Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/jlpFggD5Aem_CzVyVQXdvozwWbA.roa
File:                     jlpFggD5Aem_CzVyVQXdvozwWbA.roa (raw, json)
Hash identifier:          vSmGy4GlYe54BucB4VoDZMwjp2cQBIrajcWhKPz1T1o=
Subject key identifier:   8E:5A:45:82:00:F9:01:E9:BF:0B:35:72:55:05:DD:BE:8C:F0:59:B0
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018CC9BC699479065F681355A80A8980A3D3
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/jlpFggD5Aem_CzVyVQXdvozwWbA.roa
Signing time:             Tue 02 Jan 2024 10:33:37 +0000
ROA not before:           Tue 02 Jan 2024 10:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        5.181.200.0/24 maxlen: 24
                          45.158.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:69:94:79:06:5f:68:13:55:a8:0a:89:80:a3:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  2 10:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e5a458200f901e9bf0b35725505ddbe8cf059b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1c:9d:84:84:95:e0:da:28:fb:32:a9:d8:08:
                    35:c4:67:f7:f6:4c:0b:6f:92:77:d3:b9:96:93:10:
                    e0:24:d9:61:ac:4d:94:15:f1:45:2e:38:59:25:4c:
                    43:64:c1:b7:7b:19:2c:3c:81:ba:c3:ea:d3:17:b9:
                    b1:67:73:5b:01:65:20:d9:7d:93:d6:85:cf:d1:c6:
                    e2:bd:ef:e9:4c:01:cb:9a:ab:15:cd:b8:c9:88:49:
                    bf:38:a0:27:26:41:83:d3:5f:63:14:f3:91:7c:f5:
                    f4:44:b4:8f:a9:21:18:7d:4f:d2:4c:e6:78:49:e3:
                    74:b7:d0:27:f7:61:e8:a9:88:98:e0:b2:43:b0:f0:
                    cb:37:e3:53:72:3e:99:cd:a7:39:dd:72:b0:8a:35:
                    5e:41:f2:16:8a:a8:cd:56:d2:06:07:86:bc:8c:e8:
                    fb:5b:00:ed:20:a9:2f:1a:40:a6:5e:01:83:9e:d0:
                    53:3d:53:a6:b8:dc:b0:11:8a:e2:7c:db:fb:22:09:
                    65:52:a0:f2:63:2d:e7:b0:8e:bd:27:7b:91:ab:b0:
                    79:d5:08:25:6d:5c:e1:8e:82:b1:76:aa:40:c3:bf:
                    1d:30:f6:a6:0e:fd:e4:b1:04:87:72:da:f5:76:2d:
                    e5:ff:b0:29:7f:f0:15:63:d3:6d:81:2f:42:88:a8:
                    29:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:5A:45:82:00:F9:01:E9:BF:0B:35:72:55:05:DD:BE:8C:F0:59:B0
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/jlpFggD5Aem_CzVyVQXdvozwWbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.200.0/24
                  45.158.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:e4:7f:6b:4a:01:62:b5:1d:d5:a8:f9:c9:44:55:16:87:c4:
         a7:79:4d:98:2e:da:1c:6a:e0:85:df:d9:b7:82:89:a7:45:25:
         01:43:34:cf:81:a5:cb:e6:58:75:c9:f1:5c:41:b7:e5:9a:ff:
         86:64:fd:30:46:b2:00:00:bd:98:20:c8:fe:a4:e9:95:71:6c:
         2d:ef:2e:8a:59:a8:46:5b:45:42:c2:ea:f6:35:df:6f:19:e8:
         e0:88:13:04:59:c0:14:18:a2:4d:b1:21:9a:88:97:44:71:88:
         c4:29:e8:d1:a3:e9:3f:b7:9b:cd:8c:34:37:86:a4:a1:ad:90:
         46:b2:fb:93:f4:7a:aa:91:19:14:36:8b:fe:b7:f3:e2:80:a2:
         f2:43:0d:52:7b:ea:22:4e:40:4d:a9:fd:38:7c:85:ba:d8:ef:
         78:30:1f:67:65:70:32:5e:31:47:cd:43:be:ad:6a:4e:4b:57:
         7a:97:03:f4:95:25:24:e1:ea:8b:f7:22:0b:9a:6c:d8:fd:f6:
         73:9a:b2:f1:b5:1d:5d:59:85:85:a8:4e:86:e0:89:88:75:93:
         04:e2:30:77:0a:b8:0d:22:31:58:51:7e:c8:0a:7d:33:3e:84:
         50:32:c5:80:35:a5:cd:37:2c:ef:7b:65:1c:17:09:16:35:c0:
         02:13:a9:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvGmUeQZfaBNVqAqJgKPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMTAyMTAzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTVhNDU4MjAwZjkwMWU5YmYwYjM1NzI1NTA1ZGRiZThjZjA1OWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRydhISV4Noo+zKp2Ag1xGf39kwL
b5J307mWkxDgJNlhrE2UFfFFLjhZJUxDZMG3exksPIG6w+rTF7mxZ3NbAWUg2X2T
1oXP0cbive/pTAHLmqsVzbjJiEm/OKAnJkGD019jFPORfPX0RLSPqSEYfU/STOZ4
SeN0t9An92HoqYiY4LJDsPDLN+NTcj6Zzac53XKwijVeQfIWiqjNVtIGB4a8jOj7
WwDtIKkvGkCmXgGDntBTPVOmuNywEYrifNv7IgllUqDyYy3nsI69J3uRq7B51Qgl
bVzhjoKxdqpAw78dMPamDv3ksQSHctr1di3l/7Apf/AVY9NtgS9CiKgpNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI5aRYIA+QHpvws1clUF3b6M8FmwMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvamxwRmdnRDVBZW1fQ3pWeVZRWGR2b3p3V2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbXIAwQA
LZ5TMA0GCSqGSIb3DQEBCwUAA4IBAQAu5H9rSgFitR3VqPnJRFUWh8SneU2YLtoc
auCF39m3gomnRSUBQzTPgaXL5lh1yfFcQbflmv+GZP0wRrIAAL2YIMj+pOmVcWwt
7y6KWahGW0VCwur2Nd9vGejgiBMEWcAUGKJNsSGaiJdEcYjEKejRo+k/t5vNjDQ3
hqShrZBGsvuT9HqqkRkUNov+t/PigKLyQw1Se+oiTkBNqf04fIW62O94MB9nZXAy
XjFHzUO+rWpOS1d6lwP0lSUk4eqL9yILmmzY/fZzmrLxtR1dWYWFqE6G4ImIdZME
4jB3CrgNIjFYUX7ICn0zPoRQMsWANaXNNyzve2UcFwkWNcACE6m2
-----END CERTIFICATE-----