Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/5IsSenJKZuqgLfI8bx6d8jy5c6Y.roa
File:                     5IsSenJKZuqgLfI8bx6d8jy5c6Y.roa (raw, json)
Hash identifier:          VR7JUP7p2pl0/nnP5BkIOJFOc57QgMVwk3RHjDKOFpM=
Subject key identifier:   E4:8B:12:7A:72:4A:66:EA:A0:2D:F2:3C:6F:1E:9D:F2:3C:B9:73:A6
Certificate issuer:       /CN=ae1dc18a4b1fbfe2c2babd8bbb47fe1fd1cf22f8
Certificate serial:       018CC4251FDC50DB12F9E2BF12DB99D738F4
Authority key identifier: AE:1D:C1:8A:4B:1F:BF:E2:C2:BA:BD:8B:BB:47:FE:1F:D1:CF:22:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rh3Biksfv-LCur2Lu0f-H9HPIvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/5IsSenJKZuqgLfI8bx6d8jy5c6Y.roa
Signing time:             Mon 01 Jan 2024 08:30:16 +0000
ROA not before:           Mon 01 Jan 2024 08:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203889
IP address blocks:        194.99.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/rh3Biksfv-LCur2Lu0f-H9HPIvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/rh3Biksfv-LCur2Lu0f-H9HPIvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rh3Biksfv-LCur2Lu0f-H9HPIvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:1f:dc:50:db:12:f9:e2:bf:12:db:99:d7:38:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae1dc18a4b1fbfe2c2babd8bbb47fe1fd1cf22f8
        Validity
            Not Before: Jan  1 08:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e48b127a724a66eaa02df23c6f1e9df23cb973a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:2e:28:ab:99:62:9c:10:36:5b:8d:28:cd:9b:
                    a1:52:74:b3:d9:88:c0:8a:0f:6a:cb:8d:1c:03:0e:
                    1e:7d:af:7e:5d:a6:dc:48:93:f0:fd:49:4b:d4:6c:
                    98:c6:cd:aa:a6:f2:0a:75:3b:bc:bd:df:d7:74:0f:
                    d9:bd:47:60:bb:04:0d:f3:a1:7a:4f:3f:6d:79:0a:
                    11:06:bd:37:13:de:6d:bf:6d:94:a3:aa:d8:3a:dd:
                    2e:ce:11:f4:1a:d4:c6:db:d3:6a:ce:05:83:8f:17:
                    ab:6b:0e:bd:6a:c9:99:03:51:2a:7f:4a:a8:7a:bf:
                    21:b2:39:8e:cb:df:ae:4a:72:91:a5:35:56:b8:04:
                    b4:28:38:de:27:11:1f:f7:aa:72:17:ea:31:69:f0:
                    b5:6e:21:d2:62:d3:dc:51:0a:65:1f:54:b0:54:95:
                    dc:35:af:e5:76:c4:83:e1:e2:72:b4:aa:1a:a4:6a:
                    ba:e0:51:33:3e:dd:25:32:63:17:5a:3b:ca:34:b5:
                    36:91:fd:10:d9:b1:b6:b5:b0:f7:00:40:c2:84:c2:
                    4c:21:93:06:7d:0c:6e:ca:7a:0e:7e:d7:28:24:45:
                    0e:54:bc:50:c1:93:36:2f:c6:78:d8:5f:48:c1:08:
                    e8:0c:86:f9:35:b3:d5:94:ce:a2:21:c7:47:45:c9:
                    39:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:8B:12:7A:72:4A:66:EA:A0:2D:F2:3C:6F:1E:9D:F2:3C:B9:73:A6
            X509v3 Authority Key Identifier:
