Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/822376-808a-465c-a87f-5ceae19f94f9/1/rLZGLT8dF0NmUHBTvGTUgLbN5sM.roa
File:                     rLZGLT8dF0NmUHBTvGTUgLbN5sM.roa (raw, json)
Hash identifier:          FnNYUjY1bidLh7OmIvFH5no5YMXIdn7y1I3V1422kAA=
Subject key identifier:   AC:B6:46:2D:3F:1D:17:43:66:50:70:53:BC:64:D4:80:B6:CD:E6:C3
Certificate issuer:       /CN=5bb1c57055c29d669f289a9f68f392823942132a
Certificate serial:       018CC2DAE5F8D1DA1CF3AF76F231B76A61E0
Authority key identifier: 5B:B1:C5:70:55:C2:9D:66:9F:28:9A:9F:68:F3:92:82:39:42:13:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W7HFcFXCnWafKJqfaPOSgjlCEyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/822376-808a-465c-a87f-5ceae19f94f9/1/rLZGLT8dF0NmUHBTvGTUgLbN5sM.roa
Signing time:             Mon 01 Jan 2024 02:29:34 +0000
ROA not before:           Mon 01 Jan 2024 02:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44084
IP address blocks:        5.253.212.0/23 maxlen: 24
                          2a09:5dc0::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/822376-808a-465c-a87f-5ceae19f94f9/1/W7HFcFXCnWafKJqfaPOSgjlCEyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/822376-808a-465c-a87f-5ceae19f94f9/1/W7HFcFXCnWafKJqfaPOSgjlCEyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W7HFcFXCnWafKJqfaPOSgjlCEyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e5:f8:d1:da:1c:f3:af:76:f2:31:b7:6a:61:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bb1c57055c29d669f289a9f68f392823942132a
        Validity
            Not Before: Jan  1 02:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=acb6462d3f1d174366507053bc64d480b6cde6c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:bf:62:12:d7:a6:fb:eb:7f:0f:15:07:d1:01:
                    98:c3:8a:a5:23:6b:a9:f7:f6:7f:1a:b8:82:74:18:
                    f5:68:7c:87:14:ed:96:89:a5:6d:4f:5a:33:97:d1:
                    52:44:00:e1:dc:62:d5:7f:5c:e4:d9:fc:e4:16:1c:
                    a9:5c:5c:88:df:51:31:9e:9b:80:23:72:8d:21:bd:
                    3c:58:9f:ef:68:34:88:ff:89:70:28:48:e8:16:fc:
                    d8:d2:83:c3:43:2f:3d:d1:c7:86:6b:70:f2:8a:90:
                    8c:5a:90:0d:8b:5e:48:d6:0f:87:4e:5f:41:3f:81:
                    b2:70:61:df:8c:23:50:e9:0d:03:8b:1c:81:19:be:
                    4c:86:98:b0:4d:73:4e:8d:2b:18:32:32:b7:90:24:
                    b5:c3:a5:cf:4f:96:41:96:b8:c6:94:2f:b5:eb:44:
                    91:d0:62:ab:24:13:62:8f:d6:9f:99:3c:5f:ce:ad:
                    28:a8:b4:d4:72:70:4c:90:df:5d:d7:85:fa:08:48:
                    2b:ea:ed:a3:87:fa:da:cf:ce:81:93:4e:7f:ef:19:
                    da:50:90:a0:bd:f6:24:c7:41:b4:d3:89:ce:0d:86:
                    da:a6:8f:24:63:a1:0a:fd:43:06:cc:f6:f6:e8:53:
                    41:71:83:a7:82:f5:86:73:30:85:a9:8f:c6:f8:f6:
                    8d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:B6:46:2D:3F:1D:17:43:66:50:70:53:BC:64:D4:80:B6:CD:E6:C3
            X509v3 Authority Key Identifier:
