Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/5MHa5BNOQmFtYaboLS5aGONMXUg.roa
File:                     5MHa5BNOQmFtYaboLS5aGONMXUg.roa (raw, json)
Hash identifier:          PO6kmabM+dZMJR4NY0o9QhZ0SNi3z1FUlUcPj0CaJ30=
Subject key identifier:   E4:C1:DA:E4:13:4E:42:61:6D:61:A6:E8:2D:2E:5A:18:E3:4C:5D:48
Certificate issuer:       /CN=522399c2789b1a5504f81671cff220c04eaf59f1
Certificate serial:       01909B62130E3E09716F50613A8826FA710A
Authority key identifier: 52:23:99:C2:78:9B:1A:55:04:F8:16:71:CF:F2:20:C0:4E:AF:59:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UiOZwnibGlUE-BZxz_IgwE6vWfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/5MHa5BNOQmFtYaboLS5aGONMXUg.roa
Signing time:             Wed 10 Jul 2024 06:43:34 +0000
ROA not before:           Wed 10 Jul 2024 06:43:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6412
IP address blocks:        80.184.0.0/17 maxlen: 17

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/UiOZwnibGlUE-BZxz_IgwE6vWfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/UiOZwnibGlUE-BZxz_IgwE6vWfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UiOZwnibGlUE-BZxz_IgwE6vWfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 18:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9b:62:13:0e:3e:09:71:6f:50:61:3a:88:26:fa:71:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=522399c2789b1a5504f81671cff220c04eaf59f1
        Validity
            Not Before: Jul 10 06:43:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4c1dae4134e42616d61a6e82d2e5a18e34c5d48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:8a:0e:64:63:9e:de:5e:21:3f:a4:c8:0d:36:
                    4d:29:8b:82:e5:d6:38:e9:f0:48:94:bf:e6:71:4d:
                    f1:d5:aa:28:47:ee:98:a0:f5:f9:de:fe:ee:2a:e6:
                    ab:76:34:e7:6a:02:6d:b0:66:a7:b2:ef:ad:22:bb:
                    de:99:c3:92:e2:8c:d6:77:88:a9:2a:2c:e4:44:6e:
                    f5:d6:c9:aa:cb:fa:30:b0:11:c6:dc:75:c0:fc:67:
                    b8:e7:95:d8:54:75:54:b1:c9:e0:58:c6:96:a3:22:
                    2f:ba:b8:64:56:d4:8f:d8:27:5d:2a:d5:20:91:8f:
                    92:85:5e:0e:9d:e1:a4:ab:07:77:e0:4a:bc:82:0b:
                    65:6e:e8:c1:41:e3:75:12:55:b7:e8:7a:04:f8:3d:
                    84:7a:e7:18:76:3b:64:d0:4b:fa:e7:8e:7e:ba:d7:
                    19:d4:04:25:d4:c3:a2:a7:f0:15:c1:da:b9:8e:53:
                    de:bb:d7:2f:ce:48:82:d3:31:1d:26:7b:32:43:40:
                    20:23:4a:2a:f6:a9:69:9c:34:38:46:cd:d5:31:50:
                    8d:ad:01:10:97:eb:27:23:0e:19:f1:09:61:e4:77:
                    bc:4e:60:69:78:a8:21:0e:58:2a:aa:a3:59:1d:44:
                    3a:f9:8f:78:c9:74:79:7f:97:04:4b:e3:8a:f1:1f:
                    fc:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:C1:DA:E4:13:4E:42:61:6D:61:A6:E8:2D:2E:5A:18:E3:4C:5D:48
            X509v3 Authority Key Identifier:
