Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/p3Qu93zAKtF9sgdGDuKC1XCwq08.roa
File:                     p3Qu93zAKtF9sgdGDuKC1XCwq08.roa (raw, json)
Hash identifier:          n2Shi3bIzgpo4Dj8BWIDDXHqYlXgXG4ZtMSaIg6XDDo=
Subject key identifier:   A7:74:2E:F7:7C:C0:2A:D1:7D:B2:07:46:0E:E2:82:D5:70:B0:AB:4F
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E05CB03E6B0F9152E3C8D312D4971
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/p3Qu93zAKtF9sgdGDuKC1XCwq08.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44812
IP address blocks:        5.8.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:05:cb:03:e6:b0:f9:15:2e:3c:8d:31:2d:49:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7742ef77cc02ad17db207460ee282d570b0ab4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:08:1f:fa:8f:ed:a7:37:34:2d:66:e7:7b:72:
                    9a:4a:0f:1f:13:81:2a:fd:2e:e4:b7:ee:1b:fb:83:
                    0b:25:05:d7:95:6b:d2:e1:7a:8c:e6:c6:8d:ba:c5:
                    60:8b:0e:0b:8e:75:c7:ca:a9:ab:4e:24:f7:0e:47:
                    d5:af:30:a7:e8:60:89:1c:23:f0:a2:d0:8a:a3:2b:
                    33:9a:f0:4b:f4:eb:22:96:88:4e:41:41:cd:6f:ff:
                    e9:df:a3:a0:be:7a:30:58:bd:84:14:b6:eb:fc:83:
                    de:7d:11:c0:15:1f:5f:fd:eb:61:16:e7:98:d7:46:
                    88:e6:54:94:76:3a:12:3c:04:62:34:46:a6:6b:49:
                    e4:14:26:19:41:a8:b6:83:00:a3:cd:64:e6:9d:e0:
                    c2:96:a1:e0:66:fb:7b:11:b4:dc:3c:1e:7e:49:2e:
                    0e:a2:6a:6a:c2:36:b3:d1:f7:67:bd:49:7f:c7:9f:
                    9f:6c:7b:62:49:3c:9c:2a:65:91:45:93:df:00:7e:
                    95:63:c3:29:c4:ee:75:de:01:db:47:d6:74:64:4f:
                    9a:f3:61:b8:f7:16:ae:01:8c:c3:7a:5c:5e:a9:49:
                    e4:a6:b5:7a:c9:7b:c9:a2:a5:f7:1d:ec:1b:d2:d1:
                    3c:e6:09:d8:a6:02:3b:65:5c:84:9f:35:35:92:26:
                    e1:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:74:2E:F7:7C:C0:2A:D1:7D:B2:07:46:0E:E2:82:D5:70:B0:AB:4F
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/p3Qu93zAKtF9sgdGDuKC1XCwq08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:53:3b:6a:ea:6a:67:22:68:56:6b:11:4c:b8:31:32:dc:8d:
         78:25:ab:0f:5e:be:3c:9e:01:46:31:23:d1:4a:fc:5c:4f:4b:
         33:54:f4:48:0d:18:4e:5e:19:ca:67:6b:24:3a:e1:4b:a7:a2:
         90:6f:cd:2b:39:90:49:93:bf:3c:e4:80:f6:2a:45:e0:81:8b:
         f3:82:ac:28:03:f7:8f:96:39:a5:1b:30:e4:99:f4:9c:54:0f:
         ca:30:09:0d:6d:f1:50:e2:fb:52:54:cd:14:9b:ec:97:78:95:
         37:7d:e1:61:25:8c:0a:e6:d1:c8:3f:21:83:1f:c0:db:e9:6f:
         33:73:4c:18:16:06:90:bb:a5:3f:c8:9d:40:16:f1:9b:14:48:
         37:f3:09:3e:03:b2:85:82:4e:3c:e0:e4:9b:72:3b:42:dd:ff:
         e7:82:0f:ae:98:6a:fd:e5:d2:da:97:f4:7d:a2:06:f7:85:6b:
         fa:f5:2c:2b:44:59:34:fd:56:36:da:85:da:99:de:6f:06:48:
         86:3b:68:5b:05:88:f9:c0:29:c8:7e:89:89:50:30:ff:05:fa:
         ae:30:ea:9f:89:35:dd:57:cc:c4:92:00:31:70:d2:fe:f8:cc:
         80:0d:70:2e:7c:fe:b1:ff:9c:c7:61:ad:09:eb:81:c6:aa:7b:
         ed:c6:86:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgXLA+aw+RUuPI0xLUlxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzc0MmVmNzdjYzAyYWQxN2RiMjA3NDYwZWUyODJkNTcwYjBhYjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgggf+o/tpzc0LWbne3KaSg8fE4Eq
/S7kt+4b+4MLJQXXlWvS4XqM5saNusVgiw4LjnXHyqmrTiT3DkfVrzCn6GCJHCPw
otCKoyszmvBL9OsilohOQUHNb//p36OgvnowWL2EFLbr/IPefRHAFR9f/ethFueY
10aI5lSUdjoSPARiNEama0nkFCYZQai2gwCjzWTmneDClqHgZvt7EbTcPB5+SS4O
ompqwjaz0fdnvUl/x5+fbHtiSTycKmWRRZPfAH6VY8MpxO513gHbR9Z0ZE+a82G4
9xauAYzDelxeqUnkprV6yXvJoqX3Hewb0tE85gnYpgI7ZVyEnzU1kibheQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKd0Lvd8wCrRfbIHRg7igtVwsKtPMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvcDNRdTkzekFLdEY5c2dkR0R1S0MxWEN3cTA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQhAMA0G
CSqGSIb3DQEBCwUAA4IBAQBTUztq6mpnImhWaxFMuDEy3I14JasPXr48ngFGMSPR
SvxcT0szVPRIDRhOXhnKZ2skOuFLp6KQb80rOZBJk7885ID2KkXggYvzgqwoA/eP
ljmlGzDkmfScVA/KMAkNbfFQ4vtSVM0Um+yXeJU3feFhJYwK5tHIPyGDH8Db6W8z
c0wYFgaQu6U/yJ1AFvGbFEg38wk+A7KFgk484OSbcjtC3f/ngg+umGr95dLal/R9
ogb3hWv69SwrRFk0/VY22oXamd5vBkiGO2hbBYj5wCnIfomJUDD/BfquMOqfiTXd
V8zEkgAxcNL++MyADXAufP6x/5zHYa0J64HGqnvtxoaE
-----END CERTIFICATE-----