Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/5FHVZX21aYiRfCdf4-fdYclA4bc.roa
File:                     5FHVZX21aYiRfCdf4-fdYclA4bc.roa (raw, json)
Hash identifier:          HuPTML2vbuFhr3fmKMerxtE1XVH381zzrjq2TeEqk40=
Subject key identifier:   E4:51:D5:65:7D:B5:69:88:91:7C:27:5F:E3:E7:DD:61:C9:40:E1:B7
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       018CC3B6CE76C5FDD9065BF37A70AD964086
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/5FHVZX21aYiRfCdf4-fdYclA4bc.roa
Signing time:             Mon 01 Jan 2024 06:29:46 +0000
ROA not before:           Mon 01 Jan 2024 06:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        5.183.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ce:76:c5:fd:d9:06:5b:f3:7a:70:ad:96:40:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: Jan  1 06:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e451d5657db56988917c275fe3e7dd61c940e1b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:44:95:ec:fb:5e:23:46:32:83:bd:e5:d6:2a:
                    66:72:1d:9e:8c:12:88:2e:ef:0f:87:0d:40:20:b4:
                    05:04:69:d8:a8:d7:72:12:73:e5:dc:94:ea:8b:c9:
                    ae:ef:e9:1b:1a:a0:82:f3:68:39:6a:ad:f4:2f:e4:
                    da:57:8d:f3:10:fc:6f:0b:cf:55:98:46:bf:37:f7:
                    ce:06:06:03:26:04:3f:7f:7f:42:67:4c:e1:c9:58:
                    27:f8:52:a6:50:a3:17:0a:2d:87:d3:57:3e:f1:ff:
                    18:df:5f:a0:b1:27:84:98:68:9d:57:52:b5:4c:57:
                    91:87:0a:5b:5f:72:ed:68:4c:d7:7e:60:d2:bc:a4:
                    90:0d:9a:e0:59:0a:b3:0b:d0:4d:f1:e8:40:48:51:
                    ea:fa:1f:7b:cc:4a:35:3c:7f:cf:4c:3a:83:42:c6:
                    54:4e:90:5b:69:86:29:f4:fc:9c:89:4c:cb:3a:65:
                    df:d7:44:7c:19:fd:ad:f5:47:dc:66:c3:c0:85:76:
                    a1:d4:90:8a:27:d2:47:a7:08:6a:47:1a:aa:50:41:
                    02:1a:c5:73:90:4a:b7:10:ec:0e:71:40:85:42:e3:
                    94:f1:45:40:47:05:21:de:f1:b5:09:05:04:6e:59:
                    3a:c0:47:34:42:1d:84:21:14:cf:65:03:80:1d:97:
                    73:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:51:D5:65:7D:B5:69:88:91:7C:27:5F:E3:E7:DD:61:C9:40:E1:B7
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/5FHVZX21aYiRfCdf4-fdYclA4bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:61:47:32:76:16:32:1e:74:2d:a2:75:db:95:f5:6c:44:7c:
         5d:47:d6:69:e1:f5:af:1b:72:41:b9:73:04:60:7d:68:39:e3:
         ab:bc:d9:29:22:a3:8c:22:80:42:a9:e8:74:50:32:b5:52:e6:
         d8:31:ff:88:4e:d8:23:3b:5d:15:69:8c:28:e8:69:b9:6e:5a:
         56:a2:53:b9:30:2b:c0:a5:90:c5:07:52:74:35:a7:f8:3d:bf:
         d6:35:8a:91:3b:da:b3:ed:48:a2:6a:5c:d3:7f:41:1d:ab:50:
         19:61:78:30:20:ea:96:f5:4f:f2:57:30:0c:58:26:fb:26:af:
         ec:4c:75:ce:77:3c:3d:15:53:4d:08:1f:5b:24:93:0f:a1:76:
         53:8c:15:3c:6e:10:21:ee:5a:00:c4:a6:ce:7d:23:d3:6c:b8:
         05:7d:d6:18:6b:51:47:dd:36:b0:c1:4d:39:19:e4:15:c0:50:
         03:8b:7b:80:99:00:59:87:61:62:e7:c2:ec:09:82:5b:2e:c5:
         c0:64:e5:51:4d:e1:c2:08:b2:c5:66:94:78:04:f2:8c:4d:25:
         43:fe:e3:c3:25:d1:e4:d2:0a:59:74:63:2f:35:19:59:f1:9b:
         09:5a:1d:58:ad:40:59:ac:e2:27:cb:e5:12:b6:16:5d:f8:a0:
         52:53:c2:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDts52xf3ZBlvzenCtlkCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjQwMTAxMDYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDUxZDU2NTdkYjU2OTg4OTE3YzI3NWZlM2U3ZGQ2MWM5NDBlMWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUSV7PteI0Yyg73l1ipmch2ejBKI
Lu8Phw1AILQFBGnYqNdyEnPl3JTqi8mu7+kbGqCC82g5aq30L+TaV43zEPxvC89V
mEa/N/fOBgYDJgQ/f39CZ0zhyVgn+FKmUKMXCi2H01c+8f8Y31+gsSeEmGidV1K1
TFeRhwpbX3LtaEzXfmDSvKSQDZrgWQqzC9BN8ehASFHq+h97zEo1PH/PTDqDQsZU
TpBbaYYp9PyciUzLOmXf10R8Gf2t9UfcZsPAhXah1JCKJ9JHpwhqRxqqUEECGsVz
kEq3EOwOcUCFQuOU8UVARwUh3vG1CQUEblk6wEc0Qh2EIRTPZQOAHZdzCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORR1WV9tWmIkXwnX+Pn3WHJQOG3MB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvNUZIVlpYMjFhWWlSZkNkZjQtZmRZY2xBNGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbfEMA0G
CSqGSIb3DQEBCwUAA4IBAQBjYUcydhYyHnQtonXblfVsRHxdR9Zp4fWvG3JBuXME
YH1oOeOrvNkpIqOMIoBCqeh0UDK1UubYMf+ITtgjO10VaYwo6Gm5blpWolO5MCvA
pZDFB1J0Naf4Pb/WNYqRO9qz7UiialzTf0Edq1AZYXgwIOqW9U/yVzAMWCb7Jq/s
THXOdzw9FVNNCB9bJJMPoXZTjBU8bhAh7loAxKbOfSPTbLgFfdYYa1FH3TawwU05
GeQVwFADi3uAmQBZh2Fi58LsCYJbLsXAZOVRTeHCCLLFZpR4BPKMTSVD/uPDJdHk
0gpZdGMvNRlZ8ZsJWh1YrUBZrOIny+USthZd+KBSU8LB
-----END CERTIFICATE-----