Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/T47ZkNXALP8FdjmIG7GIhznW5MQ.roa
File:                     T47ZkNXALP8FdjmIG7GIhznW5MQ.roa (raw, json)
Hash identifier:          C9C8AAdm8xIxpeIyYHM4iZSjPNt3fDF2BwaKZprumT0=
Subject key identifier:   4F:8E:D9:90:D5:C0:2C:FF:05:76:39:88:1B:B1:88:87:39:D6:E4:C4
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E104F40C37F903ED34B67D091D8B8
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/T47ZkNXALP8FdjmIG7GIhznW5MQ.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205601
IP address blocks:        5.8.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:10:4f:40:c3:7f:90:3e:d3:4b:67:d0:91:d8:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f8ed990d5c02cff057639881bb1888739d6e4c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:da:e4:a2:bf:c2:69:3d:aa:ca:04:ae:77:29:
                    f6:ef:62:38:d3:a7:3f:c8:6d:4c:d4:99:2d:30:cb:
                    69:fc:1e:53:75:9f:0d:f7:02:c7:ce:5f:15:62:9f:
                    f5:72:f1:27:3a:fb:04:d2:8c:2b:21:f7:0c:d7:b4:
                    1d:8f:23:b6:fd:c2:eb:c7:63:d0:73:9d:c2:0e:9a:
                    1a:7c:b6:f3:5a:63:ad:8f:9b:49:b9:3b:b2:22:f8:
                    68:59:3e:15:9e:ec:7a:fe:3a:1b:fc:28:16:e9:f4:
                    5d:64:2f:f6:65:69:71:25:5a:c1:6c:52:cd:9e:04:
                    4b:13:34:da:da:66:28:f3:7d:65:c0:83:4f:01:db:
                    d1:d5:20:20:7c:b4:97:5e:73:90:d7:83:e0:b7:97:
                    dd:2b:6a:d4:72:04:fe:0a:ba:19:fe:bd:a3:d9:d3:
                    32:c2:2f:3a:77:70:db:06:88:af:6b:a4:57:6c:82:
                    64:f2:1a:63:f7:94:aa:4a:43:12:f6:63:2e:18:ea:
                    45:f4:ec:63:03:c3:a3:73:1a:30:9f:f9:a8:a9:83:
                    38:00:0c:e1:ea:35:8d:fa:eb:48:7b:55:ee:d2:0f:
                    72:bf:b6:12:e2:9b:6b:64:1d:63:ac:ab:41:f5:b0:
                    eb:80:fc:a9:9a:41:91:83:fb:61:52:f4:14:06:5b:
                    cb:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:8E:D9:90:D5:C0:2C:FF:05:76:39:88:1B:B1:88:87:39:D6:E4:C4
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/T47ZkNXALP8FdjmIG7GIhznW5MQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:d4:b3:fb:37:02:50:4c:d9:f7:bc:5e:cb:9b:1d:0f:a6:0c:
         e3:1f:a1:5a:2c:2a:8d:a7:7e:51:b4:2c:a0:60:c5:cc:58:b8:
         d8:96:87:b2:65:70:bc:19:09:26:d5:10:5c:9e:50:95:5d:c7:
         ed:de:70:50:08:74:72:7f:cd:be:ce:3b:26:c0:4a:72:a9:06:
         14:7b:2d:95:cb:6d:d0:16:06:22:87:3c:8b:02:b0:6d:f2:b7:
         00:09:5e:c0:7f:d9:ab:b8:49:59:24:72:34:34:c3:a4:89:22:
         e3:ed:07:e7:f1:3c:32:38:ef:3f:82:1c:b9:2a:27:dc:d4:e7:
         ec:a8:85:6e:85:4b:3a:3d:f0:c0:1d:c1:cd:5c:25:37:0f:2c:
         ef:ca:56:82:17:df:37:fe:4e:c5:13:9a:87:0e:ca:b5:09:cf:
         48:80:30:3e:8c:40:31:c4:ed:ac:67:e2:65:ce:39:4a:19:4b:
         62:78:80:b8:1a:92:13:8f:58:e7:7a:24:68:5f:ee:18:c0:5b:
         8c:73:d7:3f:64:01:29:ef:ba:b9:3c:a7:61:e6:ae:28:b8:6c:
         ef:cc:ee:c7:b6:25:27:d4:90:8d:e5:04:d4:0e:3d:6b:b4:69:
         94:4c:33:fe:90:16:fa:e9:bc:8a:4f:b7:29:a9:b6:00:ba:4b:
         ec:45:c4:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhBPQMN/kD7TS2fQkdi4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjhlZDk5MGQ1YzAyY2ZmMDU3NjM5ODgxYmIxODg4NzM5ZDZlNGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndrkor/CaT2qygSudyn272I406c/
yG1M1JktMMtp/B5TdZ8N9wLHzl8VYp/1cvEnOvsE0owrIfcM17QdjyO2/cLrx2PQ
c53CDpoafLbzWmOtj5tJuTuyIvhoWT4Vnux6/job/CgW6fRdZC/2ZWlxJVrBbFLN
ngRLEzTa2mYo831lwINPAdvR1SAgfLSXXnOQ14Pgt5fdK2rUcgT+CroZ/r2j2dMy
wi86d3DbBoiva6RXbIJk8hpj95SqSkMS9mMuGOpF9OxjA8Ojcxown/moqYM4AAzh
6jWN+utIe1Xu0g9yv7YS4ptrZB1jrKtB9bDrgPypmkGRg/thUvQUBlvLSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+O2ZDVwCz/BXY5iBuxiIc51uTEMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvVDQ3WmtOWEFMUDhGZGptSUc3R0loem5XNU1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQgRMA0G
CSqGSIb3DQEBCwUAA4IBAQC51LP7NwJQTNn3vF7Lmx0PpgzjH6FaLCqNp35RtCyg
YMXMWLjYloeyZXC8GQkm1RBcnlCVXcft3nBQCHRyf82+zjsmwEpyqQYUey2Vy23Q
FgYihzyLArBt8rcACV7Af9mruElZJHI0NMOkiSLj7Qfn8TwyOO8/ghy5Kifc1Ofs
qIVuhUs6PfDAHcHNXCU3DyzvylaCF983/k7FE5qHDsq1Cc9IgDA+jEAxxO2sZ+Jl
zjlKGUtieIC4GpITj1jneiRoX+4YwFuMc9c/ZAEp77q5PKdh5q4ouGzvzO7HtiUn
1JCN5QTUDj1rtGmUTDP+kBb66byKT7cpqbYAukvsRcTn
-----END CERTIFICATE-----