Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/HzEaWN2wE3J6qMUDkQEtIVh2LZA.roa
File:                     HzEaWN2wE3J6qMUDkQEtIVh2LZA.roa (raw, json)
Hash identifier:          pvvGuSDldZ1sLgH7atKBPNn58A/CP7fzdGK+l/XFsVM=
Subject key identifier:   1F:31:1A:58:DD:B0:13:72:7A:A8:C5:03:91:01:2D:21:58:76:2D:90
Certificate issuer:       /CN=acb54bcc49291a1f32b7cead4f296882d0531492
Certificate serial:       018CC4935F17E02B19DD20D50C06C2E94445
Authority key identifier: AC:B5:4B:CC:49:29:1A:1F:32:B7:CE:AD:4F:29:68:82:D0:53:14:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rLVLzEkpGh8yt86tTylogtBTFJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/HzEaWN2wE3J6qMUDkQEtIVh2LZA.roa
Signing time:             Mon 01 Jan 2024 10:30:41 +0000
ROA not before:           Mon 01 Jan 2024 10:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59554
IP address blocks:        5.178.112.0/21 maxlen: 21
                          2a01:9b40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/rLVLzEkpGh8yt86tTylogtBTFJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/rLVLzEkpGh8yt86tTylogtBTFJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rLVLzEkpGh8yt86tTylogtBTFJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5f:17:e0:2b:19:dd:20:d5:0c:06:c2:e9:44:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acb54bcc49291a1f32b7cead4f296882d0531492
        Validity
            Not Before: Jan  1 10:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f311a58ddb013727aa8c50391012d2158762d90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:3e:69:28:42:1a:e5:c3:d7:b1:c4:9c:95:16:
                    2c:ac:fa:5b:50:13:e9:31:d3:3f:d6:8f:6c:9d:9e:
                    e2:08:5f:cd:38:6b:1c:44:5a:6f:d9:a3:df:83:c0:
                    bd:e9:dd:b8:0c:c8:ed:98:4b:0e:eb:65:5f:05:5d:
                    f9:53:04:cc:3c:2c:36:05:20:c9:71:09:12:ea:b9:
                    2b:c6:53:cb:ae:fa:51:eb:33:a8:94:1d:12:82:c2:
                    77:7e:4a:fd:6a:b8:47:1a:8e:74:0f:6f:25:7f:8d:
                    c7:9b:0f:f0:cd:68:85:03:ef:8b:f1:9b:d7:fc:a4:
                    33:22:b4:ef:52:f9:94:63:19:fc:3c:a3:28:d4:29:
                    7a:26:ca:04:7b:56:66:1d:23:8b:e9:96:f5:f2:d8:
                    42:dc:21:61:85:ed:41:6d:61:09:28:ae:c2:2a:b9:
                    2d:85:f9:57:db:28:d5:e2:ea:4d:02:d4:1a:1a:46:
                    11:df:e9:3b:e1:03:9d:0a:51:5a:dc:90:fe:1b:1e:
                    d0:32:a3:34:25:53:8f:3a:8e:e2:e0:cd:26:52:5e:
                    27:18:fa:7e:a6:dd:3d:b8:1a:48:26:65:78:fb:51:
                    f5:14:a3:7c:22:08:20:a7:11:33:a8:f2:e3:14:81:
                    f6:ac:d2:fc:07:b8:03:a5:1c:62:65:a8:5b:08:6c:
                    b0:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:31:1A:58:DD:B0:13:72:7A:A8:C5:03:91:01:2D:21:58:76:2D:90
            X509v3 Authority Key Identifier:
