Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/jSlcelaaiNdziciY81pjMJO2UfQ.roa
File:                     jSlcelaaiNdziciY81pjMJO2UfQ.roa (raw, json)
Hash identifier:          5eKAIt++PubRzoXs7SQBOuLUYY9HKhrrLKgBkdkGVZA=
Subject key identifier:   8D:29:5C:7A:56:9A:88:D7:73:89:C8:98:F3:5A:63:30:93:B6:51:F4
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       018CC5DCE354379C2CFAC8A5D7DAECA99808
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/jSlcelaaiNdziciY81pjMJO2UfQ.roa
Signing time:             Mon 01 Jan 2024 16:30:36 +0000
ROA not before:           Mon 01 Jan 2024 16:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22781
IP address blocks:        5.102.112.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:e3:54:37:9c:2c:fa:c8:a5:d7:da:ec:a9:98:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  1 16:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d295c7a569a88d77389c898f35a633093b651f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:62:97:a8:1f:64:0e:f1:81:aa:35:05:d8:35:
                    06:ab:92:21:c7:22:d7:2c:93:3b:d2:60:bf:e4:f1:
                    31:2c:68:d5:08:19:1f:5d:51:8f:6a:7b:52:2d:00:
                    72:0a:7e:6c:32:eb:fc:3f:3c:4f:f7:9d:11:5f:e5:
                    3d:c9:95:d2:19:da:24:dd:af:13:cc:bc:d7:e9:d3:
                    a7:49:73:d6:02:23:c0:4c:b0:ae:9a:e7:c3:c0:a3:
                    28:15:a1:7b:f1:80:10:43:7e:4c:78:f5:20:a7:45:
                    38:14:5e:2a:6e:45:6c:9c:58:10:ca:c8:6c:0a:19:
                    90:5a:ba:cb:a3:45:0c:3b:46:fd:b1:a7:ae:ac:b3:
                    56:6e:d5:c0:46:cd:32:4b:63:d9:e9:ad:06:63:59:
                    8c:8d:ca:a5:70:3e:7f:8f:c0:68:20:65:a8:60:98:
                    30:c4:b0:f2:47:7b:30:ed:1a:3b:b2:68:aa:66:61:
                    4f:a5:9e:0f:86:a3:4c:06:c2:e9:77:6a:fc:20:16:
                    2a:5d:15:fc:3f:09:b9:8e:52:80:1c:b9:11:8e:9b:
                    fc:d5:9a:0f:4c:37:29:80:3f:fb:95:91:8e:97:53:
                    b2:6f:1e:a8:cc:95:19:ea:fe:8a:6a:85:e8:eb:74:
                    e8:61:76:5e:02:ee:75:97:e5:00:77:e9:3c:24:12:
                    42:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:29:5C:7A:56:9A:88:D7:73:89:C8:98:F3:5A:63:30:93:B6:51:F4
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/jSlcelaaiNdziciY81pjMJO2UfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:71:6a:c5:8d:2a:e5:02:ac:a7:79:03:f7:68:c6:5e:e7:17:
         b9:2f:c2:d8:90:93:f4:b5:0a:fd:91:e3:a5:8c:94:bb:7a:20:
         51:25:2f:c4:b6:3f:55:29:21:52:2a:26:c5:f9:65:8e:6a:e4:
         c7:98:eb:35:eb:c5:81:2e:57:f9:00:62:38:08:1e:d1:f3:05:
         8e:f6:87:1b:55:91:50:5f:15:c5:fc:67:4e:19:bd:a0:57:88:
         b1:b7:55:98:81:74:87:c6:f1:24:ee:10:fa:df:83:27:93:14:
         a5:36:1e:2e:47:9c:83:79:f8:52:44:fe:52:8b:cf:7f:5a:04:
         18:b1:74:f7:81:0e:5c:83:4b:ea:b5:7f:d5:e6:02:66:17:a9:
         db:62:44:94:3b:1d:6f:6d:7a:25:10:f7:07:32:dd:db:49:7b:
         0b:6f:61:02:40:f4:6e:bb:4f:f0:2e:09:65:80:df:7a:06:48:
         65:97:10:79:b9:18:8b:39:af:1d:5a:ad:73:e5:5f:3c:50:7b:
         af:8a:91:c1:f4:ea:25:a2:08:df:55:db:f5:4f:b6:6a:94:a4:
         89:21:7b:b4:38:bb:4a:eb:f4:6e:46:d3:f3:cf:e4:1e:76:bd:
         f9:53:9f:e4:f1:66:36:6f:bc:5d:42:11:fd:00:d7:18:3c:5f:
         d1:5d:28:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3ONUN5ws+sil19rsqZgIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwMTAxMTYzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDI5NWM3YTU2OWE4OGQ3NzM4OWM4OThmMzVhNjMzMDkzYjY1MWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GKXqB9kDvGBqjUF2DUGq5IhxyLX
LJM70mC/5PExLGjVCBkfXVGPantSLQByCn5sMuv8PzxP950RX+U9yZXSGdok3a8T
zLzX6dOnSXPWAiPATLCumufDwKMoFaF78YAQQ35MePUgp0U4FF4qbkVsnFgQyshs
ChmQWrrLo0UMO0b9saeurLNWbtXARs0yS2PZ6a0GY1mMjcqlcD5/j8BoIGWoYJgw
xLDyR3sw7Ro7smiqZmFPpZ4PhqNMBsLpd2r8IBYqXRX8Pwm5jlKAHLkRjpv81ZoP
TDcpgD/7lZGOl1Oybx6ozJUZ6v6KaoXo63ToYXZeAu51l+UAd+k8JBJCEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0pXHpWmojXc4nImPNaYzCTtlH0MB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvalNsY2VsYWFpTmR6aWNpWTgxcGpNSk8yVWZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZwMA0G
CSqGSIb3DQEBCwUAA4IBAQBEcWrFjSrlAqyneQP3aMZe5xe5L8LYkJP0tQr9keOl
jJS7eiBRJS/Etj9VKSFSKibF+WWOauTHmOs168WBLlf5AGI4CB7R8wWO9ocbVZFQ
XxXF/GdOGb2gV4ixt1WYgXSHxvEk7hD634MnkxSlNh4uR5yDefhSRP5Si89/WgQY
sXT3gQ5cg0vqtX/V5gJmF6nbYkSUOx1vbXolEPcHMt3bSXsLb2ECQPRuu0/wLgll
gN96BkhllxB5uRiLOa8dWq1z5V88UHuvipHB9OologjfVdv1T7ZqlKSJIXu0OLtK
6/RuRtPzz+Qedr35U5/k8WY2b7xdQhH9ANcYPF/RXSgm
-----END CERTIFICATE-----