Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/5C0vullddJ6Jc5N3D3zvPoPG88g.roa
File:                     5C0vullddJ6Jc5N3D3zvPoPG88g.roa (raw, json)
Hash identifier:          6vMOUV1sDw3NL/B+lAZCQ3vyhBohp8oZmTWEA9aqypk=
Subject key identifier:   E4:2D:2F:BA:59:5D:74:9E:89:73:93:77:0F:7C:EF:3E:83:C6:F3:C8
Certificate issuer:       /CN=ff56d837fe254fa92e1f3c2f861aa1e485521746
Certificate serial:       018CC26D5DBAF5CFDCD67E80CC0DDA719A9A
Authority key identifier: FF:56:D8:37:FE:25:4F:A9:2E:1F:3C:2F:86:1A:A1:E4:85:52:17:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/5C0vullddJ6Jc5N3D3zvPoPG88g.roa
Signing time:             Mon 01 Jan 2024 00:29:56 +0000
ROA not before:           Mon 01 Jan 2024 00:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31034
IP address blocks:        185.5.92.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5d:ba:f5:cf:dc:d6:7e:80:cc:0d:da:71:9a:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff56d837fe254fa92e1f3c2f861aa1e485521746
        Validity
            Not Before: Jan  1 00:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e42d2fba595d749e897393770f7cef3e83c6f3c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f1:1a:06:99:74:9c:57:4f:42:55:b6:52:5b:
                    42:6b:61:84:eb:e8:ae:15:cd:53:bc:af:59:ac:c0:
                    6b:cd:12:44:77:85:c5:f4:af:1d:08:cf:75:9a:4c:
                    ac:b1:39:7b:d0:08:e8:d3:67:34:b1:1e:12:e0:bb:
                    ff:c8:1a:32:34:7f:44:6f:55:f5:e1:7a:38:2d:6c:
                    9b:fb:ac:0e:25:14:f0:69:c4:17:47:ce:eb:02:2f:
                    d5:ec:53:27:27:21:9e:a9:cf:0b:7c:e0:e5:e5:8e:
                    e5:73:42:32:fd:30:14:48:36:e3:16:eb:3d:e8:6b:
                    1c:92:3d:dc:e4:39:72:74:50:12:d6:f7:1f:24:59:
                    c5:e9:db:ce:7b:9b:f3:ec:64:99:10:e0:a9:65:6d:
                    ff:bc:20:22:c7:11:51:e1:4f:8b:ed:98:ca:60:d4:
                    22:7a:15:48:5b:c5:99:20:6d:2a:e4:7a:42:09:fe:
                    65:8c:82:35:48:46:0f:7e:03:db:f2:ea:37:65:88:
                    8e:ea:40:14:37:ac:d3:f4:35:99:44:b9:e4:3c:33:
                    cd:d8:af:81:c1:ec:7a:ca:0b:cc:6d:2c:7f:fd:99:
                    ad:f0:5b:86:9f:8f:2e:c1:c5:d9:72:95:63:33:87:
                    38:0c:d0:c9:47:97:1b:46:71:05:ba:60:df:22:67:
                    a8:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:2D:2F:BA:59:5D:74:9E:89:73:93:77:0F:7C:EF:3E:83:C6:F3:C8
            X509v3 Authority Key Identifier:
                keyid:FF:56:D8:37:FE:25:4F:A9:2E:1F:3C:2F:86:1A:A1:E4:85:52:17:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/5C0vullddJ6Jc5N3D3zvPoPG88g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:fe:86:33:9a:0a:29:19:b1:db:de:85:1c:06:fb:f4:83:5f:
