Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/toP5GnV52DlBESZs01B3usSGFPw.roa
File:                     toP5GnV52DlBESZs01B3usSGFPw.roa (raw, json)
Hash identifier:          PzFP/2vQgFgiwZiV0R44IZDp0sFrH0VeXeyTZhHb/Gk=
Subject key identifier:   B6:83:F9:1A:75:79:D8:39:41:11:26:6C:D3:50:77:BA:C4:86:14:FC
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018CC5DC1977D8CA7D57A3C47346AF3AC980
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/toP5GnV52DlBESZs01B3usSGFPw.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15910
IP address blocks:        212.183.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:19:77:d8:ca:7d:57:a3:c4:73:46:af:3a:c9:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b683f91a7579d8394111266cd35077bac48614fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:05:38:18:c6:6f:96:fb:09:9d:38:f8:17:d2:
                    65:5e:8a:22:06:94:87:a9:e1:59:d8:d1:91:6c:de:
                    9d:84:73:7b:a3:06:12:f0:fb:a0:39:fc:b6:e0:63:
                    a4:c9:ed:7d:63:41:c1:68:6d:0c:ba:54:32:d3:8c:
                    97:f3:29:1a:29:a6:36:85:29:b6:b1:53:84:20:82:
                    f5:7f:78:45:c6:b7:e3:56:cd:21:ce:83:23:3e:07:
                    e4:ae:5f:90:a8:a2:fd:45:06:d7:4b:c8:3d:95:fb:
                    bf:6e:70:61:4f:91:66:1b:21:3f:83:5f:e1:e0:73:
                    f5:a5:b5:e1:bd:bd:02:5d:f2:ef:48:45:38:08:97:
                    ab:da:ba:63:8c:a5:3b:01:6d:c7:8f:07:e8:1d:e9:
                    16:95:46:8c:14:2e:d2:ab:5d:fe:9c:53:35:ca:46:
                    ff:d7:49:f5:68:93:6f:a8:8a:ef:19:70:9d:6c:51:
                    a4:e4:4c:68:53:5a:a7:94:8d:2e:93:84:1b:31:d2:
                    2c:e1:18:bf:99:a3:0a:f7:ab:51:39:10:7a:7e:66:
                    21:93:2e:f7:50:98:ca:70:53:ac:b2:ab:39:26:c1:
                    2d:fb:40:7b:ad:c9:7a:a0:c6:36:a5:b4:c9:55:40:
                    92:2c:62:bd:df:f1:3f:41:51:82:e1:9c:e7:2a:25:
                    b7:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:83:F9:1A:75:79:D8:39:41:11:26:6C:D3:50:77:BA:C4:86:14:FC
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/toP5GnV52DlBESZs01B3usSGFPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.183.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:6a:52:af:d3:9f:7d:5a:d4:71:1c:1f:93:48:ce:be:b0:7e:
         b5:8b:b2:bd:8a:90:4d:1a:ff:1d:2d:00:ee:f8:15:6c:f0:13:
         95:59:87:fb:6c:14:41:f8:0f:15:6d:9a:3a:cb:c1:b1:30:82:
         b1:56:b0:cb:cf:5b:8b:e9:48:df:b0:68:7a:65:e4:80:32:92:
         00:c7:c1:24:7a:d3:a8:83:93:b9:4d:3b:0d:3e:c4:55:ca:96:
         1b:b8:c3:e8:f3:0c:d9:d5:58:eb:93:d5:44:37:40:0d:74:5a:
         a1:88:67:36:70:a3:9e:4c:15:a1:75:bb:50:f6:cf:b2:a0:ea:
         d8:16:f4:02:3b:d6:3b:07:98:25:06:58:cb:aa:39:8b:ca:2c:
         83:65:be:cb:62:a5:57:e6:41:48:1f:d9:dc:0b:c0:3e:1e:85:
         1c:84:91:45:f0:67:52:47:ea:e9:3e:3c:72:0a:99:a5:be:24:
         9d:2f:31:8f:a6:7c:28:b9:53:9c:af:83:1b:9a:9d:c7:35:83:
         91:37:ee:47:ac:59:e1:89:e1:5e:36:64:49:48:35:42:8d:8a:
         c5:c3:fa:64:4e:8e:f1:56:33:ff:7e:4e:f9:81:db:6d:4d:34:
         43:86:06:33:45:fb:83:78:41:b7:66:b6:81:19:7c:f5:d1:77:
         4c:27:28:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Bl32Mp9V6PEc0avOsmAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjgzZjkxYTc1NzlkODM5NDExMTI2NmNkMzUwNzdiYWM0ODYxNGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgU4GMZvlvsJnTj4F9JlXooiBpSH
qeFZ2NGRbN6dhHN7owYS8PugOfy24GOkye19Y0HBaG0MulQy04yX8ykaKaY2hSm2
sVOEIIL1f3hFxrfjVs0hzoMjPgfkrl+QqKL9RQbXS8g9lfu/bnBhT5FmGyE/g1/h
4HP1pbXhvb0CXfLvSEU4CJer2rpjjKU7AW3HjwfoHekWlUaMFC7Sq13+nFM1ykb/
10n1aJNvqIrvGXCdbFGk5ExoU1qnlI0uk4QbMdIs4Ri/maMK96tRORB6fmYhky73
UJjKcFOssqs5JsEt+0B7rcl6oMY2pbTJVUCSLGK93/E/QVGC4ZznKiW3awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaD+Rp1edg5QREmbNNQd7rEhhT8MB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvdG9QNUduVjUyRGxCRVNaczAxQjN1c1NHRlB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1LcFMA0G
CSqGSIb3DQEBCwUAA4IBAQC3alKv0599WtRxHB+TSM6+sH61i7K9ipBNGv8dLQDu
+BVs8BOVWYf7bBRB+A8VbZo6y8GxMIKxVrDLz1uL6UjfsGh6ZeSAMpIAx8EketOo
g5O5TTsNPsRVypYbuMPo8wzZ1Vjrk9VEN0ANdFqhiGc2cKOeTBWhdbtQ9s+yoOrY
FvQCO9Y7B5glBljLqjmLyiyDZb7LYqVX5kFIH9ncC8A+HoUchJFF8GdSR+rpPjxy
CpmlviSdLzGPpnwouVOcr4Mbmp3HNYORN+5HrFnhieFeNmRJSDVCjYrFw/pkTo7x
VjP/fk75gdttTTRDhgYzRfuDeEG3ZraBGXz10XdMJyin
-----END CERTIFICATE-----