                keyid:5B:B1:C5:70:55:C2:9D:66:9F:28:9A:9F:68:F3:92:82:39:42:13:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W7HFcFXCnWafKJqfaPOSgjlCEyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/822376-808a-465c-a87f-5ceae19f94f9/1/rLZGLT8dF0NmUHBTvGTUgLbN5sM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/822376-808a-465c-a87f-5ceae19f94f9/1/W7HFcFXCnWafKJqfaPOSgjlCEyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.212.0/23
                IPv6:
                  2a09:5dc0::/30

    Signature Algorithm: sha256WithRSAEncryption
         3e:77:41:2d:03:d8:0e:ff:f5:18:94:03:4d:d8:14:87:96:00:
         98:be:a7:25:1e:e0:8e:7d:71:59:48:49:1d:bf:59:b5:de:f8:
         31:9c:00:5d:87:fa:4d:40:54:40:6a:72:74:9a:67:cc:31:13:
         dc:2d:12:8b:b4:e6:27:d4:ad:63:dd:0b:fe:84:67:b8:16:a4:
         8e:5e:10:36:3d:1a:97:53:d9:55:f4:a4:ac:96:cb:70:76:03:
         8d:1e:f5:3e:37:b4:cb:bc:51:39:68:a9:7b:22:59:e7:1a:59:
         84:74:e6:1c:76:71:5c:a4:56:7f:12:7b:1b:31:5f:24:34:cb:
         0b:42:0e:4d:df:90:1b:fa:bd:31:73:57:e9:86:34:ec:d1:b6:
         40:5a:18:2b:ab:57:4d:f2:24:49:29:80:8b:8a:81:88:bd:2e:
         40:05:0d:c1:0c:9d:12:00:e4:f5:44:3e:76:7a:1a:21:52:a1:
         87:08:46:d4:2c:b2:e4:1a:bb:ac:3b:26:0a:9b:39:a8:72:6d:
         7c:47:c4:30:45:5a:7f:c2:68:cf:63:e0:17:5a:48:00:1b:cd:
         ba:70:dc:00:24:f5:16:7d:fd:89:e9:7b:c5:83:6b:73:09:fa:
         d8:51:cd:79:5e:58:d7:fd:f4:da:6a:f5:1c:1b:f1:c2:18:f3:
         7b:63:03:2e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2uX40doc86928jG3amHgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViYjFjNTcwNTVjMjlkNjY5ZjI4OWE5ZjY4ZjM5MjgyMzk0
MjEzMmEwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2I2NDYyZDNmMWQxNzQzNjY1MDcwNTNiYzY0ZDQ4MGI2Y2RlNmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo79iEtem++t/DxUH0QGYw4qlI2up
9/Z/GriCdBj1aHyHFO2WiaVtT1ozl9FSRADh3GLVf1zk2fzkFhypXFyI31ExnpuA
I3KNIb08WJ/vaDSI/4lwKEjoFvzY0oPDQy890ceGa3DyipCMWpANi15I1g+HTl9B
P4GycGHfjCNQ6Q0DixyBGb5MhpiwTXNOjSsYMjK3kCS1w6XPT5ZBlrjGlC+160SR
0GKrJBNij9afmTxfzq0oqLTUcnBMkN9d14X6CEgr6u2jh/raz86Bk05/7xnaUJCg
vfYkx0G004nODYbapo8kY6EK/UMGzPb26FNBcYOngvWGczCFqY/G+PaNmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKy2Ri0/HRdDZlBwU7xk1IC2zebDMB8GA1UdIwQY
MBaAFFuxxXBVwp1mnyian2jzkoI5QhMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzdIRmNGWENuV2FmS0pxZmFQT1NnamxDRXlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS84MjIzNzYtODA4YS00NjVjLWE4N2Yt
NWNlYWUxOWY5NGY5LzEvckxaR0xUOGRGME5tVUhCVHZHVFVnTGJONXNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS84MjIzNzYtODA4YS00NjVjLWE4N2YtNWNlYWUxOWY5NGY5
LzEvVzdIRmNGWENuV2FmS0pxZmFQT1NnamxDRXlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBBf3UMA0E
AgACMAcDBQIqCV3AMA0GCSqGSIb3DQEBCwUAA4IBAQA+d0EtA9gO//UYlANN2BSH
lgCYvqclHuCOfXFZSEkdv1m13vgxnABdh/pNQFRAanJ0mmfMMRPcLRKLtOYn1K1j
3Qv+hGe4FqSOXhA2PRqXU9lV9KSslstwdgONHvU+N7TLvFE5aKl7IlnnGlmEdOYc
dnFcpFZ/EnsbMV8kNMsLQg5N35Ab+r0xc1fphjTs0bZAWhgrq1dN8iRJKYCLioGI
vS5ABQ3BDJ0SAOT1RD52ehohUqGHCEbULLLkGrusOyYKmzmocm18R8QwRVp/wmjP
Y+AXWkgAG826cNwAJPUWff2J6XvFg2tzCfrYUc15XljX/fTaavUcG/HCGPN7YwMu
-----END CERTIFICATE-----