Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/5BrvOTs1gm0Ljf6eaKAVKwlD-MM.roa
File:                     5BrvOTs1gm0Ljf6eaKAVKwlD-MM.roa (raw, json)
Hash identifier:          idNjihNscThiJLVHsK7XAC6nnHiij49qR+4ha/34EeA=
Subject key identifier:   E4:1A:EF:39:3B:35:82:6D:0B:8D:FE:9E:68:A0:15:2B:09:43:F8:C3
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018CC649C8ADC620F2060264A403CB3513E1
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/5BrvOTs1gm0Ljf6eaKAVKwlD-MM.roa
Signing time:             Mon 01 Jan 2024 18:29:33 +0000
ROA not before:           Mon 01 Jan 2024 18:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        109.72.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:c8:ad:c6:20:f2:06:02:64:a4:03:cb:35:13:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 18:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e41aef393b35826d0b8dfe9e68a0152b0943f8c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:55:61:5c:0e:5f:29:5d:e9:9e:1e:4d:21:0b:
                    9b:22:2d:75:81:c3:94:ab:5a:0f:be:ca:89:44:fb:
                    3f:c6:28:5c:1b:cf:3b:6b:d3:14:da:3c:33:50:19:
                    eb:0d:1b:ef:5d:f0:e5:ff:25:bb:60:60:f6:08:95:
                    92:76:3e:ac:59:be:e1:7d:3f:36:da:51:36:75:61:
                    5b:61:27:68:c1:94:e5:ba:1d:71:62:67:8d:7c:c4:
                    e0:b6:5c:e4:72:e1:96:50:05:d9:00:0c:bd:fc:c2:
                    16:cd:96:13:5c:1e:60:6d:d1:23:b4:08:c3:8e:5c:
                    9e:8d:39:75:70:b2:72:2a:57:10:80:d5:cc:7b:f1:
                    9b:45:88:01:d1:18:2a:3c:97:fd:3f:0c:00:93:b3:
                    de:5b:e2:29:64:dd:c1:fa:7d:a0:72:bd:a9:92:5c:
                    d8:74:b9:5a:0c:bf:c0:2d:25:fa:de:14:0b:bf:f6:
                    44:c1:fb:bb:e3:6d:2f:cb:bf:8b:60:fa:01:c3:51:
                    c4:a3:59:76:31:2d:73:8a:6b:2c:c5:d5:99:33:72:
                    97:40:b4:d0:3c:a8:9e:49:5d:dc:62:c5:cb:a4:2f:
                    f5:41:6b:47:9f:5f:f4:c1:3e:10:28:90:50:5c:9b:
                    3a:46:c5:f7:61:d5:65:3b:07:70:d6:f9:a9:4f:37:
                    ad:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:1A:EF:39:3B:35:82:6D:0B:8D:FE:9E:68:A0:15:2B:09:43:F8:C3
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/5BrvOTs1gm0Ljf6eaKAVKwlD-MM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.72.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:d9:c6:dc:97:08:ab:81:47:e3:e8:a8:9a:b0:bf:25:ea:08:
         98:95:35:15:cf:de:9b:73:97:0f:56:5a:22:55:62:35:8d:42:
         e8:b0:12:6d:32:66:20:63:28:43:6c:47:b5:5a:85:ff:90:2f:
         fe:90:c0:a0:08:3c:b5:4d:10:70:ac:d2:a0:d5:04:ee:b8:67:
         ff:f3:8a:3b:d8:b0:57:c3:05:01:ae:ca:d9:5b:27:3c:31:ff:
         96:ad:cb:f5:4f:d1:d1:66:b1:0c:3b:b1:54:6d:48:d4:47:f6:
         11:94:19:ee:ff:8a:10:8c:05:18:0c:c1:2e:ac:eb:38:24:15:
         1f:66:89:37:b2:95:61:6c:de:3f:b3:30:ae:28:44:e4:52:cd:
         e6:9a:8d:00:5a:d0:70:cf:45:ef:04:fa:d3:c3:b3:22:fb:4e:
         37:99:d4:27:d1:de:da:8f:d1:38:2d:7b:e9:2b:2c:80:30:39:
         4e:bf:97:ae:00:83:62:7b:70:f5:45:da:d3:39:c7:33:d5:34:
         13:ce:71:fb:26:d7:f1:6f:ca:22:40:35:97:2c:da:81:89:b0:
         72:5d:28:cd:56:c0:e6:22:2b:9c:fc:67:20:20:74:74:5d:82:
         01:cf:6f:f0:29:97:de:ca:84:ca:af:52:19:d6:61:78:e7:5d:
         cd:ee:73:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGScitxiDyBgJkpAPLNRPhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMTAxMTgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDFhZWYzOTNiMzU4MjZkMGI4ZGZlOWU2OGEwMTUyYjA5NDNmOGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVVhXA5fKV3pnh5NIQubIi11gcOU
q1oPvsqJRPs/xihcG887a9MU2jwzUBnrDRvvXfDl/yW7YGD2CJWSdj6sWb7hfT82
2lE2dWFbYSdowZTluh1xYmeNfMTgtlzkcuGWUAXZAAy9/MIWzZYTXB5gbdEjtAjD
jlyejTl1cLJyKlcQgNXMe/GbRYgB0RgqPJf9PwwAk7PeW+IpZN3B+n2gcr2pklzY
dLlaDL/ALSX63hQLv/ZEwfu7420vy7+LYPoBw1HEo1l2MS1zimssxdWZM3KXQLTQ
PKieSV3cYsXLpC/1QWtHn1/0wT4QKJBQXJs6RsX3YdVlOwdw1vmpTzet2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQa7zk7NYJtC43+nmigFSsJQ/jDMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvNUJydk9UczFnbTBMamY2ZWFLQVZLd2xELU1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUh9MA0G
CSqGSIb3DQEBCwUAA4IBAQAj2cbclwirgUfj6KiasL8l6giYlTUVz96bc5cPVloi
VWI1jULosBJtMmYgYyhDbEe1WoX/kC/+kMCgCDy1TRBwrNKg1QTuuGf/84o72LBX
wwUBrsrZWyc8Mf+Wrcv1T9HRZrEMO7FUbUjUR/YRlBnu/4oQjAUYDMEurOs4JBUf
Zok3spVhbN4/szCuKETkUs3mmo0AWtBwz0XvBPrTw7Mi+043mdQn0d7aj9E4LXvp
KyyAMDlOv5euAINie3D1RdrTOccz1TQTznH7Jtfxb8oiQDWXLNqBibByXSjNVsDm
Iiuc/GcgIHR0XYIBz2/wKZfeyoTKr1IZ1mF4513N7nOe
-----END CERTIFICATE-----