Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/vJplW-xLeAaJvKJ90WY9DoQ_UqA.roa
File:                     vJplW-xLeAaJvKJ90WY9DoQ_UqA.roa (raw, json)
Hash identifier:          zx3qYBqgC7F+gvOgmz2J5IbDE7Fka87oBGOUxkZEEqE=
Subject key identifier:   BC:9A:65:5B:EC:4B:78:06:89:BC:A2:7D:D1:66:3D:0E:84:3F:52:A0
Certificate issuer:       /CN=5bf81435ed13789895f375dc34d04ce91aca4744
Certificate serial:       018CC79351DDC5CCB540C2E683CF68958D3D
Authority key identifier: 5B:F8:14:35:ED:13:78:98:95:F3:75:DC:34:D0:4C:E9:1A:CA:47:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W_gUNe0TeJiV83XcNNBM6RrKR0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/vJplW-xLeAaJvKJ90WY9DoQ_UqA.roa
Signing time:             Tue 02 Jan 2024 00:29:29 +0000
ROA not before:           Tue 02 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     719
IP address blocks:        158.233.0.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/W_gUNe0TeJiV83XcNNBM6RrKR0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/W_gUNe0TeJiV83XcNNBM6RrKR0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W_gUNe0TeJiV83XcNNBM6RrKR0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:51:dd:c5:cc:b5:40:c2:e6:83:cf:68:95:8d:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bf81435ed13789895f375dc34d04ce91aca4744
        Validity
            Not Before: Jan  2 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc9a655bec4b780689bca27dd1663d0e843f52a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:61:6e:37:55:a6:85:2d:1f:c8:31:20:35:70:
                    94:ff:15:ac:bf:bf:61:ff:f7:40:89:59:43:b4:80:
                    c3:88:f5:51:a2:c4:a1:e3:a1:f5:49:f5:d7:32:ed:
                    66:cc:80:1e:13:56:cc:05:35:8c:48:01:96:99:d8:
                    5e:97:62:7e:e4:6e:28:94:5d:ad:c9:17:7a:82:c4:
                    ad:25:90:cb:56:e0:ab:d2:f1:a7:45:b6:0b:a0:87:
                    ae:fb:fd:96:5e:61:33:7d:04:64:23:d9:fe:04:cc:
                    53:de:e7:5b:7d:5b:85:a6:50:35:98:89:8a:21:67:
                    98:7d:c1:76:e3:40:e0:fd:72:99:24:ef:b7:1f:71:
                    e0:a6:bd:d0:98:5a:80:89:17:e4:c0:60:3c:bc:15:
                    81:65:82:bd:9c:35:c7:8c:24:74:c5:a2:4e:e9:69:
                    75:25:a3:da:58:3d:a8:d3:e9:d7:ba:d1:03:c9:98:
                    a6:ff:b6:4f:2f:68:92:b4:80:c4:71:1b:7a:ad:7c:
                    66:ac:0b:47:c9:78:ef:78:b9:28:ac:1a:ef:e8:4c:
                    c5:69:6a:09:ba:61:23:2d:cb:7d:78:cb:1f:f2:b1:
                    eb:d6:e0:d9:d5:b8:4a:88:d5:7d:85:b7:7f:7c:aa:
                    e0:98:18:ca:52:a6:e4:53:9d:5e:14:63:9f:77:1c:
                    a7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:9A:65:5B:EC:4B:78:06:89:BC:A2:7D:D1:66:3D:0E:84:3F:52:A0
            X509v3 Authority Key Identifier:
