Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/nk6zo5pWUJfAnV1Z1f083e2m8p4.roa
File:                     nk6zo5pWUJfAnV1Z1f083e2m8p4.roa (raw, json)
Hash identifier:          sRwCQKUSNeyHmNpWuNIhNzZzCGQZl079WXm0Wiemeog=
Subject key identifier:   9E:4E:B3:A3:9A:56:50:97:C0:9D:5D:59:D5:FD:3C:DD:ED:A6:F2:9E
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       018CC5003DB8F8551399B77A933C06C236DB
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/nk6zo5pWUJfAnV1Z1f083e2m8p4.roa
Signing time:             Mon 01 Jan 2024 12:29:36 +0000
ROA not before:           Mon 01 Jan 2024 12:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        5.252.22.0/24 maxlen: 24
                          2a0b:ec82::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 06:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:3d:b8:f8:55:13:99:b7:7a:93:3c:06:c2:36:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Jan  1 12:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e4eb3a39a565097c09d5d59d5fd3cddeda6f29e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1d:f8:e5:7d:f6:9c:92:c7:2c:42:05:3f:ac:
                    5c:1d:cb:7d:da:ec:4d:e4:3f:ce:da:48:d3:31:d7:
                    9e:d6:73:c0:3a:a2:b5:f5:e3:e3:6a:bf:eb:d3:42:
                    ff:a6:58:60:3e:fe:61:09:95:bb:84:71:fd:e2:4a:
                    55:30:4c:07:11:0e:2f:bf:4e:b2:01:be:46:f9:ee:
                    a1:47:47:0f:1e:1f:97:56:98:11:15:52:df:6a:48:
                    fe:98:8a:66:10:04:d7:88:4d:b8:fb:6d:2c:4c:df:
                    64:90:50:af:81:27:82:de:7f:35:9b:fa:a9:8f:41:
                    1e:32:fa:b2:37:7d:ef:86:38:96:d3:05:d4:f9:dd:
                    d9:43:85:76:a1:9b:98:16:be:59:28:f9:d2:b0:b5:
                    d2:32:3c:79:b8:95:ac:d0:59:d8:72:6a:80:ba:c4:
                    49:b2:01:7d:e7:ef:aa:87:f3:4b:31:8c:ef:2c:7f:
                    d1:31:7e:bf:ee:36:76:d9:bd:67:c6:40:3f:e1:1f:
                    63:2a:6e:cf:ac:12:9f:f4:ef:b2:71:c7:c7:59:49:
                    9f:6c:73:ac:a4:62:09:d6:0f:a6:63:f2:21:53:c8:
                    04:65:34:91:27:c5:ae:02:4f:c3:3d:f5:59:1f:ba:
                    ab:1a:08:ca:59:40:83:a3:ec:7e:29:b3:59:dd:01:
                    e8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:4E:B3:A3:9A:56:50:97:C0:9D:5D:59:D5:FD:3C:DD:ED:A6:F2:9E
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/nk6zo5pWUJfAnV1Z1f083e2m8p4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.22.0/24
                IPv6:
                  2a0b:ec82::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:7f:cb:1c:58:df:a8:d4:85:b8:a0:27:e6:4b:d1:79:59:8d:
         82:6e:27:51:31:9d:90:e9:f5:f3:f6:cc:a5:1d:2b:c4:e0:66:
         e9:ce:7c:23:76:c6:9d:b9:6d:47:a9:5b:33:5a:08:d3:b5:0f:
         c2:e5:02:e8:74:f1:bf:d5:68:13:9b:a9:72:d1:69:f5:47:86:
         ab:33:a8:f3:c6:52:10:7f:d9:6e:0e:52:af:d4:61:4b:08:98:
         27:b3:6b:6a:34:d3:49:de:07:b7:87:6c:20:1f:fa:4f:7c:ec:
         f6:e7:54:09:cc:53:5a:c5:6d:16:f4:fa:89:08:8e:18:62:3b:
         83:75:93:7a:42:4f:fd:41:c9:9f:dc:1d:47:3a:14:30:4e:6f:
         f9:b4:89:82:25:2c:c8:1c:53:9f:36:dd:46:2d:eb:6b:a8:b9:
         72:28:85:cd:1c:37:36:2c:c0:67:d2:1e:23:c6:84:5c:00:5c:
         7f:d0:95:ee:a1:70:96:3e:d4:c8:b1:fc:07:f5:c9:b5:ff:28:
         cb:97:78:45:f3:10:b3:68:ae:bf:27:1a:1e:e2:db:c0:3b:96:
         0e:16:95:92:e5:13:17:ed:db:79:1c:61:6d:aa:dc:06:f9:b9:
         ef:83:aa:b7:f9:bc:13:aa:b6:74:c3:50:c3:60:a5:cc:e3:4f:
         f6:96:fd:a4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAD24+FUTmbd6kzwGwjbbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjQwMTAxMTIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTRlYjNhMzlhNTY1MDk3YzA5ZDVkNTlkNWZkM2NkZGVkYTZmMjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR345X32nJLHLEIFP6xcHct92uxN
5D/O2kjTMdee1nPAOqK19ePjar/r00L/plhgPv5hCZW7hHH94kpVMEwHEQ4vv06y
Ab5G+e6hR0cPHh+XVpgRFVLfakj+mIpmEATXiE24+20sTN9kkFCvgSeC3n81m/qp
j0EeMvqyN33vhjiW0wXU+d3ZQ4V2oZuYFr5ZKPnSsLXSMjx5uJWs0FnYcmqAusRJ
sgF95++qh/NLMYzvLH/RMX6/7jZ22b1nxkA/4R9jKm7PrBKf9O+yccfHWUmfbHOs
pGIJ1g+mY/IhU8gEZTSRJ8WuAk/DPfVZH7qrGgjKWUCDo+x+KbNZ3QHofwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ5Os6OaVlCXwJ1dWdX9PN3tpvKeMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvbms2em81cFdVSmZBblYxWjFmMDgzZTJtOHA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABfwWMA0E
AgACMAcDBQAqC+yCMA0GCSqGSIb3DQEBCwUAA4IBAQAif8scWN+o1IW4oCfmS9F5
WY2CbidRMZ2Q6fXz9sylHSvE4GbpznwjdsaduW1HqVszWgjTtQ/C5QLodPG/1WgT
m6ly0Wn1R4arM6jzxlIQf9luDlKv1GFLCJgns2tqNNNJ3ge3h2wgH/pPfOz251QJ
zFNaxW0W9PqJCI4YYjuDdZN6Qk/9Qcmf3B1HOhQwTm/5tImCJSzIHFOfNt1GLetr
qLlyKIXNHDc2LMBn0h4jxoRcAFx/0JXuoXCWPtTIsfwH9cm1/yjLl3hF8xCzaK6/
Jxoe4tvAO5YOFpWS5RMX7dt5HGFtqtwG+bnvg6q3+bwTqrZ0w1DDYKXM40/2lv2k
-----END CERTIFICATE-----