Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/5FIFBmd14Kc5ZpuIyutcAVPNTLQ.roa
File:                     5FIFBmd14Kc5ZpuIyutcAVPNTLQ.roa (raw, json)
Hash identifier:          3kWeyXbjkrRZBctmsOPS6KWfeXTlxdg4NhP/u7IGSTY=
Subject key identifier:   E4:52:05:06:67:75:E0:A7:39:66:9B:88:CA:EB:5C:01:53:CD:4C:B4
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B5C1806B7428035CC3CF9B9A2DB9A
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/5FIFBmd14Kc5ZpuIyutcAVPNTLQ.roa
Signing time:             Tue 02 Jan 2024 12:34:48 +0000
ROA not before:           Tue 02 Jan 2024 12:34:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     131477
IP address blocks:        185.188.5.0/24 maxlen: 32
                          185.255.152.0/23 maxlen: 32
                          185.255.153.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:5c:18:06:b7:42:80:35:cc:3c:f9:b9:a2:db:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e45205066775e0a739669b88caeb5c0153cd4cb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3a:4c:76:bc:4b:85:d3:c2:2c:10:6b:ca:36:
                    71:a6:f5:ff:de:79:ca:ef:73:0d:b3:19:fa:ec:5a:
                    0f:4c:34:35:b2:48:e4:ba:b8:68:2a:00:58:91:e3:
                    18:c3:f7:6a:c5:7f:f3:ee:42:b6:3d:b3:d7:91:34:
                    e4:6a:22:a2:ca:4c:fe:c0:a0:2b:3f:96:47:55:c2:
                    c3:dc:cc:d4:09:2a:ad:d5:d7:0f:d2:64:85:65:f9:
                    13:b9:46:55:57:4b:a0:9d:a2:ab:38:a6:10:48:1e:
                    f7:be:24:ab:fc:11:a7:80:44:8a:51:d3:c8:0e:f7:
                    34:8f:0e:26:b9:c8:1a:15:b5:b0:b0:a1:32:7b:8c:
                    b6:60:c0:7e:34:83:8c:5a:40:00:41:71:59:0d:ef:
                    2e:88:e5:2c:f5:2a:08:3b:d9:07:73:7a:b5:f1:c6:
                    0a:e3:4a:3e:8c:6a:81:a0:58:ac:5b:b6:60:7b:08:
                    b4:1e:25:bc:fa:1e:a7:6c:d5:ca:95:91:3a:82:03:
                    c9:f7:8e:69:66:92:f0:10:51:41:7a:ff:bf:95:3a:
                    f1:df:fa:7b:16:07:b4:fe:41:83:16:a9:a9:91:79:
                    73:eb:50:82:13:84:47:9e:74:de:72:79:93:f5:d6:
                    10:4b:a7:44:c6:49:ae:d9:0e:23:79:39:c7:34:aa:
                    a5:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:52:05:06:67:75:E0:A7:39:66:9B:88:CA:EB:5C:01:53:CD:4C:B4
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/5FIFBmd14Kc5ZpuIyutcAVPNTLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.5.0/24
                  185.255.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:7f:4a:fa:ad:90:6c:f5:d9:23:31:53:6a:34:14:c6:09:d0:
         92:60:ee:9e:da:79:f7:fe:49:02:ea:df:8c:db:cf:83:1b:35:
         39:84:33:4d:a6:7d:04:dc:b2:41:1d:a3:ee:4e:12:98:b9:27:
         48:37:10:6f:5d:86:dc:1d:fb:a5:0c:38:59:11:31:5a:a6:61:
         bf:75:b2:8f:08:e9:be:12:57:85:1a:75:68:da:95:56:48:ff:
         9d:50:f1:82:88:59:07:08:b7:22:cc:cb:a4:ec:ac:38:c8:0e:
         a4:d7:1f:50:3d:e9:9c:ae:de:d2:05:82:b6:9e:ca:db:ad:0b:
         22:fe:9e:cc:34:d5:34:48:2a:bf:ce:e0:09:e2:88:02:aa:70:
         b2:a3:27:27:a0:c6:7b:8a:62:47:1e:62:98:f2:88:75:19:d6:
         cb:de:c3:1d:13:7a:d4:74:cb:b1:5f:c5:e6:17:19:43:0d:0a:
         91:96:bd:c7:cb:27:20:42:08:70:ba:16:5d:62:87:72:01:ed:
         55:6c:07:43:a8:12:7e:90:c2:e9:21:47:e4:29:8d:4a:c6:a5:
         8b:c5:bf:4d:40:26:cc:d3:15:90:12:f4:45:27:c0:5e:da:62:
         06:d3:9e:0f:6e:08:2d:9c:95:1b:dc:58:20:44:e9:5d:86:3a:
         83:dd:11:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK1wYBrdCgDXMPPm5otuaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDUyMDUwNjY3NzVlMGE3Mzk2NjliODhjYWViNWMwMTUzY2Q0Y2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzpMdrxLhdPCLBBryjZxpvX/3nnK
73MNsxn67FoPTDQ1skjkurhoKgBYkeMYw/dqxX/z7kK2PbPXkTTkaiKiykz+wKAr
P5ZHVcLD3MzUCSqt1dcP0mSFZfkTuUZVV0ugnaKrOKYQSB73viSr/BGngESKUdPI
Dvc0jw4mucgaFbWwsKEye4y2YMB+NIOMWkAAQXFZDe8uiOUs9SoIO9kHc3q18cYK
40o+jGqBoFisW7Zgewi0HiW8+h6nbNXKlZE6ggPJ945pZpLwEFFBev+/lTrx3/p7
Fge0/kGDFqmpkXlz61CCE4RHnnTecnmT9dYQS6dExkmu2Q4jeTnHNKqlNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFORSBQZndeCnOWabiMrrXAFTzUy0MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvNUZJRkJtZDE0S2M1WnB1SXl1dGNBVlBOVExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAubwFAwQB
uf+YMA0GCSqGSIb3DQEBCwUAA4IBAQCEf0r6rZBs9dkjMVNqNBTGCdCSYO6e2nn3
/kkC6t+M28+DGzU5hDNNpn0E3LJBHaPuThKYuSdINxBvXYbcHfulDDhZETFapmG/
dbKPCOm+EleFGnVo2pVWSP+dUPGCiFkHCLcizMuk7Kw4yA6k1x9QPemcrt7SBYK2
nsrbrQsi/p7MNNU0SCq/zuAJ4ogCqnCyoycnoMZ7imJHHmKY8oh1GdbL3sMdE3rU
dMuxX8XmFxlDDQqRlr3HyycgQghwuhZdYodyAe1VbAdDqBJ+kMLpIUfkKY1KxqWL
xb9NQCbM0xWQEvRFJ8Be2mIG054PbggtnJUb3FggROldhjqD3RF1
-----END CERTIFICATE-----