Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/usJ0h9h0KZ-1ASPQeebo0yTbN3U.roa
File:                     usJ0h9h0KZ-1ASPQeebo0yTbN3U.roa (raw, json)
Hash identifier:          b0k0q3tUqrCnajtU8AJkI/y0Aazw3DwBKDnxveviNzw=
Subject key identifier:   BA:C2:74:87:D8:74:29:9F:B5:01:23:D0:79:E6:E8:D3:24:DB:37:75
Certificate issuer:       /CN=7b48945b9d716cd47fbde2860d8100fcda987496
Certificate serial:       018CC26CF30B5C98CFF38153C69AD4E7735E
Authority key identifier: 7B:48:94:5B:9D:71:6C:D4:7F:BD:E2:86:0D:81:00:FC:DA:98:74:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e0iUW51xbNR_veKGDYEA_NqYdJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/usJ0h9h0KZ-1ASPQeebo0yTbN3U.roa
Signing time:             Mon 01 Jan 2024 00:29:29 +0000
ROA not before:           Mon 01 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        5.22.145.0/24 maxlen: 24
                          2a00:18e0:5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/e0iUW51xbNR_veKGDYEA_NqYdJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/e0iUW51xbNR_veKGDYEA_NqYdJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e0iUW51xbNR_veKGDYEA_NqYdJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f3:0b:5c:98:cf:f3:81:53:c6:9a:d4:e7:73:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b48945b9d716cd47fbde2860d8100fcda987496
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bac27487d874299fb50123d079e6e8d324db3775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:1c:a0:5d:a4:d3:60:42:ad:36:0e:1d:53:e2:
                    35:70:66:b9:7f:f7:37:70:83:26:15:1f:f1:35:e4:
                    ad:89:2e:de:70:60:06:02:74:df:ee:97:b5:a8:80:
                    ec:43:04:70:28:b7:22:af:16:32:63:60:8f:e4:0a:
                    fb:1a:11:7b:48:34:81:28:61:bc:7c:e3:97:ae:dd:
                    76:2b:b6:97:00:99:fd:b9:3d:ba:de:ef:ca:67:80:
                    64:f6:5f:cf:ff:cb:b4:21:44:6c:aa:10:a8:cc:53:
                    31:60:ae:f1:b8:96:cf:fa:68:88:d9:15:27:94:c6:
                    1b:ef:38:10:21:d1:7a:9f:cc:28:c5:bd:d2:ec:66:
                    7e:bf:63:03:c8:b2:59:0e:8a:f1:5d:54:6c:ff:e7:
                    7d:95:52:cf:fb:43:ea:a1:49:7d:71:1d:42:1d:92:
                    79:dd:16:f1:41:77:06:4a:05:87:0e:03:c6:70:89:
                    04:7f:25:08:43:d2:e2:53:e3:17:a1:23:88:75:10:
                    c2:c6:4b:45:34:28:f4:da:bd:c0:22:36:75:e6:0d:
                    dc:a3:fe:c8:ed:9f:24:ef:df:de:74:34:a1:76:23:
                    d4:71:67:49:07:0e:3d:fc:6e:e4:ec:a3:92:f8:e9:
                    2b:46:20:af:28:a7:a1:6c:4d:79:fb:b3:9a:9a:9c:
                    ea:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:C2:74:87:D8:74:29:9F:B5:01:23:D0:79:E6:E8:D3:24:DB:37:75
            X509v3 Authority Key Identifier:
