Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/2603bd-815c-4fb0-9b9c-553458c90899/1/CS52-Q5NuIZJWgCrxtQNy61Otso.roa
File:                     CS52-Q5NuIZJWgCrxtQNy61Otso.roa (raw, json)
Hash identifier:          UOEoBMWakRPcOeKt6JbAkznZMgyz3b/mORthWrZK5Sc=
Subject key identifier:   09:2E:76:F9:0E:4D:B8:86:49:5A:00:AB:C6:D4:0D:CB:AD:4E:B6:CA
Certificate issuer:       /CN=5b96221da85f6c8a80703576683ad2c393f23bcc
Certificate serial:       018D5A62FF3A43D6EE9A7C53F5D11833161A
Authority key identifier: 5B:96:22:1D:A8:5F:6C:8A:80:70:35:76:68:3A:D2:C3:93:F2:3B:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W5YiHahfbIqAcDV2aDrSw5PyO8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/2603bd-815c-4fb0-9b9c-553458c90899/1/CS52-Q5NuIZJWgCrxtQNy61Otso.roa
Signing time:             Tue 30 Jan 2024 12:40:53 +0000
ROA not before:           Tue 30 Jan 2024 12:40:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49223
IP address blocks:        194.32.136.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/2603bd-815c-4fb0-9b9c-553458c90899/1/W5YiHahfbIqAcDV2aDrSw5PyO8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/2603bd-815c-4fb0-9b9c-553458c90899/1/W5YiHahfbIqAcDV2aDrSw5PyO8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W5YiHahfbIqAcDV2aDrSw5PyO8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5a:62:ff:3a:43:d6:ee:9a:7c:53:f5:d1:18:33:16:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b96221da85f6c8a80703576683ad2c393f23bcc
        Validity
            Not Before: Jan 30 12:40:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=092e76f90e4db886495a00abc6d40dcbad4eb6ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:af:87:26:e4:5d:f8:50:a6:3c:79:05:cc:a0:
                    20:f2:19:60:e9:9c:bf:07:e5:3a:55:d0:f5:ad:23:
                    99:89:d2:71:ae:ea:b5:89:aa:24:ba:06:5f:dd:42:
                    4b:b3:a8:dc:40:f3:e8:e2:d7:32:c3:d9:bc:79:07:
                    08:5e:85:a7:4e:40:d2:4b:4e:92:1e:e9:3f:c9:e6:
                    12:ee:48:bd:99:18:9e:7c:18:3c:95:5d:fc:1b:0a:
                    cf:25:43:4a:39:38:b1:01:e0:97:b5:d9:69:d0:ed:
                    c3:c9:ef:55:e5:45:2e:81:5e:33:36:f7:bd:bf:b3:
                    c0:67:6e:6a:ce:68:fb:35:15:7c:41:3d:8c:d8:86:
                    a9:40:41:7f:6c:3e:1e:78:35:6b:9d:85:f5:3c:ce:
                    5a:86:31:de:7d:9b:69:4f:7c:42:02:d8:12:56:69:
                    43:89:64:76:97:58:b5:d5:a2:08:bd:c5:6a:b6:4f:
                    91:8f:c9:34:73:36:12:36:a0:45:51:3b:8c:cd:d8:
                    06:77:bf:50:9c:d5:63:50:58:dc:3e:40:d2:42:02:
                    d9:ff:4c:ed:94:fb:76:94:e0:35:01:a5:3d:bb:0a:
                    8b:13:fc:b5:77:cd:c6:0d:9b:e6:78:26:58:dd:60:
                    72:be:5d:3f:d4:d1:84:f5:d6:35:5c:30:75:ed:43:
                    89:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:2E:76:F9:0E:4D:B8:86:49:5A:00:AB:C6:D4:0D:CB:AD:4E:B6:CA
            X509v3 Authority Key Identifier:
