Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/hu8DoLyMjp7W-KFAgir35tqg0Wo.roa
File:                     hu8DoLyMjp7W-KFAgir35tqg0Wo.roa (raw, json)
Hash identifier:          3ZPhaESKXXVUa3sMK69+mSPMWZol6tcNV5DAETsqiJo=
Subject key identifier:   86:EF:03:A0:BC:8C:8E:9E:D6:F8:A1:40:82:2A:F7:E6:DA:A0:D1:6A
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018FE820156D9BF4F247A761266CD1350021
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/hu8DoLyMjp7W-KFAgir35tqg0Wo.roa
Signing time:             Wed 05 Jun 2024 11:19:27 +0000
ROA not before:           Wed 05 Jun 2024 11:19:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134351
IP address blocks:        5.188.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e8:20:15:6d:9b:f4:f2:47:a7:61:26:6c:d1:35:00:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jun  5 11:19:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86ef03a0bc8c8e9ed6f8a140822af7e6daa0d16a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3c:87:84:3a:44:24:ed:2a:fa:fd:2a:48:85:
                    ea:0e:bb:3d:93:4e:61:54:ba:f8:6b:14:43:d3:3e:
                    6b:db:ac:f7:c4:5c:2e:67:c3:30:fd:02:dc:4b:82:
                    6e:b6:a8:87:0b:a2:10:f3:ae:72:90:6c:b0:7c:aa:
                    c5:e5:4f:16:13:90:3b:d1:da:83:d8:f3:68:b7:8a:
                    1e:7d:a2:71:04:d6:50:03:cd:4c:60:fe:93:4e:e4:
                    87:30:74:97:6c:b7:80:76:57:68:3b:1d:de:5d:f0:
                    10:02:87:d9:13:bd:4c:85:09:dd:70:93:aa:57:ed:
                    c2:c1:e4:7a:a3:df:e2:99:82:ae:57:49:48:8c:67:
                    c3:a7:65:7c:3f:81:02:83:6a:b6:73:c7:19:48:0b:
                    ff:8b:28:89:15:ea:93:86:73:c1:2b:16:3f:b5:bd:
                    52:05:b4:53:41:b2:08:84:9c:f5:81:7e:2c:86:31:
                    61:ba:68:27:64:da:37:fa:c2:77:b5:68:4a:e5:42:
                    96:85:0b:18:83:07:bd:50:23:a4:93:52:86:fa:3b:
                    07:8a:f2:c1:84:1f:85:1f:aa:2d:4f:5c:a9:ed:27:
                    f2:d6:8d:c8:e6:a3:91:9a:c4:3a:d1:df:e2:e2:c2:
                    8e:1a:8b:03:cd:57:f7:40:7f:b5:da:4d:c9:ea:dc:
                    0b:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:EF:03:A0:BC:8C:8E:9E:D6:F8:A1:40:82:2A:F7:E6:DA:A0:D1:6A
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/hu8DoLyMjp7W-KFAgir35tqg0Wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:a6:96:35:cd:83:96:88:5c:2d:85:53:93:85:71:7d:44:67:
         33:71:b8:fe:d6:43:fd:d8:11:86:d1:2a:71:9a:18:0c:e1:9e:
         ab:28:d2:d7:dd:23:4a:94:85:b1:b9:ce:7f:4d:c8:be:c4:74:
         23:27:5d:b9:84:fa:38:5b:7e:f3:5a:76:3a:f7:e7:70:59:45:
         01:e4:3c:aa:96:4b:9b:ee:17:df:d0:b8:eb:84:59:dc:4c:a1:
         bd:a7:a1:be:15:21:b9:d5:41:34:a3:e5:a1:e2:bb:83:42:f5:
         b6:06:f1:01:ae:d5:af:6c:8e:ce:ac:a2:8c:b1:d2:d2:fb:6e:
         f8:ba:ef:37:09:f4:d4:ba:7a:9d:b1:a6:44:73:1a:df:86:22:
         2e:c4:39:2c:b8:9e:a0:e3:f4:61:12:0f:36:c1:ad:27:01:c3:
         94:4a:a5:57:32:fd:75:fd:83:7e:46:56:f3:b1:70:75:7c:42:
         c9:a0:0b:cd:c1:21:d0:bd:0c:73:30:95:36:f3:ae:64:dd:90:
         e5:16:4a:54:0f:90:e9:c6:94:4f:f1:26:71:06:0c:be:d4:ea:
         6a:3a:b2:78:ca:5a:cd:4f:43:9e:d8:a2:bb:23:83:bb:d9:a4:
         fe:c9:02:af:41:d8:b6:b1:f8:93:6f:04:01:30:7d:3f:b7:ab:
         cb:57:31:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/oIBVtm/TyR6dhJmzRNQAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwNjA1MTExOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmVmMDNhMGJjOGM4ZTllZDZmOGExNDA4MjJhZjdlNmRhYTBkMTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDyHhDpEJO0q+v0qSIXqDrs9k05h
VLr4axRD0z5r26z3xFwuZ8Mw/QLcS4JutqiHC6IQ865ykGywfKrF5U8WE5A70dqD
2PNot4oefaJxBNZQA81MYP6TTuSHMHSXbLeAdldoOx3eXfAQAofZE71MhQndcJOq
V+3CweR6o9/imYKuV0lIjGfDp2V8P4ECg2q2c8cZSAv/iyiJFeqThnPBKxY/tb1S
BbRTQbIIhJz1gX4shjFhumgnZNo3+sJ3tWhK5UKWhQsYgwe9UCOkk1KG+jsHivLB
hB+FH6otT1yp7Sfy1o3I5qORmsQ60d/i4sKOGosDzVf3QH+12k3J6twLcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbvA6C8jI6e1vihQIIq9+baoNFqMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvaHU4RG9MeU1qcDdXLUtGQWdpcjM1dHFnMFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbzeMA0G
CSqGSIb3DQEBCwUAA4IBAQCVppY1zYOWiFwthVOThXF9RGczcbj+1kP92BGG0Spx
mhgM4Z6rKNLX3SNKlIWxuc5/Tci+xHQjJ125hPo4W37zWnY69+dwWUUB5Dyqlkub
7hff0LjrhFncTKG9p6G+FSG51UE0o+Wh4ruDQvW2BvEBrtWvbI7OrKKMsdLS+274
uu83CfTUunqdsaZEcxrfhiIuxDksuJ6g4/RhEg82wa0nAcOUSqVXMv11/YN+Rlbz
sXB1fELJoAvNwSHQvQxzMJU2865k3ZDlFkpUD5DpxpRP8SZxBgy+1OpqOrJ4ylrN
T0Oe2KK7I4O72aT+yQKvQdi2sfiTbwQBMH0/t6vLVzHu
-----END CERTIFICATE-----