Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/59681b-ef84-4cfd-80f4-b653a6c414a0/1/tFVgZ52TaslgL3DZkIPW1dyAfPY.roa
File:                     tFVgZ52TaslgL3DZkIPW1dyAfPY.roa (raw, json)
Hash identifier:          sj5QKj8j3M/Da/8QmiyfQxtCX3zeQO3EayWrXi5Wuk4=
Subject key identifier:   B4:55:60:67:9D:93:6A:C9:60:2F:70:D9:90:83:D6:D5:DC:80:7C:F6
Certificate issuer:       /CN=125bb4f41fa8a9912a0c356ccc274c75332ab244
Certificate serial:       018CC7270249E6C956B5D947A5D11919AB67
Authority key identifier: 12:5B:B4:F4:1F:A8:A9:91:2A:0C:35:6C:CC:27:4C:75:33:2A:B2:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Elu09B-oqZEqDDVszCdMdTMqskQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/59681b-ef84-4cfd-80f4-b653a6c414a0/1/tFVgZ52TaslgL3DZkIPW1dyAfPY.roa
Signing time:             Mon 01 Jan 2024 22:31:11 +0000
ROA not before:           Mon 01 Jan 2024 22:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24978
IP address blocks:        185.5.14.0/23 maxlen: 23
                          2a02:c740::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/59681b-ef84-4cfd-80f4-b653a6c414a0/1/Elu09B-oqZEqDDVszCdMdTMqskQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/59681b-ef84-4cfd-80f4-b653a6c414a0/1/Elu09B-oqZEqDDVszCdMdTMqskQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Elu09B-oqZEqDDVszCdMdTMqskQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:02:49:e6:c9:56:b5:d9:47:a5:d1:19:19:ab:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=125bb4f41fa8a9912a0c356ccc274c75332ab244
        Validity
            Not Before: Jan  1 22:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b45560679d936ac9602f70d99083d6d5dc807cf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c1:c7:8a:cc:d8:9f:ee:fe:42:b4:f7:d0:36:
                    71:0a:54:94:26:7f:2a:56:42:bc:4e:39:fd:02:a5:
                    45:95:98:74:1b:c7:e2:6d:54:c9:36:67:ee:df:e5:
                    26:08:33:c4:6a:41:b6:bf:7a:64:06:52:5a:9e:ed:
                    df:b7:15:f5:99:49:d4:a3:af:b9:38:78:ee:ff:0d:
                    1b:d2:26:d9:d9:0e:43:22:d5:26:22:24:88:77:15:
                    87:0a:12:7c:30:b6:39:7e:4e:5d:bb:2d:0c:18:fc:
                    9f:6d:0f:8d:29:43:d1:59:ef:04:1b:97:b9:76:dc:
                    3b:e4:62:61:f8:e1:27:f0:60:53:38:34:8f:58:57:
                    1f:06:ed:46:93:f3:4b:34:fa:10:a6:26:79:fb:d3:
                    ef:b1:5f:4e:17:b7:3a:0f:8f:dc:43:81:45:18:45:
                    19:f0:ef:05:e2:73:23:f8:90:b1:6a:c6:56:fc:cf:
                    35:7d:d2:25:c8:f3:46:4c:97:cc:3d:cb:69:ea:b1:
                    40:06:71:53:b6:c8:78:c7:ea:b4:7a:73:48:44:db:
                    9a:b8:5d:e4:4e:91:d7:a8:0c:a1:ec:07:46:2d:85:
                    a2:56:cb:7b:11:7c:f4:7e:07:7c:10:1c:d2:df:30:
                    be:0c:28:c2:35:ed:dc:c6:b5:c5:da:1e:cc:2f:18:
                    23:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:55:60:67:9D:93:6A:C9:60:2F:70:D9:90:83:D6:D5:DC:80:7C:F6
            X509v3 Authority Key Identifier:
