Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/V77Lo2aVp1Y68zpOxbqjqNYt68g.roa
File:                     V77Lo2aVp1Y68zpOxbqjqNYt68g.roa (raw, json)
Hash identifier:          6htibnnzSyfbaiFqJEhty7Oc4bKGSRnM6LapHtGjkiU=
Subject key identifier:   57:BE:CB:A3:66:95:A7:56:3A:F3:3A:4E:C5:BA:A3:A8:D6:2D:EB:C8
Certificate issuer:       /CN=bd252a75c961ad338fd91147d461dd8b3d20cf51
Certificate serial:       018CC79366190227A7913A271C6DD96482CB
Authority key identifier: BD:25:2A:75:C9:61:AD:33:8F:D9:11:47:D4:61:DD:8B:3D:20:CF:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vSUqdclhrTOP2RFH1GHdiz0gz1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/V77Lo2aVp1Y68zpOxbqjqNYt68g.roa
Signing time:             Tue 02 Jan 2024 00:29:35 +0000
ROA not before:           Tue 02 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5539
IP address blocks:        5.182.155.0/24 maxlen: 24
                          5.182.154.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/vSUqdclhrTOP2RFH1GHdiz0gz1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/vSUqdclhrTOP2RFH1GHdiz0gz1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vSUqdclhrTOP2RFH1GHdiz0gz1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:66:19:02:27:a7:91:3a:27:1c:6d:d9:64:82:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd252a75c961ad338fd91147d461dd8b3d20cf51
        Validity
            Not Before: Jan  2 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57becba36695a7563af33a4ec5baa3a8d62debc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c2:25:42:c1:e5:81:da:e8:79:5f:c1:38:62:
                    40:14:ef:58:e4:75:4c:b4:2b:56:76:01:1a:c5:67:
                    41:46:2e:d3:0a:e4:b1:d1:58:03:9a:e0:7f:7b:51:
                    c9:30:de:46:6e:46:9f:58:8c:58:62:12:23:e2:d1:
                    54:07:53:b3:36:e0:7a:aa:ef:0f:83:1a:fa:04:a1:
                    2f:23:3d:03:3f:77:59:5a:96:1d:e4:dd:a9:5e:b7:
                    ea:f9:0c:24:0f:ac:e3:95:9f:6b:a0:3f:96:c0:25:
                    46:2c:53:a4:9e:c1:dd:c7:47:75:c0:0f:15:6a:a3:
                    fb:7e:29:48:4e:f5:2b:16:8d:b8:ee:16:0a:28:41:
                    01:bd:a9:92:ef:5a:f6:df:4c:16:71:09:54:ed:8c:
                    af:4b:79:fc:20:85:9a:bf:15:fe:f8:cf:42:d7:ed:
                    b2:98:76:04:b7:1f:b9:a3:c5:fe:2a:da:b0:3f:74:
                    b7:ef:40:6d:0e:3f:1e:5b:ff:2c:a0:5f:bc:e3:0f:
                    61:42:07:01:33:c1:5c:7c:b3:e5:d2:57:cf:6d:94:
                    5d:af:e5:73:ea:49:f9:15:95:2a:35:87:0e:e2:fd:
                    c9:f3:6b:8f:fc:0f:45:50:6e:8d:68:7c:f1:e0:09:
                    2a:23:c6:c9:c4:92:01:4c:59:91:59:58:7b:06:97:
                    25:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:BE:CB:A3:66:95:A7:56:3A:F3:3A:4E:C5:BA:A3:A8:D6:2D:EB:C8
            X509v3 Authority Key Identifier:
