Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/A5MyvfOuouRnwTfuNCz0_upifPM.roa
File:                     A5MyvfOuouRnwTfuNCz0_upifPM.roa (raw, json)
Hash identifier:          V1NzyT3jGhmm+NOdhhR1rEA2dtarA8s4NG3/cDEGnqE=
Subject key identifier:   03:93:32:BD:F3:AE:A2:E4:67:C1:37:EE:34:2C:F4:FE:EA:62:7C:F3
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E11BD5F963DF662682F506EE7B120
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/A5MyvfOuouRnwTfuNCz0_upifPM.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52356
IP address blocks:        181.41.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 07:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:11:bd:5f:96:3d:f6:62:68:2f:50:6e:e7:b1:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=039332bdf3aea2e467c137ee342cf4feea627cf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:71:0b:c0:b9:77:b9:36:c4:9f:28:9d:2a:81:
                    e8:64:f8:a8:11:4a:5d:5d:e6:f4:71:aa:1c:8c:de:
                    ef:fc:45:07:4b:87:01:d1:61:aa:9e:16:1c:29:4e:
                    94:b0:44:0c:0d:64:be:57:2d:b7:44:34:a9:6a:16:
                    7f:70:75:d9:7c:2a:1f:d6:21:1a:a8:76:fc:fa:a3:
                    86:b5:47:07:3b:43:d4:55:cf:74:16:f4:60:65:85:
                    a0:54:0d:da:e2:7b:90:9b:99:d4:94:a4:66:48:36:
                    e8:ee:3f:7b:9c:e0:e3:f1:f5:e2:94:44:22:9a:26:
                    da:b0:92:e0:c5:64:8d:20:d1:02:57:ba:20:f6:2b:
                    8f:af:c3:72:f6:9d:49:2e:1c:3e:88:6e:d7:a1:21:
                    dd:fe:0c:46:12:c1:5f:ba:a7:25:ba:06:78:82:19:
                    90:db:55:08:73:84:c0:96:9a:3a:d9:8e:77:97:b7:
                    50:ba:5b:c7:0e:f6:91:8f:59:5b:78:ba:c3:96:23:
                    ce:0e:d0:d7:0e:03:f4:3b:28:7f:df:67:fd:85:88:
                    52:e7:ec:3f:9e:40:74:76:f6:cd:92:ff:c1:2a:ad:
                    cc:7c:91:1f:1c:bb:f4:ee:20:f7:89:46:d1:cd:be:
                    19:c8:80:3c:8a:50:be:3b:3e:a2:8c:fd:12:b1:71:
                    88:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:93:32:BD:F3:AE:A2:E4:67:C1:37:EE:34:2C:F4:FE:EA:62:7C:F3
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/A5MyvfOuouRnwTfuNCz0_upifPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:93:f3:f4:fd:b3:3e:42:3e:8c:1f:6e:fe:e1:f5:da:30:2d:
         9c:86:5c:a0:0e:81:c4:88:52:a8:d1:7a:e1:09:8a:6f:50:eb:
         e7:14:36:91:70:56:44:52:8c:4a:ee:7a:d0:20:96:3b:94:8a:
         cd:6f:18:5a:b6:ac:86:b1:35:c6:12:15:a0:08:ab:be:9e:52:
         5b:e9:f2:87:8d:0c:73:e3:67:4b:9e:4d:1f:9a:f8:7e:18:3e:
         fa:60:7a:b6:e1:36:19:df:86:fd:59:a9:ac:84:73:56:4b:5c:
         20:8b:82:98:ac:ac:a0:97:07:e4:67:db:44:8e:b9:27:9c:ed:
         9c:3f:c5:1b:cc:c1:8f:05:68:2c:41:18:fd:70:a8:b2:71:02:
         a2:00:42:23:28:50:03:ed:c9:d1:ac:d7:2b:30:15:35:2f:45:
         0f:3f:1f:28:39:58:89:a3:05:0f:59:bc:25:e0:0c:c8:6e:9a:
         77:80:74:00:b8:08:da:90:25:e3:f7:d0:2c:77:4a:41:ef:67:
         35:3e:9e:d2:48:31:24:8d:ed:15:29:cb:13:e0:06:c2:7b:09:
         21:12:71:e7:7f:24:bb:84:e2:d0:72:37:32:da:64:6b:ef:de:
         ef:6a:26:9b:0b:d5:5c:2d:7e:6d:03:c9:2f:e5:9e:03:2b:a1:
         a7:58:01:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhG9X5Y99mJoL1Bu57EgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzkzMzJiZGYzYWVhMmU0NjdjMTM3ZWUzNDJjZjRmZWVhNjI3Y2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3ELwLl3uTbEnyidKoHoZPioEUpd
Xeb0caocjN7v/EUHS4cB0WGqnhYcKU6UsEQMDWS+Vy23RDSpahZ/cHXZfCof1iEa
qHb8+qOGtUcHO0PUVc90FvRgZYWgVA3a4nuQm5nUlKRmSDbo7j97nODj8fXilEQi
mibasJLgxWSNINECV7og9iuPr8Ny9p1JLhw+iG7XoSHd/gxGEsFfuqclugZ4ghmQ
21UIc4TAlpo62Y53l7dQulvHDvaRj1lbeLrDliPODtDXDgP0Oyh/32f9hYhS5+w/
nkB0dvbNkv/BKq3MfJEfHLv07iD3iUbRzb4ZyIA8ilC+Oz6ijP0SsXGISwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAOTMr3zrqLkZ8E37jQs9P7qYnzzMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvQTVNeXZmT3VvdVJud1RmdU5DejBfdXBpZlBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtSmaMA0G
CSqGSIb3DQEBCwUAA4IBAQDBk/P0/bM+Qj6MH27+4fXaMC2chlygDoHEiFKo0Xrh
CYpvUOvnFDaRcFZEUoxK7nrQIJY7lIrNbxhatqyGsTXGEhWgCKu+nlJb6fKHjQxz
42dLnk0fmvh+GD76YHq24TYZ34b9WamshHNWS1wgi4KYrKyglwfkZ9tEjrknnO2c
P8UbzMGPBWgsQRj9cKiycQKiAEIjKFAD7cnRrNcrMBU1L0UPPx8oOViJowUPWbwl
4AzIbpp3gHQAuAjakCXj99Asd0pB72c1Pp7SSDEkje0VKcsT4AbCewkhEnHnfyS7
hOLQcjcy2mRr797vaiabC9VcLX5tA8kv5Z4DK6GnWAFb
-----END CERTIFICATE-----