Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/z5jU9P6R7-jJexy8ebZ4LRWbACc.roa
File:                     z5jU9P6R7-jJexy8ebZ4LRWbACc.roa (raw, json)
Hash identifier:          +QKdIWrg0GckBDsKAllkSG44cLt630sleey4LOCcjYU=
Subject key identifier:   CF:98:D4:F4:FE:91:EF:E8:C9:7B:1C:BC:79:B6:78:2D:15:9B:00:27
Certificate issuer:       /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial:       018CC6B90EDA6323D51E1E81A28FDF41265B
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/z5jU9P6R7-jJexy8ebZ4LRWbACc.roa
Signing time:             Mon 01 Jan 2024 20:31:05 +0000
ROA not before:           Mon 01 Jan 2024 20:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48990
IP address blocks:        158.172.132.0/22 maxlen: 22
                          158.172.128.0/22 maxlen: 22
                          158.172.128.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:0e:da:63:23:d5:1e:1e:81:a2:8f:df:41:26:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
        Validity
            Not Before: Jan  1 20:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf98d4f4fe91efe8c97b1cbc79b6782d159b0027
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:77:79:02:5e:0c:cc:3a:52:c3:a4:c2:c4:c9:
                    5e:cc:a9:2d:7a:f1:8a:54:e8:89:84:f5:60:d7:a0:
                    3d:49:cb:2d:16:da:15:e0:45:b4:4f:52:26:ac:41:
                    c9:95:07:a1:8f:43:ee:17:78:42:8a:ff:51:40:b0:
                    de:4d:3c:2b:0d:7f:1e:84:2d:8c:da:6e:9c:46:6e:
                    8a:10:0f:93:26:37:1d:61:3d:47:13:bd:f6:f1:c0:
                    ca:05:09:8a:13:7c:b3:e7:e9:61:e5:02:5e:73:dd:
                    07:9b:9d:3b:a1:30:a5:e5:aa:c1:49:99:cc:f6:50:
                    04:1f:9f:49:08:39:60:ea:be:0f:ef:02:01:2a:00:
                    f2:df:db:1d:6c:72:ec:24:a7:ae:91:bc:a5:62:bf:
                    18:04:25:74:db:6e:54:3d:a8:ed:c3:ea:5e:75:64:
                    9f:97:9e:12:f5:f3:14:bc:93:d3:b5:72:09:5a:1e:
                    ca:b9:a0:5f:6d:b1:0a:3b:c4:1d:a5:8b:48:ff:20:
                    a1:8f:07:92:4b:6f:8e:37:82:4f:8d:01:07:c1:1b:
                    d1:cc:77:2b:3f:37:a1:25:9e:e1:af:d4:ee:91:29:
                    f4:0e:e5:f8:d3:2c:15:64:cd:b4:b0:a1:7b:ce:ff:
                    84:45:f4:96:9f:c1:87:a5:21:9c:ce:0e:8e:8f:8d:
                    0b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:98:D4:F4:FE:91:EF:E8:C9:7B:1C:BC:79:B6:78:2D:15:9B:00:27
            X509v3 Authority Key Identifier:
                keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/z5jU9P6R7-jJexy8ebZ4LRWbACc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.172.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1e:e3:65:e6:ae:f3:ed:6a:23:ec:1c:84:b9:c4:c5:6c:8f:a7:
         ff:e8:44:39:40:20:ab:6a:fd:f4:ee:b4:8f:98:5a:0c:cd:cd:
         50:0d:c3:46:a8:f8:57:dc:93:37:40:4b:58:c4:07:81:0c:28:
         d8:05:7a:40:b8:89:00:2c:62:be:df:bc:85:47:64:ee:77:c3:
         24:95:3c:ca:df:3a:ce:4e:ca:c5:2a:3c:0c:72:fd:7b:cc:3c:
         5e:88:00:0d:93:fc:f8:cf:e3:7a:2a:5e:b5:fa:a9:1b:88:40:
         1b:68:7a:8e:cb:6b:95:7a:2a:5f:76:74:da:5f:5e:84:ba:e5:
         00:9c:df:75:79:6a:b6:29:35:8f:ce:00:b0:87:5b:df:d2:01:
         56:66:86:6d:1b:00:2d:69:7f:73:15:52:ac:c5:a7:0c:ae:16:
         65:ad:ad:0e:e4:a8:d6:de:fd:ad:2d:e6:e9:c8:e6:72:ab:12:
         16:0b:9c:20:68:e2:f5:cf:13:fc:1e:72:56:f5:e2:6b:d4:ed:
         3e:3b:ee:fe:35:c5:04:6e:14:87:e9:a4:99:af:22:56:d7:78:
         50:2f:97:81:af:cc:cf:c3:b5:c9:55:68:63:77:53:07:6a:bc:
         60:7b:77:9b:15:ea:7f:05:c2:ff:1d:52:b0:91:57:a3:d6:27:
         a7:6d:8a:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuQ7aYyPVHh6Boo/fQSZbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjQwMTAxMjAzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjk4ZDRmNGZlOTFlZmU4Yzk3YjFjYmM3OWI2NzgyZDE1OWIwMDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAund5Al4MzDpSw6TCxMlezKktevGK
VOiJhPVg16A9ScstFtoV4EW0T1ImrEHJlQehj0PuF3hCiv9RQLDeTTwrDX8ehC2M
2m6cRm6KEA+TJjcdYT1HE7328cDKBQmKE3yz5+lh5QJec90Hm507oTCl5arBSZnM
9lAEH59JCDlg6r4P7wIBKgDy39sdbHLsJKeukbylYr8YBCV0225UPajtw+pedWSf
l54S9fMUvJPTtXIJWh7KuaBfbbEKO8QdpYtI/yChjweSS2+ON4JPjQEHwRvRzHcr
PzehJZ7hr9TukSn0DuX40ywVZM20sKF7zv+ERfSWn8GHpSGczg6Oj40LpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+Y1PT+ke/oyXscvHm2eC0VmwAnMB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvejVqVTlQNlI3LWpKZXh5OGViWjRMUldiQUNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2ItMWVkMTA5NTRiZDk2
LzEvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDnqyAMA0G
CSqGSIb3DQEBCwUAA4IBAQAe42XmrvPtaiPsHIS5xMVsj6f/6EQ5QCCrav307rSP
mFoMzc1QDcNGqPhX3JM3QEtYxAeBDCjYBXpAuIkALGK+37yFR2Tud8MklTzK3zrO
TsrFKjwMcv17zDxeiAANk/z4z+N6Kl61+qkbiEAbaHqOy2uVeipfdnTaX16EuuUA
nN91eWq2KTWPzgCwh1vf0gFWZoZtGwAtaX9zFVKsxacMrhZlra0O5KjW3v2tLebp
yOZyqxIWC5wgaOL1zxP8HnJW9eJr1O0+O+7+NcUEbhSH6aSZryJW13hQL5eBr8zP
w7XJVWhjd1MHarxge3ebFep/BcL/HVKwkVej1ienbYqk
-----END CERTIFICATE-----