                keyid:BD:25:2A:75:C9:61:AD:33:8F:D9:11:47:D4:61:DD:8B:3D:20:CF:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vSUqdclhrTOP2RFH1GHdiz0gz1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/V77Lo2aVp1Y68zpOxbqjqNYt68g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1c70e-226a-4781-b662-741ab92997d0/1/vSUqdclhrTOP2RFH1GHdiz0gz1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:f2:72:af:7a:09:be:e8:0f:47:ac:0a:e6:7a:ab:43:1d:c7:
         81:f0:80:91:18:b9:0f:33:11:48:0f:79:1c:bc:e9:39:54:0f:
         96:df:75:5b:e2:4b:ac:93:01:c6:fe:91:f9:95:3f:52:1f:d3:
         5b:7b:4c:6e:a1:92:66:1c:ce:e3:fa:b1:ee:ed:da:4b:c1:0b:
         7d:a5:6b:7e:c0:39:86:08:ba:fc:ce:96:01:70:0b:0a:48:26:
         0e:2e:a7:cc:37:0c:e9:27:e5:bd:a2:64:d8:b8:8e:21:6c:bd:
         ae:e8:c3:e3:c4:67:28:9a:4f:2e:84:37:af:d7:a0:b4:6c:49:
         ef:9d:ab:b1:39:ce:46:de:e0:37:b4:5d:27:4d:8d:30:b0:7a:
         ca:1d:ff:23:f7:36:86:85:13:2f:e6:d3:19:08:36:4c:6e:cc:
         cc:6d:5a:cd:cd:62:28:ca:c0:9f:a9:12:c9:64:ff:5e:1a:bd:
         25:34:61:22:a7:91:cf:7c:aa:d5:d5:e0:43:f3:71:81:40:c8:
         bf:33:fd:80:08:47:c1:79:29:7e:81:44:ce:03:e0:2b:ea:a1:
         e5:d0:55:e4:27:e2:1f:08:3c:ae:c2:68:13:5b:f5:2a:4a:d3:
         63:de:dc:ac:43:00:dc:b7:12:b3:3e:78:8e:7c:c6:9d:58:0f:
         08:4f:c3:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk2YZAienkTonHG3ZZILLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMjUyYTc1Yzk2MWFkMzM4ZmQ5MTE0N2Q0NjFkZDhiM2Qy
MGNmNTEwHhcNMjQwMTAyMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2JlY2JhMzY2OTVhNzU2M2FmMzNhNGVjNWJhYTNhOGQ2MmRlYmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18IlQsHlgdroeV/BOGJAFO9Y5HVM
tCtWdgEaxWdBRi7TCuSx0VgDmuB/e1HJMN5GbkafWIxYYhIj4tFUB1OzNuB6qu8P
gxr6BKEvIz0DP3dZWpYd5N2pXrfq+QwkD6zjlZ9roD+WwCVGLFOknsHdx0d1wA8V
aqP7filITvUrFo247hYKKEEBvamS71r230wWcQlU7YyvS3n8IIWavxX++M9C1+2y
mHYEtx+5o8X+KtqwP3S370BtDj8eW/8soF+84w9hQgcBM8FcfLPl0lfPbZRdr+Vz
6kn5FZUqNYcO4v3J82uP/A9FUG6NaHzx4AkqI8bJxJIBTFmRWVh7BpclUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFe+y6NmladWOvM6TsW6o6jWLevIMB8GA1UdIwQY
MBaAFL0lKnXJYa0zj9kRR9Rh3Ys9IM9RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlNVcWRjbGhyVE9QMlJGSDFHSGRpejBnejFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9kMWM3MGUtMjI2YS00NzgxLWI2NjIt
NzQxYWI5Mjk5N2QwLzEvVjc3TG8yYVZwMVk2OHpwT3hicWpxTll0NjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9kMWM3MGUtMjI2YS00NzgxLWI2NjItNzQxYWI5Mjk5N2Qw
LzEvdlNVcWRjbGhyVE9QMlJGSDFHSGRpejBnejFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBbaaMA0G
CSqGSIb3DQEBCwUAA4IBAQAP8nKvegm+6A9HrArmeqtDHceB8ICRGLkPMxFID3kc
vOk5VA+W33Vb4kuskwHG/pH5lT9SH9Nbe0xuoZJmHM7j+rHu7dpLwQt9pWt+wDmG
CLr8zpYBcAsKSCYOLqfMNwzpJ+W9omTYuI4hbL2u6MPjxGcomk8uhDev16C0bEnv
nauxOc5G3uA3tF0nTY0wsHrKHf8j9zaGhRMv5tMZCDZMbszMbVrNzWIoysCfqRLJ
ZP9eGr0lNGEip5HPfKrV1eBD83GBQMi/M/2ACEfBeSl+gUTOA+Ar6qHl0FXkJ+If
CDyuwmgTW/UqStNj3tysQwDctxKzPniOfMadWA8IT8PZ
-----END CERTIFICATE-----