                keyid:AC:B5:4B:CC:49:29:1A:1F:32:B7:CE:AD:4F:29:68:82:D0:53:14:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rLVLzEkpGh8yt86tTylogtBTFJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/HzEaWN2wE3J6qMUDkQEtIVh2LZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd2bdd-d3c4-4d60-b096-af3a685d579f/1/rLVLzEkpGh8yt86tTylogtBTFJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.112.0/21
                IPv6:
                  2a01:9b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:ff:f4:2b:a3:b8:69:10:5f:d2:c3:09:f9:46:bf:e7:2e:50:
         95:db:79:5f:39:e8:c2:8e:32:fd:56:79:61:51:a7:6d:2c:49:
         bc:3e:11:89:25:5d:fa:d9:29:03:4b:4e:05:4d:11:3e:a4:8e:
         a9:e9:2f:88:29:f7:3f:f8:85:bd:ec:ab:a3:ef:37:64:0c:e8:
         86:44:d9:b5:26:bb:cc:91:92:75:bc:41:70:a0:59:28:f7:3e:
         1c:92:cd:ca:4c:f9:7e:45:d6:dd:19:25:a8:22:a4:a6:49:ac:
         b4:94:fc:6d:16:1d:30:e7:d0:6b:ce:39:96:38:cb:fa:fa:04:
         5b:b9:eb:12:6a:fb:af:9d:b7:f8:b3:1e:29:83:dd:69:ab:ff:
         a5:60:10:32:ab:c6:bb:ef:80:8b:61:1e:b0:34:2e:22:31:9b:
         67:3d:1f:02:77:f5:47:08:05:32:b8:ff:14:a5:1e:16:cd:61:
         57:37:9c:bf:81:57:0c:b6:7d:4e:2c:d9:ed:85:73:30:13:27:
         c9:08:03:30:08:b7:cc:7c:88:99:2e:02:0b:ed:3a:6f:9e:f2:
         5f:7a:66:e8:9c:c4:d7:f6:eb:1d:8f:8c:1a:d0:7d:1c:f5:be:
         35:e4:fc:9d:e7:4b:99:e6:be:50:69:15:0b:5a:01:2c:01:eb:
         ca:de:4a:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEk18X4CsZ3SDVDAbC6URFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYjU0YmNjNDkyOTFhMWYzMmI3Y2VhZDRmMjk2ODgyZDA1
MzE0OTIwHhcNMjQwMTAxMTAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjMxMWE1OGRkYjAxMzcyN2FhOGM1MDM5MTAxMmQyMTU4NzYyZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkT5pKEIa5cPXscSclRYsrPpbUBPp
MdM/1o9snZ7iCF/NOGscRFpv2aPfg8C96d24DMjtmEsO62VfBV35UwTMPCw2BSDJ
cQkS6rkrxlPLrvpR6zOolB0SgsJ3fkr9arhHGo50D28lf43Hmw/wzWiFA++L8ZvX
/KQzIrTvUvmUYxn8PKMo1Cl6JsoEe1ZmHSOL6Zb18thC3CFhhe1BbWEJKK7CKrkt
hflX2yjV4upNAtQaGkYR3+k74QOdClFa3JD+Gx7QMqM0JVOPOo7i4M0mUl4nGPp+
pt09uBpIJmV4+1H1FKN8IgggpxEzqPLjFIH2rNL8B7gDpRxiZahbCGywxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB8xGljdsBNyeqjFA5EBLSFYdi2QMB8GA1UdIwQY
MBaAFKy1S8xJKRofMrfOrU8paILQUxSSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckxWTHpFa3BHaDh5dDg2dFR5bG9ndEJURkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jZDJiZGQtZDNjNC00ZDYwLWIwOTYt
YWYzYTY4NWQ1NzlmLzEvSHpFYVdOMndFM0o2cU1VRGtRRXRJVmgyTFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jZDJiZGQtZDNjNC00ZDYwLWIwOTYtYWYzYTY4NWQ1Nzlm
LzEvckxWTHpFa3BHaDh5dDg2dFR5bG9ndEJURkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDBbJwMA0E
AgACMAcDBQAqAZtAMA0GCSqGSIb3DQEBCwUAA4IBAQA7//Qro7hpEF/Swwn5Rr/n
LlCV23lfOejCjjL9VnlhUadtLEm8PhGJJV362SkDS04FTRE+pI6p6S+IKfc/+IW9
7Kuj7zdkDOiGRNm1JrvMkZJ1vEFwoFko9z4cks3KTPl+RdbdGSWoIqSmSay0lPxt
Fh0w59BrzjmWOMv6+gRbuesSavuvnbf4sx4pg91pq/+lYBAyq8a774CLYR6wNC4i
MZtnPR8Cd/VHCAUyuP8UpR4WzWFXN5y/gVcMtn1OLNnthXMwEyfJCAMwCLfMfIiZ
LgIL7TpvnvJfembonMTX9usdj4wa0H0c9b415Pyd50uZ5r5QaRULWgEsAevK3kp9
-----END CERTIFICATE-----