Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/0F-Owcm4cu82isppA8XfnuEc0eA.roa
File:                     0F-Owcm4cu82isppA8XfnuEc0eA.roa (raw, json)
Hash identifier:          ouByKT3e5pfDdfXjJwWwyREa5mhwzaRZkMaEb8/V4l8=
Subject key identifier:   D0:5F:8E:C1:C9:B8:72:EF:36:8A:CA:69:03:C5:DF:9E:E1:1C:D1:E0
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E07FAD207A82230CA87F8EF6630FF
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/0F-Owcm4cu82isppA8XfnuEc0eA.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49453
IP address blocks:        5.188.87.0/24 maxlen: 24
                          5.188.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:07:fa:d2:07:a8:22:30:ca:87:f8:ef:66:30:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d05f8ec1c9b872ef368aca6903c5df9ee11cd1e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:24:5d:15:c8:52:de:d9:4c:d8:c4:ba:fa:cd:
                    e2:a9:1c:01:a4:8d:69:57:2a:9f:5e:44:3a:be:c9:
                    1f:6b:70:dc:e3:45:ea:7d:ef:5f:61:a6:61:a5:55:
                    fa:68:55:dc:a5:5a:96:f4:9e:58:bb:1f:ff:16:f0:
                    c0:8e:9c:70:96:b3:fc:26:9d:77:0c:90:c0:5c:9b:
                    b8:ad:8a:01:cf:68:a3:4f:0a:26:92:e0:99:0f:31:
                    c9:56:d4:7d:5c:9b:39:df:d1:e6:0c:68:bb:53:9b:
                    b4:fd:2b:ea:71:bf:b6:a9:ca:66:ef:36:52:b5:72:
                    32:3e:df:91:c7:f0:66:bb:ea:be:7b:a2:dd:76:d5:
                    9c:9e:73:06:cd:85:e6:40:98:f1:ac:05:9b:e5:8f:
                    68:32:81:79:ae:07:35:36:9a:dd:5d:df:c5:a0:ab:
                    ea:03:46:8e:10:33:26:fd:25:b5:1d:8b:a0:05:a7:
                    e8:1f:fd:8d:be:c7:ff:0b:e2:c3:f7:42:a6:d3:4e:
                    cf:98:4d:cb:7c:f5:02:35:b7:bc:c8:71:a3:f0:12:
                    c1:ae:c9:3a:8d:92:12:15:07:a0:cc:3b:ab:20:a6:
                    1d:ff:ff:c4:7a:89:8b:82:34:f5:0f:57:54:7c:3b:
                    92:09:2d:04:a3:63:01:fe:fc:f4:18:c0:ee:b6:8c:
                    ff:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:5F:8E:C1:C9:B8:72:EF:36:8A:CA:69:03:C5:DF:9E:E1:1C:D1:E0
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/0F-Owcm4cu82isppA8XfnuEc0eA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:1c:b0:cb:27:ed:a1:91:ed:8c:8b:86:17:7f:9d:b5:20:32:
         56:44:0c:11:a2:46:ce:32:70:0f:d3:16:a2:db:65:cb:f7:d4:
         15:89:69:9c:66:33:bb:70:2c:fd:e6:50:17:f7:ee:1e:2c:df:
         7d:6c:ef:30:f5:14:7a:c9:55:d3:ce:74:33:a7:79:e3:27:70:
         cd:35:4e:56:7a:26:f6:38:ed:14:25:ae:19:50:1b:4f:32:31:
         25:c7:2d:b6:2d:41:04:28:67:5f:6c:de:a9:94:e4:50:58:07:
         21:51:12:d3:46:81:b6:8a:3b:ec:dd:c6:c8:1a:94:c2:fb:48:
         6f:38:96:48:1e:a9:ee:5e:54:ea:58:aa:45:a3:b5:a9:dc:a0:
         b2:71:a0:30:01:55:66:e8:a5:79:f5:e5:ee:74:a8:7f:72:52:
         0d:1b:67:ca:ff:0a:65:63:05:61:dd:ef:c3:c8:6f:8c:c2:7c:
         d9:92:95:76:87:ff:eb:e2:cb:32:07:ee:92:18:b5:20:1f:2a:
         e6:9f:4e:c1:14:be:8d:5f:23:ff:01:ac:6b:94:73:b8:37:29:
         b9:1d:bf:ab:b2:b4:e9:e0:67:b4:2e:33:aa:6e:d8:f6:ed:9f:
         0f:64:bf:a8:8e:cb:26:65:35:a1:32:58:b6:43:35:d5:49:e7:
         ae:35:50:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgf60geoIjDKh/jvZjD/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDVmOGVjMWM5Yjg3MmVmMzY4YWNhNjkwM2M1ZGY5ZWUxMWNkMWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4iRdFchS3tlM2MS6+s3iqRwBpI1p
VyqfXkQ6vskfa3Dc40Xqfe9fYaZhpVX6aFXcpVqW9J5Yux//FvDAjpxwlrP8Jp13
DJDAXJu4rYoBz2ijTwomkuCZDzHJVtR9XJs539HmDGi7U5u0/Svqcb+2qcpm7zZS
tXIyPt+Rx/Bmu+q+e6LddtWcnnMGzYXmQJjxrAWb5Y9oMoF5rgc1NprdXd/FoKvq
A0aOEDMm/SW1HYugBafoH/2Nvsf/C+LD90Km007PmE3LfPUCNbe8yHGj8BLBrsk6
jZISFQegzDurIKYd///EeomLgjT1D1dUfDuSCS0Eo2MB/vz0GMDutoz/mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBfjsHJuHLvNorKaQPF357hHNHgMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvMEYtT3djbTRjdTgyaXNwcEE4WGZudUVjMGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBbxWMA0G
CSqGSIb3DQEBCwUAA4IBAQCXHLDLJ+2hke2Mi4YXf521IDJWRAwRokbOMnAP0xai
22XL99QViWmcZjO7cCz95lAX9+4eLN99bO8w9RR6yVXTznQzp3njJ3DNNU5Weib2
OO0UJa4ZUBtPMjElxy22LUEEKGdfbN6plORQWAchURLTRoG2ijvs3cbIGpTC+0hv
OJZIHqnuXlTqWKpFo7Wp3KCycaAwAVVm6KV59eXudKh/clING2fK/wplYwVh3e/D
yG+MwnzZkpV2h//r4ssyB+6SGLUgHyrmn07BFL6NXyP/AaxrlHO4Nym5Hb+rsrTp
4Ge0LjOqbtj27Z8PZL+ojssmZTWhMli2QzXVSeeuNVDy
-----END CERTIFICATE-----