Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/5pDXhBOPiimScgEhgBUoqo8OV4E.roa
File:                     5pDXhBOPiimScgEhgBUoqo8OV4E.roa (raw, json)
Hash identifier:          vkDk6oK7YAG+5tYuz2R7ORkBacWD6k+SvpKolvAGGS4=
Subject key identifier:   E6:90:D7:84:13:8F:8A:29:92:72:01:21:80:15:28:AA:8F:0E:57:81
Certificate issuer:       /CN=c6a707934a762bbdf34fc0148f265ce124577213
Certificate serial:       018CC64B2EE151B9653A5444A2029A0E5F2B
Authority key identifier: C6:A7:07:93:4A:76:2B:BD:F3:4F:C0:14:8F:26:5C:E1:24:57:72:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/5pDXhBOPiimScgEhgBUoqo8OV4E.roa
Signing time:             Mon 01 Jan 2024 18:31:05 +0000
ROA not before:           Mon 01 Jan 2024 18:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30860
IP address blocks:        5.252.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2e:e1:51:b9:65:3a:54:44:a2:02:9a:0e:5f:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a707934a762bbdf34fc0148f265ce124577213
        Validity
            Not Before: Jan  1 18:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e690d784138f8a2992720121801528aa8f0e5781
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4f:d9:fd:b0:f4:f1:70:5f:a0:c3:ce:ad:58:
                    f1:a6:24:8e:b5:d4:a1:7c:09:ad:b9:56:99:b4:0f:
                    fe:9f:43:13:ef:3b:c1:2b:34:c0:14:f6:1d:8c:a4:
                    05:6b:64:a4:d3:c5:21:ad:c8:21:6e:d1:21:82:32:
                    78:33:0d:95:ee:af:6b:20:13:2a:f0:cf:5e:19:90:
                    45:fc:be:68:98:de:c2:94:53:bd:7c:10:47:dc:e2:
                    c4:91:21:f7:01:eb:58:d1:b0:18:49:11:23:43:c2:
                    0a:f8:63:7a:11:8d:63:3e:a7:d0:04:c6:b8:2c:08:
                    23:dc:c9:b1:fa:f1:f4:4b:e8:d0:ec:7d:1c:46:69:
                    54:71:69:03:89:16:d4:3b:ea:4d:3e:ff:d2:7d:35:
                    a1:52:4a:9a:5f:67:16:38:24:4a:0c:93:0b:29:d3:
                    1a:37:9a:af:03:18:60:a7:3c:94:3f:0a:0a:d0:25:
                    32:cf:76:f9:51:63:0c:6a:fb:cc:07:1a:a2:5d:d4:
                    d7:89:a8:85:6e:f9:7c:49:aa:de:29:e9:79:1f:2a:
                    b2:b2:30:98:1d:33:77:bf:97:0d:e3:45:08:74:46:
                    0b:0a:c2:76:20:64:c9:91:e2:25:ec:a7:2b:df:e1:
                    93:c1:7f:d2:3f:c4:ce:47:cc:60:93:4f:77:66:ec:
                    4a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:90:D7:84:13:8F:8A:29:92:72:01:21:80:15:28:AA:8F:0E:57:81
            X509v3 Authority Key Identifier:
                keyid:C6:A7:07:93:4A:76:2B:BD:F3:4F:C0:14:8F:26:5C:E1:24:57:72:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/5pDXhBOPiimScgEhgBUoqo8OV4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:cb:81:ad:ae:01:64:b6:58:22:2e:a9:31:5c:04:dd:44:52:
         be:4a:40:d7:14:51:c4:52:37:dc:d1:79:8b:30:03:bc:7b:69:
         b6:37:91:7d:d7:a1:1b:31:ce:20:9c:cb:c3:96:18:08:c8:65:
         12:1e:44:91:a1:07:e5:09:29:eb:8d:40:17:28:16:23:c1:55:
         b9:b6:44:83:0e:d1:8e:c8:d9:65:80:1a:c5:e5:ec:62:49:be:
         7a:01:25:b0:b7:60:df:a3:a0:e2:f7:14:0c:a1:fe:5f:eb:02:
         d9:fa:92:83:35:4a:72:20:39:65:b2:e5:83:a0:e6:87:68:2d:
         60:47:7c:49:3f:ea:50:ef:b0:44:89:3b:27:1f:93:97:f2:43:
         ab:56:c5:ad:d0:9e:b0:12:bd:72:74:76:35:b7:1f:59:fe:7b:
         2a:ad:34:dd:5d:4f:75:24:5f:76:fd:89:58:c8:fe:d4:96:f3:
         40:58:28:84:4a:1f:ac:6c:c1:cb:e4:42:f7:c0:0d:32:20:9f:
         e3:7f:88:d8:cd:10:a0:b7:5b:43:1e:ed:f1:e6:61:61:72:68:
         51:bf:7f:81:12:e0:21:8f:3a:90:99:1e:33:d5:fd:c6:e6:58:
         d9:4f:74:05:59:a6:21:49:19:af:39:76:a6:bb:d3:d2:cb:1d:
         3b:fb:04:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSy7hUbllOlREogKaDl8rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTcwNzkzNGE3NjJiYmRmMzRmYzAxNDhmMjY1Y2UxMjQ1
NzcyMTMwHhcNMjQwMTAxMTgzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjkwZDc4NDEzOGY4YTI5OTI3MjAxMjE4MDE1MjhhYThmMGU1NzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0/Z/bD08XBfoMPOrVjxpiSOtdSh
fAmtuVaZtA/+n0MT7zvBKzTAFPYdjKQFa2Sk08UhrcghbtEhgjJ4Mw2V7q9rIBMq
8M9eGZBF/L5omN7ClFO9fBBH3OLEkSH3AetY0bAYSREjQ8IK+GN6EY1jPqfQBMa4
LAgj3Mmx+vH0S+jQ7H0cRmlUcWkDiRbUO+pNPv/SfTWhUkqaX2cWOCRKDJMLKdMa
N5qvAxhgpzyUPwoK0CUyz3b5UWMMavvMBxqiXdTXiaiFbvl8SareKel5HyqysjCY
HTN3v5cN40UIdEYLCsJ2IGTJkeIl7Kcr3+GTwX/SP8TOR8xgk093ZuxKKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOaQ14QTj4opknIBIYAVKKqPDleBMB8GA1UdIwQY
MBaAFManB5NKdiu980/AFI8mXOEkV3ITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFjSGswcDJLNzN6VDhBVWp5WmM0U1JYY2hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi80ODZjOTYtOGUwZi00MTYxLWEwMGUt
YjhlYTE4ZWI3NWY0LzEvNXBEWGhCT1BpaW1TY2dFaGdCVW9xbzhPVjRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi80ODZjOTYtOGUwZi00MTYxLWEwMGUtYjhlYTE4ZWI3NWY0
LzEveHFjSGswcDJLNzN6VDhBVWp5WmM0U1JYY2hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfyaMA0G
CSqGSIb3DQEBCwUAA4IBAQAby4GtrgFktlgiLqkxXATdRFK+SkDXFFHEUjfc0XmL
MAO8e2m2N5F916EbMc4gnMvDlhgIyGUSHkSRoQflCSnrjUAXKBYjwVW5tkSDDtGO
yNllgBrF5exiSb56ASWwt2Dfo6Di9xQMof5f6wLZ+pKDNUpyIDllsuWDoOaHaC1g
R3xJP+pQ77BEiTsnH5OX8kOrVsWt0J6wEr1ydHY1tx9Z/nsqrTTdXU91JF92/YlY
yP7UlvNAWCiESh+sbMHL5EL3wA0yIJ/jf4jYzRCgt1tDHu3x5mFhcmhRv3+BEuAh
jzqQmR4z1f3G5ljZT3QFWaYhSRmvOXamu9PSyx07+wQh
-----END CERTIFICATE-----