                keyid:7B:48:94:5B:9D:71:6C:D4:7F:BD:E2:86:0D:81:00:FC:DA:98:74:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0iUW51xbNR_veKGDYEA_NqYdJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/usJ0h9h0KZ-1ASPQeebo0yTbN3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/5b6b06-9af6-4026-b47c-4e85897f309c/1/e0iUW51xbNR_veKGDYEA_NqYdJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.145.0/24
                IPv6:
                  2a00:18e0:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:af:c5:c3:fb:c6:da:6d:78:5b:d3:f8:14:6e:e1:b6:60:e3:
         fc:87:86:f3:b6:1b:43:59:26:0e:50:6a:ed:9a:ed:cd:99:26:
         34:d7:fc:72:40:b9:c4:be:c7:1f:27:8e:67:53:ea:e7:3d:60:
         d5:ca:30:91:d5:94:e8:ef:09:4f:c2:e4:fb:7a:82:0a:5e:05:
         51:25:28:e4:39:9a:70:8e:09:af:89:4e:8d:a5:19:ab:18:49:
         d8:35:cb:62:25:59:9f:0b:d7:cc:6a:90:6e:d9:25:dc:6b:15:
         dc:9e:5e:19:b0:1f:57:c6:34:07:49:07:4f:4f:a8:9b:a2:63:
         52:11:bb:ec:44:03:e5:e3:b5:e3:1b:ee:f2:02:f6:eb:55:1c:
         5a:8a:e7:a2:3c:61:a4:91:91:ca:7d:9e:48:9e:0f:76:00:d8:
         2d:aa:3c:00:ef:67:3e:f2:44:d3:33:a0:b5:7d:85:d7:3d:dd:
         d0:35:02:6c:15:fe:71:25:10:b0:39:8b:61:c3:30:fc:4c:4f:
         0c:de:2d:7e:de:55:20:7a:19:22:b7:2a:27:83:14:ba:1b:aa:
         87:80:bb:90:89:ae:a0:de:42:71:3a:49:77:01:d3:be:ff:e7:
         72:34:43:c3:b3:08:1a:ae:a6:b1:e4:74:24:ac:4a:1f:04:50:
         49:3d:db:a3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbPMLXJjP84FTxprU53NeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNDg5NDViOWQ3MTZjZDQ3ZmJkZTI4NjBkODEwMGZjZGE5
ODc0OTYwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWMyNzQ4N2Q4NzQyOTlmYjUwMTIzZDA3OWU2ZThkMzI0ZGIzNzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBygXaTTYEKtNg4dU+I1cGa5f/c3
cIMmFR/xNeStiS7ecGAGAnTf7pe1qIDsQwRwKLcirxYyY2CP5Ar7GhF7SDSBKGG8
fOOXrt12K7aXAJn9uT263u/KZ4Bk9l/P/8u0IURsqhCozFMxYK7xuJbP+miI2RUn
lMYb7zgQIdF6n8woxb3S7GZ+v2MDyLJZDorxXVRs/+d9lVLP+0PqoUl9cR1CHZJ5
3RbxQXcGSgWHDgPGcIkEfyUIQ9LiU+MXoSOIdRDCxktFNCj02r3AIjZ15g3co/7I
7Z8k79/edDShdiPUcWdJBw49/G7k7KOS+OkrRiCvKKehbE15+7OampzqtQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLrCdIfYdCmftQEj0Hnm6NMk2zd1MB8GA1UdIwQY
MBaAFHtIlFudcWzUf73ihg2BAPzamHSWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTBpVVc1MXhiTlJfdmVLR0RZRUFfTnFZZEpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS81YjZiMDYtOWFmNi00MDI2LWI0N2Mt
NGU4NTg5N2YzMDljLzEvdXNKMGg5aDBLWi0xQVNQUWVlYm8weVRiTjNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS81YjZiMDYtOWFmNi00MDI2LWI0N2MtNGU4NTg5N2YzMDlj
LzEvZTBpVVc1MXhiTlJfdmVLR0RZRUFfTnFZZEpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQABRaRMA8E
AgACMAkDBwAqABjgAAUwDQYJKoZIhvcNAQELBQADggEBAH6vxcP7xtpteFvT+BRu
4bZg4/yHhvO2G0NZJg5Qau2a7c2ZJjTX/HJAucS+xx8njmdT6uc9YNXKMJHVlOjv
CU/C5Pt6ggpeBVElKOQ5mnCOCa+JTo2lGasYSdg1y2IlWZ8L18xqkG7ZJdxrFdye
XhmwH1fGNAdJB09PqJuiY1IRu+xEA+XjteMb7vIC9utVHFqK56I8YaSRkcp9nkie
D3YA2C2qPADvZz7yRNMzoLV9hdc93dA1AmwV/nElELA5i2HDMPxMTwzeLX7eVSB6
GSK3KieDFLobqoeAu5CJrqDeQnE6SXcB077/53I0Q8OzCBquprHkdCSsSh8EUEk9
26M=
-----END CERTIFICATE-----