Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/3k4vrk8Xh-Hk19cT_4ulJPPYIOo.roa
File:                     3k4vrk8Xh-Hk19cT_4ulJPPYIOo.roa (raw, json)
Hash identifier:          zbC2swUx0pJHB3Lofu0S0sPcLmtigj8cZrB6N6zjdjY=
Subject key identifier:   DE:4E:2F:AE:4F:17:87:E1:E4:D7:D7:13:FF:8B:A5:24:F3:D8:20:EA
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492D0A1A051D97365E0D7D77643D345
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/3k4vrk8Xh-Hk19cT_4ulJPPYIOo.roa
Signing time:             Mon 01 Jan 2024 10:30:05 +0000
ROA not before:           Mon 01 Jan 2024 10:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16018
IP address blocks:        5.160.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:d0:a1:a0:51:d9:73:65:e0:d7:d7:76:43:d3:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de4e2fae4f1787e1e4d7d713ff8ba524f3d820ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c8:a8:75:6e:78:84:7a:4e:b0:4e:2c:a1:5b:
                    a5:1c:f9:d7:73:f6:7e:b6:aa:af:83:32:8b:b0:7a:
                    67:70:59:3c:a4:ab:be:96:8d:9e:69:0e:d1:d0:fd:
                    23:bd:7c:36:e0:6e:d3:43:4d:f4:55:c0:32:51:ea:
                    7f:92:41:58:cf:29:dc:33:7d:a7:a0:13:b2:05:42:
                    60:cd:20:94:4c:87:43:06:f7:95:d1:ee:58:90:eb:
                    35:c4:e1:df:55:a3:b8:f4:24:7b:5a:d4:f3:59:cd:
                    c4:74:3c:cb:10:ef:39:cf:8c:f2:72:81:1a:69:c6:
                    bc:09:ef:d4:b4:e0:39:c0:6f:72:5f:af:2e:94:2c:
                    91:89:56:c5:af:09:eb:24:c5:e1:d3:00:8c:c8:5e:
                    e2:e3:53:b7:15:45:87:2f:4f:84:75:78:c0:b1:1d:
                    04:a1:ea:62:6a:ea:c3:06:87:ef:fb:a8:57:ac:dd:
                    9a:c4:de:d4:90:ca:e2:8f:49:83:37:c3:e1:de:b2:
                    a8:5b:1d:a5:c6:0d:61:e1:b7:ec:3e:9c:ca:37:a3:
                    7c:af:62:ab:42:cd:90:1f:b5:31:b5:45:30:9a:59:
                    ba:b0:ba:5f:b4:bf:3c:34:0f:de:fd:c6:57:6f:85:
                    0e:ee:87:e5:2f:14:0d:90:7b:e5:e9:10:53:68:ae:
                    4d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:4E:2F:AE:4F:17:87:E1:E4:D7:D7:13:FF:8B:A5:24:F3:D8:20:EA
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/3k4vrk8Xh-Hk19cT_4ulJPPYIOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:7c:b0:9b:56:58:15:d8:54:eb:50:41:e8:dc:c8:4e:31:7b:
         98:5d:1e:19:f6:2e:14:7c:75:f7:fe:34:2c:ed:7e:2a:60:97:
         d0:99:4e:f5:2c:73:44:c3:2a:91:0b:ef:2d:2b:a2:1f:18:3e:
         94:a5:14:37:0a:55:96:e6:1a:31:9a:d7:26:3a:6b:1d:9d:a7:
         fe:84:2f:b8:06:6f:21:e3:0e:5a:cf:b3:28:ff:b6:0f:0b:d7:
         89:f5:fa:00:be:c8:4b:31:45:6f:d4:80:68:8d:f6:87:41:da:
         d9:4b:8c:df:fb:e6:7f:84:db:26:be:72:6b:02:73:da:b8:c6:
         91:7f:4b:ad:aa:e5:dc:ea:c7:c0:5a:14:05:d1:48:11:de:30:
         fb:e0:ae:39:07:c1:d9:f3:f7:14:5a:31:0c:d4:25:d8:ef:c9:
         93:00:77:3c:24:d0:c0:00:08:89:46:b4:3e:e9:af:ff:43:a2:
         3a:6a:06:e1:ce:9c:83:94:74:bd:72:b2:86:aa:bc:62:0f:62:
         97:b0:5b:b4:30:61:9f:53:cc:fd:02:43:a5:f2:eb:b0:bb:26:
         56:cf:96:61:41:d2:df:3a:58:db:d9:c4:5a:25:dc:2d:41:c7:
         f4:45:e7:fa:20:73:5f:ac:9f:d0:52:c2:e7:9d:5c:dd:54:8e:
         b8:bb:10:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEktChoFHZc2Xg19d2Q9NFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTRlMmZhZTRmMTc4N2UxZTRkN2Q3MTNmZjhiYTUyNGYzZDgyMGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMiodW54hHpOsE4soVulHPnXc/Z+
tqqvgzKLsHpncFk8pKu+lo2eaQ7R0P0jvXw24G7TQ030VcAyUep/kkFYzyncM32n
oBOyBUJgzSCUTIdDBveV0e5YkOs1xOHfVaO49CR7WtTzWc3EdDzLEO85z4zycoEa
aca8Ce/UtOA5wG9yX68ulCyRiVbFrwnrJMXh0wCMyF7i41O3FUWHL0+EdXjAsR0E
oepiaurDBofv+6hXrN2axN7UkMrij0mDN8Ph3rKoWx2lxg1h4bfsPpzKN6N8r2Kr
Qs2QH7UxtUUwmlm6sLpftL88NA/e/cZXb4UO7oflLxQNkHvl6RBTaK5NwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5OL65PF4fh5NfXE/+LpSTz2CDqMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvM2s0dnJrOFhoLUhrMTljVF80dWxKUFBZSU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaDSMA0G
CSqGSIb3DQEBCwUAA4IBAQBhfLCbVlgV2FTrUEHo3MhOMXuYXR4Z9i4UfHX3/jQs
7X4qYJfQmU71LHNEwyqRC+8tK6IfGD6UpRQ3ClWW5hoxmtcmOmsdnaf+hC+4Bm8h
4w5az7Mo/7YPC9eJ9foAvshLMUVv1IBojfaHQdrZS4zf++Z/hNsmvnJrAnPauMaR
f0utquXc6sfAWhQF0UgR3jD74K45B8HZ8/cUWjEM1CXY78mTAHc8JNDAAAiJRrQ+
6a//Q6I6agbhzpyDlHS9crKGqrxiD2KXsFu0MGGfU8z9AkOl8uuwuyZWz5ZhQdLf
Oljb2cRaJdwtQcf0Ref6IHNfrJ/QUsLnnVzdVI64uxCi
-----END CERTIFICATE-----