Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/630cbe-ce01-464d-82eb-d851e40d57bf/1/kSzrCWhLYkZ07_Z5qF_oU42_CrI.roa
File:                     kSzrCWhLYkZ07_Z5qF_oU42_CrI.roa (raw, json)
Hash identifier:          L7037i+D+mv+tGmy66oOjq48BZH8EYpgxxBd34wRPyQ=
Subject key identifier:   91:2C:EB:09:68:4B:62:46:74:EF:F6:79:A8:5F:E8:53:8D:BF:0A:B2
Certificate issuer:       /CN=caece41cbc2c30626ef2a28d1839f2d6c4757f3f
Certificate serial:       018CC3B6F1953ECBDAD2AAC981721AA1615C
Authority key identifier: CA:EC:E4:1C:BC:2C:30:62:6E:F2:A2:8D:18:39:F2:D6:C4:75:7F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yuzkHLwsMGJu8qKNGDny1sR1fz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/630cbe-ce01-464d-82eb-d851e40d57bf/1/kSzrCWhLYkZ07_Z5qF_oU42_CrI.roa
Signing time:             Mon 01 Jan 2024 06:29:55 +0000
ROA not before:           Mon 01 Jan 2024 06:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59630
IP address blocks:        156.114.0.0/20 maxlen: 20
                          156.114.10.0/24 maxlen: 24
                          156.114.5.0/24 maxlen: 24
                          156.114.13.0/24 maxlen: 24
                          156.114.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/630cbe-ce01-464d-82eb-d851e40d57bf/1/yuzkHLwsMGJu8qKNGDny1sR1fz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/630cbe-ce01-464d-82eb-d851e40d57bf/1/yuzkHLwsMGJu8qKNGDny1sR1fz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yuzkHLwsMGJu8qKNGDny1sR1fz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f1:95:3e:cb:da:d2:aa:c9:81:72:1a:a1:61:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caece41cbc2c30626ef2a28d1839f2d6c4757f3f
        Validity
            Not Before: Jan  1 06:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=912ceb09684b624674eff679a85fe8538dbf0ab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e5:2c:f9:b8:de:97:01:17:84:5e:30:c3:cc:
                    1d:75:3a:0a:95:e6:3d:91:e5:10:a5:ad:d2:d5:61:
                    d0:c9:47:ca:02:e3:ef:6d:60:83:7f:8e:01:31:78:
                    00:dd:f8:85:7d:1f:cc:cd:24:10:78:42:ba:f5:80:
                    7c:65:8f:f2:7a:1e:c8:31:23:2a:de:a9:13:50:3c:
                    b1:f5:2d:b5:b0:38:3a:e6:2d:ba:47:a7:b1:6e:e0:
                    dc:b4:e6:30:12:9a:8c:a1:23:45:fb:3c:fd:f9:59:
                    b4:55:fc:44:dd:0b:22:c9:aa:b4:59:a7:3a:30:a2:
                    af:74:11:25:f4:ea:2f:6b:de:e5:47:5e:1f:d7:c7:
                    d3:1d:5e:5d:79:4d:a4:45:e4:72:f2:68:45:e8:46:
                    c2:68:04:32:9e:c1:1f:6b:31:42:ba:46:42:10:bf:
                    0c:72:25:d0:9f:86:1e:58:c4:6d:34:d2:9c:02:b1:
                    ac:ab:8c:2d:72:9d:16:4d:94:c0:7d:23:86:89:d0:
                    d1:eb:85:a4:cc:81:a4:c8:02:3d:d6:b6:71:74:47:
                    1e:c5:75:0a:36:1d:e7:0a:8c:8b:a0:e1:22:3a:d6:
                    66:70:de:3a:29:1d:46:65:da:75:73:34:53:c0:ea:
                    02:1c:b3:df:15:1b:b8:7b:13:c6:2e:c4:b4:cb:26:
                    17:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:2C:EB:09:68:4B:62:46:74:EF:F6:79:A8:5F:E8:53:8D:BF:0A:B2
