Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/j-SJtBs-PeWR841ajGvClIX0vsE.roa
File:                     j-SJtBs-PeWR841ajGvClIX0vsE.roa (raw, json)
Hash identifier:          W1vjTxN1+V3kdH40Qqte37M+xZZl7oDkEkYkZkKCM/k=
Subject key identifier:   8F:E4:89:B4:1B:3E:3D:E5:91:F3:8D:5A:8C:6B:C2:94:85:F4:BE:C1
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56DFFAABC92E93A007B36C54678366C
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/j-SJtBs-PeWR841ajGvClIX0vsE.roa
Signing time:             Mon 01 Jan 2024 14:29:29 +0000
ROA not before:           Mon 01 Jan 2024 14:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35830
IP address blocks:        5.188.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ff:aa:bc:92:e9:3a:00:7b:36:c5:46:78:36:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fe489b41b3e3de591f38d5a8c6bc29485f4bec1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9a:25:ab:bf:fe:f1:28:21:fd:72:a1:0d:5e:
                    76:44:87:77:3d:2f:d2:11:64:ea:08:dd:d0:42:9b:
                    bd:fb:85:2a:6b:65:f6:99:3c:30:13:48:85:73:32:
                    7b:d7:90:c2:99:ce:8b:d2:59:02:e2:0f:3b:3c:6f:
                    ab:7d:d8:ba:87:49:59:ff:24:13:25:5a:aa:4b:ff:
                    02:d9:d8:b6:09:48:37:5c:27:89:c3:51:43:bc:67:
                    2c:25:99:b4:73:97:3c:dd:97:1f:f0:a9:01:fc:7a:
                    70:f1:49:b3:5a:26:0e:95:66:a8:8d:50:1c:41:d2:
                    1d:cc:ca:a4:6a:8f:b8:69:c0:8f:72:16:b3:31:1a:
                    22:a5:72:29:bd:a2:c2:51:c9:bd:b0:43:f9:b6:63:
                    e5:b4:1e:03:ba:d2:f0:ab:8e:6c:94:80:15:d4:c0:
                    e4:5c:34:53:92:3a:57:ca:72:18:49:36:30:b2:98:
                    89:86:a9:b2:2e:0d:93:ba:db:1a:36:04:f0:9a:e7:
                    fb:a6:1d:d1:4b:d3:c7:98:e2:38:93:4a:0c:fc:40:
                    fe:4e:fd:12:d4:91:c7:61:ef:08:1c:51:75:92:4a:
                    80:43:54:c8:a3:65:41:68:ce:97:13:5c:93:71:66:
                    fd:30:bf:fd:59:7c:c2:e2:32:39:97:ba:84:eb:7a:
                    26:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:E4:89:B4:1B:3E:3D:E5:91:F3:8D:5A:8C:6B:C2:94:85:F4:BE:C1
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/j-SJtBs-PeWR841ajGvClIX0vsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:48:ce:94:72:3f:2e:2e:f0:6d:52:fe:e9:04:c6:37:2f:18:
         da:9f:1e:97:49:db:7b:f7:06:74:f7:ce:3f:4a:a7:43:4e:6f:
         0f:6b:6d:fe:62:ad:7e:ff:47:6d:30:70:79:0f:9c:7c:ed:61:
         9d:9e:ab:06:09:b5:6e:c8:92:0d:b5:8d:33:71:dc:16:ad:65:
         8a:41:d0:1e:87:b2:54:dd:67:f5:a7:e8:76:ab:35:aa:6e:8b:
         9a:08:37:4a:d9:82:57:d7:84:27:95:62:92:5b:ca:29:e0:5e:
         9f:83:16:fe:64:43:e5:29:21:45:03:af:54:9a:a1:6f:76:9f:
         9a:63:32:51:54:a6:6b:42:ff:c7:c8:92:78:de:d5:b3:b3:c3:
         71:b7:86:6e:5a:a9:8f:75:4f:3b:75:d2:e7:d8:01:10:44:1b:
         a5:7f:ee:98:8d:7f:ff:c4:19:96:d1:fe:82:ce:ec:48:5e:30:
         bd:67:65:81:a9:60:2b:ff:7c:5e:53:32:c5:c8:6e:0f:fa:4b:
         0b:31:bf:e5:cc:2b:81:1e:a4:20:7d:f6:c4:58:62:4d:86:18:
         e4:b6:d3:20:72:64:51:93:a1:d9:64:8d:ac:7d:b1:8c:2c:05:
         49:29:1c:1e:4f:a0:14:bd:eb:db:28:14:12:1d:87:47:c8:c3:
         e1:c6:66:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbf+qvJLpOgB7NsVGeDZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmU0ODliNDFiM2UzZGU1OTFmMzhkNWE4YzZiYzI5NDg1ZjRiZWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZolq7/+8Sgh/XKhDV52RId3PS/S
EWTqCN3QQpu9+4Uqa2X2mTwwE0iFczJ715DCmc6L0lkC4g87PG+rfdi6h0lZ/yQT
JVqqS/8C2di2CUg3XCeJw1FDvGcsJZm0c5c83Zcf8KkB/Hpw8UmzWiYOlWaojVAc
QdIdzMqkao+4acCPchazMRoipXIpvaLCUcm9sEP5tmPltB4DutLwq45slIAV1MDk
XDRTkjpXynIYSTYwspiJhqmyLg2TutsaNgTwmuf7ph3RS9PHmOI4k0oM/ED+Tv0S
1JHHYe8IHFF1kkqAQ1TIo2VBaM6XE1yTcWb9ML/9WXzC4jI5l7qE63omOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/kibQbPj3lkfONWoxrwpSF9L7BMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvai1TSnRCcy1QZVdSODQxYWpHdkNsSVgwdnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbzZMA0G
CSqGSIb3DQEBCwUAA4IBAQB3SM6Ucj8uLvBtUv7pBMY3Lxjanx6XSdt79wZ0984/
SqdDTm8Pa23+Yq1+/0dtMHB5D5x87WGdnqsGCbVuyJINtY0zcdwWrWWKQdAeh7JU
3Wf1p+h2qzWqbouaCDdK2YJX14QnlWKSW8op4F6fgxb+ZEPlKSFFA69UmqFvdp+a
YzJRVKZrQv/HyJJ43tWzs8Nxt4ZuWqmPdU87ddLn2AEQRBulf+6YjX//xBmW0f6C
zuxIXjC9Z2WBqWAr/3xeUzLFyG4P+ksLMb/lzCuBHqQgffbEWGJNhhjkttMgcmRR
k6HZZI2sfbGMLAVJKRweT6AUvevbKBQSHYdHyMPhxmYn
-----END CERTIFICATE-----