Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/pofQTCd4QsyPiD8FzNaae7G5FVM.roa
File:                     pofQTCd4QsyPiD8FzNaae7G5FVM.roa (raw, json)
Hash identifier:          7hMsNV5NjsANoxAqGA0JUWLvCD0+WLV52TM6+c0YiEM=
Subject key identifier:   A6:87:D0:4C:27:78:42:CC:8F:88:3F:05:CC:D6:9A:7B:B1:B9:15:53
Certificate issuer:       /CN=5e8d07b45f7d83124c9f8c0fac03bec02468b37e
Certificate serial:       018CC86EFEED97516A7ED7B2522143AEBD77
Authority key identifier: 5E:8D:07:B4:5F:7D:83:12:4C:9F:8C:0F:AC:03:BE:C0:24:68:B3:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/pofQTCd4QsyPiD8FzNaae7G5FVM.roa
Signing time:             Tue 02 Jan 2024 04:29:26 +0000
ROA not before:           Tue 02 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        5.57.80.0/22 maxlen: 22
                          2001:7f8:17::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 07:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fe:ed:97:51:6a:7e:d7:b2:52:21:43:ae:bd:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e8d07b45f7d83124c9f8c0fac03bec02468b37e
        Validity
            Not Before: Jan  2 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a687d04c277842cc8f883f05ccd69a7bb1b91553
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7c:f9:5a:78:eb:84:29:32:4f:fa:30:2c:fa:
                    2b:18:c7:5b:13:0b:c8:c4:67:bf:fd:8e:29:0f:a5:
                    d1:3b:c5:b0:c4:b4:84:74:fa:17:13:75:03:16:ff:
                    84:6c:93:a7:f9:3f:48:bf:ae:4a:20:43:f7:8a:30:
                    0f:00:62:30:26:e4:50:66:e1:93:11:1d:e0:c4:7c:
                    1e:c3:c4:42:06:73:f2:06:f0:ea:be:ad:6b:fc:b5:
                    96:e4:58:b3:73:85:7c:26:5f:cd:b3:d8:da:94:b5:
                    7b:b3:e7:58:38:bc:07:09:66:f1:a0:8d:23:80:d0:
                    fb:f1:d6:ff:19:d9:af:14:4a:58:04:5d:3e:cb:10:
                    1a:64:ab:e5:65:f4:aa:d4:67:f9:24:28:72:e8:82:
                    ee:7e:24:0a:5a:92:84:fb:13:8d:21:92:04:ec:18:
                    21:01:6f:8c:df:98:b4:77:2b:9a:d0:95:f9:b3:f6:
                    07:a0:b0:35:e9:5d:cc:cf:3b:03:5b:0f:e4:4e:9b:
                    7f:58:52:ca:4b:71:c4:9f:26:77:44:dc:cb:1c:32:
                    d5:27:1a:cf:85:1d:a3:b5:81:bb:47:29:c8:da:29:
                    59:32:18:10:c6:0d:cd:f9:16:2f:d3:bb:01:e9:df:
                    39:2d:7a:22:ac:9a:64:86:e9:dc:f6:ed:06:e2:39:
                    13:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:87:D0:4C:27:78:42:CC:8F:88:3F:05:CC:D6:9A:7B:B1:B9:15:53
            X509v3 Authority Key Identifier:
                keyid:5E:8D:07:B4:5F:7D:83:12:4C:9F:8C:0F:AC:03:BE:C0:24:68:B3:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/pofQTCd4QsyPiD8FzNaae7G5FVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.80.0/22
