Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/WUmqqKOwgcFYhUU4dcOrZRSVmBQ.roa
File:                     WUmqqKOwgcFYhUU4dcOrZRSVmBQ.roa (raw, json)
Hash identifier:          Yyj8tnOqeosweHiVzX8qvrbEah5I91g3vsXCCL+Q4qs=
Subject key identifier:   59:49:AA:A8:A3:B0:81:C1:58:85:45:38:75:C3:AB:65:14:95:98:14
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E06832469994F64AD1C0C8F2BF37A
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/WUmqqKOwgcFYhUU4dcOrZRSVmBQ.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45027
IP address blocks:        5.188.164.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:06:83:24:69:99:4f:64:ad:1c:0c:8f:2b:f3:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5949aaa8a3b081c15885453875c3ab6514959814
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c1:32:08:51:d0:26:2d:5e:46:b6:c6:08:74:
                    a0:ed:1c:9e:c3:96:c4:14:03:7d:a8:db:3d:ac:25:
                    17:fd:cd:22:f8:5f:ff:23:e7:0a:d2:e0:d1:58:92:
                    2d:77:f7:7c:01:aa:ef:a1:3e:b5:4f:d9:ec:54:f3:
                    cb:2b:cd:6c:d0:5d:bc:d9:0a:a3:42:3c:f7:07:3f:
                    ca:98:cb:86:4c:92:12:8d:94:31:6e:58:72:9c:c6:
                    b7:a3:3f:69:e0:7c:29:23:db:e6:09:40:0e:56:87:
                    8d:a4:8e:49:82:43:7f:a7:4d:83:72:04:32:d1:83:
                    fb:be:d5:d0:ff:3a:b7:68:19:c4:60:ef:26:e8:34:
                    0f:25:83:4d:39:79:ff:58:7e:12:ec:ea:3c:c6:3e:
                    21:48:73:07:bf:31:89:ca:bf:b4:46:e7:ab:e5:d7:
                    0a:91:88:ee:25:35:82:fa:65:e6:37:fc:6c:b4:ca:
                    0f:3b:28:77:7b:fb:c6:a5:85:d7:6b:c9:cd:51:35:
                    38:65:7d:6e:52:6c:01:2a:1f:42:c0:06:60:a4:18:
                    4f:16:f3:79:18:9f:cf:fd:f2:be:c8:03:b7:6c:e7:
                    a1:a5:96:db:ac:77:04:8f:09:64:4f:72:e0:6b:9f:
                    ec:3d:34:da:c1:c0:1a:cf:f2:23:78:cb:3e:e5:d7:
                    0c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:49:AA:A8:A3:B0:81:C1:58:85:45:38:75:C3:AB:65:14:95:98:14
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/WUmqqKOwgcFYhUU4dcOrZRSVmBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:a7:ea:14:8e:21:a3:06:c6:8b:17:fe:e0:4e:ab:ad:07:64:
         9f:22:d3:9a:07:c5:9c:bb:f3:f0:00:2a:1e:98:f7:a8:26:cc:
         53:11:c0:9d:73:f5:fb:36:f6:83:b3:1e:d3:f8:6f:16:a4:a4:
         5a:7b:3c:aa:63:41:1b:be:5c:7e:9f:24:96:aa:96:92:f9:68:
         d2:d4:f7:ae:74:7c:3d:63:10:46:06:d0:97:16:6a:d2:4a:8c:
         b2:cb:72:6f:10:34:7d:31:ff:f8:cc:40:7e:ee:76:7d:33:6b:
         35:6c:a9:06:66:96:ef:a9:73:a6:36:19:e6:a7:56:7c:7d:48:
         55:ed:d8:84:59:48:7e:7e:7d:97:63:46:9d:fd:4a:ff:5c:72:
         a1:10:66:72:78:85:5e:83:03:cc:3b:85:00:d5:98:12:65:66:
         c9:02:0a:92:16:76:e8:c2:8d:11:e6:d7:97:21:ca:d8:47:0f:
         0b:7f:70:75:46:a1:50:53:3b:93:ca:45:db:9e:aa:82:5c:a9:
         7a:2b:88:89:e6:72:98:0a:b9:25:6d:c2:66:ac:29:dd:a3:04:
         6f:67:6c:ab:69:e3:3d:0a:3b:44:17:c5:44:c1:ab:c8:13:5f:
         9d:15:63:41:14:45:57:60:5f:ad:b9:2b:b7:95:1d:59:c6:bf:
         88:c1:15:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgaDJGmZT2StHAyPK/N6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTQ5YWFhOGEzYjA4MWMxNTg4NTQ1Mzg3NWMzYWI2NTE0OTU5ODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMEyCFHQJi1eRrbGCHSg7Ryew5bE
FAN9qNs9rCUX/c0i+F//I+cK0uDRWJItd/d8AarvoT61T9nsVPPLK81s0F282Qqj
Qjz3Bz/KmMuGTJISjZQxblhynMa3oz9p4HwpI9vmCUAOVoeNpI5JgkN/p02DcgQy
0YP7vtXQ/zq3aBnEYO8m6DQPJYNNOXn/WH4S7Oo8xj4hSHMHvzGJyr+0Ruer5dcK
kYjuJTWC+mXmN/xstMoPOyh3e/vGpYXXa8nNUTU4ZX1uUmwBKh9CwAZgpBhPFvN5
GJ/P/fK+yAO3bOehpZbbrHcEjwlkT3Lga5/sPTTawcAaz/IjeMs+5dcMgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlJqqijsIHBWIVFOHXDq2UUlZgUMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvV1VtcXFLT3dnY0ZZaFVVNGRjT3JaUlNWbUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBbykMA0G
CSqGSIb3DQEBCwUAA4IBAQBGp+oUjiGjBsaLF/7gTqutB2SfItOaB8Wcu/PwACoe
mPeoJsxTEcCdc/X7NvaDsx7T+G8WpKRaezyqY0Ebvlx+nySWqpaS+WjS1PeudHw9
YxBGBtCXFmrSSoyyy3JvEDR9Mf/4zEB+7nZ9M2s1bKkGZpbvqXOmNhnmp1Z8fUhV
7diEWUh+fn2XY0ad/Ur/XHKhEGZyeIVegwPMO4UA1ZgSZWbJAgqSFnbowo0R5teX
IcrYRw8Lf3B1RqFQUzuTykXbnqqCXKl6K4iJ5nKYCrklbcJmrCndowRvZ2yraeM9
CjtEF8VEwavIE1+dFWNBFEVXYF+tuSu3lR1Zxr+IwRVd
-----END CERTIFICATE-----