Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/5hKAlrgIa_5iHmR8B3PVVoiA5so.roa
File:                     5hKAlrgIa_5iHmR8B3PVVoiA5so.roa (raw, json)
Hash identifier:          y4/ADLzBFPVtnMEb6z6UUVbCTzFR0YE+EEbTtAalGKw=
Subject key identifier:   E6:12:80:96:B8:08:6B:FE:62:1E:64:7C:07:73:D5:56:88:80:E6:CA
Certificate issuer:       /CN=2940b694bba095344e4bdb99f51e1f1023be57ce
Certificate serial:       018CC64B85475149EA02293A00ED50B0E49B
Authority key identifier: 29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/5hKAlrgIa_5iHmR8B3PVVoiA5so.roa
Signing time:             Mon 01 Jan 2024 18:31:27 +0000
ROA not before:           Mon 01 Jan 2024 18:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56791
IP address blocks:        185.134.122.0/23 maxlen: 32
                          185.134.121.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:85:47:51:49:ea:02:29:3a:00:ed:50:b0:e4:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2940b694bba095344e4bdb99f51e1f1023be57ce
        Validity
            Not Before: Jan  1 18:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6128096b8086bfe621e647c0773d5568880e6ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:44:33:09:3c:e1:65:8a:4d:ea:4d:5c:3b:97:
                    35:50:d2:3a:0e:78:f9:d7:e7:40:4b:92:3d:76:bc:
                    83:2d:a5:cb:e0:de:08:9e:ab:8c:76:e6:65:55:86:
                    95:d6:9c:4b:89:93:74:46:4a:ba:67:9c:32:53:60:
                    fa:cc:8d:76:20:76:51:55:9b:ce:9b:8b:0c:1e:c9:
                    ea:1a:94:fc:7a:59:98:c6:3c:4b:e4:93:90:4f:20:
                    90:8c:3a:7b:f7:c4:44:91:9a:4c:d2:74:16:83:e5:
                    b8:b3:95:a8:99:8c:5f:86:41:88:69:2a:48:39:45:
                    8a:8b:c1:9d:a4:9f:3a:86:01:0f:25:61:3b:05:bf:
                    f8:69:9d:8b:1a:6d:01:eb:5e:1d:76:90:ce:cc:2e:
                    1e:d0:07:62:d0:24:b4:f1:93:68:25:2f:6c:67:79:
                    e6:04:81:3b:14:9f:8a:1e:45:2a:93:17:34:9d:59:
                    17:18:4d:0c:59:ea:5f:e0:bb:97:b3:09:12:9e:a8:
                    e3:0d:36:21:b6:01:65:fb:e6:cf:91:cd:04:0b:c9:
                    ee:34:e1:13:ce:e0:13:c2:61:f2:d9:10:d5:45:45:
                    f7:79:b6:20:bc:5f:8e:b2:aa:79:a6:47:e6:e7:d8:
                    84:3a:89:44:6f:a0:3a:54:9e:39:84:2b:2d:2c:51:
                    50:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:12:80:96:B8:08:6B:FE:62:1E:64:7C:07:73:D5:56:88:80:E6:CA
            X509v3 Authority Key Identifier:
                keyid:29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/5hKAlrgIa_5iHmR8B3PVVoiA5so.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.121.0-185.134.123.255

    Signature Algorithm: sha256WithRSAEncryption
         5c:68:48:dc:4a:18:15:9b:44:31:91:bf:8e:58:51:a5:ba:2f:
         64:c9:3c:eb:0c:f6:a2:b0:8b:29:49:ab:82:cb:b2:ed:fc:0a:
         2c:62:7d:c4:6f:91:e4:05:65:c0:f1:4d:e6:cb:43:66:56:9f:
         a1:86:64:ac:3c:1d:38:91:15:9e:39:2f:d3:29:4b:b7:3b:8b:
         61:25:a0:5d:13:73:3b:27:24:a8:80:95:ef:ef:0d:31:93:97:
         2a:d8:9f:99:fb:b9:63:cb:59:45:70:c8:d7:43:68:89:9e:31:
         eb:28:d2:fe:70:4d:9e:01:f3:08:83:d8:4e:51:7c:7a:6b:dc:
         5a:1d:df:95:21:0a:07:c3:7d:d6:e6:49:3b:f6:b7:5e:3d:14:
         b5:06:96:b4:3b:d7:b2:15:8d:db:ef:f3:33:b1:c8:ec:6d:a7:
         4e:49:21:c4:93:6f:0a:ac:76:72:22:67:8d:47:f8:25:6d:21:
         71:20:98:40:a7:4d:36:fc:11:23:21:38:70:9e:0e:bb:bb:d9:
         e9:ff:fa:89:07:41:4b:44:2d:7e:4d:fe:84:0c:d5:6f:ce:a3:
         5b:33:97:5b:51:23:d3:06:ac:9b:5b:63:ff:a1:42:a7:8b:38:
         33:45:24:3f:df:96:d8:eb:c8:99:2f:56:98:02:b4:91:7a:8a:
         3c:0e:7d:32
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGS4VHUUnqAik6AO1QsOSbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDBiNjk0YmJhMDk1MzQ0ZTRiZGI5OWY1MWUxZjEwMjNi
ZTU3Y2UwHhcNMjQwMTAxMTgzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjEyODA5NmI4MDg2YmZlNjIxZTY0N2MwNzczZDU1Njg4ODBlNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUQzCTzhZYpN6k1cO5c1UNI6Dnj5
1+dAS5I9dryDLaXL4N4InquMduZlVYaV1pxLiZN0Rkq6Z5wyU2D6zI12IHZRVZvO
m4sMHsnqGpT8elmYxjxL5JOQTyCQjDp798REkZpM0nQWg+W4s5WomYxfhkGIaSpI
OUWKi8GdpJ86hgEPJWE7Bb/4aZ2LGm0B614ddpDOzC4e0Adi0CS08ZNoJS9sZ3nm
BIE7FJ+KHkUqkxc0nVkXGE0MWepf4LuXswkSnqjjDTYhtgFl++bPkc0EC8nuNOET
zuATwmHy2RDVRUX3ebYgvF+Osqp5pkfm59iEOolEb6A6VJ45hCstLFFQKwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOYSgJa4CGv+Yh5kfAdz1VaIgObKMB8GA1UdIwQY
MBaAFClAtpS7oJU0TkvbmfUeHxAjvlfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzIt
MjdjMWEzNTk3NmRlLzEvNWhLQWxyZ0lhXzVpSG1SOEIzUFZWb2lBNXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzItMjdjMWEzNTk3NmRl
LzEvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5hnkD
BAK5hngwDQYJKoZIhvcNAQELBQADggEBAFxoSNxKGBWbRDGRv45YUaW6L2TJPOsM
9qKwiylJq4LLsu38CixifcRvkeQFZcDxTebLQ2ZWn6GGZKw8HTiRFZ45L9MpS7c7
i2EloF0TczsnJKiAle/vDTGTlyrYn5n7uWPLWUVwyNdDaImeMeso0v5wTZ4B8wiD
2E5RfHpr3Fod35UhCgfDfdbmSTv2t149FLUGlrQ717IVjdvv8zOxyOxtp05JIcST
bwqsdnIiZ41H+CVtIXEgmECnTTb8ESMhOHCeDru72en/+okHQUtELX5N/oQM1W/O
o1szl1tRI9MGrJtbY/+hQqeLODNFJD/fltjryJkvVpgCtJF6ijwOfTI=
-----END CERTIFICATE-----