                keyid:5B:96:22:1D:A8:5F:6C:8A:80:70:35:76:68:3A:D2:C3:93:F2:3B:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W5YiHahfbIqAcDV2aDrSw5PyO8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/2603bd-815c-4fb0-9b9c-553458c90899/1/CS52-Q5NuIZJWgCrxtQNy61Otso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/2603bd-815c-4fb0-9b9c-553458c90899/1/W5YiHahfbIqAcDV2aDrSw5PyO8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:1c:10:5e:6f:42:54:b6:bc:2e:47:52:a9:21:7d:b5:f1:2d:
         ed:7b:19:3b:85:8f:bd:6e:d1:9c:82:b4:ac:8c:93:5b:d3:79:
         df:58:31:15:55:80:18:38:4c:f4:c9:f3:7c:69:40:28:94:9f:
         42:1d:dc:0b:bd:4b:24:fc:c8:c0:e9:f0:6d:a2:22:c9:fa:b4:
         26:c0:45:2d:20:c2:21:ec:3c:0e:ce:41:68:b6:26:07:a9:70:
         70:5f:21:d6:17:7c:98:05:c8:11:1c:55:fc:21:72:3f:3d:ee:
         e4:0f:d6:e5:fd:2b:0c:ee:d4:ed:71:39:f3:7c:e0:a9:59:bd:
         6a:9e:9b:ef:eb:4f:65:45:38:21:ab:4a:75:89:2a:5f:08:2e:
         e9:f0:25:96:9e:f7:6c:b9:e0:54:32:a7:68:8a:1b:f7:50:a2:
         81:93:73:ab:7c:9b:5b:3a:1b:52:60:e0:50:86:16:dc:2e:7e:
         55:6d:0c:21:f9:c6:0f:f0:83:0c:38:aa:68:da:91:53:54:d4:
         33:6e:5f:22:18:0e:dc:c2:6f:2e:f2:f0:b5:7a:ff:5e:dc:c1:
         10:9e:25:8f:22:63:ce:1f:ac:d5:4c:56:45:e4:b7:0e:b4:9a:
         dc:dd:95:8c:97:ac:bd:0f:0d:41:f0:03:34:47:47:01:6c:69:
         fa:09:20:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1aYv86Q9bumnxT9dEYMxYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViOTYyMjFkYTg1ZjZjOGE4MDcwMzU3NjY4M2FkMmMzOTNm
MjNiY2MwHhcNMjQwMTMwMTI0MDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTJlNzZmOTBlNGRiODg2NDk1YTAwYWJjNmQ0MGRjYmFkNGViNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoa+HJuRd+FCmPHkFzKAg8hlg6Zy/
B+U6VdD1rSOZidJxruq1iaokugZf3UJLs6jcQPPo4tcyw9m8eQcIXoWnTkDSS06S
Huk/yeYS7ki9mRiefBg8lV38GwrPJUNKOTixAeCXtdlp0O3Dye9V5UUugV4zNve9
v7PAZ25qzmj7NRV8QT2M2IapQEF/bD4eeDVrnYX1PM5ahjHefZtpT3xCAtgSVmlD
iWR2l1i11aIIvcVqtk+Rj8k0czYSNqBFUTuMzdgGd79QnNVjUFjcPkDSQgLZ/0zt
lPt2lOA1AaU9uwqLE/y1d83GDZvmeCZY3WByvl0/1NGE9dY1XDB17UOJrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkudvkOTbiGSVoAq8bUDcutTrbKMB8GA1UdIwQY
MBaAFFuWIh2oX2yKgHA1dmg60sOT8jvMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzVZaUhhaGZiSXFBY0RWMmFEclN3NVB5Tzh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8yNjAzYmQtODE1Yy00ZmIwLTliOWMt
NTUzNDU4YzkwODk5LzEvQ1M1Mi1RNU51SVpKV2dDcnh0UU55NjFPdHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8yNjAzYmQtODE1Yy00ZmIwLTliOWMtNTUzNDU4YzkwODk5
LzEvVzVZaUhhaGZiSXFBY0RWMmFEclN3NVB5Tzh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiCIMA0G
CSqGSIb3DQEBCwUAA4IBAQBGHBBeb0JUtrwuR1KpIX218S3texk7hY+9btGcgrSs
jJNb03nfWDEVVYAYOEz0yfN8aUAolJ9CHdwLvUsk/MjA6fBtoiLJ+rQmwEUtIMIh
7DwOzkFotiYHqXBwXyHWF3yYBcgRHFX8IXI/Pe7kD9bl/SsM7tTtcTnzfOCpWb1q
npvv609lRTghq0p1iSpfCC7p8CWWnvdsueBUMqdoihv3UKKBk3OrfJtbOhtSYOBQ
hhbcLn5VbQwh+cYP8IMMOKpo2pFTVNQzbl8iGA7cwm8u8vC1ev9e3MEQniWPImPO
H6zVTFZF5LcOtJrc3ZWMl6y9Dw1B8AM0R0cBbGn6CSDF
-----END CERTIFICATE-----