                keyid:12:5B:B4:F4:1F:A8:A9:91:2A:0C:35:6C:CC:27:4C:75:33:2A:B2:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Elu09B-oqZEqDDVszCdMdTMqskQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/59681b-ef84-4cfd-80f4-b653a6c414a0/1/tFVgZ52TaslgL3DZkIPW1dyAfPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/59681b-ef84-4cfd-80f4-b653a6c414a0/1/Elu09B-oqZEqDDVszCdMdTMqskQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.14.0/23
                IPv6:
                  2a02:c740::/30

    Signature Algorithm: sha256WithRSAEncryption
         0d:a0:06:24:e4:14:de:4e:eb:f0:81:7a:f4:c7:28:df:ba:63:
         2b:de:be:e3:35:22:ca:3b:a3:e1:35:77:75:4b:60:85:16:5d:
         99:6f:09:0f:ac:38:59:a2:b2:88:f0:2a:33:04:e9:9b:40:2e:
         89:ba:61:20:ee:8b:d3:1c:43:e7:e2:87:6b:b4:d5:af:82:91:
         5d:3e:47:bd:98:0b:2b:c2:0e:37:31:24:89:79:b2:1a:70:0c:
         ec:93:8b:b3:26:8a:05:b2:73:fd:0d:21:66:34:b9:c6:72:95:
         6a:9a:4c:5e:2c:0e:4d:70:9a:96:b1:05:09:23:6e:5b:6e:1a:
         99:ea:03:4c:f8:1c:f3:51:49:0c:ef:76:ed:bc:7a:c7:e5:af:
         0e:2f:3c:f8:55:1c:2c:f1:73:97:cd:f6:8e:31:ef:c1:0b:04:
         47:be:b4:c4:49:37:e4:13:f8:dc:ba:37:9c:18:8f:0e:3d:cc:
         31:c8:60:6b:1e:93:57:bb:89:95:a7:a7:ce:7c:7d:58:d1:6e:
         8b:0b:af:94:88:d3:72:e8:42:a1:76:e0:a7:d7:9a:ed:e6:0c:
         37:a0:f6:d8:d1:55:2f:cd:24:5f:0f:13:21:56:93:2e:b0:48:
         ce:de:e4:5f:9c:d2:72:1f:c1:da:f1:15:ab:61:22:38:29:4f:
         eb:52:e1:87
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJwJJ5slWtdlHpdEZGatnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNWJiNGY0MWZhOGE5OTEyYTBjMzU2Y2NjMjc0Yzc1MzMy
YWIyNDQwHhcNMjQwMTAxMjIzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDU1NjA2NzlkOTM2YWM5NjAyZjcwZDk5MDgzZDZkNWRjODA3Y2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsHHiszYn+7+QrT30DZxClSUJn8q
VkK8Tjn9AqVFlZh0G8fibVTJNmfu3+UmCDPEakG2v3pkBlJanu3ftxX1mUnUo6+5
OHju/w0b0ibZ2Q5DItUmIiSIdxWHChJ8MLY5fk5duy0MGPyfbQ+NKUPRWe8EG5e5
dtw75GJh+OEn8GBTODSPWFcfBu1Gk/NLNPoQpiZ5+9PvsV9OF7c6D4/cQ4FFGEUZ
8O8F4nMj+JCxasZW/M81fdIlyPNGTJfMPctp6rFABnFTtsh4x+q0enNIRNuauF3k
TpHXqAyh7AdGLYWiVst7EXz0fgd8EBzS3zC+DCjCNe3cxrXF2h7MLxgjJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLRVYGedk2rJYC9w2ZCD1tXcgHz2MB8GA1UdIwQY
MBaAFBJbtPQfqKmRKgw1bMwnTHUzKrJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWx1MDlCLW9xWkVxRERWc3pDZE1kVE1xc2tRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS81OTY4MWItZWY4NC00Y2ZkLTgwZjQt
YjY1M2E2YzQxNGEwLzEvdEZWZ1o1MlRhc2xnTDNEWmtJUFcxZHlBZlBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS81OTY4MWItZWY4NC00Y2ZkLTgwZjQtYjY1M2E2YzQxNGEw
LzEvRWx1MDlCLW9xWkVxRERWc3pDZE1kVE1xc2tRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuQUOMA0E
AgACMAcDBQIqAsdAMA0GCSqGSIb3DQEBCwUAA4IBAQANoAYk5BTeTuvwgXr0xyjf
umMr3r7jNSLKO6PhNXd1S2CFFl2ZbwkPrDhZorKI8CozBOmbQC6JumEg7ovTHEPn
4odrtNWvgpFdPke9mAsrwg43MSSJebIacAzsk4uzJooFsnP9DSFmNLnGcpVqmkxe
LA5NcJqWsQUJI25bbhqZ6gNM+BzzUUkM73btvHrH5a8OLzz4VRws8XOXzfaOMe/B
CwRHvrTESTfkE/jcujecGI8OPcwxyGBrHpNXu4mVp6fOfH1Y0W6LC6+UiNNy6EKh
duCn15rt5gw3oPbY0VUvzSRfDxMhVpMusEjO3uRfnNJyH8Ha8RWrYSI4KU/rUuGH
-----END CERTIFICATE-----