Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/1XaidD0W_tH1O7iUsg4VFHAwqvI.roa
File:                     1XaidD0W_tH1O7iUsg4VFHAwqvI.roa (raw, json)
Hash identifier:          ed3yF3q3zQOPjaKAdNrp9+QmkLShSq6J6QobhueTAOs=
Subject key identifier:   D5:76:A2:74:3D:16:FE:D1:F5:3B:B8:94:B2:0E:15:14:70:30:AA:F2
Certificate issuer:       /CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Certificate serial:       018CC2DB21030E2140FDC4FC200698F9A60A
Authority key identifier: 21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/1XaidD0W_tH1O7iUsg4VFHAwqvI.roa
Signing time:             Mon 01 Jan 2024 02:29:49 +0000
ROA not before:           Mon 01 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60251
IP address blocks:        5.23.50.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:21:03:0e:21:40:fd:c4:fc:20:06:98:f9:a6:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d576a2743d16fed1f53bb894b20e15147030aaf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:3f:0a:ba:33:48:2c:96:0c:c8:82:90:4d:93:
                    2f:27:d7:66:b2:8e:08:e1:20:a3:ca:37:54:03:9b:
                    7d:d0:f6:a0:7e:27:e2:6e:d7:d3:2d:64:bc:f8:98:
                    c1:7a:14:91:27:9c:3f:bd:65:1f:ea:c7:9d:4d:72:
                    ab:eb:58:59:92:66:8f:4e:fb:5e:e5:33:47:af:fe:
                    a2:65:36:6e:ef:af:e0:cf:0f:dd:bf:a1:c1:fd:70:
                    ac:c8:7f:56:0e:02:ef:e3:62:bb:fb:62:b8:d1:f7:
                    a4:f2:2e:10:a2:be:84:3d:b9:d3:cc:f5:bc:23:79:
                    e3:c6:c4:78:1a:0f:dd:2d:fb:bb:1b:56:7b:82:79:
                    57:e8:d0:21:ca:9f:5c:f0:3b:54:9d:32:1a:78:a9:
                    a7:18:f6:3b:6d:2b:65:fd:6c:ee:39:51:2f:84:92:
                    0e:57:5a:ae:46:09:cf:1b:18:d7:c6:44:45:df:53:
                    55:39:93:62:a7:f9:9a:3c:3b:80:b2:c9:aa:4a:18:
                    d2:9d:c1:db:9f:ae:1f:ec:6a:2e:b3:1e:a9:05:21:
                    f2:2d:b5:0c:90:54:97:08:3d:31:a4:11:f4:84:2d:
                    b3:3c:13:aa:ba:80:e9:cf:1b:eb:b6:86:dd:64:38:
                    bb:3a:d8:a1:72:68:28:ef:cd:45:ae:75:bf:bf:ce:
                    4b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:76:A2:74:3D:16:FE:D1:F5:3B:B8:94:B2:0E:15:14:70:30:AA:F2
            X509v3 Authority Key Identifier:
                keyid:21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/1XaidD0W_tH1O7iUsg4VFHAwqvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.23.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b9:1c:50:30:94:0f:f1:9d:0f:ac:f8:97:f4:a7:e8:db:26:a5:
         44:b9:6d:47:b3:fd:89:b5:5c:3c:a1:1b:0a:a6:36:cc:ac:12:
         42:e9:21:b6:87:31:90:84:07:44:db:67:e1:0f:64:9d:39:b1:
         35:fd:2f:f3:7f:9b:0a:c9:7a:52:c8:17:af:53:61:7d:ee:d9:
         ab:e1:a2:61:69:ec:fd:5d:b6:af:07:f5:d7:aa:6c:f1:70:28:
         21:fe:46:a1:72:5b:65:35:98:25:cf:3b:69:63:f0:de:cb:61:
         6a:5b:77:16:58:2f:bc:20:b8:57:99:8c:e9:db:96:28:9e:5b:
         fd:0d:4b:d1:42:8d:3f:cf:e7:c7:01:44:a4:af:1b:36:d8:51:
         a0:86:6c:0c:50:85:74:ae:7a:14:39:29:6f:f3:db:e7:13:c0:
         a2:7a:d0:26:ee:2b:7c:fa:ce:00:64:9d:81:1d:86:13:56:0d:
         c7:f7:c4:11:9b:38:df:ca:d6:e3:6c:7d:ff:27:61:89:f8:d6:
         c5:a4:83:49:f1:e2:70:30:9f:1a:af:57:59:26:f8:0d:2e:7d:
         c7:a5:0e:c0:13:98:72:63:0b:98:18:f4:f8:96:6e:00:b8:58:
         37:e4:dc:aa:d4:8f:9f:ed:b8:72:3d:23:38:da:5f:5d:bc:dd:
         9f:5a:84:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yEDDiFA/cT8IAaY+aYKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjBiMmIxYzgyOWQ4ODkzNmIxYWRhZWVjOTdmZGQxYjQw
ZDQxZTUwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTc2YTI3NDNkMTZmZWQxZjUzYmI4OTRiMjBlMTUxNDcwMzBhYWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkT8KujNILJYMyIKQTZMvJ9dmso4I
4SCjyjdUA5t90PagfifibtfTLWS8+JjBehSRJ5w/vWUf6sedTXKr61hZkmaPTvte
5TNHr/6iZTZu76/gzw/dv6HB/XCsyH9WDgLv42K7+2K40fek8i4Qor6EPbnTzPW8
I3njxsR4Gg/dLfu7G1Z7gnlX6NAhyp9c8DtUnTIaeKmnGPY7bStl/WzuOVEvhJIO
V1quRgnPGxjXxkRF31NVOZNip/maPDuAssmqShjSncHbn64f7Gousx6pBSHyLbUM
kFSXCD0xpBH0hC2zPBOquoDpzxvrtobdZDi7Otihcmgo781FrnW/v85LzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNV2onQ9Fv7R9Tu4lLIOFRRwMKryMB8GA1UdIwQY
MBaAFCFgsrHIKdiJNrGtruyX/dG0DUHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEt
M2RmN2ZhZjM1MzVkLzEvMVhhaWREMFdfdEgxTzdpVXNnNFZGSEF3cXZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEtM2RmN2ZhZjM1MzVk
LzEvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBRcyMA0G
CSqGSIb3DQEBCwUAA4IBAQC5HFAwlA/xnQ+s+Jf0p+jbJqVEuW1Hs/2JtVw8oRsK
pjbMrBJC6SG2hzGQhAdE22fhD2SdObE1/S/zf5sKyXpSyBevU2F97tmr4aJhaez9
XbavB/XXqmzxcCgh/kahcltlNZglzztpY/Dey2FqW3cWWC+8ILhXmYzp25Yonlv9
DUvRQo0/z+fHAUSkrxs22FGghmwMUIV0rnoUOSlv89vnE8CietAm7it8+s4AZJ2B
HYYTVg3H98QRmzjfytbjbH3/J2GJ+NbFpINJ8eJwMJ8ar1dZJvgNLn3HpQ7AE5hy
YwuYGPT4lm4AuFg35Nyq1I+f7bhyPSM42l9dvN2fWoRW
-----END CERTIFICATE-----