Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/mj9HquRhD-4X4XPms6mpT7xox9Y.roa
File:                     mj9HquRhD-4X4XPms6mpT7xox9Y.roa (raw, json)
Hash identifier:          pUjneV/jkFHMLpLw90KC/XERqSINBdoSxLOTXdOQodQ=
Subject key identifier:   9A:3F:47:AA:E4:61:0F:EE:17:E1:73:E6:B3:A9:A9:4F:BC:68:C7:D6
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E08CF0AF92A492CCD5720AB6D01CE
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/mj9HquRhD-4X4XPms6mpT7xox9Y.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50113
IP address blocks:        5.101.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:08:cf:0a:f9:2a:49:2c:cd:57:20:ab:6d:01:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a3f47aae4610fee17e173e6b3a9a94fbc68c7d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e9:a9:f4:08:12:43:00:79:18:f7:10:02:cf:
                    66:c8:7b:bb:ca:4c:d6:1c:a9:42:cd:01:ce:91:bd:
                    a8:7b:7e:df:cf:ab:5b:43:2e:c5:4e:1b:28:c5:d6:
                    17:87:be:1b:a6:b4:50:50:55:75:4b:ff:23:1a:bb:
                    f4:69:eb:1d:1c:76:01:65:c4:8b:25:c2:84:b7:55:
                    5b:80:38:0e:b0:4f:31:95:6a:cd:e7:1f:ad:f1:a8:
                    a2:2d:d2:1b:73:e0:ff:aa:4d:0c:11:78:ac:51:30:
                    45:ab:ba:61:8a:d0:68:3b:9f:96:c6:8c:4b:44:4d:
                    f5:06:94:c8:16:d8:88:3c:a3:61:06:aa:4d:f2:5c:
                    32:89:e9:3f:b5:c9:4e:ea:c2:15:ac:a7:a7:50:26:
                    07:bd:78:c9:6f:17:46:54:3d:5d:6c:61:38:67:af:
                    a8:e3:9b:77:77:52:49:5a:39:dc:63:a9:8e:8d:2b:
                    1b:be:b2:59:b3:53:72:05:49:83:8b:0c:a9:e1:1b:
                    47:98:71:14:8f:02:02:cc:e1:8a:ef:c7:30:7b:49:
                    5e:33:a5:c3:cc:d4:5d:7b:44:fc:ea:72:73:6e:51:
                    6d:1a:6e:31:62:73:5b:ba:bb:f1:b0:8c:0c:5d:93:
                    1a:95:f9:ef:3c:09:50:94:6a:f0:c0:67:6c:a0:1f:
                    84:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:3F:47:AA:E4:61:0F:EE:17:E1:73:E6:B3:A9:A9:4F:BC:68:C7:D6
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/mj9HquRhD-4X4XPms6mpT7xox9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.101.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:5e:9f:ac:e3:62:fc:1c:00:3b:e2:f5:bd:52:d8:e2:5b:b7:
         9b:53:42:4f:c6:3b:0e:d2:59:7c:44:6a:78:b3:61:ac:d7:2c:
         bb:0d:35:34:6c:49:ef:09:b0:7b:7d:e0:0e:dc:7e:b6:c0:cf:
         89:1f:c3:ee:17:95:78:48:fa:04:52:5a:21:b7:dd:ef:54:32:
         45:28:79:f0:7a:84:ab:51:3e:0b:ae:8d:11:e4:aa:d0:93:a9:
         91:ba:04:a8:47:7b:f9:a2:0d:3f:d2:d6:97:f7:20:29:2c:5f:
         98:f2:9f:c0:cf:65:d3:d8:09:31:b4:e9:4a:1e:27:7a:bf:33:
         62:8c:9a:d8:52:f2:6b:69:a3:f8:8c:fc:be:37:05:81:09:b1:
         f4:77:31:9b:16:38:25:e8:3a:39:5f:b8:2c:6c:e0:8c:91:8b:
         b3:8c:f5:8c:c4:f2:08:64:ed:60:16:c0:2b:ae:27:16:0b:c0:
         ec:03:82:ec:c8:59:ab:1d:77:d7:50:8e:56:b6:c8:41:e2:aa:
         ef:3f:97:e2:f4:1f:05:ac:3b:79:02:d6:fa:d0:01:ff:72:7d:
         64:e5:95:75:3b:8b:c4:ac:1b:0c:be:19:d3:1d:22:99:1f:6b:
         12:51:bc:cb:31:c8:69:9d:e3:3a:1d:f6:6c:a2:65:08:4e:f6:
         cf:60:b1:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgjPCvkqSSzNVyCrbQHOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTNmNDdhYWU0NjEwZmVlMTdlMTczZTZiM2E5YTk0ZmJjNjhjN2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkemp9AgSQwB5GPcQAs9myHu7ykzW
HKlCzQHOkb2oe37fz6tbQy7FThsoxdYXh74bprRQUFV1S/8jGrv0aesdHHYBZcSL
JcKEt1VbgDgOsE8xlWrN5x+t8aiiLdIbc+D/qk0MEXisUTBFq7phitBoO5+WxoxL
RE31BpTIFtiIPKNhBqpN8lwyiek/tclO6sIVrKenUCYHvXjJbxdGVD1dbGE4Z6+o
45t3d1JJWjncY6mOjSsbvrJZs1NyBUmDiwyp4RtHmHEUjwICzOGK78cwe0leM6XD
zNRde0T86nJzblFtGm4xYnNburvxsIwMXZMalfnvPAlQlGrwwGdsoB+E9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJo/R6rkYQ/uF+Fz5rOpqU+8aMfWMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvbWo5SHF1UmhELTRYNFhQbXM2bXBUN3hveDlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWVYMA0G
CSqGSIb3DQEBCwUAA4IBAQC+Xp+s42L8HAA74vW9UtjiW7ebU0JPxjsO0ll8RGp4
s2Gs1yy7DTU0bEnvCbB7feAO3H62wM+JH8PuF5V4SPoEUloht93vVDJFKHnweoSr
UT4Lro0R5KrQk6mRugSoR3v5og0/0taX9yApLF+Y8p/Az2XT2AkxtOlKHid6vzNi
jJrYUvJraaP4jPy+NwWBCbH0dzGbFjgl6Do5X7gsbOCMkYuzjPWMxPIIZO1gFsAr
ricWC8DsA4LsyFmrHXfXUI5WtshB4qrvP5fi9B8FrDt5Atb60AH/cn1k5ZV1O4vE
rBsMvhnTHSKZH2sSUbzLMchpneM6HfZsomUITvbPYLHJ
-----END CERTIFICATE-----