                IPv6:
                  2001:7f8:17::/64

    Signature Algorithm: sha256WithRSAEncryption
         89:6f:14:72:89:47:cc:17:b6:35:e8:34:9d:d3:82:08:49:39:
         2b:55:17:7b:82:45:61:7e:5d:33:9f:89:3c:31:1b:bd:7f:70:
         85:de:51:29:81:30:1a:0c:87:92:8f:a0:bf:10:c8:56:55:05:
         2f:f7:7c:47:7c:83:04:8e:ac:c8:f0:d9:80:5e:ae:ea:28:fa:
         97:ef:d6:64:1d:06:bf:df:5e:d4:aa:c9:af:70:20:16:6b:ee:
         35:3c:92:f1:e4:d6:0f:77:db:f0:cf:54:e9:fe:13:2e:2f:68:
         b4:5f:f9:74:c2:58:42:91:32:3e:49:ba:a4:30:e6:2b:c3:fd:
         d5:01:1a:ad:be:59:cf:17:fa:c3:2b:97:c7:ce:2c:e4:47:0d:
         25:8c:eb:c7:4a:8e:7e:9f:84:83:0c:40:e7:f1:2a:84:65:35:
         5e:2f:22:6c:ec:c9:4b:55:47:bd:a6:e5:c2:2b:66:cf:a7:cd:
         b7:c8:8d:b6:8d:94:1e:c9:90:84:0e:d8:27:97:e6:4d:98:b3:
         91:28:a5:eb:36:9b:ae:e7:f3:e9:23:47:f2:ce:26:6f:4a:0b:
         83:fb:37:a4:15:d3:93:f9:25:5a:65:e4:88:87:bc:e3:c9:0e:
         80:b3:2c:54:00:4e:6f:51:d5:5e:b6:51:5a:91:d5:10:c1:19:
         ee:0c:1e:5f
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYzIbv7tl1FqfteyUiFDrr13MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlOGQwN2I0NWY3ZDgzMTI0YzlmOGMwZmFjMDNiZWMwMjQ2
OGIzN2UwHhcNMjQwMTAyMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjg3ZDA0YzI3Nzg0MmNjOGY4ODNmMDVjY2Q2OWE3YmIxYjkxNTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnz5WnjrhCkyT/owLPorGMdbEwvI
xGe//Y4pD6XRO8WwxLSEdPoXE3UDFv+EbJOn+T9Iv65KIEP3ijAPAGIwJuRQZuGT
ER3gxHwew8RCBnPyBvDqvq1r/LWW5Fizc4V8Jl/Ns9jalLV7s+dYOLwHCWbxoI0j
gND78db/GdmvFEpYBF0+yxAaZKvlZfSq1Gf5JChy6ILufiQKWpKE+xONIZIE7Bgh
AW+M35i0dyua0JX5s/YHoLA16V3MzzsDWw/kTpt/WFLKS3HEnyZ3RNzLHDLVJxrP
hR2jtYG7RynI2ilZMhgQxg3N+RYv07sB6d85LXoirJpkhunc9u0G4jkTxQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFKaH0EwneELMj4g/BczWmnuxuRVTMB8GA1UdIwQY
MBaAFF6NB7RffYMSTJ+MD6wDvsAkaLN+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG8wSHRGOTlneEpNbjR3UHJBTy13Q1JvczM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9hMTY4ZTktZDA3MC00NGUwLTk0YTQt
NmM4ZmQ4NGJiNWY1LzEvcG9mUVRDZDRRc3lQaUQ4RnpOYWFlN0c1RlZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9hMTY4ZTktZDA3MC00NGUwLTk0YTQtNmM4ZmQ4NGJiNWY1
LzEvWG8wSHRGOTlneEpNbjR3UHJBTy13Q1JvczM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAMBAIAATAGAwQCBTlQMBEE
AgACMAsDCQAgAQf4ABcAADANBgkqhkiG9w0BAQsFAAOCAQEAiW8UcolHzBe2Neg0
ndOCCEk5K1UXe4JFYX5dM5+JPDEbvX9whd5RKYEwGgyHko+gvxDIVlUFL/d8R3yD
BI6syPDZgF6u6ij6l+/WZB0Gv99e1KrJr3AgFmvuNTyS8eTWD3fb8M9U6f4TLi9o
tF/5dMJYQpEyPkm6pDDmK8P91QEarb5Zzxf6wyuXx84s5EcNJYzrx0qOfp+EgwxA
5/EqhGU1Xi8ibOzJS1VHvablwitmz6fNt8iNto2UHsmQhA7YJ5fmTZizkSil6zab
rufz6SNH8s4mb0oLg/s3pBXTk/klWmXkiIe848kOgLMsVABOb1HVXrZRWpHVEMEZ
7gweXw==
-----END CERTIFICATE-----