Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/1c068e-889c-42be-bd8b-a6abb1215dec/1/1-5GrPYwHG94DYIJmze00iU1Lvw8.roa
File:                     1-5GrPYwHG94DYIJmze00iU1Lvw8.roa (raw, json)
Hash identifier:          50X9Vz8vMs6OLdzIBIQ+Xw0KPvEgbUhhxukmmTVPHnw=
Subject key identifier:   FB:91:AB:3D:8C:07:1B:DE:03:60:82:66:CD:ED:34:89:4D:4B:BF:0F
Certificate issuer:       /CN=b5b632972547673df0f75aabc839a2422854a22a
Certificate serial:       018CC8013C76FF86D8DBD9B0085615FD5662
Authority key identifier: B5:B6:32:97:25:47:67:3D:F0:F7:5A:AB:C8:39:A2:42:28:54:A2:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tbYylyVHZz3w91qryDmiQihUoio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/1c068e-889c-42be-bd8b-a6abb1215dec/1/1-5GrPYwHG94DYIJmze00iU1Lvw8.roa
Signing time:             Tue 02 Jan 2024 02:29:33 +0000
ROA not before:           Tue 02 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        137.193.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/1c068e-889c-42be-bd8b-a6abb1215dec/1/tbYylyVHZz3w91qryDmiQihUoio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/1c068e-889c-42be-bd8b-a6abb1215dec/1/tbYylyVHZz3w91qryDmiQihUoio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tbYylyVHZz3w91qryDmiQihUoio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:3c:76:ff:86:d8:db:d9:b0:08:56:15:fd:56:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5b632972547673df0f75aabc839a2422854a22a
        Validity
            Not Before: Jan  2 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb91ab3d8c071bde03608266cded34894d4bbf0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a9:da:a1:3d:09:73:a6:52:6f:59:81:c4:43:
                    36:3e:bb:c4:98:ef:9d:42:2c:b2:c4:c4:0e:9b:8c:
                    1e:3f:4d:fd:6e:84:7b:03:3e:35:06:b9:c0:07:29:
                    11:7a:00:d7:91:ca:93:18:7c:87:bc:e4:34:85:56:
                    3a:93:38:37:16:35:fd:ba:1f:a6:96:1f:18:3b:65:
                    4a:f7:1f:a0:82:85:2c:29:ed:52:a9:e6:96:4b:9f:
                    0e:d9:2f:23:9d:b6:b3:20:18:f7:f5:65:ab:77:94:
                    b2:dd:82:03:f1:84:63:7f:f3:8a:7b:b4:c8:6e:30:
                    45:c8:1c:3a:8d:b5:99:50:c5:b0:6c:63:7a:93:a1:
                    b1:f9:27:93:78:29:5e:c9:a0:a8:03:ba:e0:6b:4b:
                    ef:0a:cc:03:a6:b3:b8:dc:82:51:52:a1:ba:9c:dd:
                    b3:df:11:9e:46:a5:b6:a1:11:48:d9:ca:dc:8d:88:
                    34:88:58:ea:a2:5c:7e:8b:5e:7b:ce:72:d4:8d:8a:
                    6f:20:ce:04:75:b7:d0:b7:18:95:91:7b:03:59:28:
                    4a:a9:ff:47:ed:61:cb:46:72:1d:a9:24:e5:a5:c2:
                    8b:a2:1c:a8:3a:66:98:d1:01:02:30:e3:0c:b5:3e:
                    53:92:57:63:0f:ca:8b:65:e5:17:32:0b:d2:dc:9e:
                    48:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:91:AB:3D:8C:07:1B:DE:03:60:82:66:CD:ED:34:89:4D:4B:BF:0F
            X509v3 Authority Key Identifier:
                keyid:B5:B6:32:97:25:47:67:3D:F0:F7:5A:AB:C8:39:A2:42:28:54:A2:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tbYylyVHZz3w91qryDmiQihUoio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1c068e-889c-42be-bd8b-a6abb1215dec/1/1-5GrPYwHG94DYIJmze00iU1Lvw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1c068e-889c-42be-bd8b-a6abb1215dec/1/tbYylyVHZz3w91qryDmiQihUoio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.193.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ac:ad:f6:e0:c0:51:91:e3:9e:e1:b8:f8:2d:b1:b7:05:12:1f:
         42:6b:0d:d1:98:d9:8f:9b:ad:28:bd:42:c0:ff:ad:45:10:28:
         53:7c:75:10:ea:20:d2:87:c1:09:f1:5c:d2:14:25:1e:9c:f1:
         31:1b:12:cf:1c:58:a9:84:3a:b9:62:63:7e:87:5b:8b:b6:99:
         9b:70:15:6e:24:41:f9:d7:1a:5c:82:65:3b:c9:db:4a:73:c1:
         73:37:53:e7:f0:45:af:16:98:6a:7d:23:07:e8:56:75:16:68:
         e9:c5:9f:76:89:88:84:66:ea:65:6c:eb:0b:5a:68:10:2f:31:
         e1:eb:c8:05:fe:4d:e6:15:53:b0:d8:f6:bf:c8:3e:55:43:1a:
         1f:26:81:ce:dc:0a:3c:0e:e3:79:7d:b4:93:6c:54:8d:b0:73:
         a6:87:a9:b7:93:11:37:32:a5:63:19:e3:e9:30:86:4e:42:dc:
         5a:b4:5d:6e:31:cd:3e:04:f9:53:bb:76:b6:88:c8:60:45:e8:
         8d:98:42:59:27:87:90:fd:8b:0d:c6:03:52:dc:80:63:55:fa:
         1f:a8:a0:ef:54:c6:da:9e:d3:92:11:94:37:af:48:9b:a1:f2:
         c3:ad:e7:a9:a9:a6:4f:be:7d:9f:55:d1:98:55:91:71:31:07:
         19:02:c9:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATx2/4bY29mwCFYV/VZiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1YjYzMjk3MjU0NzY3M2RmMGY3NWFhYmM4MzlhMjQyMjg1
NGEyMmEwHhcNMjQwMTAyMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjkxYWIzZDhjMDcxYmRlMDM2MDgyNjZjZGVkMzQ4OTRkNGJiZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnaoT0Jc6ZSb1mBxEM2PrvEmO+d
QiyyxMQOm4weP039boR7Az41BrnABykRegDXkcqTGHyHvOQ0hVY6kzg3FjX9uh+m
lh8YO2VK9x+ggoUsKe1SqeaWS58O2S8jnbazIBj39WWrd5Sy3YID8YRjf/OKe7TI
bjBFyBw6jbWZUMWwbGN6k6Gx+SeTeCleyaCoA7rga0vvCswDprO43IJRUqG6nN2z
3xGeRqW2oRFI2crcjYg0iFjqolx+i157znLUjYpvIM4EdbfQtxiVkXsDWShKqf9H
7WHLRnIdqSTlpcKLohyoOmaY0QECMOMMtT5TkldjD8qLZeUXMgvS3J5IBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPuRqz2MBxveA2CCZs3tNIlNS78PMB8GA1UdIwQY
MBaAFLW2MpclR2c98Pdaq8g5okIoVKIqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGJZeWx5VkhaejN3OTFxcnlEbWlRaWhVb2lvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xYzA2OGUtODg5Yy00MmJlLWJkOGIt
YTZhYmIxMjE1ZGVjLzEvMS01R3JQWXdIRzk0RFlJSm16ZTAwaVUxTHZ3OC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzUvMWMwNjhlLTg4OWMtNDJiZS1iZDhiLWE2YWJiMTIxNWRl
Yy8xL3RiWXlseVZIWnozdzkxcXJ5RG1pUWloVW9pby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAInBMA0G
CSqGSIb3DQEBCwUAA4IBAQCsrfbgwFGR457huPgtsbcFEh9Caw3RmNmPm60ovULA
/61FEChTfHUQ6iDSh8EJ8VzSFCUenPExGxLPHFiphDq5YmN+h1uLtpmbcBVuJEH5
1xpcgmU7ydtKc8FzN1Pn8EWvFphqfSMH6FZ1FmjpxZ92iYiEZuplbOsLWmgQLzHh
68gF/k3mFVOw2Pa/yD5VQxofJoHO3Ao8DuN5fbSTbFSNsHOmh6m3kxE3MqVjGePp
MIZOQtxatF1uMc0+BPlTu3a2iMhgReiNmEJZJ4eQ/YsNxgNS3IBjVfofqKDvVMba
ntOSEZQ3r0ibofLDreepqaZPvn2fVdGYVZFxMQcZAsmS
-----END CERTIFICATE-----