                keyid:52:23:99:C2:78:9B:1A:55:04:F8:16:71:CF:F2:20:C0:4E:AF:59:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UiOZwnibGlUE-BZxz_IgwE6vWfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/5MHa5BNOQmFtYaboLS5aGONMXUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/22d011-ed42-4d14-a670-d5d51d37949d/1/UiOZwnibGlUE-BZxz_IgwE6vWfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.184.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         34:77:a3:96:c5:d6:bf:04:41:fd:ae:7d:3f:7a:03:1a:90:0d:
         32:ff:55:30:d6:19:b2:31:ee:d3:64:1c:94:e7:3c:08:76:89:
         0a:45:d0:6d:ab:b5:eb:f1:a0:3c:e7:6f:bc:5e:89:d8:48:f1:
         00:fb:7b:71:17:65:ed:14:f9:ec:5b:1d:5d:7e:65:e5:22:a4:
         6f:70:b9:eb:8e:7a:0d:1c:18:21:c3:c6:eb:32:c2:95:6d:c1:
         6c:99:18:13:fc:5a:f4:54:d2:8b:89:73:6d:d0:1d:81:f1:47:
         2d:c3:52:b6:43:62:4b:4d:93:ed:cc:a0:d9:42:c0:3f:43:24:
         0f:31:9a:8b:28:19:d9:8b:27:2f:68:2c:30:41:54:e6:59:f8:
         52:ad:39:dc:df:70:ca:5d:1b:03:61:f5:91:11:00:4a:e1:cd:
         09:9a:5e:59:d2:4a:86:5f:3a:97:e0:4e:16:08:8f:89:42:d5:
         ed:84:b1:84:b8:28:f5:d6:06:52:0b:05:55:f3:b6:71:51:12:
         2b:47:64:6f:99:f6:27:02:b5:97:52:a4:b2:35:5a:f3:aa:f1:
         7a:de:30:dd:f1:93:12:9b:8f:ee:dd:d7:5c:42:c7:0e:59:ad:
         bf:d7:65:84:94:ff:90:ac:11:2d:e4:74:e2:5e:5e:c4:81:b5:
         fa:43:b2:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCbYhMOPglxb1BhOogm+nEKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMjM5OWMyNzg5YjFhNTUwNGY4MTY3MWNmZjIyMGMwNGVh
ZjU5ZjEwHhcNMjQwNzEwMDY0MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGMxZGFlNDEzNGU0MjYxNmQ2MWE2ZTgyZDJlNWExOGUzNGM1ZDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYoOZGOe3l4hP6TIDTZNKYuC5dY4
6fBIlL/mcU3x1aooR+6YoPX53v7uKuardjTnagJtsGansu+tIrvemcOS4ozWd4ip
KizkRG711smqy/owsBHG3HXA/Ge455XYVHVUscngWMaWoyIvurhkVtSP2CddKtUg
kY+ShV4OneGkqwd34Eq8ggtlbujBQeN1ElW36HoE+D2EeucYdjtk0Ev6545+utcZ
1AQl1MOip/AVwdq5jlPeu9cvzkiC0zEdJnsyQ0AgI0oq9qlpnDQ4Rs3VMVCNrQEQ
l+snIw4Z8Qlh5He8TmBpeKghDlgqqqNZHUQ6+Y94yXR5f5cES+OK8R/8mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOTB2uQTTkJhbWGm6C0uWhjjTF1IMB8GA1UdIwQY
MBaAFFIjmcJ4mxpVBPgWcc/yIMBOr1nxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWlPWnduaWJHbFVFLUJaeHpfSWd3RTZ2V2ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8yMmQwMTEtZWQ0Mi00ZDE0LWE2NzAt
ZDVkNTFkMzc5NDlkLzEvNU1IYTVCTk9RbUZ0WWFib0xTNWFHT05NWFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8yMmQwMTEtZWQ0Mi00ZDE0LWE2NzAtZDVkNTFkMzc5NDlk
LzEvVWlPWnduaWJHbFVFLUJaeHpfSWd3RTZ2V2ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHULgAMA0G
CSqGSIb3DQEBCwUAA4IBAQA0d6OWxda/BEH9rn0/egMakA0y/1Uw1hmyMe7TZByU
5zwIdokKRdBtq7Xr8aA852+8XonYSPEA+3txF2XtFPnsWx1dfmXlIqRvcLnrjnoN
HBghw8brMsKVbcFsmRgT/Fr0VNKLiXNt0B2B8Uctw1K2Q2JLTZPtzKDZQsA/QyQP
MZqLKBnZiycvaCwwQVTmWfhSrTnc33DKXRsDYfWREQBK4c0Jml5Z0kqGXzqX4E4W
CI+JQtXthLGEuCj11gZSCwVV87ZxURIrR2RvmfYnArWXUqSyNVrzqvF63jDd8ZMS
m4/u3ddcQscOWa2/12WElP+QrBEt5HTiXl7EgbX6Q7KA
-----END CERTIFICATE-----