Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/G5IWBSKx5Xe7Z6v1Ypk3_mGg6RA.roa
File:                     G5IWBSKx5Xe7Z6v1Ypk3_mGg6RA.roa (raw, json)
Hash identifier:          rtSlblYouK72PSOXmKuBKvPnwskL0fx/b27/MgaWg3s=
Subject key identifier:   1B:92:16:05:22:B1:E5:77:BB:67:AB:F5:62:99:37:FE:61:A0:E9:10
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018E888D9ACA4C06A55C977BFA1A8CEF09A4
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/G5IWBSKx5Xe7Z6v1Ypk3_mGg6RA.roa
Signing time:             Fri 29 Mar 2024 04:52:45 +0000
ROA not before:           Fri 29 Mar 2024 04:52:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203841
IP address blocks:        5.143.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:88:8d:9a:ca:4c:06:a5:5c:97:7b:fa:1a:8c:ef:09:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Mar 29 04:52:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b92160522b1e577bb67abf5629937fe61a0e910
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:99:e1:a3:3e:ae:ae:0b:7f:74:32:80:fe:1f:
                    c3:5b:ad:3f:25:9f:a3:c2:18:28:f1:a3:fa:84:c6:
                    bf:36:75:0d:47:bb:07:a8:3c:16:a0:cf:1f:c0:42:
                    88:4e:b1:4d:92:53:11:81:32:24:90:e1:77:28:1a:
                    2f:c7:e2:24:ed:f2:a2:b6:58:61:0f:b8:3b:64:37:
                    4d:e9:8f:e6:a3:d6:7a:c2:21:a6:32:d1:3e:80:8b:
                    1e:69:54:b7:5a:e5:ac:e1:11:58:ff:80:df:5e:ff:
                    ec:01:f3:2a:15:34:38:f5:e8:1d:47:da:de:4f:a8:
                    45:2e:2f:0c:5f:94:9b:1f:f2:15:61:63:84:ae:d8:
                    a6:76:a9:ec:30:b3:57:5b:9f:a7:2e:90:7a:2c:e8:
                    d7:e8:cb:74:44:42:6d:5a:e2:a0:aa:a2:4e:ca:57:
                    1a:51:fb:1f:52:66:a9:d6:e2:b6:79:cd:6b:24:34:
                    05:f6:96:80:d6:bf:5b:fe:be:52:0b:9e:72:79:df:
                    51:ad:18:bb:13:b4:16:e0:78:26:34:b4:f2:68:d0:
                    90:c0:b4:b6:7c:ab:e1:7c:63:d3:5f:58:0e:16:05:
                    1f:19:3a:f8:1b:57:e4:02:bf:54:58:b0:11:83:67:
                    a6:a1:09:b6:15:db:1f:12:48:d4:3e:2a:5e:33:e6:
                    68:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:92:16:05:22:B1:E5:77:BB:67:AB:F5:62:99:37:FE:61:A0:E9:10
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/G5IWBSKx5Xe7Z6v1Ypk3_mGg6RA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.143.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:41:ba:a4:91:d0:e0:bf:a0:d8:28:34:5c:4b:c1:5b:16:d7:
         1b:22:35:48:6c:95:82:82:9b:9e:97:6e:5f:3b:9b:65:7a:e0:
         98:d6:ea:6d:33:24:ea:c4:7a:56:07:c1:62:36:96:11:9c:73:
         1a:6f:4a:30:75:70:ad:bb:72:de:d1:9c:4b:d8:ed:43:0f:21:
         e5:2e:60:c0:c5:dc:1a:79:17:4c:aa:ab:45:f0:2d:60:8d:2c:
         ec:fc:41:35:e4:6c:46:f6:ba:bf:31:39:67:f4:71:33:9f:ac:
         e6:7a:24:cb:ad:ca:02:98:73:25:c1:6a:96:3b:b3:bd:1a:ae:
         a1:b6:0e:b6:44:ca:84:db:f4:a4:be:50:bc:1c:eb:fb:1d:a1:
         d2:47:57:b6:6b:b6:8d:30:44:dc:22:e7:96:fb:e1:23:9c:10:
         fc:f4:9d:7e:63:f9:b4:b6:bd:59:15:06:08:35:93:4c:f9:d9:
         cd:da:4d:82:db:93:ec:26:ff:69:dc:27:2c:1c:f4:31:81:e9:
         b1:b8:38:1c:19:d4:bd:79:a2:88:a7:ba:07:3e:37:38:69:f3:
         62:38:8d:be:45:0f:88:cf:39:56:90:0b:5a:0b:40:e5:f7:80:
         be:0d:95:8c:95:a1:b2:29:5d:38:ed:05:16:70:50:58:a2:0e:
         85:21:b0:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6IjZrKTAalXJd7+hqM7wmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwMzI5MDQ1MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjkyMTYwNTIyYjFlNTc3YmI2N2FiZjU2Mjk5MzdmZTYxYTBlOTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA45nhoz6urgt/dDKA/h/DW60/JZ+j
whgo8aP6hMa/NnUNR7sHqDwWoM8fwEKITrFNklMRgTIkkOF3KBovx+Ik7fKitlhh
D7g7ZDdN6Y/mo9Z6wiGmMtE+gIseaVS3WuWs4RFY/4DfXv/sAfMqFTQ49egdR9re
T6hFLi8MX5SbH/IVYWOErtimdqnsMLNXW5+nLpB6LOjX6Mt0REJtWuKgqqJOylca
UfsfUmap1uK2ec1rJDQF9paA1r9b/r5SC55yed9RrRi7E7QW4HgmNLTyaNCQwLS2
fKvhfGPTX1gOFgUfGTr4G1fkAr9UWLARg2emoQm2FdsfEkjUPipeM+ZoEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuSFgUiseV3u2er9WKZN/5hoOkQMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvRzVJV0JTS3g1WGU3WjZ2MVlwazNfbUdnNlJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABY/uMA0G
CSqGSIb3DQEBCwUAA4IBAQAIQbqkkdDgv6DYKDRcS8FbFtcbIjVIbJWCgpuel25f
O5tleuCY1uptMyTqxHpWB8FiNpYRnHMab0owdXCtu3Le0ZxL2O1DDyHlLmDAxdwa
eRdMqqtF8C1gjSzs/EE15GxG9rq/MTln9HEzn6zmeiTLrcoCmHMlwWqWO7O9Gq6h
tg62RMqE2/SkvlC8HOv7HaHSR1e2a7aNMETcIueW++EjnBD89J1+Y/m0tr1ZFQYI
NZNM+dnN2k2C25PsJv9p3CcsHPQxgemxuDgcGdS9eaKIp7oHPjc4afNiOI2+RQ+I
zzlWkAtaC0Dl94C+DZWMlaGyKV047QUWcFBYog6FIbC1
-----END CERTIFICATE-----