Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Ci2Jl75R69xEu71WJeLn5PS4z3s.roa
File:                     Ci2Jl75R69xEu71WJeLn5PS4z3s.roa (raw, json)
Hash identifier:          +s0KZgT9oa3BkYx4A6i5OJvGVabiwFXjxSZKfzDZCVo=
Subject key identifier:   0A:2D:89:97:BE:51:EB:DC:44:BB:BD:56:25:E2:E7:E4:F4:B8:CF:7B
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC7952462218B769C589BA2EBFC936AFB
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Ci2Jl75R69xEu71WJeLn5PS4z3s.roa
Signing time:             Tue 02 Jan 2024 00:31:29 +0000
ROA not before:           Tue 02 Jan 2024 00:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57784
IP address blocks:        5.133.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:24:62:21:8b:76:9c:58:9b:a2:eb:fc:93:6a:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a2d8997be51ebdc44bbbd5625e2e7e4f4b8cf7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bc:6e:e9:76:f3:45:54:6c:ce:c9:be:e6:30:
                    62:bd:99:fe:06:0f:4b:f8:bc:ae:8a:46:fd:ad:ab:
                    92:6b:66:48:ba:1a:39:e9:bd:43:4c:e8:07:ed:29:
                    a3:d1:88:5d:db:24:28:ca:87:c2:a4:cf:5b:14:ab:
                    11:3a:07:3f:59:3e:33:18:71:5b:c4:9b:32:f0:7e:
                    34:a2:49:50:bd:17:d1:91:7e:b6:90:d0:8b:1b:7e:
                    26:39:82:e8:8a:e0:1d:f3:d1:1b:c4:bd:67:af:28:
                    46:5e:be:7a:98:1e:79:5b:d0:f9:3d:45:b6:b5:65:
                    c4:34:3e:1c:c0:04:30:0b:e0:d0:2f:78:a9:ab:4b:
                    0c:c6:c1:8a:60:75:4a:6f:8d:34:e2:8b:38:3e:6b:
                    33:9a:ee:b4:6f:e4:00:da:e3:a1:6a:97:67:a0:5a:
                    57:b1:e1:35:73:1a:6c:24:65:1b:fe:f3:17:10:8b:
                    1d:1c:50:3d:76:b5:09:1a:24:fe:1c:83:68:14:8c:
                    b8:5c:2b:72:e4:49:6b:06:bb:26:66:ff:4c:58:2e:
                    3c:b6:9a:cb:79:00:a5:67:7a:26:78:b1:d7:ec:d2:
                    46:db:44:d0:40:14:3c:17:c3:ad:fc:1d:24:29:7c:
                    79:4b:2e:bf:30:68:19:02:76:30:4c:9b:2d:c8:f4:
                    25:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:2D:89:97:BE:51:EB:DC:44:BB:BD:56:25:E2:E7:E4:F4:B8:CF:7B
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Ci2Jl75R69xEu71WJeLn5PS4z3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:13:11:60:bc:ef:85:26:59:7e:38:9f:aa:20:02:b3:ad:e7:
         4a:fb:a8:82:8d:73:a0:a7:cb:06:36:d7:9a:f0:f3:3d:9d:6b:
         ac:38:a5:ad:31:9f:a7:25:15:15:fe:84:47:45:89:e5:ec:03:
         60:ed:76:6a:eb:65:73:24:47:31:88:0e:d9:2c:eb:1d:cb:e9:
         f0:be:1f:67:33:9c:6b:03:e9:d5:05:80:d0:54:4b:51:f0:4f:
         ec:f6:79:86:41:13:e6:8b:95:28:46:ab:04:1b:65:31:36:da:
         13:56:85:df:7c:21:ed:f0:68:79:d5:31:08:0f:aa:0e:30:18:
         34:9a:3b:a6:65:81:c5:6b:75:da:60:7d:31:05:03:b9:c8:41:
         44:4c:7c:72:ee:3c:08:5a:66:92:7e:2b:e1:89:20:bf:02:4f:
         e0:ba:1a:a0:b2:5e:d9:38:54:a0:da:2f:e6:01:4f:17:a3:01:
         4a:ee:bf:14:9e:95:37:0f:81:3c:79:6c:9f:ce:70:e1:1f:64:
         8b:db:6c:6a:e0:f6:53:b0:99:14:1f:01:86:74:58:bb:11:59:
         a1:30:6c:a3:20:b7:45:bf:45:3c:72:71:90:ef:9f:96:62:32:
         00:63:15:d1:99:06:bf:2a:1e:d7:b1:0b:73:f6:52:17:f3:61:
         78:90:d0:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlSRiIYt2nFibouv8k2r7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTJkODk5N2JlNTFlYmRjNDRiYmJkNTYyNWUyZTdlNGY0YjhjZjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLxu6XbzRVRszsm+5jBivZn+Bg9L
+Lyuikb9rauSa2ZIuho56b1DTOgH7Smj0Yhd2yQoyofCpM9bFKsROgc/WT4zGHFb
xJsy8H40oklQvRfRkX62kNCLG34mOYLoiuAd89EbxL1nryhGXr56mB55W9D5PUW2
tWXEND4cwAQwC+DQL3ipq0sMxsGKYHVKb4004os4Pmszmu60b+QA2uOhapdnoFpX
seE1cxpsJGUb/vMXEIsdHFA9drUJGiT+HINoFIy4XCty5ElrBrsmZv9MWC48tprL
eQClZ3omeLHX7NJG20TQQBQ8F8Ot/B0kKXx5Sy6/MGgZAnYwTJstyPQlxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAotiZe+UevcRLu9ViXi5+T0uM97MB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvQ2kySmw3NVI2OXhFdTcxV0plTG41UFM0ejNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABYVsMA0G
CSqGSIb3DQEBCwUAA4IBAQA/ExFgvO+FJll+OJ+qIAKzredK+6iCjXOgp8sGNtea
8PM9nWusOKWtMZ+nJRUV/oRHRYnl7ANg7XZq62VzJEcxiA7ZLOsdy+nwvh9nM5xr
A+nVBYDQVEtR8E/s9nmGQRPmi5UoRqsEG2UxNtoTVoXffCHt8Gh51TEID6oOMBg0
mjumZYHFa3XaYH0xBQO5yEFETHxy7jwIWmaSfivhiSC/Ak/guhqgsl7ZOFSg2i/m
AU8XowFK7r8UnpU3D4E8eWyfznDhH2SL22xq4PZTsJkUHwGGdFi7EVmhMGyjILdF
v0U8cnGQ75+WYjIAYxXRmQa/Kh7XsQtz9lIX82F4kNAx
-----END CERTIFICATE-----