Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/4iq8k8F6CxojtdZYaD9M-GDcHQw.roa
File:                     4iq8k8F6CxojtdZYaD9M-GDcHQw.roa (raw, json)
Hash identifier:          Pqx1NuZddDbhMPi+xxVWbSh3UolUsBJFTp1v2POhUsQ=
Subject key identifier:   E2:2A:BC:93:C1:7A:0B:1A:23:B5:D6:58:68:3F:4C:F8:60:DC:1D:0C
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       018CC94D8B507D499C8F7A321B911214601F
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/4iq8k8F6CxojtdZYaD9M-GDcHQw.roa
Signing time:             Tue 02 Jan 2024 08:32:31 +0000
ROA not before:           Tue 02 Jan 2024 08:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213365
IP address blocks:        5.133.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:8b:50:7d:49:9c:8f:7a:32:1b:91:12:14:60:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Jan  2 08:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e22abc93c17a0b1a23b5d658683f4cf860dc1d0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:73:c9:64:16:17:8a:d3:86:5b:fe:ab:64:da:
                    b4:f9:b1:83:63:50:19:32:2f:27:3a:30:2c:cd:31:
                    66:ac:7c:ba:83:13:5e:cb:fc:96:3c:3a:f0:72:1a:
                    50:a9:bd:19:2e:f5:f9:20:da:da:90:f7:b9:21:78:
                    9d:c8:86:7f:e1:0e:58:5b:a5:ad:31:09:4c:99:97:
                    ac:1e:75:83:86:a2:06:3a:9b:8d:b2:ed:13:17:a0:
                    02:07:c7:d4:08:e7:21:f0:ca:f0:5d:23:b5:0b:90:
                    e0:c1:82:b3:06:2a:5a:1e:dc:fe:22:79:2b:86:0c:
                    c0:11:35:50:96:6a:fd:c2:32:34:f2:47:c9:b7:b9:
                    42:6c:b8:e3:6c:52:6c:af:f4:4c:9c:17:86:c5:7e:
                    20:85:b3:e0:f1:35:4a:82:0d:28:2d:46:d4:06:f0:
                    30:b8:b4:6c:b0:a2:a6:7f:b2:40:19:82:af:f6:97:
                    63:66:79:9a:8f:9a:28:e2:d8:09:e1:8f:4b:8e:3b:
                    77:6a:91:58:ca:4d:26:0e:2b:4c:f3:88:c6:6c:32:
                    0d:23:5f:50:3a:3f:86:e8:5b:0a:59:44:62:02:36:
                    9b:3a:c6:e9:4b:6b:88:92:49:43:bb:89:65:0a:f5:
                    e6:17:ab:10:22:69:a0:d2:0c:a3:19:d3:bc:e9:f8:
                    90:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:2A:BC:93:C1:7A:0B:1A:23:B5:D6:58:68:3F:4C:F8:60:DC:1D:0C
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/4iq8k8F6CxojtdZYaD9M-GDcHQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:a9:3f:d5:db:d2:41:93:06:dc:cc:0e:b4:2d:0f:f8:13:0a:
         40:b0:ad:dd:46:36:66:11:44:c1:69:28:72:cb:d8:da:1f:36:
         1e:a0:4a:06:14:c2:f8:d3:33:d6:99:ba:84:14:1f:45:38:30:
         af:0d:ae:64:9f:d5:ce:0e:f2:6c:e5:f9:34:eb:58:23:e3:91:
         03:11:09:5f:0a:89:a9:80:5d:be:97:7c:37:d3:55:88:cd:73:
         7b:4c:bb:59:e9:81:78:fe:f1:86:60:38:59:89:83:7d:a8:b1:
         d5:b3:35:ba:0a:81:e8:44:a1:b8:45:bb:59:09:ab:54:b7:97:
         be:62:ad:37:88:ba:dd:b9:fa:88:d0:b6:38:a6:b8:c5:ee:c2:
         99:9b:ad:e8:22:8d:78:a0:91:b0:fd:39:47:3a:bd:70:00:11:
         fe:a4:6b:f8:37:10:25:c1:a1:e5:5c:63:12:53:94:6f:aa:f7:
         86:f5:9b:99:b2:1a:ed:e8:55:35:33:c7:a6:9e:a4:d6:3b:40:
         81:63:24:ba:00:98:53:be:ee:7f:9f:fb:d8:d8:a6:c3:1a:82:
         34:ba:7e:d4:48:3c:dc:3b:36:c0:94:e3:28:12:b2:e5:6f:6a:
         90:0a:b4:3e:f2:b3:77:99:78:a3:32:da:fa:d8:29:d0:02:68:
         3c:73:c2:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTYtQfUmcj3oyG5ESFGAfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjQwMTAyMDgzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjJhYmM5M2MxN2EwYjFhMjNiNWQ2NTg2ODNmNGNmODYwZGMxZDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3PJZBYXitOGW/6rZNq0+bGDY1AZ
Mi8nOjAszTFmrHy6gxNey/yWPDrwchpQqb0ZLvX5INrakPe5IXidyIZ/4Q5YW6Wt
MQlMmZesHnWDhqIGOpuNsu0TF6ACB8fUCOch8MrwXSO1C5DgwYKzBipaHtz+Inkr
hgzAETVQlmr9wjI08kfJt7lCbLjjbFJsr/RMnBeGxX4ghbPg8TVKgg0oLUbUBvAw
uLRssKKmf7JAGYKv9pdjZnmaj5oo4tgJ4Y9Ljjt3apFYyk0mDitM84jGbDINI19Q
Oj+G6FsKWURiAjabOsbpS2uIkklDu4llCvXmF6sQImmg0gyjGdO86fiQtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIqvJPBegsaI7XWWGg/TPhg3B0MMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvNGlxOGs4RjZDeG9qdGRaWWFEOU0tR0RjSFF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYVAMA0G
CSqGSIb3DQEBCwUAA4IBAQBZqT/V29JBkwbczA60LQ/4EwpAsK3dRjZmEUTBaShy
y9jaHzYeoEoGFML40zPWmbqEFB9FODCvDa5kn9XODvJs5fk061gj45EDEQlfComp
gF2+l3w301WIzXN7TLtZ6YF4/vGGYDhZiYN9qLHVszW6CoHoRKG4RbtZCatUt5e+
Yq03iLrdufqI0LY4prjF7sKZm63oIo14oJGw/TlHOr1wABH+pGv4NxAlwaHlXGMS
U5RvqveG9ZuZshrt6FU1M8emnqTWO0CBYyS6AJhTvu5/n/vY2KbDGoI0un7USDzc
OzbAlOMoErLlb2qQCrQ+8rN3mXijMtr62CnQAmg8c8Js
-----END CERTIFICATE-----