Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/2f5931-05a8-436b-9273-cd7b6edbfcf5/1/tjZFTLEPYDGQ2iSEazkmBtl0Lms.roa
File:                     tjZFTLEPYDGQ2iSEazkmBtl0Lms.roa (raw, json)
Hash identifier:          0bESaKk5KKoU18DKaJUO174K4XV590RxAqSNW6nnrDY=
Subject key identifier:   B6:36:45:4C:B1:0F:60:31:90:DA:24:84:6B:39:26:06:D9:74:2E:6B
Certificate issuer:       /CN=51e2be139ae779cd3d4feebccd368281a1f5e7a0
Certificate serial:       018CC5DBF5B57D7CFE67694983899C162CDD
Authority key identifier: 51:E2:BE:13:9A:E7:79:CD:3D:4F:EE:BC:CD:36:82:81:A1:F5:E7:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UeK-E5rnec09T-68zTaCgaH156A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/2f5931-05a8-436b-9273-cd7b6edbfcf5/1/tjZFTLEPYDGQ2iSEazkmBtl0Lms.roa
Signing time:             Mon 01 Jan 2024 16:29:36 +0000
ROA not before:           Mon 01 Jan 2024 16:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5539
IP address blocks:        185.5.184.0/23 maxlen: 23
                          2a02:7c40::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/2f5931-05a8-436b-9273-cd7b6edbfcf5/1/UeK-E5rnec09T-68zTaCgaH156A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/2f5931-05a8-436b-9273-cd7b6edbfcf5/1/UeK-E5rnec09T-68zTaCgaH156A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UeK-E5rnec09T-68zTaCgaH156A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f5:b5:7d:7c:fe:67:69:49:83:89:9c:16:2c:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51e2be139ae779cd3d4feebccd368281a1f5e7a0
        Validity
            Not Before: Jan  1 16:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b636454cb10f603190da24846b392606d9742e6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:01:e9:89:91:56:db:23:ba:a5:82:c3:7a:bd:
                    3f:5b:e5:ed:fb:f9:1a:d9:0a:67:18:4e:13:a4:5a:
                    3a:5e:65:26:ee:10:50:ea:4d:94:40:4f:1d:fd:73:
                    75:c2:bb:30:a3:ca:bb:a6:ab:d8:4f:f7:00:64:4c:
                    48:f5:b7:e4:0d:a2:62:fd:c8:f4:44:44:be:4f:f3:
                    bd:e0:96:ce:b5:e2:e3:60:c6:9e:cf:f0:ab:c8:8a:
                    c1:3b:04:c7:8c:ac:23:84:4a:97:64:95:88:30:fa:
                    b8:93:af:55:18:b4:38:ae:96:c1:22:a0:7e:50:8f:
                    cb:01:14:e7:05:d7:4c:72:0e:d1:2f:64:21:cd:ec:
                    9c:40:cf:56:7c:0a:6a:47:43:0d:ee:77:45:80:47:
                    78:b8:f7:e5:cf:e6:d7:b5:5b:c7:b9:21:ed:b9:98:
                    14:5e:48:64:6f:77:3c:57:c7:e0:b8:95:f8:c3:66:
                    cf:f6:ee:5a:c2:a7:62:d4:ec:e8:15:4c:02:b7:a5:
                    40:9b:ef:c7:eb:04:ad:b7:cf:3d:a3:71:fd:8b:ee:
                    ff:4e:e9:85:a3:c2:fe:0f:db:6e:87:db:53:c4:7f:
                    15:4e:0d:b1:d7:36:dc:d8:37:38:98:17:d6:6b:f7:
                    d1:8c:86:73:03:1c:f3:5a:8b:e8:6d:fd:9b:40:4e:
                    db:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:36:45:4C:B1:0F:60:31:90:DA:24:84:6B:39:26:06:D9:74:2E:6B
            X509v3 Authority Key Identifier:
                keyid:51:E2:BE:13:9A:E7:79:CD:3D:4F:EE:BC:CD:36:82:81:A1:F5:E7:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UeK-E5rnec09T-68zTaCgaH156A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2f5931-05a8-436b-9273-cd7b6edbfcf5/1/tjZFTLEPYDGQ2iSEazkmBtl0Lms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/2f5931-05a8-436b-9273-cd7b6edbfcf5/1/UeK-E5rnec09T-68zTaCgaH156A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.184.0/23
                IPv6:
                  2a02:7c40::/33

    Signature Algorithm: sha256WithRSAEncryption
         0a:03:6b:37:8d:d0:93:ff:a0:79:fc:19:82:54:6c:3e:9d:e6:
         4b:72:5a:56:28:70:f7:03:8e:ac:43:f3:1b:de:23:76:3d:c1:
         0a:cb:5b:f5:db:7a:71:4e:bb:5d:4b:9b:bd:04:66:ad:05:4a:
         84:4e:a9:ae:99:e5:79:fe:e7:cb:b9:aa:52:a8:81:f1:79:3b:
         f6:77:6f:7c:d6:6b:0e:a7:76:19:ca:95:f9:24:f8:15:fd:bc:
         24:7b:1a:41:27:59:09:cb:05:2f:74:8d:ef:a7:d5:e3:7f:60:
         70:be:88:c6:ee:a8:46:fa:28:af:fd:74:ef:4a:37:99:9d:06:
         7a:fd:11:5b:d6:c1:40:0a:d9:12:a8:df:fa:d1:0d:2f:d1:71:
         b6:97:c8:fe:3a:91:7c:e0:d4:c0:14:77:f9:8c:bd:79:6a:ca:
         c9:86:27:0b:ae:d3:83:ea:3a:8d:1d:83:1a:bc:0b:2b:df:98:
         53:7c:39:d4:40:92:c8:2b:87:8d:6f:1c:cc:14:dc:fa:4c:41:
         c9:49:d3:10:c7:dc:b3:34:01:28:c1:20:72:7a:d9:c4:55:2c:
         55:e8:21:81:4e:b6:5a:ea:91:b4:cc:00:b6:6d:58:79:1b:3a:
         bb:1f:55:8a:d7:a0:af:17:27:59:f6:95:ea:ec:fa:bc:e3:43:
         3f:d7:08:30
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzF2/W1fXz+Z2lJg4mcFizdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZTJiZTEzOWFlNzc5Y2QzZDRmZWViY2NkMzY4MjgxYTFm
NWU3YTAwHhcNMjQwMTAxMTYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjM2NDU0Y2IxMGY2MDMxOTBkYTI0ODQ2YjM5MjYwNmQ5NzQyZTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogHpiZFW2yO6pYLDer0/W+Xt+/ka
2QpnGE4TpFo6XmUm7hBQ6k2UQE8d/XN1wrswo8q7pqvYT/cAZExI9bfkDaJi/cj0
RES+T/O94JbOteLjYMaez/CryIrBOwTHjKwjhEqXZJWIMPq4k69VGLQ4rpbBIqB+
UI/LARTnBddMcg7RL2QhzeycQM9WfApqR0MN7ndFgEd4uPflz+bXtVvHuSHtuZgU
Xkhkb3c8V8fguJX4w2bP9u5awqdi1OzoFUwCt6VAm+/H6wStt889o3H9i+7/TumF
o8L+D9tuh9tTxH8VTg2x1zbc2Dc4mBfWa/fRjIZzAxzzWovobf2bQE7bywIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLY2RUyxD2AxkNokhGs5JgbZdC5rMB8GA1UdIwQY
MBaAFFHivhOa53nNPU/uvM02goGh9eegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWVLLUU1cm5lYzA5VC02OHpUYUNnYUgxNTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yZjU5MzEtMDVhOC00MzZiLTkyNzMt
Y2Q3YjZlZGJmY2Y1LzEvdGpaRlRMRVBZREdRMmlTRWF6a21CdGwwTG1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yZjU5MzEtMDVhOC00MzZiLTkyNzMtY2Q3YjZlZGJmY2Y1
LzEvVWVLLUU1cm5lYzA5VC02OHpUYUNnYUgxNTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBuQW4MA4E
AgACMAgDBgcqAnxAADANBgkqhkiG9w0BAQsFAAOCAQEACgNrN43Qk/+gefwZglRs
Pp3mS3JaVihw9wOOrEPzG94jdj3BCstb9dt6cU67XUubvQRmrQVKhE6prpnlef7n
y7mqUqiB8Xk79ndvfNZrDqd2GcqV+ST4Ff28JHsaQSdZCcsFL3SN76fV439gcL6I
xu6oRvoor/1070o3mZ0Gev0RW9bBQArZEqjf+tENL9FxtpfI/jqRfODUwBR3+Yy9
eWrKyYYnC67Tg+o6jR2DGrwLK9+YU3w51ECSyCuHjW8czBTc+kxByUnTEMfcszQB
KMEgcnrZxFUsVeghgU62WuqRtMwAtm1YeRs6ux9VitegrxcnWfaV6uz6vONDP9cI
MA==
-----END CERTIFICATE-----