Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/GShJteLDdipub1v8mgt_qz0pkaM.roa
File:                     GShJteLDdipub1v8mgt_qz0pkaM.roa (raw, json)
Hash identifier:          OToP5rzyTziiJkKmJP35tfgxNgwYSgcJvGVJm7s/ReE=
Subject key identifier:   19:28:49:B5:E2:C3:76:2A:6E:6F:5B:FC:9A:0B:7F:AB:3D:29:91:A3
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       01921D78CCC01BE438B4B269CA5313441400
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/GShJteLDdipub1v8mgt_qz0pkaM.roa
Signing time:             Mon 23 Sep 2024 06:01:48 +0000
ROA not before:           Mon 23 Sep 2024 06:01:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200554
IP address blocks:        5.160.10.0/24 maxlen: 24
                          5.160.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1d:78:cc:c0:1b:e4:38:b4:b2:69:ca:53:13:44:14:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Sep 23 06:01:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=192849b5e2c3762a6e6f5bfc9a0b7fab3d2991a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:36:dc:7f:70:40:2d:53:b4:d0:86:1f:a1:64:
                    d4:af:3d:fd:33:84:ff:bd:74:6e:20:4f:08:a8:79:
                    41:f8:8f:49:00:81:0f:9d:32:27:8c:c5:3d:0e:20:
                    3c:9f:04:c8:18:e4:56:7c:b8:f6:aa:f0:b9:02:91:
                    4e:53:af:90:fd:e9:9f:01:5c:aa:d8:76:2b:98:cb:
                    4f:c7:4c:de:75:bc:f4:1a:da:6d:f3:62:0a:5b:8b:
                    27:86:9d:4f:b7:58:08:a9:29:5e:90:6e:3b:63:1c:
                    87:4a:5e:9d:ee:5d:6a:a3:d5:a1:1e:b4:ee:2e:85:
                    ea:cd:8e:47:4d:db:1f:21:4f:23:dc:6e:34:a3:f9:
                    62:52:88:db:3e:b7:6d:31:28:f5:47:a0:84:6d:70:
                    46:9f:88:18:81:79:22:d9:7b:8d:c7:bb:25:e1:96:
                    55:91:b2:d0:c1:2e:91:4d:51:6d:aa:a4:50:f3:40:
                    91:33:9e:8f:12:50:87:10:d3:53:19:9f:1b:34:b2:
                    e6:45:26:d4:29:c5:82:49:36:23:c1:c1:93:3d:b1:
                    77:0e:ea:b5:e8:cd:0f:e2:d2:ea:3a:9e:48:c1:3f:
                    c6:9e:3d:1d:9d:a2:b2:a3:a2:90:02:ba:84:91:70:
                    c4:ea:83:ec:35:16:a7:27:e5:1e:04:72:e6:de:64:
                    99:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:28:49:B5:E2:C3:76:2A:6E:6F:5B:FC:9A:0B:7F:AB:3D:29:91:A3
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/GShJteLDdipub1v8mgt_qz0pkaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.10.0/24
                  5.160.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:0d:1d:f6:66:d0:73:73:cb:b1:be:36:df:43:2a:8e:2f:3a:
         99:b5:c2:29:1e:dd:95:4a:72:1e:14:55:fd:f4:fc:a5:de:57:
         7f:29:2c:fe:04:b2:8a:96:ef:23:8d:28:11:f2:4f:fd:da:95:
         cf:31:f0:af:db:67:c2:f3:52:1e:45:f8:4b:f9:e2:b9:86:c1:
         4f:31:27:1c:ec:93:a5:97:1a:3b:0d:e2:2d:f2:2f:49:21:11:
         7d:54:a6:42:e3:62:b0:f8:07:72:9e:1f:55:7e:0b:fa:8c:90:
         08:81:81:a6:8f:3a:f2:e5:63:78:24:2f:f4:ef:c9:61:5d:7c:
         fb:a3:e3:1a:68:df:f7:29:2e:25:b4:2a:c5:26:da:a6:15:71:
         cf:01:f7:7c:20:f6:c6:c8:be:d7:7e:9a:d9:fa:18:70:1d:6c:
         84:7d:f9:5b:40:98:63:8a:30:0f:2b:41:f8:f7:70:0b:b9:df:
         41:04:ab:63:4d:f8:97:e0:bc:fa:5d:72:dc:1d:6b:08:cc:2b:
         fb:d0:14:c7:4c:d3:1b:c7:8e:75:bc:ca:6a:3b:c0:3d:60:ae:
         cd:ef:ce:d2:99:8c:b6:64:bc:dc:d7:35:b5:39:34:19:97:5a:
         a7:01:b7:35:a1:31:61:a4:17:58:53:21:05:45:28:3c:e0:17:
         4b:6c:f1:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIdeMzAG+Q4tLJpylMTRBQAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwOTIzMDYwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTI4NDliNWUyYzM3NjJhNmU2ZjViZmM5YTBiN2ZhYjNkMjk5MWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDbcf3BALVO00IYfoWTUrz39M4T/
vXRuIE8IqHlB+I9JAIEPnTInjMU9DiA8nwTIGORWfLj2qvC5ApFOU6+Q/emfAVyq
2HYrmMtPx0zedbz0Gtpt82IKW4snhp1Pt1gIqSlekG47YxyHSl6d7l1qo9WhHrTu
LoXqzY5HTdsfIU8j3G40o/liUojbPrdtMSj1R6CEbXBGn4gYgXki2XuNx7sl4ZZV
kbLQwS6RTVFtqqRQ80CRM56PElCHENNTGZ8bNLLmRSbUKcWCSTYjwcGTPbF3Duq1
6M0P4tLqOp5IwT/Gnj0dnaKyo6KQArqEkXDE6oPsNRanJ+UeBHLm3mSZXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBkoSbXiw3Yqbm9b/JoLf6s9KZGjMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvR1NoSnRlTERkaXB1YjF2OG1ndF9xejBwa2FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABaAKAwQA
BaDEMA0GCSqGSIb3DQEBCwUAA4IBAQCLDR32ZtBzc8uxvjbfQyqOLzqZtcIpHt2V
SnIeFFX99Pyl3ld/KSz+BLKKlu8jjSgR8k/92pXPMfCv22fC81IeRfhL+eK5hsFP
MScc7JOllxo7DeIt8i9JIRF9VKZC42Kw+Adynh9Vfgv6jJAIgYGmjzry5WN4JC/0
78lhXXz7o+MaaN/3KS4ltCrFJtqmFXHPAfd8IPbGyL7XfprZ+hhwHWyEfflbQJhj
ijAPK0H493ALud9BBKtjTfiX4Lz6XXLcHWsIzCv70BTHTNMbx451vMpqO8A9YK7N
787SmYy2ZLzc1zW1OTQZl1qnAbc1oTFhpBdYUyEFRSg84BdLbPFz
-----END CERTIFICATE-----