Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/5SVURckoYAxLXZhPtcn3-fK3rNM.roa
File:                     5SVURckoYAxLXZhPtcn3-fK3rNM.roa (raw, json)
Hash identifier:          j9iAN226a5ueWkrwzREClLOU36t6Gdz+wlQNYFpSx34=
Subject key identifier:   E5:25:54:45:C9:28:60:0C:4B:5D:98:4F:B5:C9:F7:F9:F2:B7:AC:D3
Certificate issuer:       /CN=65816774b7c5665d67a86c20ceb6487b5b78b38d
Certificate serial:       018CC4923755CD6DC3EC479344422CA53106
Authority key identifier: 65:81:67:74:B7:C5:66:5D:67:A8:6C:20:CE:B6:48:7B:5B:78:B3:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZYFndLfFZl1nqGwgzrZIe1t4s40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/5SVURckoYAxLXZhPtcn3-fK3rNM.roa
Signing time:             Mon 01 Jan 2024 10:29:25 +0000
ROA not before:           Mon 01 Jan 2024 10:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208860
IP address blocks:        185.52.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/ZYFndLfFZl1nqGwgzrZIe1t4s40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/ZYFndLfFZl1nqGwgzrZIe1t4s40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZYFndLfFZl1nqGwgzrZIe1t4s40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:37:55:cd:6d:c3:ec:47:93:44:42:2c:a5:31:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65816774b7c5665d67a86c20ceb6487b5b78b38d
        Validity
            Not Before: Jan  1 10:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5255445c928600c4b5d984fb5c9f7f9f2b7acd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:65:f1:1c:dd:24:d5:d2:e9:97:03:8a:6e:00:
                    8f:c7:19:62:cb:fa:a4:6f:f7:a5:08:4f:ae:24:58:
                    bf:94:63:1c:c3:82:e3:11:ce:09:91:44:54:3e:d6:
                    88:67:29:d3:7c:84:c6:9a:67:93:aa:96:03:73:f5:
                    3b:1a:cf:df:d0:1c:13:6d:37:59:0e:f8:39:38:80:
                    a8:db:81:23:57:99:39:87:88:87:47:78:f2:db:92:
                    8a:32:0b:a2:ff:8d:6c:08:eb:c7:8a:44:21:e4:d4:
                    39:06:8f:32:ae:14:91:0c:0b:07:a4:7d:de:c2:f7:
                    a4:5b:c5:ff:6a:fc:f4:36:6a:7c:85:3e:03:6c:02:
                    a4:02:bd:10:96:45:40:6e:b7:b5:b8:f4:e1:2d:ed:
                    8b:54:b5:02:13:8d:84:8a:d1:17:26:11:66:0f:b1:
                    ab:7e:fc:2f:00:c3:28:f5:4c:01:77:d8:3f:1c:bd:
                    35:df:61:f2:aa:4b:ad:08:7e:f0:68:23:0a:c0:14:
                    5b:ea:dc:19:66:d1:b7:65:69:33:1a:25:e5:39:03:
                    26:7b:28:2a:25:26:07:c4:b4:03:4c:6b:d1:df:fb:
                    c5:17:7b:c2:57:5f:7a:d5:4b:4b:e1:28:81:3f:08:
                    c3:ed:b9:5a:75:89:06:32:07:e3:49:a0:13:09:6c:
                    2e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:25:54:45:C9:28:60:0C:4B:5D:98:4F:B5:C9:F7:F9:F2:B7:AC:D3
            X509v3 Authority Key Identifier:
