Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/E5-PQpliGw8rjv_7ohvE6UKH7Nc.roa
File:                     E5-PQpliGw8rjv_7ohvE6UKH7Nc.roa (raw, json)
Hash identifier:          VCbBdpLp46dgKO74FiRZJo2LLcAgt2/LZjT9OYC4qqY=
Subject key identifier:   13:9F:8F:42:99:62:1B:0F:2B:8E:FF:FB:A2:1B:C4:E9:42:87:EC:D7
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       018CC56EDB1BA9B485E2F7CE2A5929CC7E1B
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/E5-PQpliGw8rjv_7ohvE6UKH7Nc.roa
Signing time:             Mon 01 Jan 2024 14:30:25 +0000
ROA not before:           Mon 01 Jan 2024 14:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211804
IP address blocks:        82.129.14.0/23 maxlen: 24
                          82.129.24.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:db:1b:a9:b4:85:e2:f7:ce:2a:59:29:cc:7e:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Jan  1 14:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=139f8f4299621b0f2b8efffba21bc4e94287ecd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f2:0d:ef:a4:b3:50:a9:b7:c2:09:31:c0:6d:
                    c4:de:a8:d1:08:06:85:e5:70:d9:4e:02:bc:64:f4:
                    5b:db:92:7b:5d:9d:19:25:52:ad:5b:13:fd:1d:8d:
                    53:51:4b:a0:3c:60:ff:58:a3:17:bd:f7:d1:ef:44:
                    ff:9c:09:e7:bd:66:cb:a2:ef:93:61:49:31:c1:36:
                    ff:a8:01:8b:5b:23:83:bc:2a:79:7e:fd:30:f5:2b:
                    e8:1a:e3:f1:68:5e:59:2c:3f:90:5c:81:3d:97:b2:
                    86:50:20:4c:ca:19:b3:31:d1:c2:95:66:37:5c:8c:
                    87:62:ea:70:0c:60:b8:1e:1d:16:d7:b5:54:ae:78:
                    7c:68:11:2a:ed:36:25:e2:2f:a8:9e:cd:98:e0:0f:
                    c5:5f:44:00:03:54:d9:5f:8e:bc:1c:f1:30:74:b1:
                    3f:49:54:c8:64:e7:59:55:cc:db:57:db:59:7e:d7:
                    ec:96:cd:f9:01:cb:77:55:8f:df:0f:6a:bb:c4:55:
                    1f:1c:75:99:40:58:a3:c5:82:7c:14:a9:14:1f:9b:
                    bf:a8:d2:bc:8e:08:cc:56:45:e4:23:3c:d5:25:02:
                    d8:a2:a8:a0:db:cf:10:a9:1f:bc:fa:93:86:59:d7:
                    88:95:3e:77:20:e7:cd:12:30:b2:0d:a6:40:73:e6:
                    b4:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:9F:8F:42:99:62:1B:0F:2B:8E:FF:FB:A2:1B:C4:E9:42:87:EC:D7
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/E5-PQpliGw8rjv_7ohvE6UKH7Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.129.14.0/23
                  82.129.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:85:b0:3c:9c:a0:b7:99:6e:52:9f:9a:09:91:30:c0:21:1d:
         12:61:f6:bb:b8:f4:11:5a:87:b0:1b:87:1c:c6:d3:3d:78:51:
         67:e8:7b:81:3a:6e:8d:7d:80:3c:37:49:c2:f5:46:6d:5f:67:
         07:77:b9:ba:61:21:1e:8f:60:fa:df:c1:f9:38:11:f1:a0:7d:
         d9:ef:da:04:b0:5c:92:ce:ac:43:34:36:a1:b3:a6:99:bd:b1:
         f1:63:45:11:e4:00:a6:74:22:7d:3c:d0:d8:2e:e2:e4:f6:04:
         bb:3b:1c:39:7f:f1:74:71:77:3e:3f:3a:4a:0c:be:03:0c:32:
         9d:48:bc:12:d0:a6:cd:ba:a4:b0:bf:50:fe:aa:46:d3:a6:4f:
         92:e2:0b:c6:31:4d:41:7e:bb:a2:61:53:9b:13:0b:77:a0:eb:
         62:39:50:c2:d3:62:d1:68:2c:82:7d:fe:fe:80:b5:7a:25:07:
         85:94:a2:ae:ca:94:e0:a6:0f:dc:d2:0f:a7:b2:ba:09:2d:47:
         c8:9b:bb:8a:d4:7b:61:bf:db:1c:68:37:cf:16:2b:eb:d7:4f:
         d7:0c:bb:b4:d0:13:0a:1f:4c:65:f0:8f:56:fa:be:12:31:5f:
         2a:ba:d8:1f:b4:d0:ee:cd:7e:35:1e:ba:1e:66:86:18:45:c0:
         10:4d:cc:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbtsbqbSF4vfOKlkpzH4bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjQwMTAxMTQzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzlmOGY0Mjk5NjIxYjBmMmI4ZWZmZmJhMjFiYzRlOTQyODdlY2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfIN76SzUKm3wgkxwG3E3qjRCAaF
5XDZTgK8ZPRb25J7XZ0ZJVKtWxP9HY1TUUugPGD/WKMXvffR70T/nAnnvWbLou+T
YUkxwTb/qAGLWyODvCp5fv0w9SvoGuPxaF5ZLD+QXIE9l7KGUCBMyhmzMdHClWY3
XIyHYupwDGC4Hh0W17VUrnh8aBEq7TYl4i+ons2Y4A/FX0QAA1TZX468HPEwdLE/
SVTIZOdZVczbV9tZftfsls35Act3VY/fD2q7xFUfHHWZQFijxYJ8FKkUH5u/qNK8
jgjMVkXkIzzVJQLYoqig288QqR+8+pOGWdeIlT53IOfNEjCyDaZAc+a0oQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBOfj0KZYhsPK47/+6IbxOlCh+zXMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvRTUtUFFwbGlHdzhyanZfN29odkU2VUtIN05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUoEOAwQB
UoEYMA0GCSqGSIb3DQEBCwUAA4IBAQAShbA8nKC3mW5Sn5oJkTDAIR0SYfa7uPQR
WoewG4ccxtM9eFFn6HuBOm6NfYA8N0nC9UZtX2cHd7m6YSEej2D638H5OBHxoH3Z
79oEsFySzqxDNDahs6aZvbHxY0UR5ACmdCJ9PNDYLuLk9gS7Oxw5f/F0cXc+PzpK
DL4DDDKdSLwS0KbNuqSwv1D+qkbTpk+S4gvGMU1BfruiYVObEwt3oOtiOVDC02LR
aCyCff7+gLV6JQeFlKKuypTgpg/c0g+nsroJLUfIm7uK1Hthv9scaDfPFivr10/X
DLu00BMKH0xl8I9W+r4SMV8qutgftNDuzX41HroeZoYYRcAQTcyi
-----END CERTIFICATE-----