Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/09ec83-85e2-4e9c-a79c-4c959f6077a0/1/5cFouaeMdqNky0CoRe-4KADJ_lg.roa
File:                     5cFouaeMdqNky0CoRe-4KADJ_lg.roa (raw, json)
Hash identifier:          TIIIFr+7bCOHV8Z0SqUsErxUbpGtAQAHRW6lKCCkOTs=
Subject key identifier:   E5:C1:68:B9:A7:8C:76:A3:64:CB:40:A8:45:EF:B8:28:00:C9:FE:58
Certificate issuer:       /CN=3ba05cb29671d30a57a3e8444f41fe034cf75231
Certificate serial:       018F1B0954116BE30DE6EF90172BDB64000C
Authority key identifier: 3B:A0:5C:B2:96:71:D3:0A:57:A3:E8:44:4F:41:FE:03:4C:F7:52:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O6BcspZx0wpXo-hET0H-A0z3UjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/09ec83-85e2-4e9c-a79c-4c959f6077a0/1/5cFouaeMdqNky0CoRe-4KADJ_lg.roa
Signing time:             Fri 26 Apr 2024 15:32:27 +0000
ROA not before:           Fri 26 Apr 2024 15:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206188
IP address blocks:        5.42.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/09ec83-85e2-4e9c-a79c-4c959f6077a0/1/O6BcspZx0wpXo-hET0H-A0z3UjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/09ec83-85e2-4e9c-a79c-4c959f6077a0/1/O6BcspZx0wpXo-hET0H-A0z3UjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O6BcspZx0wpXo-hET0H-A0z3UjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1b:09:54:11:6b:e3:0d:e6:ef:90:17:2b:db:64:00:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ba05cb29671d30a57a3e8444f41fe034cf75231
        Validity
            Not Before: Apr 26 15:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5c168b9a78c76a364cb40a845efb82800c9fe58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e3:4a:03:b1:1f:70:79:b6:59:9b:e0:09:85:
                    58:cd:2c:b0:a1:08:39:09:ba:fa:64:35:a7:3f:f0:
                    f9:b7:1f:e8:79:de:1e:9a:74:36:8a:78:b6:c2:b3:
                    0f:f4:b6:31:1f:27:65:16:81:bf:14:20:ed:1a:1c:
                    49:1e:d7:21:a4:29:6e:d6:a5:9d:c5:b0:1b:53:61:
                    42:86:d2:62:fd:fe:b9:4d:2d:96:82:09:c2:32:30:
                    68:6f:94:cf:3a:99:cf:09:e9:8d:29:ba:73:0a:dd:
                    3d:84:95:cf:3b:6c:33:7e:3d:78:e6:6d:0e:ae:46:
                    03:37:39:f1:d8:29:73:01:5b:08:af:f4:36:d7:07:
                    a5:40:d8:e3:87:51:38:6c:eb:00:33:df:55:37:3f:
                    ba:9c:e5:60:04:95:7d:b6:01:7c:a9:85:98:80:8a:
                    09:c1:1b:93:45:7d:f5:07:22:c0:77:42:32:fb:7e:
                    66:cc:72:53:e2:cf:68:6b:3b:34:45:50:e4:a3:fd:
                    b4:6b:af:4d:22:55:39:44:cc:d3:a2:d6:1b:8f:4e:
                    6d:89:79:49:e0:cd:5a:de:53:ad:3d:e5:01:82:81:
                    87:6d:6f:37:46:f8:8d:7b:d8:ae:04:05:a2:fe:aa:
                    52:ad:cd:77:31:3f:52:f1:92:72:7d:bc:aa:ac:dc:
                    70:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:C1:68:B9:A7:8C:76:A3:64:CB:40:A8:45:EF:B8:28:00:C9:FE:58
            X509v3 Authority Key Identifier:
