Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/RIcAA5Xfoivcq8Vz9CImKaGN2aU.roa
File:                     RIcAA5Xfoivcq8Vz9CImKaGN2aU.roa (raw, json)
Hash identifier:          NIN1YpEA/RrlYCuRWhy8rfOfbEUdcHbjrkeD+PHPD7o=
Subject key identifier:   44:87:00:03:95:DF:A2:2B:DC:AB:C5:73:F4:22:26:29:A1:8D:D9:A5
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       018F76EF9D03F2E1893CD17F16999E8AE68C
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/RIcAA5Xfoivcq8Vz9CImKaGN2aU.roa
Signing time:             Tue 14 May 2024 11:49:25 +0000
ROA not before:           Tue 14 May 2024 11:49:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        5.102.108.0/22 maxlen: 22
                          5.102.124.0/22 maxlen: 22
                          92.114.40.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:ef:9d:03:f2:e1:89:3c:d1:7f:16:99:9e:8a:e6:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: May 14 11:49:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4487000395dfa22bdcabc573f4222629a18dd9a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:5c:f9:cb:51:74:7c:19:44:c8:32:5a:7c:95:
                    ef:e4:d1:a3:bc:7b:a1:a8:1b:2b:ff:6f:1a:60:7f:
                    2b:1a:ae:a5:2f:bb:61:dd:af:65:5b:6c:4e:26:a2:
                    08:e1:2c:87:c0:ce:dc:d1:00:2f:df:44:f5:a4:12:
                    87:96:49:32:cc:ff:5e:34:aa:74:5d:22:47:ff:5a:
                    c8:e5:78:65:00:c9:12:24:ee:3e:8d:a4:73:2e:c5:
                    8e:8d:e9:3a:55:30:5d:7e:f7:ec:73:a2:cd:07:f4:
                    3d:b6:9d:13:7a:e8:65:25:6e:00:2c:d7:8c:59:d0:
                    46:ef:9e:87:3d:c4:d5:c7:3a:d1:50:73:0c:07:c9:
                    ac:59:57:ad:db:e8:ff:94:b1:0a:ba:c5:94:4e:5c:
                    56:9a:6a:9c:fe:24:6a:5a:25:5a:16:fa:1b:e3:27:
                    89:50:7c:3d:d3:f2:af:e6:a7:cf:90:b6:ab:ff:5e:
                    86:36:26:8f:10:ca:a8:6f:60:57:65:d6:ef:17:62:
                    da:1f:01:2b:33:b2:f1:a6:1b:21:d3:cb:e1:ff:b9:
                    54:93:99:a2:ce:58:cf:e8:53:d2:60:91:59:c4:3c:
                    f5:39:2a:4e:c5:26:20:5c:4a:12:8f:bc:4e:2f:9d:
                    48:b5:f1:ae:8b:fa:78:ef:fd:6e:14:57:a0:9a:fc:
                    a6:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:87:00:03:95:DF:A2:2B:DC:AB:C5:73:F4:22:26:29:A1:8D:D9:A5
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/RIcAA5Xfoivcq8Vz9CImKaGN2aU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.108.0/22
                  5.102.124.0/22
                  92.114.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:fd:5a:6e:15:e9:dd:9c:bb:18:3b:4d:60:90:f2:1f:cd:57:
         06:3a:55:5f:d3:3d:77:d0:6f:65:8a:72:b6:d3:37:79:92:e8:
         3d:21:f3:a0:55:11:4b:aa:6f:0a:e7:36:41:86:a2:e3:e6:5a:
         36:20:8b:b5:67:1f:b1:8b:b8:26:7a:50:0c:72:36:6e:e3:66:
         92:71:21:dd:08:53:28:14:69:db:4c:80:8a:f8:6e:25:43:91:
         1b:a6:09:97:1c:e5:b7:61:4a:3e:36:5f:97:56:31:12:ee:84:
         5c:63:9e:af:e2:82:e3:6a:f5:9d:7e:e2:fa:fa:a6:2a:5f:e2:
         57:4c:74:03:b4:b6:1a:bf:13:36:82:d9:63:63:c7:1f:e8:fd:
         9e:94:ab:4a:e1:f5:c7:09:9f:ea:2d:4d:5e:07:a5:e6:a0:17:
         cb:00:af:83:56:9d:2d:12:9c:c7:21:45:12:5a:27:32:e0:ca:
         e0:1b:72:f6:62:74:f0:8c:2f:49:08:61:a3:4b:d2:ea:0b:31:
         43:33:2b:a2:79:61:de:64:50:3f:8a:db:2b:ec:13:c3:4e:b5:
         77:95:7c:20:57:77:55:e5:28:1e:ec:4c:f0:cc:30:38:38:b0:
         0e:a5:33:dc:ca:83:c4:65:2c:dc:b3:26:be:3e:4b:9a:b8:98:
         e2:30:7f:06
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY92750D8uGJPNF/FpmeiuaMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwNTE0MTE0OTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDg3MDAwMzk1ZGZhMjJiZGNhYmM1NzNmNDIyMjYyOWExOGRkOWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlz5y1F0fBlEyDJafJXv5NGjvHuh
qBsr/28aYH8rGq6lL7th3a9lW2xOJqII4SyHwM7c0QAv30T1pBKHlkkyzP9eNKp0
XSJH/1rI5XhlAMkSJO4+jaRzLsWOjek6VTBdfvfsc6LNB/Q9tp0TeuhlJW4ALNeM
WdBG756HPcTVxzrRUHMMB8msWVet2+j/lLEKusWUTlxWmmqc/iRqWiVaFvob4yeJ
UHw90/Kv5qfPkLar/16GNiaPEMqob2BXZdbvF2LaHwErM7Lxphsh08vh/7lUk5mi
zljP6FPSYJFZxDz1OSpOxSYgXEoSj7xOL51ItfGui/p47/1uFFegmvymZwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFESHAAOV36Ir3KvFc/QiJimhjdmlMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvUkljQUE1WGZvaXZjcThWejlDSW1LYUdOMmFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCBWZsAwQC
BWZ8AwQCXHIoMA0GCSqGSIb3DQEBCwUAA4IBAQCa/VpuFendnLsYO01gkPIfzVcG
OlVf0z130G9linK20zd5kug9IfOgVRFLqm8K5zZBhqLj5lo2IIu1Zx+xi7gmelAM
cjZu42aScSHdCFMoFGnbTICK+G4lQ5EbpgmXHOW3YUo+Nl+XVjES7oRcY56v4oLj
avWdfuL6+qYqX+JXTHQDtLYavxM2gtljY8cf6P2elKtK4fXHCZ/qLU1eB6XmoBfL
AK+DVp0tEpzHIUUSWicy4MrgG3L2YnTwjC9JCGGjS9LqCzFDMyuieWHeZFA/itsr
7BPDTrV3lXwgV3dV5Sge7EzwzDA4OLAOpTPcyoPEZSzcsya+PkuauJjiMH8G
-----END CERTIFICATE-----