Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/vXUV-_6P8yWh0dqaOcBAg9_W_sc.roa
File:                     vXUV-_6P8yWh0dqaOcBAg9_W_sc.roa (raw, json)
Hash identifier:          gZ6dtYBuOJwPb5VFkNqbrAqOXYW39m+W2Fzc7PcyYY8=
Subject key identifier:   BD:75:15:FB:FE:8F:F3:25:A1:D1:DA:9A:39:C0:40:83:DF:D6:FE:C7
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B818F1A4FF63C8AACF496C156D5B2
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/vXUV-_6P8yWh0dqaOcBAg9_W_sc.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29007
IP address blocks:        5.226.128.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:81:8f:1a:4f:f6:3c:8a:ac:f4:96:c1:56:d5:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd7515fbfe8ff325a1d1da9a39c04083dfd6fec7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:51:b5:3b:3e:80:7a:8e:0d:d2:ed:83:27:30:
                    e1:c9:50:e2:7d:63:3d:11:33:e6:60:e0:f3:a1:9b:
                    53:6b:95:3e:69:43:ac:3b:10:4b:50:b3:2f:de:81:
                    3d:a0:3f:57:02:69:d5:5f:b2:f3:ba:33:d6:35:6c:
                    41:da:7f:39:04:68:94:cd:ac:86:50:d5:8c:1c:24:
                    c0:99:ec:c0:80:35:7b:e5:a5:ac:71:df:a9:b4:36:
                    ad:36:09:19:71:cc:7e:2f:df:f0:9b:c1:8b:51:b4:
                    01:76:f5:cd:92:e5:66:95:dd:4e:f1:3e:e1:21:f4:
                    0a:17:e3:6f:7c:cb:56:11:4e:a3:98:e7:21:16:57:
                    40:eb:6c:bf:62:c3:26:4f:da:f2:7b:a0:42:f7:df:
                    f9:3c:3c:a3:24:5e:55:6c:b8:f1:db:8e:cc:f1:a7:
                    a4:c7:17:34:a8:d2:25:b5:b3:da:dc:d8:98:43:80:
                    a6:63:29:1d:6e:54:b5:f0:3f:ed:2d:d0:c8:61:1b:
                    f0:56:2a:67:ed:16:5d:88:54:5b:e0:42:f8:e6:09:
                    2c:6f:79:17:bc:43:15:1a:bc:df:e5:df:c4:69:e0:
                    1a:76:c8:42:b6:40:ed:5d:5b:45:b1:65:5f:cb:ea:
                    ac:74:ff:0c:f7:e4:8e:99:e8:cd:a7:02:d6:5c:27:
                    01:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:75:15:FB:FE:8F:F3:25:A1:D1:DA:9A:39:C0:40:83:DF:D6:FE:C7
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/vXUV-_6P8yWh0dqaOcBAg9_W_sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:c4:33:ab:5e:0b:46:9e:2c:ad:dd:5d:5e:aa:d4:0e:e2:2a:
         0f:a2:27:01:0e:4d:c9:5f:be:cf:23:fd:87:3d:5e:72:cc:f2:
         be:12:5f:73:79:56:59:14:3d:9a:15:c1:e7:b0:8b:33:f7:4f:
         84:e3:10:db:d3:3c:06:92:04:d2:12:67:da:04:35:64:b8:93:
         80:a6:5d:98:f6:f6:b6:b0:4c:29:84:28:9c:eb:10:01:59:6a:
         68:fb:6a:fa:ef:d6:02:e6:f9:50:68:7d:30:7a:15:77:c2:e1:
         1e:b9:3d:90:d1:67:0a:d1:d8:42:ef:12:b6:77:7e:b8:8b:d0:
         96:b0:ce:d7:cf:b7:15:0b:4c:05:11:36:81:04:41:ab:4d:e1:
         ee:a6:61:a3:74:a7:fc:12:95:3f:e2:fb:f6:5c:8b:f0:65:84:
         22:01:8b:8a:f9:65:e3:be:55:f9:db:76:9b:3e:8d:19:ec:49:
         36:29:6a:ba:dd:62:8f:49:69:a2:03:b7:b3:87:f5:8c:fe:c0:
         08:37:2f:f7:ed:65:67:f7:d9:a1:f7:16:eb:a9:52:8d:66:26:
         6c:13:be:6f:9d:92:48:1f:0a:76:48:2c:0f:85:6d:a4:52:28:
         b8:29:45:88:14:30:8d:90:6a:3e:b3:45:7f:fb:80:19:c0:c8:
         13:2d:15:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4GPGk/2PIqs9JbBVtWyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDc1MTVmYmZlOGZmMzI1YTFkMWRhOWEzOWMwNDA4M2RmZDZmZWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlG1Oz6Aeo4N0u2DJzDhyVDifWM9
ETPmYODzoZtTa5U+aUOsOxBLULMv3oE9oD9XAmnVX7LzujPWNWxB2n85BGiUzayG
UNWMHCTAmezAgDV75aWscd+ptDatNgkZccx+L9/wm8GLUbQBdvXNkuVmld1O8T7h
IfQKF+NvfMtWEU6jmOchFldA62y/YsMmT9rye6BC99/5PDyjJF5VbLjx247M8aek
xxc0qNIltbPa3NiYQ4CmYykdblS18D/tLdDIYRvwVipn7RZdiFRb4EL45gksb3kX
vEMVGrzf5d/EaeAadshCtkDtXVtFsWVfy+qsdP8M9+SOmejNpwLWXCcBmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL11Ffv+j/MlodHamjnAQIPf1v7HMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvdlhVVi1fNlA4eVdoMGRxYU9jQkFnOV9XX3NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBeKAMA0G
CSqGSIb3DQEBCwUAA4IBAQBZxDOrXgtGniyt3V1eqtQO4ioPoicBDk3JX77PI/2H
PV5yzPK+El9zeVZZFD2aFcHnsIsz90+E4xDb0zwGkgTSEmfaBDVkuJOApl2Y9va2
sEwphCic6xABWWpo+2r679YC5vlQaH0wehV3wuEeuT2Q0WcK0dhC7xK2d364i9CW
sM7Xz7cVC0wFETaBBEGrTeHupmGjdKf8EpU/4vv2XIvwZYQiAYuK+WXjvlX523ab
Po0Z7Ek2KWq63WKPSWmiA7ezh/WM/sAINy/37WVn99mh9xbrqVKNZiZsE75vnZJI
Hwp2SCwPhW2kUii4KUWIFDCNkGo+s0V/+4AZwMgTLRWX
-----END CERTIFICATE-----