Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/5NS5975EAn-vRP0V1xn79bNv5MI.roa
File:                     5NS5975EAn-vRP0V1xn79bNv5MI.roa (raw, json)
Hash identifier:          X/XBdb3raTOZQbgB9y51TVQNqtClEjDZSP8zaZjuf7U=
Subject key identifier:   E4:D4:B9:F7:BE:44:02:7F:AF:44:FD:15:D7:19:FB:F5:B3:6F:E4:C2
Certificate issuer:       /CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
Certificate serial:       01914824D7423586AA2284EF09651A4656E1
Authority key identifier: 8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/5NS5975EAn-vRP0V1xn79bNv5MI.roa
Signing time:             Mon 12 Aug 2024 19:50:59 +0000
ROA not before:           Mon 12 Aug 2024 19:50:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        5.102.36.0/23 maxlen: 23
                          195.5.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Oct 2024 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:48:24:d7:42:35:86:aa:22:84:ef:09:65:1a:46:56:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bdf76c54b9e6935c30a9b4c9ba9309ac470ec02
        Validity
            Not Before: Aug 12 19:50:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4d4b9f7be44027faf44fd15d719fbf5b36fe4c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5e:78:38:ca:b4:35:b2:7e:9d:1b:b4:30:bc:
                    4f:2f:be:ae:f6:4c:56:f6:bb:e1:b8:99:3c:e2:f3:
                    a7:e1:01:9a:df:92:ee:48:61:bd:54:ea:05:49:92:
                    fc:16:b2:be:e3:44:88:2f:bc:42:ec:77:30:a3:a7:
                    f7:25:d7:53:55:dc:83:d5:b0:95:cf:43:97:0e:e0:
                    d1:18:64:91:bb:ad:cb:78:a2:3c:19:1e:86:94:a1:
                    d1:34:06:df:3a:a9:99:7d:8c:50:52:aa:d6:e2:50:
                    08:c7:0c:4c:e0:c3:72:27:73:2a:e0:74:ec:85:39:
                    73:ef:f5:01:9c:41:92:b5:3d:a9:76:71:51:55:b3:
                    b1:c0:74:6a:a7:b5:46:6a:99:b2:a7:d5:95:05:03:
                    28:b8:2c:98:f2:88:1e:73:f2:c9:6a:7c:3d:ae:8e:
                    df:75:a6:04:e9:60:6f:1a:90:6e:34:50:45:85:12:
                    f1:8e:84:d2:a5:6a:bb:e9:48:8e:4a:9f:93:16:2c:
                    50:e8:b7:b8:d4:ad:f6:03:c8:28:47:3c:d7:7e:e7:
                    6f:fe:79:09:8b:ae:a2:80:28:6d:a1:ea:54:e0:49:
                    a9:e9:0c:44:09:89:70:15:f3:d1:e6:58:2f:4f:17:
                    ee:ef:16:8a:a4:1b:90:3a:12:20:59:b2:7f:4a:80:
                    46:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:D4:B9:F7:BE:44:02:7F:AF:44:FD:15:D7:19:FB:F5:B3:6F:E4:C2
            X509v3 Authority Key Identifier:
                keyid:8B:DF:76:C5:4B:9E:69:35:C3:0A:9B:4C:9B:A9:30:9A:C4:70:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i992xUueaTXDCptMm6kwmsRw7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/5NS5975EAn-vRP0V1xn79bNv5MI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/21519e-b8dc-4240-aa78-8d218665027d/1/i992xUueaTXDCptMm6kwmsRw7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.36.0/23
                  195.5.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:dd:d2:09:55:af:fe:08:0e:96:69:98:b0:4d:9c:d1:54:ad:
         dd:63:a1:9a:a5:98:a9:44:92:01:fd:33:f3:d8:d5:09:f8:ce:
         be:2b:21:d6:c2:93:12:63:9f:db:69:d0:72:64:21:56:b6:b2:
         da:fd:05:04:2c:e7:4e:3f:cc:cf:29:a0:7d:76:bf:77:d6:d9:
         68:e3:bd:3c:13:d6:19:e3:da:b5:ed:3a:59:ba:bd:bb:a4:65:
         34:f5:9a:45:4b:c6:b8:50:b7:14:65:0c:86:03:1d:e4:5b:9f:
         6a:4c:df:2f:85:67:9c:d4:e7:43:6c:52:01:0f:28:02:e6:78:
         d9:c1:d2:2c:dc:98:6c:d8:e8:14:81:50:be:ee:35:3d:bb:9c:
         cf:ef:d0:e7:fc:5f:a0:92:ff:8b:96:75:00:82:18:b0:50:1a:
         f9:d8:2c:d4:69:e0:78:4d:a2:aa:7a:fe:24:1c:89:d2:2b:ec:
         2f:43:97:03:51:9f:5f:5a:39:72:f8:62:6c:f5:12:e1:e8:db:
         83:0f:78:bc:4b:13:5e:56:c0:e6:47:49:a6:49:e0:44:44:72:
         0b:5c:02:d4:8b:05:f5:db:eb:95:59:19:34:f3:10:7c:7d:21:
         c9:c7:49:08:85:b9:fa:af:45:f1:44:cd:65:55:23:97:38:c0:
         88:1d:c0:84
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFIJNdCNYaqIoTvCWUaRlbhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiZGY3NmM1NGI5ZTY5MzVjMzBhOWI0YzliYTkzMDlhYzQ3
MGVjMDIwHhcNMjQwODEyMTk1MDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGQ0YjlmN2JlNDQwMjdmYWY0NGZkMTVkNzE5ZmJmNWIzNmZlNGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx154OMq0NbJ+nRu0MLxPL76u9kxW
9rvhuJk84vOn4QGa35LuSGG9VOoFSZL8FrK+40SIL7xC7Hcwo6f3JddTVdyD1bCV
z0OXDuDRGGSRu63LeKI8GR6GlKHRNAbfOqmZfYxQUqrW4lAIxwxM4MNyJ3Mq4HTs
hTlz7/UBnEGStT2pdnFRVbOxwHRqp7VGapmyp9WVBQMouCyY8ogec/LJanw9ro7f
daYE6WBvGpBuNFBFhRLxjoTSpWq76UiOSp+TFixQ6Le41K32A8goRzzXfudv/nkJ
i66igChtoepU4Emp6QxECYlwFfPR5lgvTxfu7xaKpBuQOhIgWbJ/SoBG2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOTUufe+RAJ/r0T9FdcZ+/Wzb+TCMB8GA1UdIwQY
MBaAFIvfdsVLnmk1wwqbTJupMJrEcOwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgt
OGQyMTg2NjUwMjdkLzEvNU5TNTk3NUVBbi12UlAwVjF4bjc5Yk52NU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yMTUxOWUtYjhkYy00MjQwLWFhNzgtOGQyMTg2NjUwMjdk
LzEvaTk5MnhVdWVhVFhEQ3B0TW02a3dtc1J3N0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBWYkAwQA
wwV9MA0GCSqGSIb3DQEBCwUAA4IBAQCA3dIJVa/+CA6WaZiwTZzRVK3dY6GapZip
RJIB/TPz2NUJ+M6+KyHWwpMSY5/badByZCFWtrLa/QUELOdOP8zPKaB9dr931tlo
4708E9YZ49q17TpZur27pGU09ZpFS8a4ULcUZQyGAx3kW59qTN8vhWec1OdDbFIB
DygC5njZwdIs3Jhs2OgUgVC+7jU9u5zP79Dn/F+gkv+LlnUAghiwUBr52CzUaeB4
TaKqev4kHInSK+wvQ5cDUZ9fWjly+GJs9RLh6NuDD3i8SxNeVsDmR0mmSeBERHIL
XALUiwX12+uVWRk08xB8fSHJx0kIhbn6r0XxRM1lVSOXOMCIHcCE
-----END CERTIFICATE-----