Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/Ex5aj_RhD3c_-9kwhCAWGii6gqg.roa
File:                     Ex5aj_RhD3c_-9kwhCAWGii6gqg.roa (raw, json)
Hash identifier:          pA4LxvIhpmdSQbUBj0faxR1wurHGWou4KI1n6Rg6TJ8=
Subject key identifier:   13:1E:5A:8F:F4:61:0F:77:3F:FB:D9:30:84:20:16:1A:28:BA:82:A8
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       018CC9BBC8678A5086FD6D18C0DBBEC92554
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/Ex5aj_RhD3c_-9kwhCAWGii6gqg.roa
Signing time:             Tue 02 Jan 2024 10:32:56 +0000
ROA not before:           Tue 02 Jan 2024 10:32:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12589
IP address blocks:        194.88.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:c8:67:8a:50:86:fd:6d:18:c0:db:be:c9:25:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 10:32:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=131e5a8ff4610f773ffbd9308420161a28ba82a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:15:41:4c:79:c7:0f:b0:51:bb:f1:16:6a:1d:
                    11:73:87:52:3f:cb:13:f5:88:2b:78:31:4b:1a:8b:
                    d6:6b:bc:89:b1:b1:3b:b2:a1:0e:28:45:8c:25:68:
                    86:de:fa:b1:2a:81:f8:85:2d:cf:c4:0a:ee:3d:da:
                    43:d7:4c:19:38:df:3d:2e:7b:29:c7:79:37:bf:29:
                    46:e3:69:b4:f4:a8:59:e5:a3:b9:71:bb:f2:98:49:
                    97:fe:be:5a:67:58:f9:d8:74:86:32:3f:d2:ca:31:
                    aa:33:fc:2b:3a:47:2f:d6:2c:ec:5f:cc:39:c0:8d:
                    64:12:bb:d9:f0:12:89:a7:39:00:51:e7:60:0d:bd:
                    67:d4:a6:7c:ec:9a:a8:55:fe:25:55:69:02:29:17:
                    58:6b:7d:be:ee:9c:68:6b:31:14:c9:a4:b6:36:6d:
                    8d:3a:3f:86:7b:1c:32:0c:b4:28:ee:ea:44:ac:6b:
                    89:31:f5:52:c4:7d:15:5e:33:a9:ac:c8:3a:87:c5:
                    ee:5c:4b:2d:3d:cd:5a:b6:d1:9e:a0:bd:92:97:b8:
                    a8:04:cb:62:78:1b:f8:b6:0c:f4:72:c2:2a:4f:86:
                    21:17:f3:ec:2b:30:05:14:14:70:b4:26:39:71:dc:
                    04:71:ed:68:d6:1c:32:bf:fe:a8:d1:a6:0c:d3:6a:
                    ee:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:1E:5A:8F:F4:61:0F:77:3F:FB:D9:30:84:20:16:1A:28:BA:82:A8
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/Ex5aj_RhD3c_-9kwhCAWGii6gqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:a7:02:0a:95:3a:f4:f8:37:1d:ae:de:03:2c:44:ca:7c:e7:
         c9:89:d3:d3:f1:3f:86:bb:b0:b2:31:50:2e:f8:66:e8:db:29:
         ec:85:fa:9d:44:00:b1:35:56:74:d3:8a:57:57:b1:6d:dd:10:
         4b:fe:14:c1:73:39:4c:c9:42:a1:cf:f5:d6:9b:4f:7a:4d:74:
         bc:ff:88:94:98:d0:af:9d:d9:c3:84:28:17:46:98:6b:4c:18:
         fb:79:11:dd:af:e6:0b:6f:ad:00:6c:d6:b3:5e:f4:5c:19:50:
         cc:fd:8f:dd:27:86:7b:fa:a6:c0:23:a6:37:9f:97:9d:09:5a:
         ac:4d:88:e3:b3:48:f5:f1:3f:66:81:ab:d8:8f:e0:cf:fc:f3:
         ad:f2:bf:2b:30:2a:95:f1:34:26:8a:3c:18:aa:95:ad:14:48:
         e4:2f:ae:ce:72:e4:14:a5:8c:d9:1a:be:a2:4e:0d:cc:cf:7a:
         05:73:99:ff:b1:3d:00:0b:e1:f8:4b:f5:68:79:04:28:33:94:
         cd:9b:3e:e2:81:7a:35:44:7f:ad:62:47:67:5d:ec:87:49:88:
         b0:ee:a7:9f:7b:16:33:67:57:af:e2:19:72:78:5d:b5:e7:c1:
         93:d8:21:f1:ac:89:23:09:f9:c6:fe:93:39:14:b1:50:3a:5d:
         74:22:1e:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu8hnilCG/W0YwNu+ySVUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzFlNWE4ZmY0NjEwZjc3M2ZmYmQ5MzA4NDIwMTYxYTI4YmE4MmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6BVBTHnHD7BRu/EWah0Rc4dSP8sT
9YgreDFLGovWa7yJsbE7sqEOKEWMJWiG3vqxKoH4hS3PxAruPdpD10wZON89Lnsp
x3k3vylG42m09KhZ5aO5cbvymEmX/r5aZ1j52HSGMj/SyjGqM/wrOkcv1izsX8w5
wI1kErvZ8BKJpzkAUedgDb1n1KZ87JqoVf4lVWkCKRdYa32+7pxoazEUyaS2Nm2N
Oj+GexwyDLQo7upErGuJMfVSxH0VXjOprMg6h8XuXEstPc1attGeoL2Sl7ioBMti
eBv4tgz0csIqT4YhF/PsKzAFFBRwtCY5cdwEce1o1hwyv/6o0aYM02ruPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMeWo/0YQ93P/vZMIQgFhoouoKoMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvRXg1YWpfUmhEM2NfLTlrd2hDQVdHaWk2Z3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlgtMA0G
CSqGSIb3DQEBCwUAA4IBAQASpwIKlTr0+Dcdrt4DLETKfOfJidPT8T+Gu7CyMVAu
+Gbo2ynshfqdRACxNVZ004pXV7Ft3RBL/hTBczlMyUKhz/XWm096TXS8/4iUmNCv
ndnDhCgXRphrTBj7eRHdr+YLb60AbNazXvRcGVDM/Y/dJ4Z7+qbAI6Y3n5edCVqs
TYjjs0j18T9mgavYj+DP/POt8r8rMCqV8TQmijwYqpWtFEjkL67OcuQUpYzZGr6i
Tg3Mz3oFc5n/sT0AC+H4S/VoeQQoM5TNmz7igXo1RH+tYkdnXeyHSYiw7qefexYz
Z1ev4hlyeF2158GT2CHxrIkjCfnG/pM5FLFQOl10Ih6z
-----END CERTIFICATE-----