         d2:8b:dd:05:9b:b7:2b:ef:49:94:49:dc:08:cc:14:be:bb:3a:
         4f:cf:5a:c7:c7:ab:5a:f0:11:23:7a:68:de:18:3c:ce:7a:2e:
         34:75:be:a5:c5:d9:5b:94:d3:e5:31:b1:01:24:78:f4:95:c5:
         f3:a2:90:2c:fc:bc:d6:1f:ed:bf:9a:43:a9:83:87:e2:17:d4:
         fc:aa:4c:5f:38:05:82:2b:3f:82:38:dd:01:d1:95:6d:69:3a:
         2e:ec:f2:63:d4:78:a0:40:d2:cd:46:1a:70:51:41:c6:ae:91:
         26:b5:1b:28:42:bb:2d:5f:d6:ae:4a:7c:6a:e2:77:31:c9:34:
         a8:9f:cf:4e:59:f7:d2:6a:e0:28:f2:ac:82:70:e1:04:1d:9f:
         85:74:1a:bc:0a:7a:fc:c7:b9:ac:90:04:45:98:b9:bb:cd:99:
         78:b1:b4:4a:52:b1:02:5e:80:8b:9b:70:1f:b2:dd:c7:87:ba:
         d2:a6:e6:4a:09:23:91:27:f9:15:2f:c4:ff:e3:a7:4f:9a:1a:
         a0:a9:59:38:80:7f:1c:92:af:da:30:b2:35:47:6b:19:34:b7:
         90:99:62:40:ef:f7:be:f9:18:0b:fb:03:66:1d:58:d4:be:37:
         4c:a6:16:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbV269c/c1n6AzA3acZqaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNTZkODM3ZmUyNTRmYTkyZTFmM2MyZjg2MWFhMWU0ODU1
MjE3NDYwHhcNMjQwMTAxMDAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDJkMmZiYTU5NWQ3NDllODk3MzkzNzcwZjdjZWYzZTgzYzZmM2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfEaBpl0nFdPQlW2UltCa2GE6+iu
Fc1TvK9ZrMBrzRJEd4XF9K8dCM91mkyssTl70Ajo02c0sR4S4Lv/yBoyNH9Eb1X1
4Xo4LWyb+6wOJRTwacQXR87rAi/V7FMnJyGeqc8LfODl5Y7lc0Iy/TAUSDbjFus9
6Gsckj3c5DlydFAS1vcfJFnF6dvOe5vz7GSZEOCpZW3/vCAixxFR4U+L7ZjKYNQi
ehVIW8WZIG0q5HpCCf5ljII1SEYPfgPb8uo3ZYiO6kAUN6zT9DWZRLnkPDPN2K+B
wex6ygvMbSx//Zmt8FuGn48uwcXZcpVjM4c4DNDJR5cbRnEFumDfImeojQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQtL7pZXXSeiXOTdw987z6DxvPIMB8GA1UdIwQY
MBaAFP9W2Df+JU+pLh88L4YaoeSFUhdGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzFiWU5fNGxUNmt1SHp3dmhocWg1SVZTRjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xYjM3NDktOTY3My00MTJkLWIzNDgt
NTBmYzRkNTU3ZDA4LzEvNUMwdnVsbGRkSjZKYzVOM0QzenZQb1BHODhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xYjM3NDktOTY3My00MTJkLWIzNDgtNTBmYzRkNTU3ZDA4
LzEvXzFiWU5fNGxUNmt1SHp3dmhocWg1SVZTRjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQVcMA0G
CSqGSIb3DQEBCwUAA4IBAQCn/oYzmgopGbHb3oUcBvv0g1/Si90Fm7cr70mUSdwI
zBS+uzpPz1rHx6ta8BEjemjeGDzOei40db6lxdlblNPlMbEBJHj0lcXzopAs/LzW
H+2/mkOpg4fiF9T8qkxfOAWCKz+CON0B0ZVtaTou7PJj1HigQNLNRhpwUUHGrpEm
tRsoQrstX9auSnxq4ncxyTSon89OWffSauAo8qyCcOEEHZ+FdBq8Cnr8x7mskARF
mLm7zZl4sbRKUrECXoCLm3Afst3Hh7rSpuZKCSORJ/kVL8T/46dPmhqgqVk4gH8c
kq/aMLI1R2sZNLeQmWJA7/e++RgL+wNmHVjUvjdMphZT
-----END CERTIFICATE-----