Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/toEJZSPmNLr4_ngw1nrN4_vBMA4.roa
File:                     toEJZSPmNLr4_ngw1nrN4_vBMA4.roa (raw, json)
Hash identifier:          eaK89yqCWWfRYcDJQs9qMbhqnBNn4AeoUu31743LIDc=
Subject key identifier:   B6:81:09:65:23:E6:34:BA:F8:FE:78:30:D6:7A:CD:E3:FB:C1:30:0E
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E07A745A9418D95696F65066E00D2
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/toEJZSPmNLr4_ngw1nrN4_vBMA4.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47478
IP address blocks:        5.188.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:07:a7:45:a9:41:8d:95:69:6f:65:06:6e:00:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b681096523e634baf8fe7830d67acde3fbc1300e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d6:5d:c9:76:75:12:3b:f9:de:56:22:6f:32:
                    8e:2e:60:41:da:5d:b0:2f:a8:de:1e:1d:6d:56:8e:
                    3e:c4:04:42:09:6f:97:4e:ae:77:bf:e4:1c:fe:7f:
                    77:d4:f8:c4:10:a7:0d:eb:ef:07:ab:91:5e:7a:98:
                    39:ea:85:2b:e0:99:31:a0:0f:c5:c8:8d:b6:ba:77:
                    54:e2:bb:ec:35:70:0a:1e:67:8d:ad:62:84:1e:7c:
                    9e:20:f8:0d:67:72:32:8d:7f:21:f1:80:0c:01:0b:
                    78:61:bc:d3:2a:66:cf:84:35:b6:56:c1:37:c3:1e:
                    57:ca:4a:f6:81:68:07:0b:53:84:6b:92:e9:17:0c:
                    c7:9d:23:3b:82:3b:e6:19:d7:8a:8d:de:59:00:12:
                    6c:36:6d:c8:69:e5:4c:ee:40:45:0a:98:b1:5c:38:
                    8e:e1:ab:c3:97:bd:98:8a:24:67:cd:c7:5a:c5:0b:
                    34:e4:b2:54:4e:54:6a:9d:bc:73:26:da:ec:0b:29:
                    06:a4:f9:94:60:ea:59:98:26:51:55:23:90:06:26:
                    79:a6:da:4c:33:d0:39:0a:5a:fe:64:a8:24:16:83:
                    bf:2f:11:63:68:5a:8b:02:53:94:04:64:42:8b:16:
                    9e:ff:33:bc:3e:67:13:ce:f6:55:90:8c:12:a8:70:
                    29:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:81:09:65:23:E6:34:BA:F8:FE:78:30:D6:7A:CD:E3:FB:C1:30:0E
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/toEJZSPmNLr4_ngw1nrN4_vBMA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.188.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:43:31:91:cc:d3:b6:fa:db:2c:45:5a:46:d6:bd:28:5d:cc:
         5f:26:0c:06:4c:dd:40:98:90:a8:20:ab:fb:a7:5e:52:88:d9:
         a3:b1:f8:67:47:19:5b:80:43:91:f1:3f:f4:9b:4c:0d:f4:78:
         92:82:75:3a:f5:73:d0:bc:cf:bc:90:01:08:53:37:fd:9b:e3:
         f1:55:16:89:5f:b2:57:ba:87:1d:2c:cc:86:c3:ff:f8:32:3b:
         9f:e8:2d:0b:e2:67:42:80:68:c6:8b:d6:fa:8f:bb:d0:d0:5d:
         fc:98:1a:ca:06:13:f8:d1:d7:90:48:fc:e4:fe:02:f2:75:5d:
         02:1e:47:7d:c2:bc:be:a4:93:21:93:1c:47:7d:f3:5b:55:85:
         7f:9a:af:6d:8d:ea:bd:14:1b:15:ba:ca:d8:48:31:a7:53:62:
         fa:97:74:29:ca:6d:d7:cc:5f:27:fe:34:c8:63:c7:31:61:7a:
         05:71:14:3a:20:d1:e7:19:bb:73:4c:62:83:21:15:4c:8a:af:
         df:4a:18:c8:b2:b4:fa:25:ce:b4:9c:4b:ec:d2:e5:73:24:24:
         67:d7:76:c7:b4:c0:98:c3:f8:4f:d9:0e:e2:61:7a:2a:4e:27:
         f5:10:06:c7:30:77:ad:d8:ce:8d:31:c0:ce:d2:cf:c5:6e:db:
         b0:d6:a2:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgenRalBjZVpb2UGbgDSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjgxMDk2NTIzZTYzNGJhZjhmZTc4MzBkNjdhY2RlM2ZiYzEzMDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNZdyXZ1Ejv53lYibzKOLmBB2l2w
L6jeHh1tVo4+xARCCW+XTq53v+Qc/n931PjEEKcN6+8Hq5Feepg56oUr4JkxoA/F
yI22undU4rvsNXAKHmeNrWKEHnyeIPgNZ3IyjX8h8YAMAQt4YbzTKmbPhDW2VsE3
wx5Xykr2gWgHC1OEa5LpFwzHnSM7gjvmGdeKjd5ZABJsNm3IaeVM7kBFCpixXDiO
4avDl72YiiRnzcdaxQs05LJUTlRqnbxzJtrsCykGpPmUYOpZmCZRVSOQBiZ5ptpM
M9A5Clr+ZKgkFoO/LxFjaFqLAlOUBGRCixae/zO8PmcTzvZVkIwSqHAppQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaBCWUj5jS6+P54MNZ6zeP7wTAOMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvdG9FSlpTUG1OTHI0X25ndzFuck40X3ZCTUE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbw0MA0G
CSqGSIb3DQEBCwUAA4IBAQBRQzGRzNO2+tssRVpG1r0oXcxfJgwGTN1AmJCoIKv7
p15SiNmjsfhnRxlbgEOR8T/0m0wN9HiSgnU69XPQvM+8kAEIUzf9m+PxVRaJX7JX
uocdLMyGw//4Mjuf6C0L4mdCgGjGi9b6j7vQ0F38mBrKBhP40deQSPzk/gLydV0C
Hkd9wry+pJMhkxxHffNbVYV/mq9tjeq9FBsVusrYSDGnU2L6l3Qpym3XzF8n/jTI
Y8cxYXoFcRQ6INHnGbtzTGKDIRVMiq/fShjIsrT6Jc60nEvs0uVzJCRn13bHtMCY
w/hP2Q7iYXoqTif1EAbHMHet2M6NMcDO0s/Fbtuw1qJK
-----END CERTIFICATE-----