                keyid:5B:F8:14:35:ED:13:78:98:95:F3:75:DC:34:D0:4C:E9:1A:CA:47:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W_gUNe0TeJiV83XcNNBM6RrKR0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/vJplW-xLeAaJvKJ90WY9DoQ_UqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/3d4bc5-c363-415f-b3da-48e4cc6b33a3/1/W_gUNe0TeJiV83XcNNBM6RrKR0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.233.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:6a:a6:6c:fd:42:30:f4:4c:70:14:b9:63:53:bd:ed:14:16:
         c3:50:85:7c:55:ac:1c:72:c1:70:4b:69:62:47:12:a4:ef:3e:
         75:ec:9c:cd:56:77:1f:bb:8b:59:66:33:e3:61:52:c2:4d:6f:
         c6:73:d5:6e:5a:56:c8:c2:c9:ca:01:51:31:e0:0c:90:e6:20:
         bd:0e:5c:b4:91:01:2d:db:d0:61:3a:88:a1:af:2e:c5:62:91:
         68:fc:ab:e7:70:39:2e:13:eb:72:03:bc:f2:c0:e4:fe:c8:ba:
         ee:95:c4:16:62:47:d0:c4:53:e7:ad:c9:96:13:55:12:ea:7b:
         e6:e7:4b:d3:f3:08:9c:a1:aa:25:73:06:9e:ae:57:3b:ad:45:
         fd:ff:e7:8f:01:e6:32:a8:95:7c:c9:15:f0:fb:c3:13:50:ec:
         f0:84:73:6f:d9:10:0e:27:ca:57:d0:07:95:c5:8d:46:9e:9b:
         e0:e3:cc:a5:c0:e5:2f:76:0a:5c:9b:55:1f:a7:65:6a:f3:8e:
         76:b5:53:d5:c0:14:a7:43:cb:15:23:42:03:8c:d2:85:ee:66:
         ff:3f:b8:a5:72:59:1f:49:f7:6d:c2:94:66:2b:1f:3f:b6:08:
         4c:33:2d:1e:bf:bd:b0:c9:05:3c:09:e7:4f:42:ad:f9:65:36:
         4b:e9:db:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk1Hdxcy1QMLmg89olY09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZjgxNDM1ZWQxMzc4OTg5NWYzNzVkYzM0ZDA0Y2U5MWFj
YTQ3NDQwHhcNMjQwMTAyMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzlhNjU1YmVjNGI3ODA2ODliY2EyN2RkMTY2M2QwZTg0M2Y1MmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2FuN1WmhS0fyDEgNXCU/xWsv79h
//dAiVlDtIDDiPVRosSh46H1SfXXMu1mzIAeE1bMBTWMSAGWmdhel2J+5G4olF2t
yRd6gsStJZDLVuCr0vGnRbYLoIeu+/2WXmEzfQRkI9n+BMxT3udbfVuFplA1mImK
IWeYfcF240Dg/XKZJO+3H3Hgpr3QmFqAiRfkwGA8vBWBZYK9nDXHjCR0xaJO6Wl1
JaPaWD2o0+nXutEDyZim/7ZPL2iStIDEcRt6rXxmrAtHyXjveLkorBrv6EzFaWoJ
umEjLct9eMsf8rHr1uDZ1bhKiNV9hbd/fKrgmBjKUqbkU51eFGOfdxynywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyaZVvsS3gGibyifdFmPQ6EP1KgMB8GA1UdIwQY
MBaAFFv4FDXtE3iYlfN13DTQTOkaykdEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV19nVU5lMFRlSmlWODNYY05OQk02UnJLUjBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8zZDRiYzUtYzM2My00MTVmLWIzZGEt
NDhlNGNjNmIzM2EzLzEvdkpwbFcteExlQWFKdktKOTBXWTlEb1FfVXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8zZDRiYzUtYzM2My00MTVmLWIzZGEtNDhlNGNjNmIzM2Ez
LzEvV19nVU5lMFRlSmlWODNYY05OQk02UnJLUjBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBnukAMA0G
CSqGSIb3DQEBCwUAA4IBAQAPaqZs/UIw9ExwFLljU73tFBbDUIV8VawccsFwS2li
RxKk7z517JzNVncfu4tZZjPjYVLCTW/Gc9VuWlbIwsnKAVEx4AyQ5iC9Dly0kQEt
29BhOoihry7FYpFo/KvncDkuE+tyA7zywOT+yLrulcQWYkfQxFPnrcmWE1US6nvm
50vT8wicoaolcwaerlc7rUX9/+ePAeYyqJV8yRXw+8MTUOzwhHNv2RAOJ8pX0AeV
xY1Gnpvg48ylwOUvdgpcm1Ufp2Vq8452tVPVwBSnQ8sVI0IDjNKF7mb/P7ilclkf
SfdtwpRmKx8/tghMMy0ev72wyQU8CedPQq35ZTZL6dvm
-----END CERTIFICATE-----