            X509v3 Authority Key Identifier:
                keyid:CA:EC:E4:1C:BC:2C:30:62:6E:F2:A2:8D:18:39:F2:D6:C4:75:7F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yuzkHLwsMGJu8qKNGDny1sR1fz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/630cbe-ce01-464d-82eb-d851e40d57bf/1/kSzrCWhLYkZ07_Z5qF_oU42_CrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/630cbe-ce01-464d-82eb-d851e40d57bf/1/yuzkHLwsMGJu8qKNGDny1sR1fz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.114.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         25:8a:5e:84:21:79:55:23:ce:03:6e:ba:28:9a:71:21:0e:0e:
         d7:fb:da:12:75:ec:0e:15:0f:a6:86:e7:de:09:3d:20:ed:31:
         b5:8a:5e:51:b4:35:e6:bc:3b:1c:4b:fe:65:0b:e1:c2:48:ad:
         52:ab:07:0a:2b:8e:cf:47:22:e7:c5:b6:da:1c:0b:fa:50:49:
         86:bd:a9:1f:b0:59:7d:64:cb:dc:48:24:0f:74:fa:69:1d:3f:
         4b:39:8c:1a:ff:5f:66:d7:61:00:05:be:6c:ce:98:db:7c:93:
         e3:88:54:13:f9:2d:06:3f:9a:ab:eb:98:21:ef:46:c2:e0:96:
         43:7e:22:24:91:53:f7:f2:50:a3:cb:25:71:2a:90:a3:d6:7a:
         73:54:2f:45:a0:46:9d:90:f4:4f:31:b9:a4:c3:f9:76:b8:a0:
         22:cb:28:d1:6a:06:d0:fc:2d:3a:99:34:5a:f1:c3:67:e2:1f:
         ee:31:38:be:99:ad:53:80:be:cf:87:3d:1e:13:dd:ba:84:d3:
         d7:16:ea:77:a4:4a:eb:5f:4c:34:e9:95:c6:82:38:f2:4c:ad:
         f2:23:24:92:d4:db:ac:63:a3:ff:c4:67:89:5e:4e:1d:70:ae:
         d3:13:f1:f2:2b:cd:b5:83:4d:c2:f1:27:d0:c0:c3:6a:a6:ec:
         83:e3:1c:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvGVPsva0qrJgXIaoWFcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhZWNlNDFjYmMyYzMwNjI2ZWYyYTI4ZDE4MzlmMmQ2YzQ3
NTdmM2YwHhcNMjQwMTAxMDYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTJjZWIwOTY4NGI2MjQ2NzRlZmY2NzlhODVmZTg1MzhkYmYwYWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+Us+bjelwEXhF4ww8wddToKleY9
keUQpa3S1WHQyUfKAuPvbWCDf44BMXgA3fiFfR/MzSQQeEK69YB8ZY/yeh7IMSMq
3qkTUDyx9S21sDg65i26R6exbuDctOYwEpqMoSNF+zz9+Vm0VfxE3Qsiyaq0Wac6
MKKvdBEl9Oova97lR14f18fTHV5deU2kReRy8mhF6EbCaAQynsEfazFCukZCEL8M
ciXQn4YeWMRtNNKcArGsq4wtcp0WTZTAfSOGidDR64WkzIGkyAI91rZxdEcexXUK
Nh3nCoyLoOEiOtZmcN46KR1GZdp1czRTwOoCHLPfFRu4exPGLsS0yyYX4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEs6wloS2JGdO/2eahf6FONvwqyMB8GA1UdIwQY
MBaAFMrs5By8LDBibvKijRg58tbEdX8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXV6a0hMd3NNR0p1OHFLTkdEbnkxc1IxZno4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC82MzBjYmUtY2UwMS00NjRkLTgyZWIt
ZDg1MWU0MGQ1N2JmLzEva1N6ckNXaExZa1owN19aNXFGX29VNDJfQ3JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC82MzBjYmUtY2UwMS00NjRkLTgyZWItZDg1MWU0MGQ1N2Jm
LzEveXV6a0hMd3NNR0p1OHFLTkdEbnkxc1IxZno4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEnHIAMA0G
CSqGSIb3DQEBCwUAA4IBAQAlil6EIXlVI84DbroomnEhDg7X+9oSdewOFQ+mhufe
CT0g7TG1il5RtDXmvDscS/5lC+HCSK1SqwcKK47PRyLnxbbaHAv6UEmGvakfsFl9
ZMvcSCQPdPppHT9LOYwa/19m12EABb5szpjbfJPjiFQT+S0GP5qr65gh70bC4JZD
fiIkkVP38lCjyyVxKpCj1npzVC9FoEadkPRPMbmkw/l2uKAiyyjRagbQ/C06mTRa
8cNn4h/uMTi+ma1TgL7Phz0eE926hNPXFup3pErrX0w06ZXGgjjyTK3yIySS1Nus
Y6P/xGeJXk4dcK7TE/HyK821g03C8SfQwMNqpuyD4xy+
-----END CERTIFICATE-----