Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/88tdyaJiKpcuCAZugU7Du9SDi8w.roa
File:                     88tdyaJiKpcuCAZugU7Du9SDi8w.roa (raw, json)
Hash identifier:          xVkElLiUpDKS1bggk1nojqoctGtajZE9tymr9MrrJBI=
Subject key identifier:   F3:CB:5D:C9:A2:62:2A:97:2E:08:06:6E:81:4E:C3:BB:D4:83:8B:CC
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492E870EB71E6F2E9BB9E7AD73CE331
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/88tdyaJiKpcuCAZugU7Du9SDi8w.roa
Signing time:             Mon 01 Jan 2024 10:30:11 +0000
ROA not before:           Mon 01 Jan 2024 10:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212355
IP address blocks:        5.160.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e8:70:eb:71:e6:f2:e9:bb:9e:7a:d7:3c:e3:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3cb5dc9a2622a972e08066e814ec3bbd4838bcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:32:de:78:df:41:69:b7:33:af:b4:f6:d1:76:
                    25:7f:eb:6e:be:ea:63:a5:8f:c4:28:47:80:62:4d:
                    3f:85:45:e9:c6:be:0d:d8:29:85:85:89:de:a4:84:
                    b1:c9:a8:e0:5d:9d:4f:24:47:17:6b:31:32:b8:5e:
                    8b:72:cd:d2:95:d3:12:5c:0d:cb:a3:06:62:c8:13:
                    ae:93:df:60:d0:6f:e5:df:bf:45:c3:74:a7:16:17:
                    89:76:69:3b:d0:4e:b6:2a:41:50:17:d7:ee:88:d3:
                    2b:60:c1:92:d0:d8:ba:16:cd:a0:51:51:db:90:65:
                    ec:aa:94:6f:a2:c0:2e:9c:7c:86:98:1c:80:71:55:
                    0e:30:c9:b5:0c:3d:eb:c6:63:96:38:87:ca:84:ce:
                    6f:db:59:69:f2:26:a9:c1:97:b8:a5:76:44:83:b6:
                    9d:83:0b:b1:71:02:ff:2c:cd:95:3f:7e:91:a9:3c:
                    6f:1c:9d:46:52:27:5d:03:13:36:e7:c0:48:b3:d6:
                    53:4d:1a:39:36:84:d5:d1:36:9d:30:be:f6:4c:2e:
                    d6:53:71:4c:e0:4e:3a:6f:99:5c:e9:f1:a9:29:a0:
                    1d:3f:c4:cf:e6:25:39:80:1e:a4:a6:f2:00:b0:81:
                    4b:da:94:78:87:b0:63:36:8e:ba:d3:d6:59:35:c5:
                    c3:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:CB:5D:C9:A2:62:2A:97:2E:08:06:6E:81:4E:C3:BB:D4:83:8B:CC
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/88tdyaJiKpcuCAZugU7Du9SDi8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:d8:a8:07:7b:5a:e8:67:05:16:34:92:31:55:99:6c:1f:a6:
         a6:35:d3:44:ba:2f:b6:41:2b:ca:90:e8:0b:34:76:54:57:9e:
         92:c6:fc:f9:c4:0a:f2:94:f4:be:e4:28:ef:49:d0:98:7e:d4:
         81:50:75:a9:77:4b:5e:04:7b:99:33:ad:e9:cc:94:3c:c9:dd:
         36:3d:43:9a:91:b9:c2:bc:26:c5:b0:bd:a9:87:0c:98:d9:28:
         78:85:a6:21:6c:31:67:c7:1d:d7:bc:bd:92:9d:d5:4a:ea:e7:
         d5:c1:59:59:46:2b:f3:e8:a8:c3:8e:c3:e5:a1:42:9e:4f:ed:
         51:34:a3:51:ed:b3:c4:7b:38:ba:74:7b:25:a8:75:6b:49:ef:
         83:fa:e2:bb:d4:dd:43:92:f4:29:5e:12:98:0c:b4:5b:27:c1:
         a0:b9:b2:13:11:d1:d6:65:ed:74:35:f1:ad:dc:f4:23:66:cf:
         6b:49:dd:96:cb:ec:18:0a:ef:e2:99:85:89:7e:cb:26:61:e9:
         dc:3a:f4:4c:0a:db:73:40:f3:88:11:70:9f:aa:4d:e7:6d:99:
         18:8f:c3:11:39:a7:9d:01:22:47:6e:91:a6:4f:ee:bd:94:db:
         ab:9b:58:10:2a:ad:7e:06:67:71:cf:f8:60:f7:d2:33:4e:34:
         2d:da:ba:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuhw63Hm8um7nnrXPOMxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2NiNWRjOWEyNjIyYTk3MmUwODA2NmU4MTRlYzNiYmQ0ODM4YmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3jLeeN9Babczr7T20XYlf+tuvupj
pY/EKEeAYk0/hUXpxr4N2CmFhYnepISxyajgXZ1PJEcXazEyuF6Lcs3SldMSXA3L
owZiyBOuk99g0G/l379Fw3SnFheJdmk70E62KkFQF9fuiNMrYMGS0Ni6Fs2gUVHb
kGXsqpRvosAunHyGmByAcVUOMMm1DD3rxmOWOIfKhM5v21lp8iapwZe4pXZEg7ad
gwuxcQL/LM2VP36RqTxvHJ1GUiddAxM258BIs9ZTTRo5NoTV0TadML72TC7WU3FM
4E46b5lc6fGpKaAdP8TP5iU5gB6kpvIAsIFL2pR4h7BjNo6609ZZNcXD4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPLXcmiYiqXLggGboFOw7vUg4vMMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvODh0ZHlhSmlLcGN1Q0FadWdVN0R1OVNEaTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaALMA0G
CSqGSIb3DQEBCwUAA4IBAQCg2KgHe1roZwUWNJIxVZlsH6amNdNEui+2QSvKkOgL
NHZUV56Sxvz5xArylPS+5CjvSdCYftSBUHWpd0teBHuZM63pzJQ8yd02PUOakbnC
vCbFsL2phwyY2Sh4haYhbDFnxx3XvL2SndVK6ufVwVlZRivz6KjDjsPloUKeT+1R
NKNR7bPEezi6dHslqHVrSe+D+uK71N1DkvQpXhKYDLRbJ8GgubITEdHWZe10NfGt
3PQjZs9rSd2Wy+wYCu/imYWJfssmYencOvRMCttzQPOIEXCfqk3nbZkYj8MROaed
ASJHbpGmT+69lNurm1gQKq1+Bmdxz/hg99IzTjQt2rpb
-----END CERTIFICATE-----