Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/3uppj4eEBkUJyl1z0samOxrIm7Q.roa
File:                     3uppj4eEBkUJyl1z0samOxrIm7Q.roa (raw, json)
Hash identifier:          o1QhOBlTtHSZ8/jbbEPJ5UQ7Px1FQTjH8WcRtVFHOZg=
Subject key identifier:   DE:EA:69:8F:87:84:06:45:09:CA:5D:73:D2:C6:A6:3B:1A:C8:9B:B4
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       018F24C56429085545921DB817EDD0DF9246
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/3uppj4eEBkUJyl1z0samOxrIm7Q.roa
Signing time:             Sun 28 Apr 2024 12:54:27 +0000
ROA not before:           Sun 28 Apr 2024 12:54:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202662
IP address blocks:        5.102.96.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:24:c5:64:29:08:55:45:92:1d:b8:17:ed:d0:df:92:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Apr 28 12:54:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=deea698f8784064509ca5d73d2c6a63b1ac89bb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:56:46:4e:85:91:96:bc:c7:b9:10:b7:df:6b:
                    c2:f2:44:c6:fb:50:ce:f1:76:ee:a6:5b:20:c4:10:
                    33:82:0a:4f:06:90:3b:76:cf:e9:d8:62:cc:eb:dc:
                    88:cc:93:c4:9e:93:a0:56:03:73:11:fb:f6:a7:72:
                    c2:76:43:7e:ac:65:1a:fe:9a:7d:a8:58:d4:42:f9:
                    69:0c:52:0a:94:f7:d6:47:f2:f8:7a:96:61:ff:96:
                    92:43:0a:e6:e8:69:e5:ba:0a:c3:1a:29:43:f9:97:
                    b2:70:fb:3a:fa:bc:3a:7f:4d:2a:c5:3c:5e:0e:ca:
                    b3:7e:8d:aa:87:7d:2a:1a:2e:54:7f:09:8b:c4:52:
                    af:18:e6:58:c7:db:55:a2:51:5a:02:68:13:e3:1c:
                    a6:db:cd:a0:f0:31:5d:8a:d0:49:7a:a2:67:73:e9:
                    a3:44:22:19:42:ea:fc:8b:0f:67:13:ec:72:e4:e1:
                    91:23:62:ca:0f:23:ee:24:a7:5d:26:80:b5:3a:3d:
                    a7:1f:10:96:45:46:d0:79:f5:49:0e:f3:de:17:60:
                    12:da:25:78:15:62:80:ab:3a:ce:5d:56:db:0f:80:
                    0e:87:a5:3a:90:8f:5e:74:85:97:b9:bf:82:28:d6:
                    6d:6f:ee:ee:0d:7f:f2:f7:0d:e6:f2:e7:1a:6b:e8:
                    71:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:EA:69:8F:87:84:06:45:09:CA:5D:73:D2:C6:A6:3B:1A:C8:9B:B4
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/3uppj4eEBkUJyl1z0samOxrIm7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:80:ac:95:c1:3d:01:3f:f7:d8:0f:6e:5c:24:4e:b9:40:d5:
         09:2b:12:b7:99:98:f1:4b:b0:a1:56:59:f5:02:44:e7:5c:b8:
         e0:b4:c0:58:18:92:2c:65:39:a0:e4:bf:91:46:cc:6a:ef:20:
         89:4c:82:cb:6d:fe:78:df:f1:2f:df:cc:85:57:f7:e3:18:57:
         da:6d:c8:10:73:3d:9e:15:21:76:6a:48:a8:f0:08:d5:bd:c9:
         cc:7d:7d:59:de:7b:5a:4f:10:8a:32:9a:80:1b:a7:31:34:4c:
         4e:5f:c9:0f:48:71:88:99:f9:35:76:ac:f2:3e:2a:74:5a:30:
         d6:7a:2c:4b:d5:96:d3:19:20:8b:81:9f:8a:5f:2d:04:4b:d4:
         eb:f0:60:6b:cf:0d:4b:53:47:98:06:20:20:ce:63:50:b1:04:
         06:3a:91:99:0e:76:b0:d7:2a:a0:1c:f3:0f:c4:0a:cf:31:f2:
         69:35:01:9d:18:78:76:dd:20:37:66:f7:61:7b:d3:9f:99:8b:
         5a:ea:a2:1e:ec:2e:5d:5a:a1:a9:99:fd:08:95:db:33:a6:8a:
         ab:b3:27:a2:fa:62:f7:43:56:3c:7e:a6:7f:0d:a8:c3:4e:67:
         4e:d5:4c:76:0c:94:b0:2b:20:5a:86:ff:5c:1c:46:bc:27:7e:
         a0:0a:e5:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8kxWQpCFVFkh24F+3Q35JGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwNDI4MTI1NDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWVhNjk4Zjg3ODQwNjQ1MDljYTVkNzNkMmM2YTYzYjFhYzg5YmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0lZGToWRlrzHuRC332vC8kTG+1DO
8XbuplsgxBAzggpPBpA7ds/p2GLM69yIzJPEnpOgVgNzEfv2p3LCdkN+rGUa/pp9
qFjUQvlpDFIKlPfWR/L4epZh/5aSQwrm6GnlugrDGilD+ZeycPs6+rw6f00qxTxe
Dsqzfo2qh30qGi5UfwmLxFKvGOZYx9tVolFaAmgT4xym282g8DFditBJeqJnc+mj
RCIZQur8iw9nE+xy5OGRI2LKDyPuJKddJoC1Oj2nHxCWRUbQefVJDvPeF2AS2iV4
FWKAqzrOXVbbD4AOh6U6kI9edIWXub+CKNZtb+7uDX/y9w3m8ucaa+hx6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7qaY+HhAZFCcpdc9LGpjsayJu0MB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvM3VwcGo0ZUVCa1VKeWwxejBzYW1PeHJJbTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZgMA0G
CSqGSIb3DQEBCwUAA4IBAQB/gKyVwT0BP/fYD25cJE65QNUJKxK3mZjxS7ChVln1
AkTnXLjgtMBYGJIsZTmg5L+RRsxq7yCJTILLbf543/Ev38yFV/fjGFfabcgQcz2e
FSF2akio8AjVvcnMfX1Z3ntaTxCKMpqAG6cxNExOX8kPSHGImfk1dqzyPip0WjDW
eixL1ZbTGSCLgZ+KXy0ES9Tr8GBrzw1LU0eYBiAgzmNQsQQGOpGZDnaw1yqgHPMP
xArPMfJpNQGdGHh23SA3Zvdhe9OfmYta6qIe7C5dWqGpmf0Ildszpoqrsyei+mL3
Q1Y8fqZ/DajDTmdO1Ux2DJSwKyBahv9cHEa8J36gCuUq
-----END CERTIFICATE-----