Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/bmzF5cGH_9HbBUCaruwp7v7KB-g.roa
File:                     bmzF5cGH_9HbBUCaruwp7v7KB-g.roa (raw, json)
Hash identifier:          DuDPXBXncnqSxRwYL02KEZeSHFtf5e71Y7ZQyBwc38I=
Subject key identifier:   6E:6C:C5:E5:C1:87:FF:D1:DB:05:40:9A:AE:EC:29:EE:FE:CA:07:E8
Certificate issuer:       /CN=1e4a2020b82d0294e90a2d6b2c0f28d1173b6465
Certificate serial:       018CC5DCA3841275368D176FC0675C417136
Authority key identifier: 1E:4A:20:20:B8:2D:02:94:E9:0A:2D:6B:2C:0F:28:D1:17:3B:64:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/bmzF5cGH_9HbBUCaruwp7v7KB-g.roa
Signing time:             Mon 01 Jan 2024 16:30:20 +0000
ROA not before:           Mon 01 Jan 2024 16:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44066
IP address blocks:        5.132.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:a3:84:12:75:36:8d:17:6f:c0:67:5c:41:71:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e4a2020b82d0294e90a2d6b2c0f28d1173b6465
        Validity
            Not Before: Jan  1 16:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e6cc5e5c187ffd1db05409aaeec29eefeca07e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:08:82:2f:9c:68:06:31:9f:d2:14:cc:dd:56:
                    66:18:47:fa:83:a5:39:9a:4e:ef:0b:5d:e0:f5:b1:
                    ba:b4:a4:fe:44:4f:66:7c:9e:8d:48:37:83:b3:df:
                    46:79:30:e4:1c:78:0a:6b:6f:ef:2b:c2:99:d1:a2:
                    c3:83:cc:75:22:e8:31:00:b4:58:c4:a2:f1:1d:58:
                    b1:d6:d8:8e:8f:fd:dd:94:df:90:0c:c3:33:02:54:
                    1f:68:c8:c5:51:1d:c0:3a:06:44:51:9f:af:6f:56:
                    8a:3d:19:e7:bb:bb:f5:ca:43:a7:25:5f:ee:e0:46:
                    c3:46:2d:26:f0:54:a9:47:c3:21:80:cf:fc:ec:81:
                    8e:02:7f:e7:c5:a1:95:19:bd:f4:48:1c:09:00:53:
                    07:d7:11:61:39:5f:81:dc:f2:31:1b:c6:76:b6:a7:
                    f6:c5:4d:ed:12:a6:47:5c:c1:c6:55:c6:b0:b3:e7:
                    6b:af:84:6a:30:77:7a:5a:73:ef:ac:51:a7:11:24:
                    15:06:be:01:a8:a8:69:de:a4:2d:8f:7f:50:c4:9d:
                    3b:f4:be:30:00:32:00:fe:6a:59:f9:a7:d8:95:17:
                    71:80:c6:d4:2c:db:f2:88:e1:0a:83:d2:91:42:01:
                    87:c2:8d:3a:10:2a:59:af:00:bb:55:2c:8c:10:d0:
                    b9:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:6C:C5:E5:C1:87:FF:D1:DB:05:40:9A:AE:EC:29:EE:FE:CA:07:E8
            X509v3 Authority Key Identifier:
                keyid:1E:4A:20:20:B8:2D:02:94:E9:0A:2D:6B:2C:0F:28:D1:17:3B:64:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HkogILgtApTpCi1rLA8o0Rc7ZGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/bmzF5cGH_9HbBUCaruwp7v7KB-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4c48bb-366c-41f5-9b2d-530440c4fa29/1/HkogILgtApTpCi1rLA8o0Rc7ZGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.132.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:20:07:02:f3:47:c0:d1:e8:5c:c8:78:dc:31:a6:3c:3e:df:
         e4:57:56:7a:92:e5:69:13:bc:f6:16:ef:a1:55:e3:99:2d:0d:
         b9:cf:23:43:ee:5b:0b:7a:0f:e7:5b:cc:dc:59:63:0a:56:3e:
         c1:0d:a4:8b:b1:c8:77:8d:ae:54:45:6c:7d:3d:92:10:9f:48:
         7d:1d:33:59:37:21:8a:47:73:52:b3:af:7b:43:68:bb:9f:eb:
         ba:40:d0:6f:de:9c:9e:bb:07:7f:32:14:9a:ce:29:f2:a9:fd:
         52:d8:8b:2a:55:1a:f8:09:3f:2e:81:ef:f8:59:0f:1e:ae:83:
         a1:ce:99:23:db:dc:7b:11:15:c6:62:88:93:25:6f:3f:ec:ff:
         58:4b:1a:1e:41:46:c9:48:a6:eb:a7:f9:df:ea:2c:af:92:2a:
         1b:36:fe:86:ce:2b:2d:14:47:81:42:33:93:7b:92:47:80:ea:
         f3:1d:3e:ce:44:3c:56:55:70:cc:6b:87:88:a1:54:ea:74:ae:
         ce:c2:bf:79:41:08:0d:05:ef:c9:60:66:be:5e:07:35:bf:ae:
         df:2f:98:13:f8:f5:2e:9c:13:88:ab:c6:49:82:8b:88:3d:3d:
         09:54:3e:e7:2c:d7:40:04:f7:4d:b0:ea:7e:28:c3:b7:de:11:
         d4:c1:76:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3KOEEnU2jRdvwGdcQXE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNGEyMDIwYjgyZDAyOTRlOTBhMmQ2YjJjMGYyOGQxMTcz
YjY0NjUwHhcNMjQwMTAxMTYzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTZjYzVlNWMxODdmZmQxZGIwNTQwOWFhZWVjMjllZWZlY2EwN2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwiCL5xoBjGf0hTM3VZmGEf6g6U5
mk7vC13g9bG6tKT+RE9mfJ6NSDeDs99GeTDkHHgKa2/vK8KZ0aLDg8x1IugxALRY
xKLxHVix1tiOj/3dlN+QDMMzAlQfaMjFUR3AOgZEUZ+vb1aKPRnnu7v1ykOnJV/u
4EbDRi0m8FSpR8MhgM/87IGOAn/nxaGVGb30SBwJAFMH1xFhOV+B3PIxG8Z2tqf2
xU3tEqZHXMHGVcaws+drr4RqMHd6WnPvrFGnESQVBr4BqKhp3qQtj39QxJ079L4w
ADIA/mpZ+afYlRdxgMbULNvyiOEKg9KRQgGHwo06ECpZrwC7VSyMENC5/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5sxeXBh//R2wVAmq7sKe7+ygfoMB8GA1UdIwQY
MBaAFB5KICC4LQKU6QotaywPKNEXO2RlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGtvZ0lMZ3RBcFRwQ2kxckxBOG8wUmM3WkdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy80YzQ4YmItMzY2Yy00MWY1LTliMmQt
NTMwNDQwYzRmYTI5LzEvYm16RjVjR0hfOUhiQlVDYXJ1d3A3djdLQi1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy80YzQ4YmItMzY2Yy00MWY1LTliMmQtNTMwNDQwYzRmYTI5
LzEvSGtvZ0lMZ3RBcFRwQ2kxckxBOG8wUmM3WkdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYSeMA0G
CSqGSIb3DQEBCwUAA4IBAQA5IAcC80fA0ehcyHjcMaY8Pt/kV1Z6kuVpE7z2Fu+h
VeOZLQ25zyND7lsLeg/nW8zcWWMKVj7BDaSLsch3ja5URWx9PZIQn0h9HTNZNyGK
R3NSs697Q2i7n+u6QNBv3pyeuwd/MhSazinyqf1S2IsqVRr4CT8uge/4WQ8eroOh
zpkj29x7ERXGYoiTJW8/7P9YSxoeQUbJSKbrp/nf6iyvkiobNv6GzistFEeBQjOT
e5JHgOrzHT7ORDxWVXDMa4eIoVTqdK7Owr95QQgNBe/JYGa+Xgc1v67fL5gT+PUu
nBOIq8ZJgouIPT0JVD7nLNdABPdNsOp+KMO33hHUwXZE
-----END CERTIFICATE-----