                keyid:65:81:67:74:B7:C5:66:5D:67:A8:6C:20:CE:B6:48:7B:5B:78:B3:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYFndLfFZl1nqGwgzrZIe1t4s40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/5SVURckoYAxLXZhPtcn3-fK3rNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f3b825-cbc0-49d2-8b76-6b1469c3b95a/1/ZYFndLfFZl1nqGwgzrZIe1t4s40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.52.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e6:ae:51:35:11:9c:82:8d:c2:3f:25:74:31:19:86:48:70:21:
         46:bb:d5:e8:be:cf:6e:e4:8e:ba:eb:b5:7b:cd:a1:8e:b6:b5:
         02:34:ca:59:54:be:4d:d0:e1:ba:83:48:f2:bb:36:77:a7:9f:
         1c:d4:61:0e:67:21:f8:57:a4:81:c9:6a:d6:71:d5:dc:68:89:
         f2:f2:07:74:a4:c7:3a:bc:9e:a4:a2:d9:d9:6a:7a:7d:f7:5d:
         7c:59:0f:0f:c4:26:91:82:69:95:bc:27:c6:b1:f6:6d:c8:72:
         e0:fd:4a:5e:2b:55:64:d2:d3:8a:48:ec:b5:6b:b5:74:a6:00:
         b9:8a:c8:85:8e:94:4e:74:47:88:27:e5:e1:33:43:61:54:ca:
         26:19:38:04:4f:41:ed:52:05:54:d2:71:f1:ef:cf:0e:bb:d3:
         ba:4c:ef:bd:76:17:8c:19:3a:3e:f9:56:e7:9d:31:34:c5:d1:
         0c:19:92:2e:8c:e8:a5:56:62:48:90:55:cb:8e:b9:31:92:a6:
         ba:01:f9:46:e8:cf:d2:68:a2:50:7e:f8:b9:bd:7c:cc:b9:36:
         73:68:11:66:1f:6e:d4:4c:84:5e:40:a9:9d:24:14:ba:2c:8d:
         0f:fd:64:2f:cb:96:e4:6a:ea:84:62:31:56:0b:fe:e4:6d:3f:
         9e:f6:fe:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkjdVzW3D7EeTREIspTEGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ODE2Nzc0YjdjNTY2NWQ2N2E4NmMyMGNlYjY0ODdiNWI3
OGIzOGQwHhcNMjQwMTAxMTAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTI1NTQ0NWM5Mjg2MDBjNGI1ZDk4NGZiNWM5ZjdmOWYyYjdhY2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGXxHN0k1dLplwOKbgCPxxliy/qk
b/elCE+uJFi/lGMcw4LjEc4JkURUPtaIZynTfITGmmeTqpYDc/U7Gs/f0BwTbTdZ
Dvg5OICo24EjV5k5h4iHR3jy25KKMgui/41sCOvHikQh5NQ5Bo8yrhSRDAsHpH3e
wvekW8X/avz0Nmp8hT4DbAKkAr0QlkVAbre1uPThLe2LVLUCE42EitEXJhFmD7Gr
fvwvAMMo9UwBd9g/HL0132HyqkutCH7waCMKwBRb6twZZtG3ZWkzGiXlOQMmeygq
JSYHxLQDTGvR3/vFF3vCV1961UtL4SiBPwjD7bladYkGMgfjSaATCWwuhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUlVEXJKGAMS12YT7XJ9/nyt6zTMB8GA1UdIwQY
MBaAFGWBZ3S3xWZdZ6hsIM62SHtbeLONMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWllGbmRMZkZabDFucUd3Z3pyWkllMXQ0czQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9mM2I4MjUtY2JjMC00OWQyLThiNzYt
NmIxNDY5YzNiOTVhLzEvNVNWVVJja29ZQXhMWFpoUHRjbjMtZkszck5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9mM2I4MjUtY2JjMC00OWQyLThiNzYtNmIxNDY5YzNiOTVh
LzEvWllGbmRMZkZabDFucUd3Z3pyWkllMXQ0czQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTQwMA0G
CSqGSIb3DQEBCwUAA4IBAQDmrlE1EZyCjcI/JXQxGYZIcCFGu9Xovs9u5I6667V7
zaGOtrUCNMpZVL5N0OG6g0jyuzZ3p58c1GEOZyH4V6SByWrWcdXcaIny8gd0pMc6
vJ6kotnZanp99118WQ8PxCaRgmmVvCfGsfZtyHLg/UpeK1Vk0tOKSOy1a7V0pgC5
isiFjpROdEeIJ+XhM0NhVMomGTgET0HtUgVU0nHx788Ou9O6TO+9dheMGTo++Vbn
nTE0xdEMGZIujOilVmJIkFXLjrkxkqa6AflG6M/SaKJQfvi5vXzMuTZzaBFmH27U
TIReQKmdJBS6LI0P/WQvy5bkauqEYjFWC/7kbT+e9v7O
-----END CERTIFICATE-----