                keyid:3B:A0:5C:B2:96:71:D3:0A:57:A3:E8:44:4F:41:FE:03:4C:F7:52:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6BcspZx0wpXo-hET0H-A0z3UjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/09ec83-85e2-4e9c-a79c-4c959f6077a0/1/5cFouaeMdqNky0CoRe-4KADJ_lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/09ec83-85e2-4e9c-a79c-4c959f6077a0/1/O6BcspZx0wpXo-hET0H-A0z3UjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:c7:e3:7d:03:1c:26:ae:d4:e1:c4:9d:42:96:e2:28:5f:6e:
         79:46:91:85:f4:bd:c3:2d:fb:1c:38:34:e8:99:03:9d:db:b7:
         3a:22:2a:6b:6f:35:df:7f:36:d7:21:ef:f5:97:25:ff:25:f0:
         72:fb:f4:73:8e:f0:50:78:e7:cc:04:da:07:66:95:37:16:d9:
         02:62:8a:3f:76:f3:ff:3b:4b:4a:cb:9e:0e:04:69:d4:ac:ae:
         6d:71:0d:a6:a5:df:7f:ae:67:5f:84:de:6f:42:1e:02:b9:17:
         09:fe:28:ae:f3:2e:8b:9d:d1:f2:5c:f9:95:27:eb:7e:79:2f:
         0f:fa:98:12:9e:52:1d:34:7a:27:b0:ec:03:37:d7:9e:32:7d:
         7a:57:ae:4d:b7:3b:95:92:08:da:a6:55:62:5b:a7:5d:c5:e3:
         92:96:5e:8e:0d:06:38:5c:d8:8b:ef:d6:b5:df:19:d8:0e:fb:
         e6:d4:7a:b1:ec:b2:10:d1:df:5b:eb:3e:94:9d:45:e3:95:82:
         5b:02:aa:c4:68:9e:44:0d:11:cd:df:27:c7:00:ac:d9:8f:93:
         0e:21:d3:80:85:4d:83:75:f1:6e:46:eb:db:26:f4:fc:c0:21:
         8b:38:73:65:2a:bd:30:75:76:5b:50:f4:eb:3d:76:55:2e:e0:
         d7:c0:9b:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8bCVQRa+MN5u+QFyvbZAAMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTA1Y2IyOTY3MWQzMGE1N2EzZTg0NDRmNDFmZTAzNGNm
NzUyMzEwHhcNMjQwNDI2MTUzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWMxNjhiOWE3OGM3NmEzNjRjYjQwYTg0NWVmYjgyODAwYzlmZTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwONKA7EfcHm2WZvgCYVYzSywoQg5
Cbr6ZDWnP/D5tx/oed4emnQ2ini2wrMP9LYxHydlFoG/FCDtGhxJHtchpClu1qWd
xbAbU2FChtJi/f65TS2WggnCMjBob5TPOpnPCemNKbpzCt09hJXPO2wzfj145m0O
rkYDNznx2ClzAVsIr/Q21welQNjjh1E4bOsAM99VNz+6nOVgBJV9tgF8qYWYgIoJ
wRuTRX31ByLAd0Iy+35mzHJT4s9oazs0RVDko/20a69NIlU5RMzTotYbj05tiXlJ
4M1a3lOtPeUBgoGHbW83RviNe9iuBAWi/qpSrc13MT9S8ZJyfbyqrNxwcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXBaLmnjHajZMtAqEXvuCgAyf5YMB8GA1UdIwQY
MBaAFDugXLKWcdMKV6PoRE9B/gNM91IxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZCY3NwWngwd3BYby1oRVQwSC1BMHozVWpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8wOWVjODMtODVlMi00ZTljLWE3OWMt
NGM5NTlmNjA3N2EwLzEvNWNGb3VhZU1kcU5reTBDb1JlLTRLQURKX2xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8wOWVjODMtODVlMi00ZTljLWE3OWMtNGM5NTlmNjA3N2Ew
LzEvTzZCY3NwWngwd3BYby1oRVQwSC1BMHozVWpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrCMA0G
CSqGSIb3DQEBCwUAA4IBAQC1x+N9AxwmrtThxJ1CluIoX255RpGF9L3DLfscODTo
mQOd27c6IiprbzXffzbXIe/1lyX/JfBy+/RzjvBQeOfMBNoHZpU3FtkCYoo/dvP/
O0tKy54OBGnUrK5tcQ2mpd9/rmdfhN5vQh4CuRcJ/iiu8y6LndHyXPmVJ+t+eS8P
+pgSnlIdNHonsOwDN9eeMn16V65NtzuVkgjaplViW6ddxeOSll6ODQY4XNiL79a1
3xnYDvvm1Hqx7LIQ0d9b6z6UnUXjlYJbAqrEaJ5EDRHN3yfHAKzZj5MOIdOAhU2D
dfFuRuvbJvT8wCGLOHNlKr0wdXZbUPTrPXZVLuDXwJvm
-----END CERTIFICATE-----