Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/_ltumtGbuvDxruj6CMtt2dpV1DA.roa
File:                     _ltumtGbuvDxruj6CMtt2dpV1DA.roa (raw, json)
Hash identifier:          cquo19gprFLA4I88XzIt+/QKnqK8/RClwdpoz85OpKM=
Subject key identifier:   FE:5B:6E:9A:D1:9B:BA:F0:F1:AE:E8:FA:08:CB:6D:D9:DA:55:D4:30
Certificate issuer:       /CN=69c67969c3c9d8fadbc9a73e3ff56361d0203b71
Certificate serial:       018CC5DC77398DAF6AFFEE87CD93D2F47936
Authority key identifier: 69:C6:79:69:C3:C9:D8:FA:DB:C9:A7:3E:3F:F5:63:61:D0:20:3B:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/acZ5acPJ2Prbyac-P_VjYdAgO3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/_ltumtGbuvDxruj6CMtt2dpV1DA.roa
Signing time:             Mon 01 Jan 2024 16:30:09 +0000
ROA not before:           Mon 01 Jan 2024 16:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201359
IP address blocks:        5.102.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/acZ5acPJ2Prbyac-P_VjYdAgO3E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/acZ5acPJ2Prbyac-P_VjYdAgO3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/acZ5acPJ2Prbyac-P_VjYdAgO3E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:77:39:8d:af:6a:ff:ee:87:cd:93:d2:f4:79:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69c67969c3c9d8fadbc9a73e3ff56361d0203b71
        Validity
            Not Before: Jan  1 16:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe5b6e9ad19bbaf0f1aee8fa08cb6dd9da55d430
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:12:fb:2e:10:8b:3a:28:0c:b6:fa:80:58:61:
                    43:e4:cd:f3:ad:aa:04:72:55:15:32:61:48:b2:13:
                    60:d1:a1:28:b9:b0:0b:b5:58:54:ab:a4:ef:de:ed:
                    00:8f:57:d3:93:5b:a8:56:57:bb:a9:ec:7a:7c:47:
                    4f:cc:03:15:9e:3e:0a:91:b3:92:c9:01:6c:27:c6:
                    5c:cf:13:c8:95:3b:67:4d:82:5c:71:5a:6a:7a:31:
                    42:22:6c:3d:96:21:37:6c:33:c3:fb:06:a3:af:62:
                    35:41:05:e8:b3:05:1b:5b:11:84:31:bb:1a:30:b1:
                    69:e4:af:c2:d2:c1:30:ff:e7:45:c2:ff:b3:6c:a7:
                    ac:4e:6e:f5:da:37:00:8c:0c:6c:2c:11:df:1a:c6:
                    71:c5:9e:41:57:93:7b:30:c8:5b:02:c1:b7:17:59:
                    1e:b6:99:db:27:9b:92:69:f8:cf:d5:49:cc:4e:8b:
                    44:d2:73:eb:0f:42:e9:99:60:7e:08:78:11:ff:d2:
                    4b:20:19:ac:ec:41:27:5f:74:01:5d:a3:e2:e9:fc:
                    49:8e:c9:67:ec:4f:f8:51:67:b2:1d:e1:c9:fd:0f:
                    66:b0:61:54:d6:8b:44:67:3a:a4:35:4b:30:fe:47:
                    79:46:fb:c0:28:7b:4c:f8:18:0e:ed:81:f4:14:70:
                    86:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:5B:6E:9A:D1:9B:BA:F0:F1:AE:E8:FA:08:CB:6D:D9:DA:55:D4:30
            X509v3 Authority Key Identifier:
                keyid:69:C6:79:69:C3:C9:D8:FA:DB:C9:A7:3E:3F:F5:63:61:D0:20:3B:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/acZ5acPJ2Prbyac-P_VjYdAgO3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/_ltumtGbuvDxruj6CMtt2dpV1DA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/cdbf8f-6e67-4ab1-bf18-48ef8e1114e4/1/acZ5acPJ2Prbyac-P_VjYdAgO3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:58:55:4e:6c:40:2c:02:7c:6b:ab:77:f9:75:3f:d4:48:95:
         27:94:cc:f6:be:0a:17:37:12:b9:c2:3d:4a:23:20:e9:83:a7:
         27:07:7a:41:ab:da:d0:9a:dd:fa:56:8a:23:7c:ea:f3:7c:1c:
         b6:32:de:6e:ac:c5:fc:8c:27:95:1b:99:56:1a:f1:2d:93:83:
         11:ee:21:8e:65:ba:e0:0a:ed:d8:d5:91:58:de:86:9b:1c:76:
         0d:8a:24:60:a9:e1:93:36:92:17:8d:0d:9c:cb:09:d3:fa:a2:
         3e:0f:f5:9b:01:5b:1d:63:9e:64:74:c5:21:6e:a5:01:bc:ef:
         44:b4:52:f9:a7:29:70:c3:2a:5a:ba:1c:dd:b0:b4:79:4f:4e:
         0a:74:e0:4a:52:94:2b:cb:5f:87:b3:0c:fc:7d:b7:9f:44:70:
         80:a7:6b:51:7a:0c:13:e6:fb:da:d6:e6:6c:b6:ff:9a:ea:03:
         d8:b6:07:26:9f:eb:21:56:c1:72:ad:3b:a6:26:d1:28:bb:1b:
         ba:cf:7e:4c:9c:c3:9d:87:3d:f4:bc:58:bf:88:27:56:5b:e8:
         d2:14:e6:19:30:1b:23:b9:76:d8:87:23:b1:69:91:10:a6:e1:
         7f:ad:d1:f9:5a:26:b7:d8:1d:9c:b8:8b:c6:8a:dc:d1:47:44:
         8a:40:49:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Hc5ja9q/+6HzZPS9Hk2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YzY3OTY5YzNjOWQ4ZmFkYmM5YTczZTNmZjU2MzYxZDAy
MDNiNzEwHhcNMjQwMTAxMTYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTViNmU5YWQxOWJiYWYwZjFhZWU4ZmEwOGNiNmRkOWRhNTVkNDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghL7LhCLOigMtvqAWGFD5M3zraoE
clUVMmFIshNg0aEoubALtVhUq6Tv3u0Aj1fTk1uoVle7qex6fEdPzAMVnj4KkbOS
yQFsJ8ZczxPIlTtnTYJccVpqejFCImw9liE3bDPD+wajr2I1QQXoswUbWxGEMbsa
MLFp5K/C0sEw/+dFwv+zbKesTm712jcAjAxsLBHfGsZxxZ5BV5N7MMhbAsG3F1ke
tpnbJ5uSafjP1UnMTotE0nPrD0LpmWB+CHgR/9JLIBms7EEnX3QBXaPi6fxJjsln
7E/4UWeyHeHJ/Q9msGFU1otEZzqkNUsw/kd5RvvAKHtM+BgO7YH0FHCGgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5bbprRm7rw8a7o+gjLbdnaVdQwMB8GA1UdIwQY
MBaAFGnGeWnDydj628mnPj/1Y2HQIDtxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWNaNWFjUEoyUHJieWFjLVBfVmpZZEFnTzNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9jZGJmOGYtNmU2Ny00YWIxLWJmMTgt
NDhlZjhlMTExNGU0LzEvX2x0dW10R2J1dkR4cnVqNkNNdHQyZHBWMURBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9jZGJmOGYtNmU2Ny00YWIxLWJmMTgtNDhlZjhlMTExNGU0
LzEvYWNaNWFjUEoyUHJieWFjLVBfVmpZZEFnTzNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWaDMA0G
CSqGSIb3DQEBCwUAA4IBAQAjWFVObEAsAnxrq3f5dT/USJUnlMz2vgoXNxK5wj1K
IyDpg6cnB3pBq9rQmt36VoojfOrzfBy2Mt5urMX8jCeVG5lWGvEtk4MR7iGOZbrg
Cu3Y1ZFY3oabHHYNiiRgqeGTNpIXjQ2cywnT+qI+D/WbAVsdY55kdMUhbqUBvO9E
tFL5pylwwypauhzdsLR5T04KdOBKUpQry1+Hswz8fbefRHCAp2tRegwT5vva1uZs
tv+a6gPYtgcmn+shVsFyrTumJtEouxu6z35MnMOdhz30vFi/iCdWW+jSFOYZMBsj
uXbYhyOxaZEQpuF/rdH5Wia32B2cuIvGitzRR0SKQEky
-----END CERTIFICATE-----