Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/CQ4LhF5DUJLt4Sf28bvXr703RpM.roa
File:                     CQ4LhF5DUJLt4Sf28bvXr703RpM.roa (raw, json)
Hash identifier:          x81WO+AP0zcIq5S9niRZcFJ9NRMAdhDguZmcEfiI5Vs=
Subject key identifier:   09:0E:0B:84:5E:43:50:92:ED:E1:27:F6:F1:BB:D7:AF:BD:37:46:93
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       0191B689B0DB9B6AC042400CC3A102920F34
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/CQ4LhF5DUJLt4Sf28bvXr703RpM.roa
Signing time:             Tue 03 Sep 2024 06:19:22 +0000
ROA not before:           Tue 03 Sep 2024 06:19:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29577
IP address blocks:        5.160.16.0/22 maxlen: 24
                          5.160.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b6:89:b0:db:9b:6a:c0:42:40:0c:c3:a1:02:92:0f:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Sep  3 06:19:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=090e0b845e435092ede127f6f1bbd7afbd374693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b4:80:51:e4:11:dd:7c:f8:57:04:76:96:b1:
                    94:62:74:b1:86:a8:5c:d7:f7:50:3a:7b:2e:35:50:
                    72:0d:f9:0f:a5:fc:ec:52:18:ea:3a:94:3a:21:6b:
                    a2:ae:a6:3e:73:c2:12:83:be:6f:88:c8:e9:26:d0:
                    a5:94:69:30:78:c0:b6:d6:29:99:a3:28:30:0f:7f:
                    6b:9f:11:e3:97:99:e2:82:64:f2:e2:a4:35:8a:b6:
                    2b:74:fb:1b:52:b3:2a:05:89:56:c6:90:95:eb:e6:
                    4a:22:36:17:e8:c6:8b:15:ef:7f:6f:f5:f1:77:d3:
                    5c:9f:79:e9:ea:96:0c:7c:c4:f4:e2:a8:88:67:1e:
                    9a:06:66:de:9f:0f:bd:ff:00:f0:13:ca:14:5c:20:
                    47:bb:70:93:f4:8e:6c:3e:b6:77:13:32:32:50:af:
                    2e:20:a9:fd:5a:b8:e9:c6:79:18:60:27:1b:37:51:
                    b7:e6:e6:5b:64:bc:62:aa:7c:c7:ef:d5:8d:ae:7c:
                    34:43:13:7c:77:a9:68:07:be:da:94:ce:76:21:67:
                    61:c7:1e:b4:9a:09:ed:13:6b:fe:e8:3b:69:40:a4:
                    45:8e:4e:1a:c6:f4:d5:e8:ae:53:94:3f:17:33:c3:
                    0b:4f:a1:16:76:3c:cd:7f:d3:0d:06:c6:fd:bc:6c:
                    d6:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:0E:0B:84:5E:43:50:92:ED:E1:27:F6:F1:BB:D7:AF:BD:37:46:93
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/CQ4LhF5DUJLt4Sf28bvXr703RpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:26:ae:9c:45:b3:ba:dc:e1:ba:fe:29:43:4d:c2:67:3c:39:
         2e:0d:04:a7:94:c6:86:d7:71:d4:ef:e6:19:58:f3:81:7c:df:
         b4:35:2a:91:45:8a:6e:4c:ac:4e:4e:89:7d:f9:9a:16:fe:fe:
         db:0a:98:8f:74:ea:fd:2f:72:1b:5a:5a:bf:b8:e6:f2:e6:35:
         d5:93:df:24:9f:06:14:f0:45:21:f0:ff:06:ca:06:19:e7:3d:
         fa:15:5b:97:90:71:5f:4a:f7:10:9c:c1:1c:34:32:1a:b9:3d:
         31:b1:8e:f3:e0:1d:cf:00:30:32:a3:bd:1f:24:32:68:15:c7:
         26:96:f4:90:fe:8c:85:3e:18:2f:02:2f:31:7a:1f:66:cd:c0:
         55:af:fb:56:37:96:43:cb:67:a4:28:f7:fc:5d:93:e3:e3:b0:
         46:f8:54:1f:43:3b:11:f8:c2:45:ec:87:ba:38:ed:a2:a4:f6:
         00:6d:4c:4c:a5:05:1d:6a:ef:13:32:5d:37:ec:47:f0:44:88:
         92:55:64:56:27:81:c9:e0:ba:1a:66:97:a4:7d:1e:34:1d:c6:
         aa:72:82:6e:0b:55:1e:38:11:19:6e:a8:82:98:eb:73:03:c2:
         31:71:d5:fa:b1:3c:2f:bc:19:00:32:f3:38:74:28:70:9e:a5:
         72:49:f1:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG2ibDbm2rAQkAMw6ECkg80MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwOTAzMDYxOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTBlMGI4NDVlNDM1MDkyZWRlMTI3ZjZmMWJiZDdhZmJkMzc0NjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7SAUeQR3Xz4VwR2lrGUYnSxhqhc
1/dQOnsuNVByDfkPpfzsUhjqOpQ6IWuirqY+c8ISg75viMjpJtCllGkweMC21imZ
oygwD39rnxHjl5nigmTy4qQ1irYrdPsbUrMqBYlWxpCV6+ZKIjYX6MaLFe9/b/Xx
d9Ncn3np6pYMfMT04qiIZx6aBmbenw+9/wDwE8oUXCBHu3CT9I5sPrZ3EzIyUK8u
IKn9WrjpxnkYYCcbN1G35uZbZLxiqnzH79WNrnw0QxN8d6loB77alM52IWdhxx60
mgntE2v+6DtpQKRFjk4axvTV6K5TlD8XM8MLT6EWdjzNf9MNBsb9vGzWDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkOC4ReQ1CS7eEn9vG716+9N0aTMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvQ1E0TGhGNURVSkx0NFNmMjhidlhyNzAzUnBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBaAQMA0G
CSqGSIb3DQEBCwUAA4IBAQBXJq6cRbO63OG6/ilDTcJnPDkuDQSnlMaG13HU7+YZ
WPOBfN+0NSqRRYpuTKxOTol9+ZoW/v7bCpiPdOr9L3IbWlq/uOby5jXVk98knwYU
8EUh8P8GygYZ5z36FVuXkHFfSvcQnMEcNDIauT0xsY7z4B3PADAyo70fJDJoFccm
lvSQ/oyFPhgvAi8xeh9mzcBVr/tWN5ZDy2ekKPf8XZPj47BG+FQfQzsR+MJF7Ie6
OO2ipPYAbUxMpQUdau8TMl037EfwRIiSVWRWJ4HJ4LoaZpekfR40HcaqcoJuC1Ue
OBEZbqiCmOtzA8IxcdX6sTwvvBkAMvM4dChwnqVySfHW
-----END CERTIFICATE-----