Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/J7v29Rxb3LfBveWOqX08XN3xC4w.roa
File:                     J7v29Rxb3LfBveWOqX08XN3xC4w.roa (raw, json)
Hash identifier:          vCak+Jm9Ro1KvEGE7SrKFyHSeg+yu6TAnJyLxHAyosU=
Subject key identifier:   27:BB:F6:F5:1C:5B:DC:B7:C1:BD:E5:8E:A9:7D:3C:5C:DD:F1:0B:8C
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56DFC20B7CF71A520C3436915E8F6C9
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/J7v29Rxb3LfBveWOqX08XN3xC4w.roa
Signing time:             Mon 01 Jan 2024 14:29:28 +0000
ROA not before:           Mon 01 Jan 2024 14:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25591
IP address blocks:        5.101.208.0/22 maxlen: 22
                          5.101.212.0/22 maxlen: 22
                          91.243.36.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fc:20:b7:cf:71:a5:20:c3:43:69:15:e8:f6:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27bbf6f51c5bdcb7c1bde58ea97d3c5cddf10b8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ae:2b:e2:8d:69:1a:45:17:a0:44:3d:9a:b9:
                    a3:71:76:ab:69:98:c7:69:dd:95:a9:ba:b8:21:62:
                    b9:24:13:f8:03:91:07:c0:c8:23:80:8c:86:59:86:
                    dd:99:7b:60:a9:73:34:e2:c3:1d:e3:46:e2:3b:31:
                    eb:8d:ba:db:72:78:65:b8:41:9e:fa:15:2e:af:75:
                    fd:a0:27:e9:72:35:90:98:ee:35:2c:15:a9:d5:fa:
                    3c:ca:15:5a:21:ac:88:8f:63:8b:23:2b:4f:79:df:
                    1b:01:eb:ba:c4:2e:32:2d:03:77:24:49:b8:6a:93:
                    67:0f:f6:a9:14:90:17:32:24:9c:7b:c5:5f:09:f6:
                    d6:e5:d4:38:50:b9:1f:5c:f9:7f:0a:8b:74:e8:80:
                    b2:a8:3c:aa:58:04:52:9d:85:bd:5b:4f:41:5f:48:
                    47:44:6c:63:42:d8:fe:e4:f6:d2:67:1f:24:0e:7c:
                    a4:31:85:69:9f:5f:0f:6b:19:ae:37:66:74:c1:34:
                    90:d8:01:0b:d7:91:7a:19:f2:97:17:a9:66:d0:a6:
                    d6:e9:10:b6:da:a4:ae:6b:d3:0a:ba:05:17:cf:04:
                    e2:c2:de:e9:d0:2f:51:6a:58:44:01:fe:30:7f:5c:
                    1a:8c:c8:3c:85:fb:11:30:b9:af:d3:f3:b2:19:8f:
                    77:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:BB:F6:F5:1C:5B:DC:B7:C1:BD:E5:8E:A9:7D:3C:5C:DD:F1:0B:8C
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/J7v29Rxb3LfBveWOqX08XN3xC4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.101.208.0/21
                  91.243.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ae:93:aa:83:ec:fe:9e:ab:96:18:e4:5a:47:d7:b8:4b:81:99:
         94:3f:d7:53:b8:ff:df:e8:b5:42:f4:52:3d:02:ca:45:02:04:
         e8:42:65:58:b7:39:76:99:64:07:15:c1:2f:da:8b:03:31:0e:
         06:ec:64:1e:d4:2b:21:a9:53:b7:a8:79:3e:7e:d2:20:ee:9c:
         fb:dc:c5:54:7e:7f:96:7a:5e:b0:9b:ff:42:2a:d6:ae:b9:b7:
         57:55:50:18:96:a2:68:73:2d:e4:df:9a:27:e1:f6:d4:53:a3:
         2a:e1:47:a4:d3:c1:8d:8a:95:73:a2:a0:5f:8f:b5:ae:f6:86:
         08:27:bc:bf:2a:74:48:c8:3f:dd:9b:ba:4d:8a:9a:db:f7:bb:
         91:56:44:d5:f8:18:47:e4:fb:85:06:17:6f:c8:da:aa:35:83:
         2b:0c:9a:a7:72:50:87:52:fe:54:55:8f:43:85:2a:77:f6:cf:
         71:7c:ae:d4:c7:b1:dd:9f:4c:c9:8b:8a:fb:7b:21:88:b6:c2:
         cf:a4:0a:dd:91:77:85:cf:78:dd:a2:45:c4:85:cf:6e:d1:65:
         4f:76:aa:ff:b9:50:6c:9f:80:31:b8:71:85:cb:7a:14:d4:b3:
         67:88:11:d7:94:9e:d0:db:9c:ce:fd:c4:c9:54:1e:76:8c:eb:
         ef:94:64:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbfwgt89xpSDDQ2kV6PbJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2JiZjZmNTFjNWJkY2I3YzFiZGU1OGVhOTdkM2M1Y2RkZjEwYjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgK4r4o1pGkUXoEQ9mrmjcXaraZjH
ad2Vqbq4IWK5JBP4A5EHwMgjgIyGWYbdmXtgqXM04sMd40biOzHrjbrbcnhluEGe
+hUur3X9oCfpcjWQmO41LBWp1fo8yhVaIayIj2OLIytPed8bAeu6xC4yLQN3JEm4
apNnD/apFJAXMiSce8VfCfbW5dQ4ULkfXPl/Cot06ICyqDyqWARSnYW9W09BX0hH
RGxjQtj+5PbSZx8kDnykMYVpn18PaxmuN2Z0wTSQ2AEL15F6GfKXF6lm0KbW6RC2
2qSua9MKugUXzwTiwt7p0C9RalhEAf4wf1wajMg8hfsRMLmv0/OyGY93zwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCe79vUcW9y3wb3ljql9PFzd8QuMMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvSjd2MjlSeGIzTGZCdmVXT3FYMDhYTjN4QzR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDBWXQAwQC
W/MkMA0GCSqGSIb3DQEBCwUAA4IBAQCuk6qD7P6eq5YY5FpH17hLgZmUP9dTuP/f
6LVC9FI9AspFAgToQmVYtzl2mWQHFcEv2osDMQ4G7GQe1CshqVO3qHk+ftIg7pz7
3MVUfn+Wel6wm/9CKtauubdXVVAYlqJocy3k35on4fbUU6Mq4Uek08GNipVzoqBf
j7Wu9oYIJ7y/KnRIyD/dm7pNiprb97uRVkTV+BhH5PuFBhdvyNqqNYMrDJqnclCH
Uv5UVY9DhSp39s9xfK7Ux7Hdn0zJi4r7eyGItsLPpArdkXeFz3jdokXEhc9u0WVP
dqr/uVBsn4AxuHGFy3oU1LNniBHXlJ7Q25zO/cTJVB52jOvvlGQ7
-----END CERTIFICATE-----