Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/sUrOrVY7scH_wM4SM7jHQnQhB7E.roa
File:                     sUrOrVY7scH_wM4SM7jHQnQhB7E.roa (raw, json)
Hash identifier:          3Q0I4Cc4pL99eUIZYfxvcUWggyHa0j+A+tsQxvOECfw=
Subject key identifier:   B1:4A:CE:AD:56:3B:B1:C1:FF:C0:CE:12:33:B8:C7:42:74:21:07:B1
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E11062622C07A6CBC1EB94456E537
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/sUrOrVY7scH_wM4SM7jHQnQhB7E.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52286
IP address blocks:        141.136.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:11:06:26:22:c0:7a:6c:bc:1e:b9:44:56:e5:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b14acead563bb1c1ffc0ce1233b8c742742107b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:eb:ef:c3:53:b1:22:3c:23:c1:d5:05:15:69:
                    ec:08:17:01:11:cd:00:36:ba:e2:bd:0a:27:38:e2:
                    0b:ef:ff:af:12:3a:1a:5a:5f:9d:2e:77:1c:2b:e0:
                    94:4c:b5:35:dd:b6:64:40:96:30:ad:a2:78:10:aa:
                    ce:56:a1:e3:0a:fd:36:53:ef:6b:d1:a4:36:68:5b:
                    ca:01:55:db:b7:e5:69:9a:f6:f5:29:6e:6c:96:77:
                    a9:02:1a:0f:77:d8:47:7f:3e:78:53:81:ef:5f:d2:
                    d2:f2:df:2f:1c:85:07:b2:25:c3:3c:4b:27:55:84:
                    70:d6:d2:d3:db:37:d5:9e:9e:4d:be:66:a7:69:2f:
                    cc:ee:fb:2e:71:4c:1c:4b:3b:1e:b5:06:ef:0f:c7:
                    3b:72:7e:5a:74:1d:47:d1:91:f1:00:4f:8a:5d:2c:
                    db:d5:46:cc:d3:89:26:cf:b5:30:46:15:af:4c:d3:
                    d7:84:ca:f1:4f:cf:29:70:b3:20:33:d4:d9:4b:ad:
                    59:9a:ff:d6:52:be:ef:3a:c8:a7:a5:a6:23:0c:0c:
                    ba:e9:95:77:7e:1e:9b:fc:22:fe:55:f9:e9:32:e6:
                    66:93:f8:5f:e8:d6:f7:67:6b:87:f4:eb:a0:16:79:
                    aa:f0:55:13:ec:a2:61:39:c6:bd:00:14:8d:11:34:
                    5e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:4A:CE:AD:56:3B:B1:C1:FF:C0:CE:12:33:B8:C7:42:74:21:07:B1
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/sUrOrVY7scH_wM4SM7jHQnQhB7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.136.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:6c:4a:13:5a:dd:c2:49:b5:43:cd:a4:3a:e5:85:94:6a:38:
         7d:9e:c3:be:a5:c8:ce:b7:17:d0:8d:40:91:51:8a:7f:31:cb:
         51:f1:cc:82:23:1e:8d:fd:b8:f1:06:62:f4:b2:07:88:65:2d:
         52:f3:9e:64:a9:0d:d9:54:0d:e7:1e:4d:1b:5e:da:c2:24:a5:
         1b:72:8d:44:84:da:19:44:fc:28:54:58:ed:e0:06:1d:6c:1a:
         a2:3a:91:f8:c5:8b:ef:eb:05:cd:8f:24:68:81:2e:fa:24:68:
         e5:43:06:27:a9:1c:e9:09:4f:94:d3:01:c5:56:ff:7a:5d:e2:
         3b:06:58:38:00:e7:f7:84:2f:5e:31:c9:28:94:d2:5f:0d:76:
         99:30:cb:2e:3c:51:80:04:79:87:09:44:a3:11:18:b0:2a:ec:
         f7:19:0c:94:d1:4f:c0:da:9e:68:c3:be:ad:06:11:32:55:d8:
         dd:24:cc:81:7e:c4:32:00:ed:44:4a:60:16:b1:e7:b3:1f:b8:
         7e:24:28:1f:cb:66:be:83:39:76:76:8d:6b:98:56:d6:9a:8f:
         99:0c:f1:54:fc:b6:27:6c:02:a5:89:f2:ef:48:80:66:20:b9:
         82:b8:06:67:0c:93:d8:35:a7:7c:53:ca:7d:a5:0e:b0:64:d4:
         b9:50:0c:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhEGJiLAemy8HrlEVuU3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTRhY2VhZDU2M2JiMWMxZmZjMGNlMTIzM2I4Yzc0Mjc0MjEwN2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOvvw1OxIjwjwdUFFWnsCBcBEc0A
NrrivQonOOIL7/+vEjoaWl+dLnccK+CUTLU13bZkQJYwraJ4EKrOVqHjCv02U+9r
0aQ2aFvKAVXbt+Vpmvb1KW5slnepAhoPd9hHfz54U4HvX9LS8t8vHIUHsiXDPEsn
VYRw1tLT2zfVnp5NvmanaS/M7vsucUwcSzsetQbvD8c7cn5adB1H0ZHxAE+KXSzb
1UbM04kmz7UwRhWvTNPXhMrxT88pcLMgM9TZS61Zmv/WUr7vOsinpaYjDAy66ZV3
fh6b/CL+VfnpMuZmk/hf6Nb3Z2uH9OugFnmq8FUT7KJhOca9ABSNETRe3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFKzq1WO7HB/8DOEjO4x0J0IQexMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvc1VyT3JWWTdzY0hfd000U003akhRblFoQjdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjYg7MA0G
CSqGSIb3DQEBCwUAA4IBAQBEbEoTWt3CSbVDzaQ65YWUajh9nsO+pcjOtxfQjUCR
UYp/MctR8cyCIx6N/bjxBmL0sgeIZS1S855kqQ3ZVA3nHk0bXtrCJKUbco1EhNoZ
RPwoVFjt4AYdbBqiOpH4xYvv6wXNjyRogS76JGjlQwYnqRzpCU+U0wHFVv96XeI7
Blg4AOf3hC9eMckolNJfDXaZMMsuPFGABHmHCUSjERiwKuz3GQyU0U/A2p5ow76t
BhEyVdjdJMyBfsQyAO1ESmAWseezH7h+JCgfy2a+gzl2do1rmFbWmo+ZDPFU/LYn
bAKlifLvSIBmILmCuAZnDJPYNad8U8p9pQ6wZNS5UAxn
-----END CERTIFICATE-----