l1Ws4BmlQ2QyJnre93fvnyOAAti+3Gx6tA6rrEuqqCJ0JVS
wxZkrU5SXqQka4ME/SSUkWAqPkX908wJtgbwGBRpEgrN6WhJAJRcCmp2FY6wnUsL
8zT6XEorFEcL06t++7oS/MKp9KPTNuU4WFDXpvj0QFWmyvNVCeoR7REerBF5ADPT
kSXgnCXeRb6SXB84v5AcC+8xQ8ilQtnO7NAsmqZqoCAWGSBhcDecicynHYXdBeCC
/yP7XER8Q2z9hmbIaUgukM9YUnZFNnY3AFiUN9mWgq1zebZYg+vzB5hUaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNebVwM+lbNEfLVsmjAvebY1vRuMB8GA1UdIwQY
MBaAFCWuVRrwu115d+pz9olvJfHsoo+dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjkt
MjE0MmY4ZmI2NzZlLzEvVTE1dFhBejZWczBSOHRXeWFNQzk1dGpXOUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny80MmY4MWItYzQyYy00MjU0LWFiYjktMjE0MmY4ZmI2NzZl
LzEvSmE1Vkd2QzdYWGwzNm5QMmlXOGw4ZXlpajUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZ5XMA0G
CSqGSIb3DQEBCwUAA4IBAQAl2RBljPusv59RXGX8xzALJ8PJsEzCZCgcl/lwP3OF
abuxzcaLbfOUdlvQ2/d40MRw8UC6O7YFee8EL4zHeNjJdS3ZZdg0KrkyF06tNd3N
UEZPhLc9XTySxb/v09uFWS/Mv7RTZBReHxTvBkGdyLtyewVSU32KTzpDY/Voc+kq
CFUul/TIhi0uF+rKeN655HmxtmD9+983+oRuJRXnoXn4QLOBI+Rvzp2ByqivB301
knR6QLg8VpuuQnkpwj/EHk0thphPqCNSgdBziR4iL9JtemeDBy/1zj3Aoisz7rZo
wMvZV8WoQ/h9tflYDjL7TiRc2RTGZy3hvim7hdBHHMV1
-----END CERTIFICATE-----