                keyid:AE:1D:C1:8A:4B:1F:BF:E2:C2:BA:BD:8B:BB:47:FE:1F:D1:CF:22:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rh3Biksfv-LCur2Lu0f-H9HPIvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/5IsSenJKZuqgLfI8bx6d8jy5c6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/0376d1-12ca-4135-9483-8e7149f04a4e/1/rh3Biksfv-LCur2Lu0f-H9HPIvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:d9:0a:28:4f:67:82:11:ac:1a:18:40:f8:ec:d8:e1:1f:a3:
         3b:3b:be:9a:59:8c:c1:f3:c3:8c:20:5d:c1:13:f6:ed:3a:23:
         d6:ca:3c:1a:b6:39:76:d6:92:01:91:49:48:19:62:28:ad:98:
         b8:2a:42:52:bb:96:95:ab:ae:9a:3c:74:05:7f:c6:d5:5b:09:
         1a:0b:f9:68:7e:5f:88:59:64:77:51:3a:ae:bb:59:09:5d:0e:
         70:d6:a8:ff:ab:1f:80:2c:d2:14:44:72:04:d2:ca:c6:f7:34:
         3c:bd:42:32:01:b7:32:22:b3:0a:9c:b6:83:b0:96:b8:11:f4:
         d0:2d:00:b3:32:c3:5a:11:8c:2e:55:eb:fd:70:57:7e:c0:46:
         3f:e8:b0:69:cb:33:0d:71:d8:7e:9a:c1:50:7b:11:79:3a:9f:
         74:e8:2a:38:18:c1:b9:a8:f7:53:5b:65:e7:01:2e:d1:88:22:
         8c:a7:df:eb:fe:32:af:98:6e:6a:76:76:e3:9d:60:57:33:bc:
         81:cc:7b:b4:40:73:c9:15:78:d4:49:7c:ee:d6:ed:5e:2d:33:
         69:c0:40:7f:a0:ee:1d:8b:65:90:74:d8:ce:63:a0:48:59:70:
         14:33:0b:11:57:51:b0:c8:97:f7:e2:1d:55:1f:0c:57:90:11:
         fb:46:ae:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJR/cUNsS+eK/EtuZ1zj0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlMWRjMThhNGIxZmJmZTJjMmJhYmQ4YmJiNDdmZTFmZDFj
ZjIyZjgwHhcNMjQwMTAxMDgzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDhiMTI3YTcyNGE2NmVhYTAyZGYyM2M2ZjFlOWRmMjNjYjk3M2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoC4oq5linBA2W40ozZuhUnSz2YjA
ig9qy40cAw4efa9+XabcSJPw/UlL1GyYxs2qpvIKdTu8vd/XdA/ZvUdguwQN86F6
Tz9teQoRBr03E95tv22Uo6rYOt0uzhH0GtTG29NqzgWDjxeraw69asmZA1Eqf0qo
er8hsjmOy9+uSnKRpTVWuAS0KDjeJxEf96pyF+oxafC1biHSYtPcUQplH1SwVJXc
Na/ldsSD4eJytKoapGq64FEzPt0lMmMXWjvKNLU2kf0Q2bG2tbD3AEDChMJMIZMG
fQxuynoOftcoJEUOVLxQwZM2L8Z42F9IwQjoDIb5NbPVlM6iIcdHRck5KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSLEnpySmbqoC3yPG8enfI8uXOmMB8GA1UdIwQY
MBaAFK4dwYpLH7/iwrq9i7tH/h/RzyL4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmgzQmlrc2Z2LUxDdXIyTHUwZi1IOUhQSXZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8wMzc2ZDEtMTJjYS00MTM1LTk0ODMt
OGU3MTQ5ZjA0YTRlLzEvNUlzU2VuSktadXFnTGZJOGJ4NmQ4ank1YzZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8wMzc2ZDEtMTJjYS00MTM1LTk0ODMtOGU3MTQ5ZjA0YTRl
LzEvcmgzQmlrc2Z2LUxDdXIyTHUwZi1IOUhQSXZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmNxMA0G
CSqGSIb3DQEBCwUAA4IBAQAC2QooT2eCEawaGED47NjhH6M7O76aWYzB88OMIF3B
E/btOiPWyjwatjl21pIBkUlIGWIorZi4KkJSu5aVq66aPHQFf8bVWwkaC/lofl+I
WWR3UTquu1kJXQ5w1qj/qx+ALNIURHIE0srG9zQ8vUIyAbcyIrMKnLaDsJa4EfTQ
LQCzMsNaEYwuVev9cFd+wEY/6LBpyzMNcdh+msFQexF5Op906Co4GMG5qPdTW2Xn
AS7RiCKMp9/r/jKvmG5qdnbjnWBXM7yBzHu0QHPJFXjUSXzu1u1eLTNpwEB/oO4d
i2WQdNjOY6BIWXAUMwsRV1GwyJf34h1VHwxXkBH7Rq6c
-----END CERTIFICATE-----