Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/43lFo1qtDO-gITCoJRc81Kkz4Mo.roa
File:                     43lFo1qtDO-gITCoJRc81Kkz4Mo.roa (raw, json)
Hash identifier:          zDJKVmpwJs2HYWMU00KWKX6mwewB6kEQq4rcPohhbo8=
Subject key identifier:   E3:79:45:A3:5A:AD:0C:EF:A0:21:30:A8:25:17:3C:D4:A9:33:E0:CA
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       018E31A38AAB8021F22FAA5EAC027D9A00DA
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/43lFo1qtDO-gITCoJRc81Kkz4Mo.roa
Signing time:             Tue 12 Mar 2024 07:49:45 +0000
ROA not before:           Tue 12 Mar 2024 07:49:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29802
IP address blocks:        5.102.104.0/22 maxlen: 24
                          31.186.180.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 10:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:31:a3:8a:ab:80:21:f2:2f:aa:5e:ac:02:7d:9a:00:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Mar 12 07:49:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e37945a35aad0cefa02130a825173cd4a933e0ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:42:5c:10:c1:04:f8:ca:f2:f3:3c:cf:67:86:
                    f3:61:e5:60:fb:05:21:af:29:6c:c7:7d:8b:fe:51:
                    f3:c2:0b:ea:69:1d:98:05:4f:63:db:48:47:8f:52:
                    ad:98:a8:bb:c5:7f:98:ce:ef:ce:e7:58:ab:ef:9a:
                    71:86:5e:a4:18:81:c6:e2:02:04:7b:73:80:14:c9:
                    24:67:d1:51:e3:87:37:19:66:47:2a:89:d0:07:52:
                    11:57:5a:91:6a:81:e1:fd:d2:2b:8d:71:25:c8:f6:
                    95:a5:55:21:a8:7e:48:90:5b:28:8c:04:c6:1d:c6:
                    b5:e6:09:d3:40:bd:62:c0:c6:d4:19:d0:70:8b:83:
                    c9:f9:35:cf:29:5a:de:d6:f2:6b:fc:78:85:e0:ae:
                    bf:9e:cb:97:a0:1d:10:45:df:ea:73:58:6a:7e:00:
                    20:26:ee:46:93:fc:8c:99:04:dd:5e:2d:f3:69:33:
                    1b:90:d0:98:0c:77:2c:2d:bc:2c:ee:53:9e:1f:87:
                    95:06:eb:17:d9:e2:35:32:d7:91:1a:40:de:87:c5:
                    b4:fb:bf:cd:66:35:c7:1a:4b:d8:cd:da:89:53:82:
                    94:11:23:b8:a4:b0:e4:f5:88:f3:80:9a:b3:1e:74:
                    7c:b4:8b:b6:18:c5:fb:cd:d9:ff:4e:4c:b9:f6:ba:
                    69:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:79:45:A3:5A:AD:0C:EF:A0:21:30:A8:25:17:3C:D4:A9:33:E0:CA
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/43lFo1qtDO-gITCoJRc81Kkz4Mo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.104.0/22
                  31.186.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:f1:61:40:81:38:ab:39:f5:98:5e:af:25:f7:18:12:43:5c:
         0b:b2:89:98:b0:15:35:4c:c3:31:21:55:3e:37:01:a5:9c:e3:
         24:60:5c:48:69:4d:f6:e3:de:ec:88:46:9a:58:90:c5:f7:4e:
         1d:ee:fd:f2:86:8d:97:51:6b:48:19:4a:9e:30:23:fd:fc:46:
         0e:97:ce:eb:43:18:28:ac:70:02:75:44:d4:a7:31:4d:51:72:
         30:aa:15:5e:74:5e:b5:f6:cc:67:8f:5f:85:de:a3:2d:e3:15:
         42:88:bf:50:82:e7:aa:d7:0a:05:6d:2f:a5:aa:3b:f1:4a:cd:
         73:fa:3c:ca:b4:c8:ee:ea:50:dd:2f:99:cb:ca:c8:fe:54:94:
         d1:73:83:53:a0:e9:b4:ac:aa:58:de:55:f4:3c:76:65:06:da:
         2e:bd:39:4a:fb:2e:c2:7a:55:d8:90:8d:55:51:03:ea:65:90:
         42:28:06:3e:06:35:76:12:fd:08:47:ac:a8:60:4d:52:f2:f3:
         a5:66:09:e5:fd:df:fe:c6:0d:26:c6:d1:16:a9:b6:1f:22:7e:
         6f:43:6b:55:14:85:d2:e4:c8:f9:24:94:86:a0:6e:4d:38:3a:
         55:13:d5:e0:92:52:6e:32:0c:f6:ff:d6:14:13:de:c3:a7:fa:
         1e:f9:09:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4xo4qrgCHyL6perAJ9mgDaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwMzEyMDc0OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzc5NDVhMzVhYWQwY2VmYTAyMTMwYTgyNTE3M2NkNGE5MzNlMGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0JcEMEE+Mry8zzPZ4bzYeVg+wUh
rylsx32L/lHzwgvqaR2YBU9j20hHj1KtmKi7xX+Yzu/O51ir75pxhl6kGIHG4gIE
e3OAFMkkZ9FR44c3GWZHKonQB1IRV1qRaoHh/dIrjXElyPaVpVUhqH5IkFsojATG
Hca15gnTQL1iwMbUGdBwi4PJ+TXPKVre1vJr/HiF4K6/nsuXoB0QRd/qc1hqfgAg
Ju5Gk/yMmQTdXi3zaTMbkNCYDHcsLbws7lOeH4eVBusX2eI1MteRGkDeh8W0+7/N
ZjXHGkvYzdqJU4KUESO4pLDk9YjzgJqzHnR8tIu2GMX7zdn/Tky59rppTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFON5RaNarQzvoCEwqCUXPNSpM+DKMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvNDNsRm8xcXRETy1nSVRDb0pSYzgxS2t6NE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBWZoAwQC
H7q0MA0GCSqGSIb3DQEBCwUAA4IBAQCf8WFAgTirOfWYXq8l9xgSQ1wLsomYsBU1
TMMxIVU+NwGlnOMkYFxIaU32497siEaaWJDF904d7v3yho2XUWtIGUqeMCP9/EYO
l87rQxgorHACdUTUpzFNUXIwqhVedF619sxnj1+F3qMt4xVCiL9Qgueq1woFbS+l
qjvxSs1z+jzKtMju6lDdL5nLysj+VJTRc4NToOm0rKpY3lX0PHZlBtouvTlK+y7C
elXYkI1VUQPqZZBCKAY+BjV2Ev0IR6yoYE1S8vOlZgnl/d/+xg0mxtEWqbYfIn5v
Q2tVFIXS5Mj5JJSGoG5NODpVE9XgklJuMgz2/9YUE97Dp/oe+Qnc
-----END CERTIFICATE-----